The Business Of Risk

by : Richard A. Hall

Today, we see a number of risks associated with businesses of all sizes, ranging from identity theft, embezzlement, natural disasters, personal injury, fraud, vendor failure, taxes, finances, and more. Because of the increasing number and type of business risks, companies have had to make some major adjustments in overall operations, management, and strategy. When you couple risks with competition, you can see that it is imperative every company have a solid plan in place for protection and success.

One of the most important aspects of strategy is ensuring a solid risk management team is in place. These individuals would hold the responsibility of not just identifying potential risk but also creating and implementing sound processes, techniques, or technologies for prevention and/or correction. The risk management team however will not work in isolation but in tandem with other key stakeholders, such as department heads and the Executive team. Having a winning risk strategy is going to give your business the foundation on which to build a strong, competitive company but also a business that employees and clients trust.

What is the key to creating such a risk strategy? For one thing, you want to be productive but not make quick decisions. Unfortunately, we have seen many larger corporations that have put “quick fixes" into place, only to find they end up with a laundry list of new problems. Yes, it is essential that a good plan be developed as quickly as possible but make sure the plans being considered are not just short term fixes but will be beneficial long-term. While a risk management team can identify potential risk events, the team must work in conjunction with the organization so that strategies are aligned with the business goals. In essence, the best risk strategy is one component of the overall business strategy.

In addition, you need to review your company inside and out, top to bottom, to determine where risks lie. For example, missing payment on taxes can be an extremely costly mistake, sometimes upwards of $10,000 or more. In this instance, there would be a number of things to consider. Is the individual heading up the tax department qualified? What type of tracking system is being used? Is the department short-handed? Is the person in the mailroom delivering mail on time? These and other possibilities exist, which is where a risk management team would help. Once the problem area or potential risk is isolated, then changes could be made accordingly.

Another factor that unfortunately, is sometimes overlooked is the client. Obviously, if you are going to run a profitable business, you need satisfied customers. Perhaps there are areas of service or product where customers are not happy but because no means of communication or input is in place, you have no idea. Therefore, you might think about sending out customer surveys, trying to find any weaknesses that need to be strengthened. It is imperative that you know your customers and that those customers are so satisfied with what you offer so they will not look elsewhere.

Things happen in businesses and sadly, many great companies have gone under because of lack of risk management and/or strategy. Enron, is only one of many examples in which a failure to manage risk or even identify risk ruined a company. Another often cited example is Barings Bank which was one of the most respected merchant banks in the United Kingdom. The company which held $900 million in capital was bankrupted due the actions of one trader. The losses and subsequent bankruptcy could have been avoided if internal controls had been in place. There are countless other global examples of the consequences of not identifying risk events.

While federal regulations such as Sarbanes-Oxley have mandated corporate governance and controls, managing risk is simply good business. Identifying risk events and formulating response strategies enable the organization to successfully execute its objectives.