The nature and type of risks facing the organisation:
One of the main challenges facing managers in today's constantly changing business environment is dealing with uncertainty and creating a risk-focused culture within their organisations. New technologies, new concepts (such as social media and web 2.0), and changing market dynamics are all presenting managers with both threats and opportunities.
This uncertainty has the possibility of creating or destroying customer value and shareholder value, strengthening or weakening brand reputation and above all increasing or decreasing the organisation's competitive advantage.
Understanding the nature and type of risks facing the organisation is the starting point to a successful creation of a risk-focused organisation. With an ever changing business environment comes an increased number of risks. Though risks can be identified separately, for example, supply chain risks, people risks, catastrophe risks, IT risks, reputation risks, country risks etc. one way of identifying these risks is by grouping them into the following sub-categories :
Strategic Risk: This involves analysing and evaluating the effect of competition, customer changes, industry changes, global expansion, potential mergers and acquisitions, product mix, markets and locations of operations on the business.
Operational Risk: This involves analysing and evaluating the ways in which the organisation achieves its goals and objectives. In other words, you are looking at the daily activities and processes and identifying whether they are still viable or they need improvement. For example, this involves looking at processes, information gathering, analysis & its storage, emergency response procedures, protection against external events such as natural catastrophes and disaster recovery policies.
Financial risk: This involves analysing and identifying the effect of interest rates, inflation rates, foreign exchange rates and the availability of credit on company cash flow, return on investment, credit rating and profitability of operations.
Legal risk: This is risk pertaining to regulation, compliances and lawsuits for an organization. This also involves identifying all the rules and regulations that the organisation is bound to, ensure that they are being followed to avoid paying non-compliance penalties. The starting point could involve looking at your industry standards set by your industry's regulators.
Environmental risk: What is the impact of your organisation's activities on the environment? This involves looking at levels of your carbon footprint, pollution levels (noise, odours and light), environmental compliance in all locations, natural resources damage and ongoing monitoring and management.
Social risk: This looks at your organisation's impact on human beings, both from an internal and external perspective. Areas investigated may include, anti-discrimination policies, safety of products, product reliability and quality, sexual harassment concerns, training and education of employees and hiring and promotion practices. The key is developing and maintaining a positive relationship with both your internal and external stakeholders.
Making risk management every employee's everyday business:
The process of identifying, analysing, evaluating and managing risks within the organisation should not be solely left in the hands of senior personnel. Although senior management have the overall say in the deciding the destiny of the business, they might not possess all the knowledge about the risks facing the business. Thus they need the input of other management personnel and the employees.
In creating a risk-focused culture, managers should:
# Move away from a silo-based thinking of managing risks: This means instead of making say the finance department focus only on financial risks and the IT department on IT risks only, an integrated approach (Enterprise Risk Management) should be pursued. This avoids looking at organisational risks in silos but from a broad perspective. This also promotes co-ordination between various functions of the organisation.
# Promote ongoing monitoring and management of risks: Risk management is not a one-off process that is done say once a quarter or twice a year. As the macro-economic environment is always changing, so are the risks to the business. When risk management becomes an everyday business and its importance raised within the organisation, the whole culture is going to change and embrace risk management as a value enabler.
# Encourage training and education of employees: Both employees and managers need to be fully equipped and aware of recent developments in risk management. By sending employees on short courses or industry conferences, their knowledge of risk management is refined and they can use that acquired new knowledge for the betterment of the organisation.
How else can managers foster a culture that is risk-focused?