The nature and type of risks facing the organisation:
One of the main challenges facing managers in today's constantly changing business environment is dealing with uncertainty and creating a risk-focused culture within their organisations. New technologies, new concepts (such as social media and web 2.0), and changing market dynamics are all presenting managers with both threats and opportunities.
This uncertainty has the possibility of creating or destroying customer value and shareholder value, strengthening or weakening brand reputation and above all increasing or decreasing the organisation's competitive advantage.
Understanding the nature and type of risks facing the organisation is the starting point to a successful creation of a risk-focused organisation. With an ever changing business environment comes an increased number of risks. Though risks can be identified separately, for example, supply chain risks, people risks, catastrophe risks, IT risks, reputation risks, country risks etc. one way of identifying these risks is by grouping them into the following sub-categories :
Strategic Risk: This involves analysing and evaluating the effect of competition, customer changes, industry changes, global expansion, potential mergers and acquisitions, product mix, markets and locations of operations on the business.
Operational Risk: This involves analysing and evaluating the ways in which the organisation achieves its goals and objectives. In other words, you are looking at the daily activities and processes and identifying whether they are still viable or they need improvement. For example, this involves looking at processes, information gathering, analysis & its storage, emergency response procedures, protection against external events such as natural catastrophes and disaster recovery policies.
Financial risk: This involves analysing and identifying the effect of interest rates, inflation rates, foreign exchange rates and the availability of credit on company cash flow, return on investment, credit rating and profitability of operations.
Legal risk: This is risk pertaining to regulation, compliances and lawsuits for an organization. This also involves identifying all the rules and regulations that the organisation is bound to, ensure that they are being followed to avoid paying non-compliance penalties. The starting point could involve looking at your industry standards set by your industry's regulators.
Environmental risk: What is the impact of your organisation's activities on the environment? This involves looking at levels of your carbon footprint, pollution levels (noise, odours and light), environmental compliance in all locations, natural resources damage and ongoing monitoring and management.
Social risk: This looks at your organisation's impact on human beings, both from an internal and external perspective. Areas investigated may include, anti-discrimination policies, safety of products, product reliability and quality, sexual harassment concerns, training and education of employees and hiring and promotion practices. The key is developing and maintaining a positive relationship with both your internal and external stakeholders.
Making risk management every employee's everyday business:
The process of identifying, analysing, evaluating and managing risks within the organisation should not be solely left in the hands of senior personnel. Although senior management have the overall say in the deciding the destiny of the business, they might not possess all the knowledge about the risks facing the business. Thus they need the input of other management personnel and the employees.
In creating a risk-focused culture, managers should:
# Move away from a silo-based thinking of managing risks: This means instead of making say the finance department focus only on financial risks and the IT department on IT risks only, an integrated approach (Enterprise Risk Management) should be pursued. This avoids looking at organisational risks in silos but from a broad perspective. This also promotes co-ordination between various functions of the organisation.
# Promote ongoing monitoring and management of risks: Risk management is not a one-off process that is done say once a quarter or twice a year. As the macro-economic environment is always changing, so are the risks to the business. When risk management becomes an everyday business and its importance raised within the organisation, the whole culture is going to change and embrace risk management as a value enabler.
# Encourage training and education of employees: Both employees and managers need to be fully equipped and aware of recent developments in risk management. By sending employees on short courses or industry conferences, their knowledge of risk management is refined and they can use that acquired new knowledge for the betterment of the organisation.
How else can managers foster a culture that is risk-focused?
You need to be a member of Global Risk Community to add comments!
Comments
https://www.linkedin.com/pulse/calling-all-risk-culture-experts-hor...
I agree with the comment on adding Project Risks as this an area that could introduce new risks during and even after the project if not managed appropriately with a Project Management Risk Framework and Governance model.
In addition, risks identified within Internal and External Audit Reports should be included and addressed as part of the Risk Identification process.
Naj Hirani
Insights on risk issues showed that lack in risk awareness as well as risk aversion can bring an organization to serious downturns. Creating risk focused organization requires as the post states it, the involvement of the overall organization members. And as the management of change in organizations, all the staff has to be involved from inception to the definition of principles, policies, the risk assessment and it's management.
When every staff is concerned as part of the organization, management has to find a way to involved him on the management stage as an individual. This said, he feels himself to really be part of the whole and important for the hole. Working on staff members psychology, can help align risk management goals with the general corporate goals.
Very interesting article to promote a real risk culture in the organizations. I only can suggest to add Project Risks. The impact of these risks, normally, has effects in all the categories listed but is recommended to manage them from an integrated point of view.
One important aspect to be risk focused by any organisation, besides day to day monitoring of risk aspects of any organisation, Risk Audit by external agency on regular interval(depending upon organisation size and business profile) could be implemented by the management.
The article has analyze more and shed light the best principle to be adopted by a going concern organization to more progression if actually follows it with due process.
The article is interesting and i can say that the difference between the successful organization and the non successful one is how much efforts are exerted in adopting continuous improving / promoting risk management culture! In other words, deep/serious adoption of risk management implementation or slow death!
Am totally in agreement with your opinions. Keep up man...