The importance of risk management is often under-estimated by many companies. Resources invested in risk assessment are often considered to be unnecessary, yet businesses are willing to cope with ‘firefighting’ to deal with unfolding uncertainties. A properly formulated risk management (RM) plan can not only protect value, but also entail organized activities to increase economic and shareholder value while fulfilling compliance requirements.
Judging by the current financial turmoil and its consequences on regional businesses, the need for RM as never been greater. It is evident that a well-integrated, company-wide risk management does not only protect against emerging risks, but it also helps provide a competitive edge that spreads confidence and enables high performance.
In many organizations, the risk management function represents no more than a short-term response to an emerging situation or new regulatory requirements. But, recent victims, particularly in the banking and real-estate sectors highlighted the potential threats of this. A more appropriate approach would be to devise a RM plan that assesses potential risks across an entire organization, taking into account political, economical, social and technological factors. Other factors such as market dynamics and legal and regulatory requirements could also be taken into consideration.
A more comprehensive approach to risk management is often adopted by successful companies, as an indicator of robustness and high performance. Nowadays, leading companies, particularly in the financial sector are more likely to adopt a wholesome approach to risk management, and put in place processes and technologies for a successful implementation.
Many companies are progressively realizing the need to integrate their risk management plan into their business strategy. This can be an invaluable way to protect value and ensure sustained growth. Value creation can be achieved through
(a) assisting management in directing capital fund to most productive avenues,
(b) assessing the risk associated with new investment decisions to increase business efficiency and productivity and
(c) improving relations with ratings and regulatory agencies, particularly for listed companies.
Prevailing RM practices not only address mitigation, compliance and control, but also become an integrated part of business strategy. The provision of risk-related guidelines for decision-making processes improves strategic execution to increase shareholders returns and raise the organization to a higher level of performance.
The company strategy and RM often coincides at different phases of the planning cycle, including
(a) a strategy formulation which defines the company’s risk culture, rules and regulations to manage risk, and adopting the right technology to identify, monitor and track risks;
(b) a strategic RM where inherent risks are embedded in any business strategy;
(c) a business strategy evolution where RM evaluates varying strategic options and helps direct company resources towards more profitable options and
(d) the risk management can be assessed in a variety of ways, depending on the maturity of planning within a company. Different companies have different level of appetite to risk taking and companies should identify the best approach for their risk strategy.
The chosen approach should target a number of objectives including:
(a) compliance where traditionally a few business areas are considered for risk assessment to ensure adherence to policies and procedures, establishing clear guidelines keep the company compliant, but remain vulnerable to risk;
(b) value protection which employs more advanced techniques to safeguard current assets and shareholder value, but does not address the overall risk profile of the company and
(c) value creation which involves a dedicated risk evaluation team that usually establishes relevant standards to mitigate risk across the whole organization.
In order to determine the best strategic approach to risk planning, the following steps could be pursued:
(a) establish strategic guidelines by determining what company stakeholders expect from risk management and outline the role of the risk management teams;
(b) determine risk profile by establishing and agreeing what level of risk the company is willing to take and the analysis to be performed;
(c) choose the approach by identifying key performance indicators to monitor risks being taken and expose if the company is operating within its comfort zone;
(d) carry out gap analysis by benchmarking the company’s existing risk plan, if it exists, with the risk strategy and analyze what remains to be completed and
(e) develop a strategic roadmap by identifying the key actions required to realize business strategies and put the new program into action.
In the face of uncertainties, the leaders of regional businesses are encouraged to devise a strategy to risk management as an instrument that enables businesses to achieve and maintain superior performance. This not only identifies and deals with wide-ranging risk potentials, but also creates and enhances shareholders’ values and permits a long term of growth and profitability.