Introduction to risk management

How to practically approach risk management?

Overly complex and ambiguous risk management may simply not work to your advantage, however, there are ways to avoid it.

Background to risk management

Risk management is a relatively recent function in the corporate world, since its modern concept began in the late 1950s. Risk management at that time was primarily associated with various business insurance products, but since 1970 the idea has developed significantly and has become less dependent on the insurance market. Meanwhile, large corporations have used self-insurance to cover losses due to accidents or negative market fluctuations. They have developed sophisticated internal procedures for assessing financial losses arising from potential risks and established dedicated accounting reserves with fairly liquid funds. In fact, these are the foundations of modern corporate risk management, and the concept is still under development. Project management and software development also contributed to the emergence of proprietary risk management solutions.

Basically, there are five main risks:

• Pure risks that cannot be controlled, such as natural disasters, fires or death
• Market risk when, for example, changing market conditions
• The risk of default in the event of bankruptcy
• Operational risk in the event of fraud or error by an employee
• Liquidity risk is the lack of sufficient funds to cover short-term financial obligations and can turn into a default risk.

How to implement risk management?

Risk is associated with every business, especially in such a way that the decision-making process is based on the assessment of potential risks and their impact on business goals. We assess the risk in a very intuitive way, so that we are not even aware of the process that is going on in our heads. Therefore, when we want to do it consciously, it turns out to be quite awkward. Then it's tempting to over-focus on the process and paperwork. Something that was natural to us before now becomes complex, obscure and finally difficult to draw reasonable conclusions. Senior managers often get confused because of ambiguous low-value information received from risk management departments. Risk management is then left out of the discussion and starts to be overlooked in the decision-making process as it is believed to slow down the decision-making process without adding real value.

So how do you do it right? Unfortunately there is no one simple way to do it right and it usually takes a lot of experience. In any case, implementing risk management should always start with the top management in the organization. A top team, such as Board of Directors, must understand the principles of risk management and understand how it can help them achieve the company's goals. There must be a clear link for them between risk management and their performance objectives. Otherwise, there will be no managerial support for this function in the organization from top to bottom. Management must be fully involved in planning the risk management process and be prepared to do so on a regular basis, at least once a year. They must make decisions about the priorities of the risk function and how to measure the results with Key Performance Indicators (KPIs).

Upon completion the planning phase, the risk management process must be transferred to the entire organization in the form of presentations and trainings. During this implementation phase, feedback from all levels of the organization should be gathered and the conclusions communicated to senior management for their review and action. Risk management must be aligned with the organization’s real business needs, culture and complexity of operations. If these are regulatory requirements, as is the case with financial institutions, the risk management process must implement and comply with them.

A key aspect of implementing the risk management process is clearly assigning responsibilities to employees in the organization. Employees need to know their roles and responsibilities, including elements related to risk management. Every employee, regardless of their level in the organizational structure, has a role to play in risk management and must be aware of this responsibility. Employees need to understand the impact they can have on the company's overall performance.

A simple example that every employee should be involved in risk management is compliance with safety rules in the workplace. If employees are not instructed, trained and made aware of the consequences for the company as well, they may not want to follow sometimes tiresome safety rules.

The higher an employee is in the organizational structure, the more threats he has to monitor and control. Tools and reports must reflect the level of responsibility. There should be reports adequate to the period covered, such as daily, weekly, monthly reports, etc. Additionally, reports covering specific parts of the operational process, department or risk that requires special monitoring. All of this must be properly engineered in the risk management process to provide management with meaningful information and help them achieve the company's goals.

A small business that is just starting out may use simple tools to begin with. A business plan is a good place to start risk management planning. Any investor who wants to invest in such a startup will want to understand the risks associated with the project. Therefore, founders should carefully analyze the risks associated with their business.

A SWOT analysis that stands for Strengths, Weaknesses, Opportunities and Threats is a good technique to start with risk management. However, this analysis should not end only with the list of risks in the SWOT analysis, but should be preceded by a comprehensive analysis of the impact that those risks may have and what the founders plan to do about it. It is important to describe the actual actions that are planned to mitigate the risks. Founders should also describe those risks that will remain in the project and whether they are covered by the risk appetite of the founders.

What is the risk appetite of founders and why can founders feel comfortable with this risk? If some of these risks are not fully mitigated and still pose a risk to the business, this is potentially an opportunity to seek outside help. Business consultants or investors with skills in these areas may be a good option to get extra help with risk management.