Risk is Uncertainty
Risk is associated with the chance of unknown events occurring that can or might have either a positive or negative impact on an entity relative to achieving its objectives. It boils down to uncertainty about what is or might happen. Uncertainty is reality and it is something that every entity needs to manage and minimize. Value is optimized and created when management teams are able to establish vision and strategy and then set appropriate objectives to create a balance that effectively spreads and deploys resources. Enterprise risk management (ERM) boils down to determining how much uncertainty the entity is willing to accept and then instituting steps to mitigate the risks.
Risk and Strategy
Risk management begins with a strategy, since the establishment of objectives will be developed with full consideration of both risks and opportunities. Strategy in effect is a component of risk management. The overall entity-wide strategy will be crafted relative to the vision of management. From this platform, management will think about risks associated with alternative strategies and value propositions. There can be any number of strategies depending upon the industry and market position occupied by a company. Consideration of markets, products, acquisitions, market share, cost optimization, and alignment of the value chain will create a wide range of risks and potential opportunities. I apply risk management methodologies in the evaluation of strategic options and the setting of appropriate objectives in my work with clients. Here are the eight components of risk management that we utilize.
8 Components of Risk Management
1. Internal Environment
The internal environment represents the philosophical fiber of the entity setting the tone for dealing with risk and establishes risk appetite. “Tone at the top” will determine the composition of the people within the organization and establish the environmental parameters of how the company operates and runs the business.
2. Objective Setting
Objective setting is critical because the entire process is driven through establishing objectives across the enterprise to match the entity’s strategic mission consistent with its appetite for risk. Any risk management process needs to identify the internal and external events with a potential to have an impact on the business.
3. Event Identification
Identifying the events prior to occurrence represents half the battle in preventing occurrence.
4. Risk Response
When events have been identified it then becomes possible to take appropriate action in response to their occurrence. This component is risk response.
5. Risk Assessment
Risk assessment deals with identifying potential risks in order to establish a basis for managing them. Both inherent and residual risks are considered together with their potential impact relative to entity-wide objectives.
6. Control Activities
Control activities represent all the processes, policies, and procedures that have been established and instituted to ensure effective response to risks.
7. Information and Communication
Information and communication represents all the information gathered and used by the entity to monitor and manage risk. Communication relates to the way information flows throughout the entity so that employees understand their roles, responsibilities, and conduct business.
8. Monitoring
Monitoring is how the entity digests business from all points within and outside the organization. Ongoing monitoring enables management to track activities and identify potential risks. Management will also conduct separate evaluations to assess potential risks and in reality will usually employ a combination of both ongoing and separate evaluations to manage risk.
If you need assistance in evaluating your strategic choices and implementing a risk management program give me a call.