Managing Risks: A New Framework

Risk control is often a considered compliance problem that can be addressed by defining lots of rules to ensure everyone follows the rules. These regulations, however, can be sensible and help reduce risks that may seriously affect businesses. However, a rules-based risk management approach will neither decrease likelihood nor impact of a catastrophic catastrophe. The authors presented an overview of risk categories that helps the organization understand the qualitative differences in the kinds of risks they face.



Risk management

The process of locating, evaluating, and ranking possible threats to a company's assets and profits is known as risk management. Analyzing the possible effects of risks that have been discovered and devising management or mitigation solutions are steps in this process. Implementing safety protocols, buying insurance, and diversifying investments are a few basic risk management techniques. While reducing the potential negative effects of unanticipated events, effective risk management can assist organisations in achieving their goals and objectives.



Why risk is hard to talk about?


For a variety of reasons, talking about risk can be challenging. One factor is that it may be challenging to quantify and measure, which makes it challenging to evaluate and priorities. Furthermore, various people and organisations may have different perspectives on risk, which can result in arguments about how to manage it.

Another reason is that talking about risk can be unsettling since it highlights potential failures and undesirable results. Some individuals or organisations can be hesitant to talk about risk for fear of coming across as incompetent or unprepared.


Risk can be challenging to discuss since it may necessitate making challenging choices like decreasing spending, staffing, or changing corporate strategies. This could be especially difficult for firms that are already having trouble since it could add further stress and uncertainty.

Finally, risk management is a difficult topic that necessitates a particular amount of skill and understanding, which isn't always present inside a company.


Overall, risk management requires a mindset shift, an acceptance of uncertainty and an ability to have open and honest conversations about potential scenarios and their potential impact. This is not always easy, but it is necessary in order to make informed decisions and protect an organization's capital and earnings.



How do you manage risk?


Organizations can take a number of actions to efficiently manage risk, including:

Recognize risks: Recognizing potential risks is the first step in risk management. This can be accomplished using a variety of techniques, including brainstorming sessions, stakeholder interviews, and analyses of historical data.

Risks must be evaluated in terms of their likelihood and potential impact once they have been identified as potential risks. This will make it easier to decide which hazards should be handled first.

Create plans: Organizations must create strategies to control or reduce risks after identifying and evaluating the hazards. This can entail putting safety measures in place, getting insurance, or diversifying your money.

Implement and monitor: Once strategies have been developed, they must be implemented and monitored to ensure they are effective in managing or mitigating the identified risks.

Continuously review and update: Risk management is an ongoing process, so it's important to review and update the risk management plan regularly, taking into account new information, changes in the business environment, and new risks.

Communicate and involve key stakeholders: Risk management requires participation and engagement of all stakeholders, from employees to management and board, to be successful. Communicate the plan, the risks identified, and the strategies implemented to all stakeholders, and involve them in the process.

It's also crucial to keep in mind that there are various risk kinds, including operational, financial, strategic, and reputation risks, and that each one may call for a unique approach to risk management and risk reduction.



Process:-


A methodical strategy to detecting, evaluating, and managing possible risks to an organization's capital and profits is the risk management process. Usually, it entails the following actions:

  • Identification: Examine historical data, speak with stakeholders in person, and engage in brainstorming sessions to identify potential threats.
  • Analyze the possibility and potential consequences of the risks that have been identified. This will make it easier to decide which hazards should be handled first.
  • Evaluation: Examine the possible effects of suggested risk management techniques as well as the efficacy of current controls.
  • Treatment: Create and put into action plans to control or lessen the hazards that have been identified.
  • Monitoring and reviewing: To make sure the risk management strategy is still applicable and efficient, regularly check the efficiency of the risk management techniques.
  • Reporting and communication: Inform key stakeholders about the risk management strategy and its outcomes, and inform management or the governing body of the plan's success.


This cycle should be done frequently as new risks may materialist and the environment of the organisation changes.

It's also critical to remember that the risk management process should be adapted to the unique requirements and features of the company and should be in line with its overarching goals and strategies.



Risk management limitations and examples of failures



Risk management limitations include a lack of complete information, human biases and errors, and the complexity and dynamic nature of risks. Examples of failures in risk management include the 2008 financial crisis, the 2010 Deepwater Horizon oil spill, and the 2011 Fukushima nuclear disaster. In each of these cases, inadequate risk assessment and management contributed to the severity of the outcome. Additionally, the COVID-19 pandemic of 2020-2021 has highlighted the limitations of risk management in dealing with uncertain, highly disruptive events.




Other limitations of risk management include:

  • Limited resources and budget which may affect the scope and effectiveness of risk assessment and management activities.
  • Difficulty in accurately predicting and assessing low-probability, high-impact events, also known as "black swan" events.
  • Complex and interdependent risks, which can be difficult to identify and manage separately.
  • Limited ability to control and mitigate certain types of risks, such as natural disasters or global economic conditions.
  • Difficulty in measuring and evaluating the effectiveness of risk management activities.
  • Organizational culture and resistance to change can also hinder the implementation of effective risk management practices.




Failures in risk management examples include:

  • The collapse of major financial institutions and the ensuing global financial crisis in 2008 were partly caused by these organisations' poor risk assessment and management procedures.
  • The Fukushima nuclear tragedy of 2011 was brought on by an inadequate assessment of and preparation for the risk of a powerful earthquake and tsunami.
  • Inadequate risk assessment and management of the structure's structural integrity contributed to the 2013 collapse of the Rana Plaza factory in Bangladesh, which resulted in the deaths of over a thousand people.
  • Additionally, the COVID-19 pandemic of 2020–2021 has brought attention to the difficulties of risk management when dealing with hazy, extremely disruptive events.

Overall, risk management is a continual process that necessitates continuing observation and adjustment to changing conditions. It's crucial to keep in mind that risk management merely serves to lessen the effects of prospective failures rather than serving as a guarantee against failure.



Plan for managing risks


A risk management plan is a written document that describes a methodical approach to locating, evaluating, and minimizing potential risks to a project or organisation. The following components are frequently present:

  1. Risk identification is the process of locating potential threats to an organisation or project, such as internal and external threats to finances, operations, the law, and compliance.
  2. Analysis of the possibility and effects of hazards that have been found, together with ranking each risk according to its importance.
  3. In order to lessen the likelihood or impact of risks, plans and measures must be developed. Risk acceptance, risk transference, risk reduction, and risk avoidance are some examples of this.
  4. Monitoring and reviewing risks entails keeping an eye on the efficiency of risk management procedures as well as periodically analyzing and revising the risk management plan.
  5. Communication and reporting: This entails informing pertinent stakeholders about risks and providing updates on the progress of risk management initiatives.
Depending on the project or company, and the types of risks involved, a risk management plan's specific components will change. To make sure the strategy is current and useful, it must be periodically evaluated and updated.




Category II: Strategy risks

The undesirable outcomes that could possibly result from a company's strategic decisions or activities are referred to as strategy risks. Numerous things, such as shifting market dynamics, increased rivalry, and technological improvements, might contribute to these risks. Here are a few instances of strategy risks:

  1. Market entry risk is the danger that a business may fail when it enters a new market because of things like fierce competition or a lack of customers for its goods or services.
  2. Competitive risk: This refers to the possibility that a company's ability to compete will be harmed by events like shifting market dynamics or the entry of new rivals.
  3. Product/service risk: This is the chance that a business's goods or services won't be successful in the market as a result of things like a lack of consumer demand, technological issues, or greater competition.
  4. The chance that a company's merger or acquisition won't be successful is known as the "merger and acquisition risk." This risk arises from things like cultural differences, integration challenges, and regulatory barriers.
  5. Technological risk: This refers to the possibility that a business won't be able to take advantage of emerging technology or that its current technological capabilities will become dated.
  6. Reputation risk: This refers to the risk that a company's reputation will be damaged due to factors such as negative publicity, product recalls, or unethical business practices.

Managing strategy risks involves identifying and assessing them, and developing and implementing appropriate risk mitigation strategies. This can include diversifying the company's product or service offering, implementing risk management protocols, or investing in new technologies.



Risks vs. opportunities


Both opportunities and risks are equally important. Both terms refer to anticipated future occurrences or circumstances that might affect a project or an organisation. However, opportunities are good things that could produce advantages or benefits, whereas dangers are unfavourable happenings that could result in injury or loss.

As part of risk management, risks are discovered and evaluated. This process entails identifying potential risks, assessing their likelihood and impact, and creating plans to lessen or manage those risks. Risk management seeks to reduce risks' detrimental effects on an organisation or project.


Opportunities, on the other hand, are identified and evaluated as part of opportunity management. This process involves identifying potential opportunities, evaluating the potential benefits and costs of those opportunities, and developing strategies to capitalize on those opportunities. The goal of opportunity management is to maximize the positive impact of opportunities on the organization or project.

Risks and opportunities are closely related, as risks can also be opportunities in disguise. For example, a new market entry could be a risk but also could be an opportunity to grow the business. Therefore it is important to identify and evaluate both risks and opportunities as part of a comprehensive risk and opportunity management program.


Potential risk treatments



There are several potential treatments for risks, including:

Risk avoidance: This involves eliminating or avoiding the risk altogether by not engaging in the activity or decision that would lead to the risk.

  • Risk reduction: This involves taking steps to reduce the likelihood or impact of a risk. This can include implementing safety procedures, purchasing insurance, or implementing quality control measures.
  • Risk transference: This involves transferring the risk to another party, such as through contracts or insurance policies.
  • Accepting the risk entails creating a strategy for handling it should it materialise. This can entail putting together a backup plan or saving money to take care of the danger.
  • Risk sharing: This entails dividing the risk among-st several parties, either through partnerships or joint ventures.
  • Risk enhancement entails utilizing the risk by putting money at risk to provide an opportunity.


The specific risk and the organization's risk management strategy will determine the risk treatment option to be used. Some situations might call for a combination of therapies, such as lowering the possibility of a risk while simultaneously accepting it and coming up with a strategy for handling it if it materialists.