Risk Management 101: The Art of Crystal Ball Gazing

Risk Management 101: The Art of Crystal Ball Gazing

What Should Risk Mean to me?

Risk is the potential for some form of loss or harm, that might arise from a broad range of internal or external factors.  Common examples include unexpected changes to markets (e.g. tariffs), legal obligations (e.g. financial penalties imposed due to failure to meet client requirements), operational disruptions brought about by natural disasters, or financial challenges (e.g. delinquent payments from customers, rapid fluctuations of material costs).

Every organization, whether for profit or not, small or large, irrespective of industry or focus, will face risk on a daily basis.  The difference between failure and success will often depend on the organization’s ability to understand and manage these risks effectively, and in a timely manner.  According to The World Bank, about 70% of small and medium-sized enterprises globally were significantly impacted by the pandemic, with many facing permanent closure.

Risk should play a key role in decision-making across businesses and organizations. With small businesses, given limited resources, risk is often viewed as a challenge to be navigated carefully, to ensure survival.  With larger organizations, while risk is as critical, there are often many different dimensions to consider and manage, e.g. while financial loss is important, damage to a company’s brand could catastrophic.

Regardless of business or organization size, risk has a significant impact on strategic decisions, operational processes, and financial health of the organization, and therefore must be a key part of any business owner’s and organizational leader’s focus.

 

What Role does Risk Management play?

A 2020 survey by Aon found that only 53% of companies globally had formal risk management frameworks in place before the pandemic. In the aftermath of COVID-19, 94% of companies acknowledged the need to bolster their risk management strategies.

Risk management is the process of identifying risks that could impact the organization, analysing the importance of the risks, assessing the level of harm the risks might cause, and determining the level of effort required to minimize or control the risks. The ultimate goal of risk management is to safeguard the organization’s assets, ensure continuity, and protect the long-term financial health of the business.

Risk management is therefore a vital function that not only helps organizations protect from potential harm, but also ensures a more resilient culture, and therefore more sustainable organization. It plays a key role in ensuring that a company can continue to operate effectively, even in the face of unforeseen challenges, make better strategic decisions, and leverage opportunities while minimizing exposure to threats.

Without risk management, companies are more vulnerable to disruptions and may miss opportunities for growth.

 

Risk Management vs. Health & Safety?.

While there are strong similarities, it is important not to confuse health & safety management with risk management.  Health & safety management, aside from being a regulated obligation for every employer, is designed to protect employees from ‘health risk’ – i.e. their safety & wellbeing.  Risk management covers a very broad array of potential risk & threats to an organization’s overall stability and success, such as financial, operational, or reputational.

 

What are the Key Steps to Risk Management?

A good risk management process will address the following steps:

1. Risk Identification:  The first step is identifying all the potential risks that could impact the business or organization. This can involve looking at customers & market trends to identify potential shifts & changes, reviewing internal processes to identify gaps or flaws, better understanding external factors (such as economic, regulatory, environmental, etc.), and teams brainstorming ‘what if’ scenarios.  All risks identified must then be documented, with as much detail as possible – this is the start of an organisation’s ‘Risk Register’.
2. Risk Assessment:   It is important to understand that all the identified risks are not equal – some will be more important in ‘normal times’, while others become important under specific conditions.  Therefore, once all the risks are identified, they need to be measured and understood.  This is done by determining how likely each risk is to happen and how significant the impact could be. This allows business owners and organizational leaders to determine which risks are ‘more important’, and therefore crucially, where to place their focus, efforts and (often limited) capital.  I.E. once you understand your risks, you can prioritize their importance against each other, and prioritize your spending.
3. Risk Mitigation: Once the risks are prioritized, decisions need to be made about how the ‘higher priority’ risks should be managed, either by minimizing or eliminating them. This can involve a range of solutions, from pro-active measures such as back-up solutions for IT & multiple suppliers for key materials, through to more reactive measures such as insurance.  I.E.  business owners & organizational leaders need to determine the risks they can afford to manage, and those they are willing to accept.
4. Monitoring & Review:   Risk management is an ongoing process.  It is crucial to remember that we live, and work, in an ever-changing world.  Therefore, risks of low importance now, can very quickly move up the prioritization level under different conditions.  A key example of this is the damage the COVID pandemic created to global supply-chains, which had been viewed as robust & efficient before the pandemic.  Therefore, regular monitoring and reviewing of the risks is crucial to ensure that strategies in place remain effective and relevant.  I.E.  business owners & organizational leaders must continually ask themselves, “are we doing enough to manage our risks, given current & predicted future conditions?”

 

Common Reasons for Risk Management Failures

Some common reasons include:

• Lack of Understanding:  Risk management is often overlooked or misunderstood by decision-makers, particularly in small businesses where owners focus on day-to-day operations, often resulting in minimal effort and capital put into managing risks.
• Inadequate Resources:  Insufficient allocation of time, budget, or personnel to implement effective risk management strategies can lead to flaws and gaps, where serious risks can fall through the cracks.
• Failure Monitor Risks:  Risk management is often seen as a one-time task, where time, focus and attention is placed on creating the ‘risk plan’, rather than an ongoing process, leading to outdated plans and overlooked risks.
• Complacency:  Assumptions that past successes or a stable environment will continue, leading to a false sense of security and neglect changing or emerging risks.

 

About the Author

Raiyo Nariman is a Kiwi based in Asia and working across the region, with over 25-years of commercial leadership experience.  Raiyo has created, built and led numerous businesses, growing them across multiple Asian markets, in both entrepreneurial & intrapreneurial capacities, as CEO, MD, Director & investor/shareholder.  He has invested, established and led businesses in New Zealand, Hong Kong, Malaysia, Singapore, while servicing clients and engaging strategic partners globally.

Within the arena of risk management, Raiyo has delivered training engagements for governance, leadership and management, in both private and public sectors, for over two-decades.  Raiyo has also delivered numerous advisory engagements for clients seeking to enhance their risk management practices, including the design, development & implementation of organisational-wide risk management frameworks & processes.  Clients have included some of New Zealand’s largest private companies, and government agencies responsible for taxation, land management, national infrastructure, research and innovation, education, and social services.