Chapter 12 - Risk Management PDF

Summary

This document covers various aspects of risk management in business, including introduction, types of risk, and strategic planning. It discusses risk profile, risk culture, and several other relevant concepts related to managing business risks.

Full Transcript

CHAPTER 12-
RISK
MANAGEMENT
INTRODUCTION

The world of business does not offer guarantees that specific outcomes will be
achieved because of the high degree of uncertainty linked to:
The economy of the country: Will there be economic growth or a recession?
The economy on a global level: International events affecting business in SA.
Political developments: Corrupt government officials and state capture.
Technological advancements: Ongoing technological developments leading to
automation.
Changes in legislation: Impacts like BEE and UIF.
Changes in consumer demands: Customers moving towards healthier food
options.
Taking risks is a natural part of business, however, the entrepreneur
or manager should be aware and actively plan for the variety of risks
that exist as part of the everyday business operation and decisions
that are taken.

Risk management can be defined as analyzing the profitability of an
event taking place and then proactive planning to minimize the
possible negative impact of the event on the business. A business
also wants to look at events that might have a positive outcome and
then plan to capitalize on this.

Risks can be seen in several ways:
Risk is a mere uncertainty
Risk as a threat
Risk as an opportunity
R I S K A N D S T R AT E G I C M A N A G E M E N T

The objective of risk management is to ensure a balance between
opportunities and threats. Risk management should be integrated into
strategic planning.
Strategic planning refers to the formulating of the business’ vision, mission,
and value statement, organizational structure, as well as the goals and
objectives.
The business operations include aspects such as implementing policies,
managing processes, monitoring and controlling daily activities, and satisfying
the needs of customers to ensure profitability.
Risk management is implemented to ensure the strategic plan and business
operations are aligned.
 Strategy:
(vision, mission, value
statement, organizational
structure, goals and
objectives)

Risk management:
The alignment between
business strategy and business
operations

Business operations:
Implementing policies,
managing processes,
monitoring and controlling
daily activities
RISK MANAGEMENT IN PRACTICE

The way a business views risk is influenced by a business risk profile and risk culture.

RISK PROFILE:
Refers to the degree that a business is willing to accept risks in pursuit of creating value or to achieve
business goals.
The risk profile is directly related to the strategy of the business. Any business should try to achieve a
balance between business growth, possible returns, and risks.

RISK CULTURE:
Described as shared attitudes and practices in the business. In a similar manner, the risk culture of the
business refers to the collective attitude in the business accepting risks.
The risk culture within a business is the result of businesses is the result of business practices such as
results for risk-taking or risk avoiding behavior.
 Operational
risks

Reputation Country
al risks risks

TYPES OF Types
RISKS of
risks
Strategic Environmen
risks tal risks

Financial
risks
OPERATIONAL RISKS: COUNTRY RISKS:
The risks associated with the The risks associated with
internal operations of the operating/locating the
business may include risks business in a particular
that involve: country centers around:
Systems/processes Political events
Organizational structures Economic conditions
People Regulatory stability/instability
(management/employees) within a country
Product development
Data storage and security
ENVIRONMENTAL RISKS: FINANCIAL RISKS:
Could be physical environmental risks or
Associated with the financial
business environment risks.
PHYSICAL ENVIRONMENTAL RISKS: operations of a business.
Flooding or droughts leading to problems Credit risk: debtors not paying
with retaining raw materials.
Fluctuations in the exchange rates
Traffic in the area makes it difficult to
reach a business.
when importing and exporting
Risk associated with a particular location, Interest rate increases
e.g., high crime rates. Solvency risks
BUSINESS ENVIRONMENT RISKS:
Factors that could have a negative
Socio-economic factors such as
unemployment. impact on the cash flow of the
Technological development leading to business, i.e., bad debt, investment
obsolete equipment. in incorrect stock and expenses not
Level of competition in the industry, correctly managed.
potential new entrants or businesses
offering substitute products.
REPUTATIONAL RISKS: STRATEGIC RISKS:
Damage to the business’s Strategic risks are risks that are
reputation as a result of associated with the overall
formulation and implementation
business practice such as:
of the strategy of the business.
Customer complaints on
This could include:
social media
A poorly formulated or
Business causing
communicated vision, mission,
environmental damage
and value statement.
Business conducting business Unrealistic goals and an
with other unethical unsuitable organization
businesses structure could also present
problems to the business.
MANAGING RISKS
It is important that risk management is seen as a holistic mechanism across various
levels of management and all the business functions. Due to the integrated nature of
operations and management decisions on all levels, it will impact the entire business.
It is important that a business assesses the type of risk they are dealing with to
understand the potential impact. Once the business has determined the potential
impact of the risk, it has to develop strategies to deal with the risk. This is done by:
Capitalizing on strengths
Addressing weaknesses
Exploiting competitor’s weaknesses

Four steps in managing business risks:

RISK MANAGEMENT
Risk Assessment Risk Management Risk Response Risk Reporting
Policy
RISK ASSESSMENT

Three steps:
STEP 1: IDENTIFICATION OF THE RISK:
Look at areas of uncertainty in business environments. During the
process of risk identification, a methodical approach is important
to ensure all significant activities in the business have been
identified and all risks flowing from these activities are identified.
A business may use a variety of methods to identify risks, these
include:
 RISK WORKSHOPS: STAKEHOLDER CONSULTATIONS:
These workshops could be internal or If a third party has been identified as
external being involved with a situation that may
be a risk factor, information has to be
obtained via a consultation.

BENCHMARKING: SCENARIO PLANNING (WHAT IF):
It may be useful to look at best practice Business simulations are handy tools to
regarding certain risks in the industry look at “what if”, the possible outcome,
and to plan how to handle the situation
should it arise in the future.

AUDITING: SURVEYS:
Both internal and external auditors have A survey could assist the business in
the responsibility to identify risks. There identifying risks by asking questions to
could also be an audit to determine if the relevant internal/external parties.
business dealt with the risk effectively.
STEP 2: DESCRIPTION OF THE RISK:
Once the risk factors have been identified, they need to be
described in sufficient detail to ensure all relevant parties
understand the risk issues and their origins.

STEP 3: ESTIMATION OF THE IMPACT OF THE RISK:
Helps the business to assess the impact of each risk. Assessing the
impact of each riskPros
factor, can be done by using tools such as:
and Cons
chart
Cost/Risk
ESTIMATION

Benefit
TOOLS

Analysis
Decision Trees

PESTLE

SWOT
Once the risk factor's impact on the business has been estimated, it should
be plotted on the Estimation Matrix.
Low probability: Low impact
These are the issues that the business is most likely to ignore because the
chances of the event taking place are low, and even if it does happen the
impact will not be serious.
High probability: Low impact
If the possible impact on the business is low, it may not be crucial to
address the risk, even though the event’s probability is high.
Low probability: High impact
The events taking place’s chances are small but may have a big impact.
The business will probably not invest major resources to prevent this risk
but once it happens it will require immediate and serious attention from the
business.
High probability: High impact
Although it may not be possible this is the risk that the business will try to
avoid at all cost because the impact on the business will be serious.
 ESTIMATION MATRIX
High probability High probability
Low impact High impact
Low probability Low probability
Low impact High impact
RISK MANAGEMENT POLICY

The second step of risk management is to ensure a
comprehensive policy that is:
Drafted (developed in writing)
Communicated to all relevant parties
Implemented in the business
This will enable the business to respond to risks that have
been identified and prioritized.
RISK RESPONSE

Third step in risk management. When referring to the estimation matrix
risks can be:
Avoided
Reduced
Accepted but carefully managed
Choosing a suitable risk response involves developing a risk plan that
considers all opportunity cost and consequences. It is important that
the risk response is monitored on an ongoing basis to determine the
effectiveness of the risk response and adapt to possible changes in
level of risk.
RISK AVOIDANCE:
Action is taken to prevent or limit the activities leading to risk. This
could include not entering into a specific geographical market.

RISK REDUCTION:
Action is taken to limit the possibility of the risk occurring and to
mitigate the impact of the risk. This is usually done by implementing
strict control mechanisms.

RISK ACCEPTANCE:
No action is taken to stop the risk or limit the impact. This may be
because it will require more resources than what is seen as viable or
when there is simply nothing that can be done as it is totally outside
the scope of the control of the business.
RISK REPORTING

Fourth step in risk management involves reporting to relevant
stakeholders.
Two areas
of risk
reporting

Reporting Reporting
to internal to external
stakeholde stakeholde
rs rs
 Reporting to internal Reporting to external
stakeholders involves reporting stakeholders has increasingly
risk management information been under the spotlight
through Corporate Governance
to people who are involved in
efforts.
decision-making or
An example could be when BP
performance reviews.
had an oil spill and how the
An example could be informing business is planning to resolve
all internal stakeholders about this issue. Of course, it is only
safety procedures in the prudent that the business
business in case of possible provides details on how they
risks (making the business will avoid the risk moving
OHS- compliant). forward.