Risk Management

What is Risk Management?

Risk management refers to practice of identifying potential risks in advance, analysing them and taking precautionary steps to minimise exposure to risk.
Faces difficulty in allocation resources - opportunity cost.

Types of Risk Facing Business:

Natural Disasters
Employee Error
Equipment Failure
Product Failures
Economic Factors
Legal Challenges
PR Failure
Supply Problems

\ Natural Disasters:

Volcanoes, flooding, storms

Employee Errors:

Errors that are caused by employees

Equipment Failure:

Equipment causes a risk by not working properly, causing a fault in what it’s meant to do.

Product Failure:

The end product poses a risk by failing.

Economic Factors:

Lack of finance can cause for businesses to go into administration, causing for the business to close.

Legal Challenges:

Legal challenges can cause a restriction on what businesses are able to do. It can be a risk to challenge the law or go against it e.g. result in heavy fines.

PR Failures:

Unethical acts of avoiding tax payments

Supply Problems:

Issues with suppliers can cause for risks, decrease in output.

Profitability of Risk:

All business activity involves an element of risk
Changing nature of business environment means risk is inevitable.
How a business manages their exposure to the risk that matters
Some risks are easy to predict and possible to calculate their impact - Quantifiable risk.

Risk Assessment Matrix

Quantifiable Risks:

Can be planned for and measure put in place to minimise upon a business.
When a risk can be measured it is usually possible to take out insurance to ensure a business can continue to operate even if the risk is happening.
E.g Financial Risks, Operational Risk, Strategic Risks, Compliance Risk

ISO 31000

Using ISO 31000 can help firms to improve the identification of risks and effectively and efficiently allocate resources for its management, so helping them to achieve their objectives.
Provides a serious guidelines that they can follow to manage exposure to risk.
As it is not compulsory firms can choose not to apply it.
Considers Key Aspects: * How to minimise a risk * Acceptable levels of risks when pursuing an opportunity. * Eliminating a source of risk * Sharing risk with another party

Risk Assessment Methods

Having identified, analysed and evaluated each risk and suggested a course of action to manage the risk, firm is able to create a risk register.
It records each risk, the profitability of risk occurring and their likely impact. In large firms, it is the job of the Risk Manager to minimise a businesses exposure to risk.

Vulnerability Mapping of Risk:

Preventative Measures of Firms:

One of the key roles as RM is implementing preventative policies within a business that minimises a firms exposure to the risk and enable a business to still function if the worst were to happen.
Such policies cannot remove the risk entirely
Preventative action is hard to apply to external risks as the business holds no direct control.

Insurable Risks:

For loss to be insurable, it must be: * Due to chance * Definite and measurable * Must be predictable * Loss cannot be catastrophic
Insurable risk meets the ideal criteria for efficient insurance. It is not so big or catastrophic that an insurance company is not able to pay out upon a claim.
Businesses pay insurance premiums to cover themselves against a variety of different types of tasks - any claims on these pushes up insurance costs.

Uninsurable Risks:

Non insurable risks are types of risks that the insurer is not ready to insure against simply because they likely future losses cannot be estimated and calculated.
e.g. consumer demand, floods, technological change

Contingency Planning:

Contingency plans are an agreed course of action that a business and its employees will adopt should things go wrong.
Constructed with the worst case scenarios in mind and are methodical documents that evaluate the impact of different risks in each of the four functional areas of marketing, finance, operation and HR.

Main Aims of Contingency Plans:

Contain and minimise the damage to a persons or property.
Allow the main operational functions of the business to continue

Contingency Plans Examples:

Flood
Fire
Death of Key Employee
Cyber Attack
Supplier Failure
Pressure group activity
Terror attack

Disasters and Stakeholder Impact:

Analysis of Contingency Plans:

✅ Reassure stakeholder that the firm is aware of risks and has a plan ready

✅ Managers have to spend less time ‘firefighting’ should a crisis occur as they have already have a planned out response.

✅ PR are better managed in a time of crisis

\ ❌ Takes up valuable time that can be spent elsewhere

❌ No guarantee that a plan will be effective

❌ Encourage inflexibility in how a crisis is dealt with.

❌ Plan needs constant updating as the business environments change

Other Contingency Strategies:

Insurance - ensure insurance cover is checked regularly
Contingency cash fund - Keep back a certain amount for an emergency
Alternative Productive Facilities - have alternative arrangement in place for the production in case of an emergency.

Crisis Management:

Process by which a business deals with an unexpected event that threatens to harm the business and its stakeholders.
3 Common Features to a Crisis: presents an immediate threat to survival, unexpected, decisions needs to be made quickly.
Differ between businesses but they all rely upon effective contingency plans to be in place.
Must be communicated to everyone so everyone knows what to do.
Senior management needs to lead to process of crisis manamgent and coordinate a firms response.

Evaluation:

Increase stakeholder trust and confidence
Reliable basis for effective decision making
Built in to corporate objectives

Impossible to identify all threats, often guesswork
Cost of prevention can be large
Can only be a short term solution