Forward-Looking Risk Management
Advice on Risk Management tends to be general because each company faces specific risks. However, adopting a passive stance, only adhering to legal requirements and avoiding financial losses, leads to deficient Risk Management. In this case, you won't be able to handle risks fast enough, irrespective of your sector.
What is Risk Management?
Risk Management is a process in which a company identifies, analyses, and prevents potential risks to safeguard its resources and enable the accomplishment of its goals.
This means that you should be aware of the risks and have strategies to handle them, which reduces the probability and impact of unwanted events, known as deviations. Consider a risk as a place and situation where a threat and weakness intersect.
Risk Management in Practice
Before initiating the process, it's crucial to determine the scope for risk analysis and identify those who should and can participate in the work. You should also assess the risk by considering the likelihood of its occurrence and the consequence if the risk becomes a reality.
Minimise your risks by having an action plan and monitoring the effect and outcome of the executed plan. Did it work out as you intended?
What is a Deviation?
Deviations are anything that does not happen as planned or expected. A deviation is something that has occurred. A risk is something that could occur. It is possible to view deviations as your company's evolution and all deviations are good deviations linked to continuous improvement.
It's about going beyond merely solving problems. It's about ensuring that the event does not occur again.
An Example of Deviation Management
You get a puncture on your bicycle and fix the inner tube by sealing the puncture and reattaching the tyre. You believe the problem is solved, but Deviation Management involves taking the "problem" further in the process. The next step is to analyse the cause of the problem:
The cause of the problem, the puncture, was shattered glass over which you cycled on the driveway to your house. With this knowledge, you now can make a decision and a corrective action: An action you take to prevent the event from happening again.
The Comprehensive Framework of Risk Management
A larger and systematic approach to your strategy helps you see risks in the long term and in relation to your organisation, market, and industry peers.
Your Strategic Planning is superior to your Risk Management, but it can include Risk Management. If nothing else, on an operational level. You benefit from an active continuous evaluation of where you are heading (Goal Management) and active work with resource allocation where you see the risks are greatest.
Quality Management and GRC
Good Quality Management and GRC help you to respond to, measure, control, curb, and inform about risks. Even on an operational level. There's a clear symbiosis between Risk Management, GRC, and quality work.
Stress Testing and Follow-up
Engage the Business Area Manager and a couple of well-informed Controllers for stress testing if you're uncertain about risks or the management of risks within, for instance, a business area. Evaluate retrospectively.
Follow-up and analysis should be part of your general Risk Management, but sometimes you also want to be able to put your finger on something specific that you believe isn't working as it should. Then, more targeted tests and evaluations are important.
Having the right prerequisites to steer and adapt the operations smoothly is at least as important as the risk analysis itself. For, if you don't have the ability to change and adapt in relation to the risks, you cannot act. Therefore, make sure you keep track of your planning processes and that it's quick to change course when necessary.
Ethics and Sustainability
We are in a paradigm shift regarding ethics and sustainability. The UN's global goals, companies going bankrupt due to image issues, and legal requirements for sustainability reporting (since 2017) have made this topical. Here, in your organisation's internal and external reputation, many risks reside – keep an eye out and act proactively.
Why is Risk Management important?
Everything from cyber-attacks to resource shortages can throw your operations off course or into bankruptcy. According to a survey by McKinsey, boards spend 9 percent of their time managing risks, but only 6 percent of surveyed board members believe that their companies effectively manage risks.
"The ability to visualise risks and analyse them with financial tools can make a big difference in the impact risk management has – here many companies lag behind. The tools should include models that make it possible to illustrate the company's risk picture in its entirety, and how they are affected by the management team's own decisions. One of the absolute biggest drivers of risk, is the company's strategic and financial decision-making – but this dimension is completely outside the risk maps that companies tend to settle for today."
"In reality, it's often about ticking boxes and living up to external expectations with the least possible effort," says Håkan Jankensgård, associate professor at the School of Economics at Lund University and author of Empowered Enterprise Risk Management: Theory and Practice.
Risk Management overlaps issues such as corporate codes, ethical policies, sustainability work, internal and external audits. But risks are rarely handled here.
Do you want to create value and be adaptable when it comes to risks – and do you want to more clearly show the board that the Risk Management is working?
10-minute video demo of Hypergenes solution: