Risk
and manage risk
Conceptually,
risk is any uncertainty that may be harmful to the ability to successfully
implement the business
objectives of the enterprise. Businesses can identify potential
risks to manage them. Fully understood, risk management is a process of a comprehensive
review of the business operations to identify potential risks that may impact
adversely to the operational aspects of the business. Based on that, the
response solutions will be given corresponding to each risk. We can also
understand that the risk management process is a process that is organized in a
formal way and ongoing to determine, control and report the risks that can
affect the achievement of the business objectives of the enterprise.
Requirements
for operational risk management
To
ensure that risk management activities
are carried out as planned, the implementation must ensure the following
requirements:
•
Raising awareness about the risks as well as the ability to cope with risks
appropriately throughout the enterprise;
•
Formalize the process of risk management;
•
Develop unified risk management processes in the enterprise;
•
Transparency risks;
•
Including risk management process as part of the internal control system;
In
fact, well organized and efficient risk management activities will contribute
to add value to the enterprise, specifically:
•
Help improving operational efficiency and create competitive advantage;
•
Contribute to the allocation and efficient use of corporate resources;
•
Minimize errors in all aspects of business operations…
Recently,
with the powerful impact of high inflation rate and economic recession caused
by the global financial crisis to enterprises, people are concerning more about
risk management activities. Many experts believe that well organized and
effective operated risk management system will help businesses withstand and
overcome fluctuations.
However,
how to organize a complete risk management system is the fact that not many
businesses are well understood. The worrying thing is many businesses supposing
that with the use of insurance services, their businesses are making adequate
risk management. That is completely incorrect.
Risk
management policies and implementation
To establish
risk management systems, enterprises should start from the
development of risk management policy. This policy will define the approaching
and managing of risk. In addition, risk management policies will clearly
defined responsibilities for risk management throughout the enterprise to Board
of Directors; The subordinate units; Departments; Risk management department
(if any); the internal audit department – internal control. The implementation
of risk management activities should be tied to business
strategy, annual budget plan and the business cycle in the
enterprise.
Risk
Management Process
Basically, risk management
processes typically include basic steps such as: confirmation
of the business objectives, identify risks, description and classification of
risk, assessment and risk ratings, response planning development, reporting an
update on implementation, monitoring the process of implementation, review and
improvement of risk management processes. Details of some of the main steps in
the risk management process are as follows:
Confirmation
of business objectives
Risk
management activities are organized and implemented towards ensuring the
successful implementation of the enterprise objectives. Therefore, at the
begining the risk management process, the first task that business leaders need
to do is confirming the operational goals of the
business. This will be the base to ensure that risk management
activities are held in the right direction.
Identify
Risks
There
are many methods to identify risk. Each method has different advantages and
disadvantages. However, the following methods are considered using to determine
the risk:
- Organize risk assessment
workshop;
- Organize “Brain Attack”
meeting;
- Questionnaire;
- Audit and inspection;
- Based on industry norms;
- Situation analysis
In
fact, the method of determining risk that are used most in organizations is
organizing risk assessment workshop. Attending the workshop are the Board of
Directors and leaders of all departments. Members at the workshop will exchange
information to give a list of business risks. In many cases, the result of the
risk identification process is a long list of potential risks. However, this
should not be too worried, the implementation of the next steps of the risk
management process will help identify clearly the risks that are really the
great risk to enterprises.
Description
and classification of risk
After
identifying potential risks, the next step is to describe briefly but
specifically about the origin, cause, consequence and impact of each risks to
the enterprise.
Next,
we will implement the risk classification. There are many different types of
potential risks for enterprises. They can originate inside or outside the
enterprise. Based on the nature of the risk, they are many way to classify
risk. However, the most common way is to classify risk into 4 groups as
follows:
- Financial risk: interest rate,
exchange rate, credit source, cash flow and ability to pay…;
- Strategic risk: competition,
customer changes, industry changes, risks for research and development
activities, intellectual property…;
- Operational risk: the leaders,
corporate culture, violation of management rules, financial control,
information systems…;
- Dangerous risk: environmental
risks, supplier, natural disaster, risks for assets, contracts,
products and services…
The
classification of risks as above will help enterprises to manage risk in a
systematic way.
Assessment
and risk rating
Enterprise
resources are limited while the number of the risks is great. So, the next step
is to organize, evaluate and ranking risks according to priority level of
response. Enterprises will analyze, evaluate each risk according to two
criteria: the possibility of risk and the extent of the risks affecting the
business if happened. The risk that the businesses need to prioritize response
and prevent is the risk with high likelihood and degree of influence.
Develop
response plans
Develop
response plans is an important stage in the process of risk management. At this
stage, enterprise should given the preventive measures and specific control
should be taken to prevent and minimize damage if the risk occurs. There are 3
contents that must be determined for each specific risk when developing
response plans:
1. Measures
that should be implemented to prevent risks;
2. The
completion deadline for those measures;
3. The
person that responsible for managing that risk.
Monitoring
the implementation of measures
In
the process of implementation of response measures, businesses need to build a
system of reporting regularly to ensure strict control of the implementation
process. Enterprises also need to ensure that all shortcomings in the
implementation of risk control measures must be timely reporting to leaders.
At
the same time, business leaders must also build a culture of risk management to
every staffs in the enterprise. It is high time that the corporate governance
should seriously view the role of risk management activities, consider setting
up and maintaining a risk management
system in business. Practical experience shows that, once the risks
are forecasted, enterprises can fully develop and deploy effective response
plans for sustainable development.