Risk management has become an indispensable component of modern business development strategies. No business plan will be accepted without a chapter detailing possible risks and how to manage them.
But first you need to identify the risks. How this is done will determine the overall success of managing uncertainty.
Uncertainty in the modern economy
Uncertainty in our context is the absence or lack of information about future events. It is always present in economic activity, influencing many economic processes. Uncertainty is expressed in terms of risk.
Business is impossible without the inherent uncertainty of the future. New technologies, reforms, high competition, innovations - all this is impossible without probable failures. Increased risk is a subscription to the world of free enterprise.
Economic threats are formed as a result of a wide variety of factors. competitors, suppliers,public opinion, government decisions, sanctions, employees themselves - all actors are potential carriers of dangers that are difficult to predict.
Risks and portfolio theory
Over the past hundred years, a solid body of economic research has been formed on risks in the securities markets, insurance, finance and other business areas. Thanks to them, the portfolio approach theory appeared in the business world.
This most interesting theory allows you to link the identification of dangers and threats into a single whole with portfolio management. The main idea of the theory concerns the ratio of risk and income: it can be calculated and fixed in a numerical value. According to the portfolio approach, the investor should receive full compensation for the accepted possible threats. Company-specific risks (inherent only to it) are best minimized or completely eliminated. In this case, the profitability of the investment portfolio will depend only on the state of the market.
One way or another, risk identification and management is one of the key topics of modern business in all its manifestations.
Definitions and classifications
The concept of risk does not only apply to the economic sphere. They are operated by psychologists, philosophers and other humanitarians. And this means an exceptional variety of cumbersome formulations in various sources. Therefore, it is better to define risk identification and risk itself.
Risk is an uncertain but possible event that may occur inany area of human life. Such events are a highly variable category. They reflect any changes in their outcomes, probabilities and consequences.
Risk identification is the identification of possible negative cases that can affect the business. Without this element, further work on business sustainability is impossible.
The risk identification process is divided into two steps:
- A company that has not done this before begins with the initial search and identification of external and internal threats. This also applies to new projects or firms.
- Permanent risk identification - periodic revision of the existing list to correct old features and add new ones.
In general, risk management is a coherent and logical process. The action chain consists of the following links:
- hazard and risk identification;
- their analysis and evaluation;
- minimize or eliminate factors;
- evaluating the effectiveness of interventions;
The last stage of the process smoothly transitions to its beginning. Any evaluation of the work done should lead to revisions and adjustments of actions before the next cycle. This fully applies to the new cycle of risk identification after assessing the effectiveness of measures to minimize them.
The responses to significant risk are as follows:
- risk minimization;
- its liquidation;
- risk sharing.
This is a set of actions that starts withrisk identification. Risk analysis and measures to reduce or eliminate the possibility of their implementation are started at the second stage. It is clear that measures are taken in relation to only those factors that may adversely affect the success of the business.
Ignoring the control of possible threats can lead the company to serious losses. Modern business is merciless to those who do not know how to think about tomorrow.
The key to success has always been early identification of risks. These words are easy to write down on paper, but very difficult to put into practice. The search and identification of weak links is impossible without the participation of personnel at all levels. And employees more often prefer not to talk about any mistakes, misconduct and other incidents at work.
Therefore, the main concern of management is to create an atmosphere of trust for open discussion of the company's problems without fear of being punished. If such conditions are created, the identification and assessment of risks will be the most complete, which will guarantee their successful management.
Risk identification methods: who? where? when?
The main thing is to know and remember that no one will give you a universal recipe for identifying risk factors. Because by definition it cannot be.
You can search, remember and identify possible threats anywhere and anytime. Founders, top managers, ordinary employees, consultants - anyone can deal with the identification of enterprise risks. Search sources can be anything: internal, external by industry,insiders from competitors, global from world news.
The art of identifying hazards and risks in a huge amount of information lies in the ability to select only cases that are significant for the company. Then it will be possible to start their analysis and evaluation.
Methods for identifying risks can be fundamentally different from each other. The choice of method depends on the company, taking into account its profile, the specifics of the place, time and many other factors.
The most common methods include brainstorming, Delphi, SWOT analysis, checklists, and flow charting. Some of them are pure facilitation methods, some are analytical work.
Brainstorming: remember everything
This method works great if the goals of the collaboration are clearly defined. This is a team work with the help of facilitation - a special technology for effective group activity. Brainstorming can do wonders. It is especially good for forming a long list of something (in our case, risks and dangers) and then grouping and structuring the items.
If the discussion is structured correctly, its result is a list without a single superfluous paragraph or word. The important thing is that the team becomes proud of the final list of risks: this is a real collective product. And this means involving employees in further work with corporate risks and dangers.
The most important advantage of brainstorming as a method is the collective significance of the result.
The peculiarity and main advantage of this method is a great opportunity to get unbiased answers from all participants, to avoid the influence of authoritative points of view. It's all about the anonymity of the handed out questionnaires.
The technology of working with a group consists in anonymous filling out questionnaires, which are then collected, processed and distributed to neighbors for review. After that, adjustments are made to the questionnaires of the initial answers, which most often appear after getting acquainted with the opinions of colleagues. This action can be repeated several times until a consensus is reached.
The choice of facilitation method depends on the range of questions that need to be answered. If brainstorming is great for finding and identifying a whole array of all kinds of dangers (a large amount of well-structured information), then the Delphi method is optimal for determining, for example, priority risk groups.
SWOT-analysis is not a special method in risk management. But this competitive analysis technology works great for identifying them.
Threats in the external environment and weaknesses of the company, identified in the SWOT analysis, are inherently risk factors.
Weaknesses refer to internal factors. This may be the low qualification of some of the staff, the lack of the necessary software, or frequent conflicts between certain departments. Such factors fit well into the risk matrix with very real ways to minimize them.
With foreign threatsenvironments are much more difficult to work with. They do not fall under the control of the company's management in any way and are associated with political, environmental, social and other areas. This alone greatly increases the need for a SWOT analysis.
The method is more suitable for those who are not the first time collecting information on corporate risks. Checklists are lists of all possible threats to the company identified in past sessions or projects. The task is to revise and make adjustments taking into account changed external or internal factors.
The checklist method should not be used as the main method, it is good as an auxiliary one.
Flowchart construction method
If a company uses a process approach with built-in chains of flowcharts of main and auxiliary processes, then it will be very easy to identify risks with their help. A well-written sequence of actions always helps to find weak links or uncertainties in decisions.
Visual illustrations show all relationships within the company related to product analysis, sales, management decisions, software, etc.
Domino effect and new digital risks
The expansion of transnational corporations and the globalization of international business have brought major changes to the dynamics of economic development and, accordingly, completely new types of threats. One characteristic of these risks is the so-called domino effect.
Complex cross-industry financial and industrial corporate ties make it impossible for an isolated economic collapse of one company, a series of bankruptcies in affiliated and business-related organizations is sure to follow.
The digital revolution has brought with it specific challenges related to IT threats. Methods for identifying risks associated with the IT sector are completely different. Digital security specialists are needed here, general brainstorming will no longer help.
Three strategies for dealing with identified risks
As part of the risk management process, after their identification and analysis, the most important stage of their corporate “refining” follows. Decisions can be completely different, but all options can be divided into three types of strategies:
- "Avoid any risk" is a strategy that occurs more often than we would like. Stagnation and stagnation are the results of companies whose management refuses to engage in new initiatives if they carry even the slightest amount of risk. Waiting on the sidelines today will not work: the changeable external environment does not tolerate such behavior.
- Risks are monitored and taken for granted. Such a policy leads to fluctuations in the efficiency and profitability of the company, depending on the implementation of hazards and their negative impact on the business.
- Risk management. In this case, companies clearly follow the chain of actions from the search for possible weak links to the development and implementation of measures to manage them.
Dealing with consequenceseconomic uncertainty cannot be neglected: these are the realities of today. The more efficiently it is carried out, the more sustainable the business will be.