|Risk||Ideation||About Tony Gimple||What People Say|
|Assignments||Information & Links||Events||
Risk management is the process of identifying, quantifying, and managing the risks that an organisation faces. As business outcomes are uncertain, they have some element of risk that can include strategic failures, operational failures, financial failures, market disruptions, environmental disasters, and regulatory violations.
While it is impossible to remove all risk, it is important that businesses properly understand and manage the risks that they are willing to accept in the context of their overall corporate strategy. Most people seek to transfer risk by buying insurance. Yet, according to PwC and MacTavish, ‘Corporate Risk & Insurance - the case for placement reform’, there are major flaws in how insurance is arranged, which poses a real threat to UK firms far greater than almost any business currently recognises.
Business risk is the amalgam of all internal and external risk factors, both upside and downside, which impact upon the profitability and value creation of an enterprise. It is comprised of four main elements: -
Strategic Risk - the risk of missed opportunities
Financial Risk - managing exposures and controlling volatilities
Operational Risk - the risks inherent in the processes of managing the business
Hazard Risk - the risk of losing access to the resources utilised by the business
Strategy goes beyond pure business planning and considers a breadth of issues. Formulating a business strategy requires an understanding of the market it is competing in, where it sits relative to its competitors and how it will compete with and outperform its rivals.
It is also the risk to earnings or capital arising from adverse business decisions or improper implementation of those decisions. This risk is a function of the compatibility between an organisation’s strategic goals, the business strategies developed to achieve those goals, the resources deployed against these goals and, most importantly, the quality of implementation.
The resources needed to carry out business strategies are both tangible and intangible. They include communication channels, operating systems, delivery networks and managerial capacities and capabilities. The definition of strategic risk focuses on more than an analysis of the written strategic plan. Its focus is on how plans, systems and implementation affect the business value and how management analyses external factors that impact the strategic direction of the business.
Examples of Strategic Risk might be:-
Financial risk management is a business process that helps a business to avoid losses brought about by changes in financial product prices or business partner (customers, suppliers, and distributors) defaults. Financial risk management tools typically use mathematical and statistical formulas to identify, assess and control risks, and focus primarily on market and credit risks. The management process includes all mechanisms and policies that a business puts into place to avoid, limit and remediate losses due to market risk or business partner defaults.
The two major elements of financial risk are market risk and credit risk.
Market risk is the risk of loss that may arise if security prices vary. For example, Company B, a beer distribution company, owns £1.5 million worth of stock in its short-term portfolio. After three months, the portfolio's value fell to £1 million. The loss of £500,000 is due to market risk because security prices in the portfolio dropped.
Credit risk is the risk of loss that arises when a business partner is unable to pay its debt. For example, Company B may lose if a major customer (who owes £1 million) then files for bankruptcy.
Financial risk management activities benefit businesses because they help to prevent major losses. A company may need to make investments in financial risk management in the short term, but future benefits almost always exceed initial costs. A company also may need to hire or engage financial risk management specialists to ensure that they understand the latest tools and methodologies used in managing financial risks.
Operational risk is, as its name suggests, a risk arising from the execution of an enterprises’ business functions within a given field or industry. It is a very broad concept that focuses on the risks arising from the people, systems and processes through which a business operates. It also includes other categories such as fraud risks, legal risks, physical or environmental risks.
Operational risk is the risk that is not inherent in financial, systematic or market-wide risk. It is the risk remaining after determining financing and systematic risk, and includes risks resulting from breakdowns in internal procedures, people, systems, controls, operations or procedures.
Operational risk management should comprise of a framework for risk management which identifies particular events or circumstances relevant to the business's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, and determining a response strategy and monitoring progress to protect and create value for the business’s owners, employees, suppliers and customers. For example, it should include analysis of:-
Hazard Risk is the risk of losing access to the resources utilised by the business, such as heat, cooling, fuel, telecommunications, IT, raw materials etc.. Other resources such as people, external suppliers, the supply chain as a whole, distributors, customers and the market could also be classified as being a ‘hazard risk’.
These very real ‘today’ risks are frequently overlooked, with even a short-term outage or disruption to a third party’s services having immediate and costly implications. Risk transfer via insurance is often the most obvious solution, however according to a recent report by MacTavish and PwC, ‘Corporate Risk & Insurance - the case for placement reform’; there are major flaws in how insurance is arranged.
These flaws pose a real threat to UK firms, far greater than almost any business currently recognises. The threat is particularly acute for mid-sized firms, i.e. those businesses with turnovers of between £50 million and £5 billion. However, the same threats exist for sub £50 million turnover businesses and, in many ways, are even more marked as smaller firms do not have the reserves, ready access to capital, or resources to sustain a major loss.
Imagine a typical manufacturing business with lean margins, significant existing debt and available cash of just £5m. Analysis of their insurance programme and the effect of a protracted claim dispute shows that raising further debt or equity capital post-loss would be difficult or costly and, in today’s economic climate, if not impossible.
All major loss scenarios far outweigh cash reserves, and sensitivity to large cost fluctuations in expenditure is high. A disputed or delayed claim settlement, at even a fairly small proportion of the insurance limit could place the business in severe danger and any sudden change in insurance cost could wipe out profitability. Moreover, the report also exposes serious failings on the part of Boards of British businesses to properly govern their insurance arrangements.
For example, standards of risk disclosure are generally poor and inadequate. Systemic weaknesses existed in almost every case studied which included major flaws in the information set used to explain risk to insurers and a consistent level of highly material omissions from disclosures. Perhaps the most significant omission is any reference to business changes and the accompanying effect these have on operational risks. This is crucial in today’s paradigm-shifting, post-recession world.
There are many powerful examples of material and potentially damaging information gaps in submissions, which are grouped around the following recurrent themes:-
very limited focus on business changes and the risk impact of
these changes, which often leads the underwriter to make outdated or
cursory and often inaccurate discussion of product or service
details, particularly the end-use to which customers put them which nearly
· insufficient engagement with operational complexities, in particular the underlying drivers of business interruption risk, e.g.:
o areas of single source dependency
o bottlenecks in the process which could impede business recovery after a loss
o specific details about business continuity arrangements
o lack of discussion of non-core activities
· little or no discussion of critical risk management activities
a common lack of detailed analysis of large, one-off or anomalous
claims, where there is often no consideration of the risk management
The current risk assessment process is fundamentally limited and there is evidence to suggest that submission standards are getting worse through the insurance cycle. This leaves customers with the risk that policies will not pay out in the event of a large loss. Thus buyers, brokers and insurers alike should take the steps necessary to support more forensic risk assessment.
© Gimple Associates 2011
t: 07974 099221