Risk management in business has never been as complex and multifaceted as it is today – particularly for finance professionals. Not only must they focus on core risks involving treasury or internal financial controls, but they must also consider other aspects of the enterprise such as competitive pressures, cyber security and global supply chains which can threaten both top and bottom lines.
This complex challenge poses its own series of questions, such as how a daunting volume of data can be navigated, how it can be made to yield relevant information and enable informed analysis, how decisions can be made that generate maximum results with minimal risks, and how all this can be done fast enough so that actions actually bear on fast-changing conditions rather than trailing behind them.
Getting all the right answers requires the adoption of a comprehensive and proactive process, plus a strong sense of direction. Without it, most risk mitigation efforts are likely to be too slow and less than wholly effective.
Identify risks, recognise dependencies
Naturally, identification of all the possible threats is always the first step. They may include financial risks; operational, environmental and human resource risks; legal risks; strategic risks; and cyber security risks. The business may be exposed to currency fluctuations, commodity prices or counterparty risks. It may be facing increased competition and changes in demand.
The risk audit needs to identify which risks can be controlled and which cannot, and then rank them as low, medium or high based on a number of factors, such as the potential to impact on company development, on the sales pipeline, or on profit. Some risks might have potential consequences that rank as insignificant while others might threaten the very survival of the business. Timing may also influence the development and interaction of multiple potential risks, hazards and threats.
Automate and integrate
Attempts to manually handle this processes of risk evaluation and management can be time-consuming and prone to errors. Technology, such as integrated risk management systems that include components supporting the multiple functions and processes involved, makes it much easier to adopt a best-practice comprehensive, proactive and holistic approach to risk management.
Such a solution should support the functional and technical aspects of risk classification, evaluation, monitoring, reporting and control, dovetailing with business planning to enable the application of timely and appropriate risk mitigation. It should also automate legal compliance and monitoring, and provide comprehensive documentation and reporting tools that enable finance staff to access and share with other parts of the business a virtually real-time overview of the entire company risk landscape.
Automated early warning
A comprehensive risk management solution will enable “What if?” scenarios to be tested so that outcomes based on various combinations of factors can be predicted. It will also enable operational monitoring or risk factors to be automated by the creation of early warning indicators that alarm at pre-set thresholds and trigger automatic escalation policies so that net risk and incidence rates can be more easily kept at manageable levels.
With extensive customisation options such as this, companies can ensure that they always have a comprehensive overview of all relevant risks, and insight into their respective cause-and-effect chains. The risk management solution should also enable data to be processed to meet the needs of numerous points of view and different roles within an organisation.
Valuable input = valuable output
The technical quality of a risk management support solution is not the only determinant of success. A company that wants to put in place a comprehensive, proactive and holistic approach to risk management must be honest with itself. There needs to be a frank appraisal of risks and competencies and this may well raise difficult and uncomfortable questions about potential or planned strategies and the ability of the management team to successfully minimise or eliminate these risks in order to achieve the company’s objectives. In risk management, the value of the output is directly related to the value of the input.
Competitive advantage from quality data
If it is capable of integrating with strategic planning and control systems, a risk management solution can be in part a business management instrument that enables its users to actively influence the company’s success. With connectivity to other corporate systems – such as enterprise resource planning, planning, and internal and external reporting – key metrics from the operational and transactional data recorded and generated by risk management can enhance the overall view of the enterprise that so vital for effective business administration and management.
Alexander Springer is CEO and co-founder of prevero Group.