Examining the role of risk management in finance decisions
Risk management is the identification, evaluation and classification of unfortunate events in order to mitigate their impact on your company.
Identifying risks can be challenging given that they may arise across a number of areas including bad decision-making, failure, deliberate actions, third parties, errors, accidents, natural causes and disasters.
Risks can carry a wide range of probabilities across the entire scale from being classified as remote through to being considered extremely likely. Such probabilities can constantly vary, depending upon many factors, and are not always impacted by the company’s direct activities. Some risks may be within the company’s control and others may be very challenging to mitigate.
Responsibilities
Managing risk is a basic necessity in running any business and it is essential that your entire organization understands their roles and responsibilities towards helping to identify, mitigate and respond to potential risks.
Most companies include risk management within their CFO’s job description, potentially supported by a dedicated Chief Risk Officer (“CRO”) within larger organizations. Regardless of your company’s size and structure, each of your board members, leadership team and key employees play a vital role in risk management.
During this video, experienced CRO Jay Ersapah provides a perspective on the importance of risk management:
- Risk management is often one of the crucial roles of the CFO. However, the board members, leadership team and their finance team members all have responsibilities towards robust risk management and should therefore provide their support.
- Losses arising from poor risk management will affect finance performance.
- Managing and trying to mitigate losses could substantially influence the type and level of capital required by your business.
- There is no one-size fits all risk management framework.
- Be clear on your current and future business plans.
- Understand the risk tolerance levels of your stakeholders, including owners, customers, suppliers and regulators.
Ultimately, a strong risk management framework is at the cornerstone of the risk-reward balance and can make or break your institution.
Key Components of Risk
The following table illustrates a traditional approach towards separating financial risk into four main categories: credit risk, market risk, operational risk and liquidity risk:
Some of these risks can be directly managed with specific actions, whilst others are mainly beyond the control of management. In some circumstances, the best that management can do is to determine their potential impact on the business and prepare a robust rapid response plan to mitigate them as much as possible.
No matter how challenging any individual risk factor may be, companies will be in a much stronger position if you have properly identified all of your relevant risk factors and have thought through the consequences. These should be clearly documented, assigned and communicated to relevant parties so that you have a formal plan in place to respond accordingly should any such events occur.
Risk Management Framework
There is no one-size-fits-all risk management framework given that every company has its own unique combination of geographies, products, shareholders, employees, customers, suppliers, regulators and market niches.
The following diagram represents a potential methodology to help you determine your own risk management framework:
Each business should create your tailored risk management framework with respect to your company’s individual circumstances. This will help you to identify both existing and potential threats, and to determine how to deal with them should they occur.
Once implemented, you should regularly communicate it to your company workforce, along with any updates or revisions, so that everybody is aware of their individual and collective roles and responsibilities.
Risk Registers
Once you have created your tailored risk management framework and identified each of your key risks, it is vital that you document them in a clear and understandable manner, regardless of their likelihood of occurring. There are many different tools that you can use to create your risk register and the effectiveness of each one will be influenced by your company culture and implementation methodology.
A typical risk register includes the following items:
- The risk category
- Unique identification number
- A risk name and brief description
- The likelihood of the risk occurring
- Estimated impact of the risk
- Risk mitigation plan
- Risk Rating (= Probability x Impact)
- Contingency actions should the risk occur
- Responsibility for actions
- Timings of actions
The following is an example of an extract from a company’s risk register:
Many companies choose to break down their risk registers into different sections to cover specific functions, locations or key business activities. Whatever your approach, it is important that you design your risk register in a way that works best for your business. This will help you to continuously identify, monitor and address risks throughout your business journey.