Featured in LinkedIn Pulse Business Strategies
Risk evaluation and assessment is a great place to start thinking about business risk management.
BY FAISAL HOQUE
“Risk is of the essence, and risk making and risk taking constitute the basic function of enterprise,” Peter Drucker wrote in Management: Tasks, Responsibilities, Practices.
But to approach risk the right way, we have to know what kind or risk we’re taking. “Risks . . . need to be classified,” Drucker suggested in Managing For Results.
“A risk is small or big according to its structure rather than according to its magnitude alone.”
Drucker then outlined the following four kinds of risk:
- The risk one must accept, the risk that is built into the nature of the business
- The risk one can afford to take
- The risk one cannot afford to take
- The risk one cannot afford not to take
Let’s look at these points in further details and go beyond mission, vision, products, brands, and sales.
Sources of risk
Structural risk: This risk refers to the fundamental legal and organizational makeup of the business. For example:
- What’s the legal and ownership structure?
- How deep is the leadership bench (investors, team, advisors, etc.)?
- How diverse is the organizational talent pool?
Execution risk: This risk refers to the robustness of the business model and how well it is being executed. For example:
- How robust is your current business model?
- What are the threats to the execution of the current business model due to:
- Failure to understand the motivation of customers and business partners
- Poor product/service delivery
- Poor project execution
Competitive risk: This risk refers to the ability to sustain competitive action and retaliation. For example:
- How curious are you to opportunities for innovation?
- Can competitors strategically outmaneuver you with their innovative business model?
- Is your business model sustainable?
Investment risk: This risk refers to the ability to manage spending in a business environment where capital is scarce and technologies are volatile, expensive and not easily understood. For example:
- Are you spending on the right types, and is our timing right?
- Are you investing the right amount?
- Are you alert to the emerging market trends?
Integration risk: This refers to the risks of inadequate integration between strategy, investments, people, and processes. For example – how well is your business processes integrated with your market ecosystem?
Misalignment risk: This refers to inadequate alignment between organization and business priorities. For example:
- Is there a defined organizational culture?
- Do strategy and investments address business priorities?
- Are management expectations clearly articulated and understood?
Governance model risk: This refers to the risks of inadequate participation and involvement of leadership team on key discoveries and decisions. For example:
- Do the Board and the investors have a limited view of ongoing operations?
- Do the operating managers often work in relative isolation?
- Do you have limited ability to guide and oversee operations because of inconsistent access to key information?
How to manage risk
“I have learned that nothing is certain except for the need to have strong risk management, a lot of cash, the willingness to invest even when the future is unclear, and great people. – Jeffrey R. Immelt
At its essence, risk management strategy involves following three key principles:
- Identifying the nature of risks inherent in the situation
- Assessing the likelihood of the risks manifesting themselves
- Taking preventive and corrective action to reduce the enterprise’s level of exposure to the risk
The best ways for any business to manage risk is to evaluate risk factors and make contingency plans on how to deal with the risk when and if it presents itself.
Risk evaluation and assessment is a great place to start thinking about business risk management. It allows management to determine the significance of risks to the business and decide to accept the specific risk or take action to prevent or minimize it.
To evaluate risks, it is worthwhile ranking these risks once a business identified them. This can be done by considering the consequence and probability of each risk.
Most businesses find that assessing consequence and probability as high, medium or low is adequate for their needs. The ranking then can then be compared to the business plan – to determine which risks may affect your business objectives.
Risk management is not a one-off exercise. Continuous monitoring and reviewing are crucial for the success of your risk management approach. Such monitoring ensures that risks have been correctly identified and assessed and appropriate controls put in place. Good risk management can vastly improve the quality and returns of any business.