All the organizations aim to run risk-free operations. However, the truth is that no matter how careful they are, there is always a danger of exposure to unexpected and unplanned threats.Implementing a risk management policy throughout an organization is the best way of identifying and managing these threats before they become costly problems.

Embedding such a policy within daily operations also helps in making well- informed choices as decision-makers better understand and evaluate the wider impact their actions have.

Risk management techniques, Risk management software, Risk Management people, etc all have to be utilized effectively to result into efficient risk management for the whole organization. Risk management may be for assets, liabilities, people, interest rates, open positions, collection cycle, purchase and stock warehousing, foreign currency risk, operational risk, etc.

3.1 Risk Management Process:

Steps involved in implementing and maintaining an effective risk management system are:

• Identifying risk
• Quantifying (Ranking)
• Control points (including risk management policy)
• Taking action
• Regular monitoring
• Reporting

3.1a Identifying risk:

Risks have to be firstly classified into different category for us to understand and measure, only then can it be controlled. Most times, risks are classified into the following broad categories:

• Business Risk: these are the risks arising from being into the business
• Operational Risk: typically arising out of human intervention – manual touch points – could be due to lack of training, frauds, lack of adequate control points, simply due to absenteeism, etc..
• Financial Risk: Financial risk is any of various types of risk associated with financing, including financial transactions that include company loans in risk of default.
• Compliance Risk: these arise due to non-compliance to regulations.

3.1b Quantifying (Ranking) those risk points:

This is the second step, once the risk points have been identified.

The below is the typical matrix:

• High likelihood of occurrence – high impact: consider for immediate action
• Low likelihood of occurrence–high impact: Consider for action and have a contingency plan
• High likelihood of occurrence–low impact: Consider action
• Low likelihood of occurrence–low impact: Keep under periodic review

Not only do they result into a financial penalty, but there are other likely outcomes – highly important to be managed – legal risk, reputational risk, etc.

3.1c Control points:

Once the risk points are identified and quantified, the next logical step is to fight against them – Control them!

Generally the below 4 ways are how an organization deals with risk points (controls the risk points):

1. Accept them – Some risks may be inherent to the business. Some may invest in a particular asset class (or securities) primarily to take that risk – and return. This is the primary risk-return matrix.
2. Transfer them – this is typically done through entering into derivative contracts (We will study this in detail under the chapter on Derivatives). The same can be achieved through taking an insurance.
3. Reduce them – this can be done by implementing adequate control points and also by frequently testing the control points implemented – to ensure they work (Stress testing)
4. Eliminate them – when the risk points are beyond managing or if we do not want such a risk on our balance sheet, we simply eliminate them. This can be done by either not going that path – simply removing that liabilities or assets (businesses) that generate these risks.

---

Previous                                                                                                            Next

---