Risk management: your introductory guide
By: Nicholas Mistretta
Risk management is one of those terms that all business people know, but how many truly grasp how important or all-encompassing it is? In this introductory guide, we’ll be defining it and digging a little into its deeper meaning. Then we’ll get into specific types of risk management that businesses in our modern world should be aware of and examples for each.
Risk management definition
According to the Association for Project Management, risk management is a process that allows individual risk events and overall risk to be understood and managed proactively; thereby optimizing success by minimizing threats and maximizing opportunities and outcomes.
What does risk management mean?
Risks are those things that can have a negative impact on a company’s, individual’s, or government’s achievement of certain goals or objectives. Risk management aims to identify, assess, and limit all of those risks to capital, earnings, and even a business’ life expectancy.
There are two main ways to perceive risks:
- Those that affect upside opportunities
- Those that include downside threats
Risks can also come from many sources, including:
- Financial uncertainty
- Legal liabilities
- Strategic management errors
- Accidents and natural disasters
- IT security threats and data-related risks
IT security threats and data-related risks have become a top priority in our digital world. Controlling threats to digital assets like proprietary corporate data, personally identifiable information (PII), and intellectual property has gone from an afterthought to the main focus area in the last two decades.
Anticipating what could go wrong and putting in place actions that can prevent or reduce risk leads to greater chances of success. And while no business (or person) can eliminate risk, the goal of risk management is to minimize risks as much as possible.
Types of risk management
There are different types of risk management within each industry or sector. For instance, when talking about financial risk management, there are numerous subtypes like liquidity and inflation. However, we’ll be taking a broader view and focusing specifically on:
- Enterprise risk management
- Project risk management
- Financial risk management
- Credit risk management
Let’s look at each type in more depth.
1. Enterprise risk management
The definition of enterprise risk management (ERM) is very similar to the overall definition of risk management. It involves the methods and processes that are used by an organization to manage risk and seize opportunities that are related to the greater business goals and objectives.
The goal of enterprise risk management is to identify events and circumstances – in the areas of threats or opportunities – and their likelihood of occurring and the magnitude of their impact. Any enterprise risk management plan will include a monitoring process and response strategy to protect or create an organization’s value to its stakeholders, including:
- Society as a whole
The stakeholder component is what separates enterprise risk management from general risk management. ERM is concerned with addressing the needs of stakeholders and helping them understand the broad spectrum of risks facing an organization and managing those risks.
There are many subtypes of risk management within enterprise risk management, like environmental, financial, and technical. But one often overlooked subtype is people risks.
People risks can include many things. Competency, for instance, is one people risk that companies are continually evaluating: What if our team does not have the requisite skills to get the job done successfully?
Another people risk is succession planning. Anyone who has watched HBO’s Succession will tell you that, even when the company remains all-in-the-family, the issue of succession planning can have a drastic impact on a company’s bottom line, stock price, and ability to compete in the marketplace. Though, unlike television, it’s probably not quite as juicy or awkwardly hysterical.
2. Project risk management
Risk management in project management revolves around one individual – the project manager – and his or her ability to assess, measure, and limit risks associated with a particular project.
When speaking about each type of risk management, there will be much overlap with the general definition. The two terms that come up repeatedly are opportunities and threats.
Every project has risks that can have both positive and negative impacts on one or more of the project objectives. The goal of the project manager is to increase the probabilities of the opportunities and decrease the probabilities of the threats. And just like enterprise risk management, there are numerous subtypes of project risk management that must be considered and evaluated.
Risk management in project management can include:
For our example of a subtype of project risk management, let’s look at processes.
Let’s say part of the goal of our project is dependent on decreasing a cycle time of a process from 14 days to nine days by the end of the year. The project manager will work to identify potential threats to this task like:
- What if the project team does not fully understand the requirements of this part of the project? This can cause disruptions to the schedule and budget.
- What if the users are resistant to changes in the current process? This may result in the reduction of the cycle time taking longer than expected, or perhaps the goal won’t be attainable at all.
- What if there is a technology component to reducing cycle time that doesn’t work to a degree necessary to reach the target objective?
The next step for our project manager is to assign a risk owner to each of the three risks above. Each person will be expected to come with a risk response plan to reduce the probability of each threat.
3. Financial risk management
Financial risk management is the practice of protecting the economic value of an organization using numerous financial instruments. These instruments also make up the subtypes of financial risk management and include:
- Credit risk
- Operational risk
- Market risk
- Foreign exchange risk
- Volatility risk
- Liquidity risk
- Inflation risk
- Funding risk
Just like with other areas of risk management, the goal is to identify sources of financial risks, measure them, and put into place plans to address and minimize those risks. The trick is in knowing when and how to hedge using the instruments above.
Financial risks can be both qualitative and quantitative. And an organization’s exposure to financial risks will rely on many factors in the areas of debt and underlying business operations.
The important thing to remember with financial risk management is that financial risks are everywhere and affect everyone, making this type of risk a bit unique. We tend to think of financial risks as those that contribute to the loss of capital to an organization’s stakeholders, but they can include many different entities in many different ways.
For instance, let’s consider the financial risks for governments. Those risks could include an inability to control monetary policy or inflation rates. This could result in a government defaulting on bonds, having other debt issues, and even contributing to bankruptcy.
A corporation can also experience financial risks that lead to defaulting on a debt, which can increase the financial burden on a business and possibly the failure or closure of that business.
Financial markets could incur financial risks due to a variety of macroeconomic forces beyond their control, like changes in the interest rate. This could result in entire sectors defaulting on their debts.
Individuals also face financial risks, as the decisions they make can negatively affect their income and ability to earn a living and pay down their own debt.
4. Credit risk management
Credit risks are those risks of loss on a debt when a borrower fails to pay the principal and/or interest on a loan back by the specified due dates.
Credit risk management is the practice of limiting those losses by better understanding the borrower’s ability to pay back that loan. The borrower could be a single individual, an entire corporation, or a government.
The key to reducing loan losses is to conduct a thorough credit risk assessment and put measures into place to mitigate those risks. Measures can include:
- Better risk modeling
- Real-time scoring
- Limits monitoring
Credit risk examples likely number in the thousands. But let’s use two that are related.
Mr. Pink owns a large B2B business in San Francisco. Part of his business involves invoicing customers rather than receiving money upfront. The problem is that Mr. Pink didn’t vet his customers by considering the credit risks each could pose.
Months later, he discovers that several of them have low credibility when it comes to paying debts, such as invoices, and at the end of the year, he finds himself in a situation where his business is forced to take a tremendous loss. By engaging in better credit risk management, Mr. Pink could have avoided these issues by identifying the risks to him and his business.
Unfortunately, the profit losses incurred by Mr. Pink have created a problem in his personal life and for his bank.
Mr. Pink obtained a loan a year previous for $125,000 to buy a luxury vehicle. The bank assessed his credit and determined him to be low risk. But now that Mr. Pink’s situation has changed, he won’t be able to afford the payments on his new car and the bank will have to reassess him as a credit risk and take the appropriate measures.
Risk management is such a large and dynamic topic, that a 10-minute read hardly does it justice. Hopefully, it was enough to provide an overview, to show the many types and subtypes of risk management, and to demonstrate how everyone living today is affected by it.
In our next article, we’ll dive deeper into the risk management process and provide some much-needed detail.