A beginner’s guide to risk management

All companies will face risks in their day-to-day activities. If they didn’t, it would probably mean their chances of innovating and profit-making are next to nothing. 

Risk management is pinpointing and preparing for those risks, so they don’t negatively impact your organisation. 

In almost every company, the board of directors has an essential role in risk management. 

It’s a simple ‘carrot and stick’ scenario: boards that fail to fulfil this role risk severe repercussions for the company, and boards that rise to the occasion set their company up for success.

It is the process of identifying, assessing and controlling any organisational risk. 

Almost every information source about risk management will give a definition similar to the above, and that’s because all three components are essential. 

Once a risk is spotted, companies need to know how much damage it can do, and then they need a verified way of keeping that risk in check. 

The entire process should be a proactive one. Companies should be analysing what risks could impact their business rather than cleaning up because an unchecked risk did impact their business.

Two reasons:

• It helps identify potential circumstances where a company could lose money, custom or investment. Such events might be tiny blips in the company’s health or severe enough to force closure or bankruptcy. No board can know for sure, so they must plan. 
• It helps identify circumstances where a company might ‘miss out’ on potential progress. In other words, it shows the potential damage of a risk not taken. 

It’s important to understand that risk management is not about eliminating risk, which is impossible. It is rather about picking and choosing which risks make sense for the company and which are reckless. 

This is a long process, usually requiring a broad combination of skillsets and backgrounds to get right.

Boards have a crucial responsibility for risk management, but it’s a bit tricker than many might think at first. 

By their nature, boards of directors are not supposed to engage in too much “management” within the companies they serve. That is the job of the CEO and or senior executives. 

Instead, a board’s role is to provide oversight, fuelled by years of experience and a broader, more independent outlook. 

So, when it comes to risk management, a board’s role is usually comprised of the following:

• Analysing the company’s risk management process and ensuring it makes sense. 
• Determining whether the risk management approach is consistent with company strategy.
• Asking the right questions at board meetings to ensure proper oversight.
• Deciding which oversight tasks will be handled directly and which tasks will be delegated to an audit committee. 

Find out more about the board’s role in risk management here.

This is subjective. Every business needs to approach risk management differently due to the unique nature of the risks they face. Generally, though, we can narrow things down into a template that applies to most organisations. 

1. Risks are identified. Employees, management, the board, and sometimes specialised consultants will brainstorm what risks are relevant to the organisation. 
2. Risks are analysed. Where did they come from? What impact could they have on the organisation?
3. Risks are prioritised.
4. Risks are planned for. What actions can we take to stop them from threatening the organisation? What steps can we take if the risk does threaten the organisation?

After completing this process, the company should know where its vulnerabilities lie in its marketplace and decide how it will handle each risk in future. 

Common strategies include avoiding it altogether, reducing its potential impact, transferring it (for example, through the purchase of insurance), or simply accepting it as an unavoidable part of its business.

• Your company will foster a positive, logic-centred culture.
• Your company will usually benefit financially.
• Your board, management and employees will save time and effort. 
• Your company will enhance its reputation. 
• It is a vital and beneficial addition to the company’s strategy.

• Your company could miss out on benefits and market opportunities.
• Your company could spend more time and money on projects than it needs to. 
• Your company could look bad in the eyes of investors and clients. 
• Entire projects could fail due to unforeseen complications. 
• Authorities might target your company for legal breaches. 
• Closure or bankruptcy.

Risk management is a core component of any company’s strategy. It is a process that comes in stages, most of which are standard across different industries. 

A strong board is vital to ensure that any management programme is successful. Because of that, anyone holding a board position must have a firm grasp of risk and its implications. If they don’t, they should seek the proper training to ensure they can play a positive role in the process.