Many people think of risk and a shudder runs through their body. Over time, risk has been identified as a negative that needs to be avoided at all cost. The challenge with that approach is doing business can get bogged down, creating mountains from molehills. But that doesn’t need to be the case. Risk can be a good thing if identified and managed appropriately. In some cases it can be a differentiator that sets you apart from your competition, an opportunity to leverage.
Understanding Where Risk Arises In Your Business
Risk comes in a number of forms – it can be the ability to execute on your strategy, or the ability to attract and retain the right people. Maybe it is the nature of the market you are in, or the need to innovate constantly to remain relevant. There are generally three areas that risks can arise in a business:
Strategic Risk – This type of risk is found in how well the strategic plan of the business is put together and executed, and includes how well decisions are made, resources are allocated and how well changes in the environment are addressed. It includes how well opportunities for the entire business are captured and uncertainties are addressed.
Financial Risk – This type of risk involves the ability of the business to generate positive cash flows over time and the ability to have liquidity available when needed to operate the business. Any sort of conditions related to financing instruments should be supportive of the business cycles and nature of the markets the business operates in.
Operational Risk – This type of risk arises out of the ability of the people, processes and technology to support the business. It also includes the impact of external events on the business and the ability to adequately respond to changes in the environment.
Identifying Risks At All Levels
Risk can arise anywhere in the business and identification should be embedded at all levels of the organization. There are many tools and systems on the market today that enable the identification and tracking of risk. Regardless of what is used in your organization, there are two important elements in identifying risk:
Create a culture of awareness – A risk culture can be looked at as a system of values and behaviors that shape how decisions are made regarding risk. Driving this culture must be a key component of leadership at all levels, setting the tone at the top. As the culture evolves, and people become more aware of risk, their actions will be influenced by making decisions based on the risks present, becoming more about doing the right thing.
Create a common language – One of the biggest challenges in any organization is creating a language that is understood across all departments and business units. People tend to have different terminology that is understood differently in each part of the business. Without a common language, prioritizing the risk and allocating resources can become difficult. Thus, it is critical for leadership to actively ensure that a common language is developed and utilized.
Most significantly, risks may be missed due to bias, underestimating the signals or comfort with the ability to manage risks. It is critical to ensure that a broad range of perspectives are engaged in identifying risk and that early indicators are in place to flag impending risks in the business.
The better the organization is at identifying changes in the business, the better equipped it is to outperform the competition.
As part of the process of identifying risk, the likelihood and severity of impact of risks should be assessed. The outcome of the assessment is a prioritization of the risks, allowing management and staff to focus managing risk in and around the business.
After risks have been identified and assessed, the company can choose how to handle the risks. A significant factor in how the company manages the risk is the ability to control the risk. There are four main approaches:
Retain – In this approach, the company knowingly takes the risk on, understanding the potential impact to the company. It may set aside reserves for potential losses, or it may take actions to reduce the impact of the risk. These types of risks are inherent in doing business and are considered acceptable to take on.
Avoid – This approach is ideal in situations where the risk cannot be controlled and the impact is high to the company. In some cases, a third party may be attempting to pass a risk they are in the best position to control to the company. In other cases, a division, product line, etc. may be in a highly uncertain environment with a level of risk that is unacceptable. In this case, avoiding the risk may take the form of a divestiture. There are a number of potential approaches to avoiding, these being a few examples.
Transfer – In a number of cases, risk may be addressed through transferring to a third party. The classic example of this type of approach is purchasing insurance to address unanticipated claims or accidents.
Exploit – In this approach, the company has identified risks that are differentiators. The company may increase its exposure to the risk and leverage its position to gain market share. This approach is advisable when the company has the ability to control and manage the risk with positive expected outcomes.
Each of these approaches has a time and a place. The risk should be monitored over time to ensure the approach continues to be effective. Lessons learned, whether positive or negative, should be used to inform and improve the process.
A robust and efficient risk management program that is embedded in the fabric of the company can be a differentiator. How effective is your program?
Copyright © Heidi Pozzo.
Permission is granted to reprint this article in your newsletter or magazine with the following byline and click-able link:
Heidi Pozzo is a strategy and performance improvement consultant. She has helped transform businesses, resulting in significant increases in earnings and business value. To find out more about her services,
or call 360-355-7862.