In all business, the concept is risk should be high on the agenda of all managers.
But risk management commences from strategy, objectives and goals.
Every organisation starts with the strategy, the objectives, the goals of where the company and the people within the organisation want to get to. The Entrepreneur takes a long time reflecting on what his business can attain. He then focuses on convincing the people within the organisation that they can help him achieve those goals. He works with each individual to align their personal goals to those of the organisation. That creates a well-oiled ‘unity of purpose’.
However, it is not enough to have a plan. Entrepreneurs, and by extension, the manager has to assess the risk of the new ventures and risk of loss or high return. We look at the risk factor in three angles set out below.
Entitywide Risk Assessments
Working on the model above, we engage with the most senior members of the organisation to understand their objectives and goals. We document these targets based on specific areas within the organisation to capture both qualitative and quantitative goals.
We then facilitate a discussion among these senior managers to brainstorm over the risks of the business. This requires input from all management about how risks or factors in one department can impact the achievement of another department’s objectives.
We then feedback these risks back to the management group for them to develop controls that assist in mitigating or facilitating the factors.
Risk management framework
In driving this, we rely on the International Corporate Governance Network (ICGN) ICGN Guidance on Corporate Risk Oversight and COSO, specifically, Enhancing Board Oversight: Avoiding Judgment Traps and Biases.
3K&L, through the Executive Director’s membership of the Institute of Risk Management has access to hundreds of documents that support and guide the risk management process in organisations. Working with the ICGN Global Governance Principles that define the following in terms of corporate risk oversight, we are able to drive an appropriate risk culture that in tandem with the objectives of the business owner:
- Proactive oversight – The owner, supported by independent, reliable persons, should proactively oversee and review the approach to risk management. This should form a reference point in decision making around company strategies.
- Comprehensive approach – as much as possible, risk must be looked at in the context of the entire organisation. Regularly, we see entrepreneurs profit-taking (chasing short-term profits) at the expense of sustainable growth.
- Risk culture – without compromising the very substance of an entrepreneur, the manager needs to develop an appropriate risk culture through various written and verbal interactions.
- Dynamic process – Owners of business do well to consider how they would report risk to their stakeholders. Given the diversity of these stakeholders, it will assist the owner consider the dynamic nature of their business and not their individual demands of the company.
The above, combined with the matters raised in the COSO report, give us a strong basis on which to engage with SME’s in the area of risk management.
Quantification of objectives to manage risk
A significant part of running a business, is the process of converting objectives into financial targets and measures. Most people refer to this as the budget process. A well-executed budget process can result in a live budget, that motivates and excites everyone in the organisation.
The budget process should tick off the following areas:
- What is the organisation trying to achieve?
- What are the key components of the strategy?
- Determine the key variables that drive the components
- Determine what data is available on the components and the variables that make it up
- Set up the available information as the baseline for building the budget and build the budget
- Amalgamate the departmental budgets and create benchmarks.
- Set up a mechanism for monitoring performance against budget
- Store, record, maintain data and information