Risk Management

Business risk is the exposure a company or organization has to factor(s) that will lower its profits or lead
it to fail. Anything that threatens a company's ability to achieve its financial goals is considered a
business risk. In simple terms, risk is the possibility of something bad happening. Risk involves
uncertainty about the effects/implications of an activity with respect to something that humans value,
often focusing on negative, undesirable consequences. Many different definitions have been proposed

Risk management is the process of identifying, analyzing, and responding to risk factors that may hinder
organizational objectives

Risk management primarily involves:

Identifying risks – risk identification involves the identification of vulnerabilities passively or

through control processes and tools that raise red flags upon detection of potential risks. Being
proactive in risk identification is a better way of reducing business vulnerabilities.

Risk assessment – this should be done immediately after risks are identified. The risks identified should
be evaluated to determine the severity level, probable impact, and concerns. Risk audit teams should
assess each risk independently. Businesses should conduct risk assessments regularly.

Responding to risks – implementing controls is the next step after a risk assessment. This enables
businesses to address the risks effectively and timely. Businesses should adopt an integrated risk
management strategy to address arising risks.

Monitoring risks – monitoring organizational risks should be an ongoing process. Continuous monitoring
enables businesses to take prompt action before the severity and impact of risks surpass acceptable or
remediable levels

Types of risk

A few common risks that entrepreneurs may encounter include:

Compliance risk – a risk to a company’s reputation or finances when the company violates external or
internal laws, regulations, or standards. Companies may face losing customers or paying a fee due to
breaking compliance regulations.eg consumer council

Legal risk – a type of compliance risk that happens when a company breaks the governments rules for
companies. When companies face legal risks, they could also get caught in expensive lawsuits.

Strategic risk – the result of a company’s faulty business strategy or lack thereof. eg lack of strategic plan

Reputational risk

A risk that can negatively impact the company’s standing or public opinion. Reputational risks can result
in profit losses and a decreased confidence among company shareholders. eg poor or mal-performance
of product or incompetent personnel

Operational risk

A business’ day-to-day activities can potentially drain its profits. Both internal systems and external
factors can cause operational risks. eg accident at work

Risk Management Strategies

Managing business risks requires the adoption of different responses to deal with different types of
risks. Not all risks warrant similar actions or responses. The following are the risk management strategies
that businesses can employ:

a) Risk Avoidance

Risk avoidance typically involves removing the possibility of the risk becoming a threat or a reality
This includes not performing an activity that could carry risk. An example would be not buying a
property or business in order to not take on the legal liability that comes with it. Another would be not
flying in order not to take the risk that the airplane were to be hijacked. Avoidance may seem the
answer to all risks, but avoiding risks also means losing out on the potential gain that accepting
(retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the
possibility of earning profits

That is, the main goal of risk avoidance is eliminating the possibility that the risk may materialize or
constitute a hazard from the start. This might mean changing your manufacturing practices or avoiding
some activities, such as entering a new but possibly threatening contract.

The viability of risk avoidance depends on your specific business circumstances. Remember that
avoiding various activities because of the potential risks also means forfeiting the returns and
opportunities associated with these activities. Over time, businesses should re-evaluate their risk
avoidance strategies and find alternative ways of addressing the underlying issues.

b) Risk Acceptance or Retention

Risk acceptance means the business won’t take actions to prevent or mitigate risk probability and
impact. Also known as the “do nothing” approach, the business acknowledges the impending risks at the
beginning. It is the best strategy if the business can absorb or deal with the consequences of the risks.
Businesses should also be wary that if the risks occur regularly, it can lead to business disruption

Hazard Prevention

Hazard prevention refers to the prevention of risks in an emergency. The first and most effective stage
of hazard prevention is the elimination of hazards. If this takes too long, is too costly, or is otherwise
impractical, the second stage is mitigation.

Risk reduction

Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of the loss
from occurring. For example, sprinklers are designed to put out a fire to reduce the risk of loss by fire.
This method may cause a greater loss by water damage and therefore may not be suitable. Halon fire
suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy.

Risk Management Principles

 A management principle refers to a fundamental idea, rule, or truth about a subject. Risk principles
serve as the guideline, method, logic, design, and implementation for the risk management framework
and its process.

The eleven risk management principles are:

Risk management establishes and sustains value.

Risk management is an integral part of all organizational processes.

Risk management is part of decision making.

Risk management explicitly addresses uncertainty.

Risk management is systematic, structured, and timely.

Risk management is based on the best available information.

Risk management is tailored.

Risk management takes human and cultural factors into account.

Risk management is transparent and inclusive.

Risk management is dynamic, iterative, and responsive to change.

Risk management facilitates continual improvement of the organization.

Importance of risk management

It helps in calculating the uncertainties and also predict their impact, consequently giving organizations a
basis upon which they can make decisions.

It prepares the organization for the unexpected by mitigating or minimizing the impacts of risk even
before it occurs by acting proactively rather than reactively

Implementation of a robust risk management plan will help an organization build policies and
procedures around avoiding potential threats and measures to minimize their impact if it occurs.

It is crucial for any business to know the nature and extent of risk it is prepared to take the level of risk it
can tolerate and communicate the same to its employees at all levels of management. This enables
limited control all over the organization.
The ability to understand risks enables the organization to make confident business decisions.

It protects the organization from the risk of unexpected events that can cause it a financial and
reputational loss.

Planning and developing structures to address potential threats improves the odds of becoming a
successful organization.