Every business faces risks that could threaten its success and hurt its reputation. As part of a management team, we are all too aware of strategic risks like a new competitor entering the market, or a contractual risk, a debarment or a blacklisting on a project -- not to mention a financial or operational risk. This article shares some strategic ways an efficient and result-driven risk management strategy can help your business. Developing an effective strategy requires investment, but the payoff and competitive advantage can be enormous.
A truly agile business puts risk management into the core of its business strategy. Risk management is proactive -- helping you identify the possible events that could impact your business. It increases the likelihood of successfully achieving your businesses objectives.
Risks are increasing significantly in organizations today and management teams, more than ever before, are faced with making more aggressive decisions to protect their businesses, while simultaneously trying to improve their financial performance and achieve targeted growth. By integrating risk management into the business lifecycle, these two objectives can easily be merged to work in unison.
RISK MANAGEMENT CAN…
Putting a mitigation strategy in place before the risk occurs is the main idea of risk management. If you are unprepared for risk, your best people can become reactive, diverting key issues away from your core business objectives. That’s why you need to perform a monthly risk register or risk analysis for each one of your live projects to assess its overall performance and allow your teams to evaluate its ongoing or potential risks.
…enhance stakeholder confidence to protect reputation
All businesses are part of a supply chain and each link exposes your business, suppliers, and customers alike. If you understand the potential risks that may impact your ability to deliver a product, service, or project, you can set realistic expectations on the delivery date and the cost. For example, if you understand what unlimited liability means and its implication on your business, you can avoid unlimited liability contracts altogether, or create a method for mitigating the risks that could result from unlimited liability contracts. Then, with better awareness, you can increase your competitiveness and profitability by being able to demonstrate your risk management processes and capability -- especially when working with major organizations or within the public sector.
Risks can produce unexpected costs like the need to pay your staff overtime or pay for expensive expertise with short notice to resolve the issues. It happens when we do not understand our obligations and risks under the contract well. Normally, in a rush to close deliverables and raise invoicing the team overlooks the obligations and requirements in the contract. This results in client issues, abortive work, and additional work with cost. At times, the client qualifies the contract amount by not mentioning variation in contract amount even under extension of contract or until the scope is completed. Such conditions are risky and have too often led to scope issues, contractual disputes, and cost overruns.
Effective risk management strategies ensure the agreed scope is properly documented and is signed off with the client at the inception stage. Then the documentation is placed with proper disclaimers in the reports to avoid possibilities of any additional work or abortive work.
…build a risk management mind set
Risk management cannot be driven by an individual or a group, but by the entire business. It is therefore important that due diligence communications, training sessions and other informative material must be circulated to the larger teams so they can focus on the all the parameters of risk potentials. This will help build the teams to highest capacity so they can be more alert with the contracts and sense a risk at its first instance.
Risk Management empowers a business with the necessary tools so that it can adequately identify and deal with potential risks. Once you have identified a risk, you can easily mitigate it. Risk management also provides a business with a basis upon which it can undertake sound decision-making.
Risk assessment and management is the best way to prepare for eventualities that may interfere with progress and growth. When a business evaluates its plan for handling potential threats and then develops structures to address them, it improves its odds of becoming a successful business. In addition, progressive risk management ensures high priority risks are dealt with as proactively as possible. At that point, management will find it easier to perform the most critical steps for mitigation.
Five Essential Steps of a Risk Management Process
- Identify the Risk
- Analyze the Risk
- Evaluate or Rank the Risk - Strategize
- Treat the Risk - Implement
- Monitor, Review and Modify the Risk
Step 1: Identify the Risk
The initial step in the risk management process is to identify the risks that the business is exposed to in its operating environment.
There are many different types of risks:
- legal risks
- environmental risks
- market risks
- regulatory risks etc.
Step 2: Analyze the Risk
After you identify the risk, analyze it. The scope of the risk must be determined. It is also important to understand the link between the risk and different factors within the organization. To determine the severity and seriousness of the risk you need to know how many business functions the risk affects. Some risks can bring the whole business to a standstill, while others will only be minor inconveniences.
Step 3: Assessment of Risk
Not only must the risk be assessed to understand the magnitude and impact it can bring to the business but a mitigation mechanism must be foreseen, created, and set in place. Every risk needs to be eliminated or contained as much as possible. This is done by connecting with the experts in the field wherein the risk belongs.
Step 4: Implementation of agreed actions
Once a strategy has been decided against known risks, the next step is to charter an action plan and implement the same. This step will also involve performing due diligence consulting with related stakeholders and closely monitoring the action plan implementation.
Effectively treating and mitigating the risk also means using your team's resources efficiently without derailing the project in the meantime. As time goes on and you build a larger database of past projects and their risk logs, you can anticipate possible risks for a more proactive rather than a reactive approach for more effective treatment.
Step 5: Mitigate and Monitor
Obviously, not all risks can be eliminated – some are always present. Risk of market competition, client escalations, delayed delivery on a project, non-deployment of resources -- are only some of the examples of risks that must be continuously monitored. Under manual systems monitoring happens through diligent employees. These professionals must make sure that they keep a close watch on all risk factors.
“If you don’t invest in Risk Management, no matter which business you are in, it will remain a risky business”1
ABOUT THE AUTHOR
Mohit Khullar is an Executive Director with Grant Thornton Bharat LLP with more than two decades of rich experience in areas of risk management, dispute resolution, commercial management, growth and strategy.
ABOUT GRANT THORNTON LLP
Grant Thornton LLP is one of the leading management and development consultancy firms that is part of Grant Thornton International which operates in more than 140 countries involving more than 62,000 professionals. Its global mission is to be the leading business advisors to dynamic organizations by helping them unlock their potential for growth. Their brand is one of the major global accounting organizations recognized by capital markets, regulators and international standards setting bodies. Over the last three years they have become known as the fastest-growing, large accounting organizations and are constantly evolving and developing along with their clients’ expectations.
quote by Jon Dunn Director at PWC (in article title)