Risk Management in Enterprise

Risk and manage risk

Conceptually, risk is any uncertainty that may be harmful to the ability to successfully implement the business objectives of the enterprise. Businesses can identify potential risks to manage them. Fully understood, risk management is a process of a comprehensive review of the business operations to identify potential risks that may impact adversely to the operational aspects of the business. Based on that, the response solutions will be given corresponding to each risk. We can also understand that the risk management process is a process that is organized in a formal way and ongoing to determine, control and report the risks that can affect the achievement of the business objectives of the enterprise.

Requirements for operational risk management

To ensure that risk management activities are carried out as planned, the implementation must ensure the following requirements:

• Raising awareness about the risks as well as the ability to cope with risks appropriately throughout the enterprise;

• Formalize the process of risk management;

• Develop unified risk management processes in the enterprise;

• Transparency risks;

• Including risk management process as part of the internal control system;

In fact, well organized and efficient risk management activities will contribute to add value to the enterprise, specifically:

• Help improving operational efficiency and create competitive advantage;

• Contribute to the allocation and efficient use of corporate resources;

• Minimize errors in all aspects of business operations…

Recently, with the powerful impact of high inflation rate and economic recession caused by the global financial crisis to enterprises, people are concerning more about risk management activities. Many experts believe that well organized and effective operated risk management system will help businesses withstand and overcome fluctuations.

However, how to organize a complete risk management system is the fact that not many businesses are well understood. The worrying thing is many businesses supposing that with the use of insurance services, their businesses are making adequate risk management. That is completely incorrect.

Risk management policies and implementation

To establish risk management systems, enterprises should start from the development of risk management policy. This policy will define the approaching and managing of risk. In addition, risk management policies will clearly defined responsibilities for risk management throughout the enterprise to Board of Directors; The subordinate units; Departments; Risk management department (if any); the internal audit department – internal control. The implementation of risk management activities should be tied to business strategy, annual budget plan and the business cycle in the enterprise.

Risk Management Process

Basically, risk management processes typically include basic steps such as: confirmation of the business objectives, identify risks, description and classification of risk, assessment and risk ratings, response planning development, reporting an update on implementation, monitoring the process of implementation, review and improvement of risk management processes. Details of some of the main steps in the risk management process are as follows:

Confirmation of business objectives

Risk management activities are organized and implemented towards ensuring the successful implementation of the enterprise objectives. Therefore, at the begining the risk management process, the first task that business leaders need to do is confirming the operational goals of the business. This will be the base to ensure that risk management activities are held in the right direction.

Identify Risks

There are many methods to identify risk. Each method has different advantages and disadvantages. However, the following methods are considered using to determine the risk:

• Organize risk assessment workshop;
• Organize “Brain Attack” meeting;
• Questionnaire;
• Audit and inspection;
• Based on industry norms;
• Situation analysis

In fact, the method of determining risk that are used most in organizations is organizing risk assessment workshop. Attending the workshop are the Board of Directors and leaders of all departments. Members at the workshop will exchange information to give a list of business risks. In many cases, the result of the risk identification process is a long list of potential risks. However, this should not be too worried, the implementation of the next steps of the risk management process will help identify clearly the risks that are really the great risk to enterprises.

Description and classification of risk

After identifying potential risks, the next step is to describe briefly but specifically about the origin, cause, consequence and impact of each risks to the enterprise.

Next, we will implement the risk classification. There are many different types of potential risks for enterprises. They can originate inside or outside the enterprise. Based on the nature of the risk, they are many way to classify risk. However, the most common way is to classify risk into 4 groups as follows:

• Financial risk: interest rate, exchange rate, credit source, cash flow and ability to pay…;
• Strategic risk: competition, customer changes, industry changes, risks for research and development activities, intellectual property…;
• Operational risk: the leaders, corporate culture, violation of management rules, financial control, information systems…;
• Dangerous risk: environmental risks, supplier, natural disaster, risks for assets, contracts, products and services…

The classification of risks as above will help enterprises to manage risk in a systematic way.

Assessment and risk rating

Enterprise resources are limited while the number of the risks is great. So, the next step is to organize, evaluate and ranking risks according to priority level of response. Enterprises will analyze, evaluate each risk according to two criteria: the possibility of risk and the extent of the risks affecting the business if happened. The risk that the businesses need to prioritize response and prevent is the risk with high likelihood and degree of influence.

Develop response plans

Develop response plans is an important stage in the process of risk management. At this stage, enterprise should given the preventive measures and specific control should be taken to prevent and minimize damage if the risk occurs. There are 3 contents that must be determined for each specific risk when developing response plans:

1.      Measures that should be implemented to prevent risks;

2.      The completion deadline for those measures;

3.      The person that responsible for managing that risk.

Monitoring the implementation of measures

In the process of implementation of response measures, businesses need to build a system of reporting regularly to ensure strict control of the implementation process. Enterprises also need to ensure that all shortcomings in the implementation of risk control measures must be timely reporting to leaders.

At the same time, business leaders must also build a culture of risk management to every staffs in the enterprise. It is high time that the corporate governance should seriously view the role of risk management activities, consider setting up and maintaining a risk management system in business. Practical experience shows that, once the risks are forecasted, enterprises can fully develop and deploy effective response plans for sustainable development.