Risk management is the bedrock on which effective and successful businesses are built. This is especially so in the post-Covid global economy where the ability to successfully navigate a new range of increased risks is defining the ability of businesses to perform and succeed.
Supply chain disruptions, inflation, debt, labour market gaps, protectionism, and educational disparities have introduced a range of new risks. In addition, uneven responses to Covid and different recovery trajectories have threatened social cohesion, impacted employment variably, and challenged growth across the world. As climate transition disorders deepen and cyber vulnerabilities increase along with barriers to international mobility, geo-strategic tensions and even the threat of war have dramatically shifted every country’s risk landscape.
Yet as the saying, “No risk, no reward” indicates, risk has always been with us.
Arthur Andersen’s deficient audits of Enron at the turn of century saw its trading license revoked in 2002. Even though the United States Supreme Court unanimously reversed Arthur Andersen’s conviction due to errors in trial procedure, the firm never recovered its former glory as one of the world’s big five accounting firms.
Investigations following BP’s 2010 Deepwater Horizon oil spill in the Gulf of Mexico concluded that the crisis could have been averted if standard risk management practices had been implemented. The environmental impact of the crisis destroyed local communities and businesses creating widespread unemployment. While the spill resulted in the BP firing its CEO, the compensation package that the United States government compelled BP to establish to address the human, economic and environmental impact of the spill cost the company over USD 20 billion and destroyed its reputation as an environmentally responsible company.
While history has taught that risk cannot be avoided, four steps are key to understating and managing risk effectively.
1. Risk Identification – This is the first step in risk management and involves identifying risks that could affect individual activities, business operations, and strategic objectives.
Since risk arises from different areas, the risk is classified into different categories for identification purposes. Each category has different levels of priority based on the nature of an organization’s business. Correctly classifying and identifying risk creates an awareness of all the risks that exist so that coordinated action can be taken to manage them. Surveys, interviews, and scenario analysis, for example, are all used to identify and manage risk.
While common risk categories include liquidity risk, strategic risk, reputational risk, and compliance risk, three universal risk categories include:
- Operational Risk: every organization is exposed to operational risk arising from a failure of internal processes, people, and systems or external events. During Covid-19, the global operational risk increased significantly, requiring an effective emergency response. Since managing operational risk can be challenging, ongoing business continuity tests are a key element of effective operational risk management, ensuring operational resilience during crises so that organizations can continue to thrive despite risks and challenges.
- Market risk: is currently in the spotlight as geo-politics creates uncertainty around the world. Supply chain disruption and inflation, for example, have increased prices driving up the cost of living, and dictating several monetary policy responses over the world. The resultant interest rate volatility has placed market risk management on the front burner as well as the center of most companies’ 2022 corporate strategies.
- Credit Risk: Business dealings should be conducted with approved counterparties able to fulfill their financial obligations. Credit risk demands the competent assessment of counterparty risks. In the Insurance industry, ineffective credit risk management can result in brokers defaulting on premium remittance or ineffective claims recovery from reinsurers. Banks are also exposed to credit risk through loans to customers, with ineffective risk management driving high non-performing loan ratios and ultimately elevating credit impairment. Effective risk management reduces the risk of counterparty default by assessing and managing counterparty risk.
2. Risk Assessment and Evaluation – the quantification and rating of risk based on the likelihood of occurrence and potential impact. Risk assessment and evaluation identify the level of risk while highlighting and assessing the effectiveness of controls required to address the threat.
3. Risk Mitigation and Control – These are the measures put in place to address risk. Risk mitigation and control will either eliminate the risk or reduce it to a tolerable level.
There are four risk mitigation and control mechanisms:
- Risk Acceptance – involves accommodating the liabilities associated with a certain risk if the risk is within the individual or company’s risk appetite
- Risk Transfer – involves partially or totally transferring risk to a third party so that the risk that remains is within the risk taker’s appetite. A company or an individual in payment of consideration called premium can transfer their risks to the insurance company. Reinsurance arrangements in which insurance companies transfer risk to reinsurers based on prior contractual agreements are an example of risk transfer
- Risk Sharing – involves dividing liability amongst a group of individuals or entities in accordance with contractually agreed proportions so that any reward or liability arising from the risk is shared amongst the group in the agreed proportion. Coinsurance arrangements between insurance companies where each agrees to underwrite a portion of the risk is an example of risk sharing
- Risk Avoidance – is the rejection of risk outside an individual or company’s risk appetite. A risk that is uncertain or beyond a company’s risk management appetite is usually avoided.
These risk mitigation mechanisms help reduce the risk level of identified risks or eliminate the downside effect of such risks entirely.
4. Risk Monitoring and Reporting – is a process ensuring risk levels are kept in check while proactively identifying additional risks arising from areas outside current risk controls. Effective monitoring eliminates surprises while risk reporting provides the opportunity for identifying measures to manage new or previously unforeseen risks.
Before businesses can perform, deliver profits or grow, risk needs to be managed. Effective business decisions can only be taken if potential risks have been identified and effectively managed. The bedrock of any winning business is an effective risk management process.
Coronation’s world class, technology-enabled professional risk management approach improves decision making and the allocation of resources while ensuring business continuity and strategic focus regardless of how risk landscapes may shift. This approach was put to the test during the Covid-19 pandemic. Coronation’s business continuity processes ensure uninterrupted operations and seamless client service despite severe market disruption. Through a continuous and rigorous system of stress testing and scenario analysis, Coronation assists clients to maintain an accurate view of risk, updating mitigation strategies as current risks shift and new risks evolve.
Leave a Reply