The Best Binary Options Broker 2020!
Perfect For Beginners and Middle-Leveled Traders!
Free Demo Account.
Get Your Sign-Up Bonus Now!
Recommended Only For Experienced Traders!
Managing The Risks – Risk Management
Select topics and stay current with our latest insights
Risk Management in Finance
In the financial world, risk management is the process of identification, analysis and acceptance or mitigation of uncertainty in investment decisions. Essentially, risk management occurs when an investor or fund manager analyzes and attempts to quantify the potential for losses in an investment, such as a moral hazard, and then takes the appropriate action (or inaction) given the fund’s investment objectives and risk tolerance.
What is Risk Management?
What is Risk Management?
Risk management occurs everywhere in the realm of finance. It occurs when an investor buys U.S. Treasury bonds over corporate bonds, when a fund manager hedges his currency exposure with currency derivatives, and when a bank performs a credit check on an individual before issuing a personal line of credit. Stockbrokers use financial instruments like options and futures, and money managers use strategies like portfolio diversification, asset allocation and position sizing to mitigate or effectively manage risk.
Inadequate risk management can result in severe consequences for companies, individuals, and the economy. For example, the subprime mortgage meltdown in 2007 that helped trigger the Great Recession stemmed from bad risk-management decisions, such as lenders who extended mortgages to individuals with poor credit; investment firms who bought, packaged, and resold these mortgages; and funds that invested excessively in the repackaged, but still risky, mortgage-backed securities (MBS).
- Risk management is the process of identification, analysis and acceptance or mitigation of uncertainty in investment decisions.
- Risk is inseparable from return in the investment world.
- A variety of tactics exist to ascertain risk; one of the most common is standard deviation, a statistical measure of dispersion around a central tendency.
- Beta, also known as market risk, is a measure of the volatility, or systematic risk, of an individual stock in comparison to the entire market.
- Alpha is a measure of excess return; money managers who employ active strategies to beat the market are subject to alpha risk.
How Risk Management Works
We tend to think of “risk” in predominantly negative terms. However, in the investment world, risk is necessary and inseparable from desirable performance.
A common definition of investment risk is a deviation from an expected outcome. We can express this deviation in absolute terms or relative to something else, like a market benchmark.
While that deviation may be positive or negative, investment professionals generally accept the idea that such deviation implies some degree of the intended outcome for your investments. Thus to achieve higher returns one expects to accept the more risk. It is also a generally accepted idea that increased risk comes in the form of increased volatility. While investment professionals constantly seek, and occasionally find, ways to reduce such volatility, there is no clear agreement among them on how this is best to be done.
How much volatility an investor should accept depends entirely on the individual investor’s tolerance for risk, or in the case of an investment professional, how much tolerance their investment objectives allow. One of the most commonly used absolute risk metrics is standard deviation, a statistical measure of dispersion around a central tendency. You look at the average return of an investment and then find its average standard deviation over the same time period. Normal distributions (the familiar bell-shaped curve) dictate that the expected return of the investment is likely to be one standard deviation from the average 67% of the time and two standard deviations from the average deviation 95% of the time. This helps investors evaluate risk numerically. If they believe that they can tolerate the risk, financially and emotionally, they invest.
For example, during a 15-year period from August 1, 1992, to July 31, 2007, the average annualized total return of the S&P 500 was 10.7%. This number reveals what happened for the whole period, but it does not say what happened along the way. The average standard deviation of the S&P 500 for that same period was 13.5%. This is the difference between the average return and the real return at most given points throughout the 15-year period.
When applying the bell curve model, any given outcome should fall within one standard deviation of the mean about 67% of the time and within two standard deviations about 95% of the time. Thus, an S&P 500 investor could expect the return, at any given point during this period, to be 10.7% plus or minus the standard deviation of 13.5% about 67% of the time; he may also assume a 27% (two standard deviations) increase or decrease 95% of the time. If he can afford the loss, he invests.
The Best Binary Options Broker 2020!
Perfect For Beginners and Middle-Leveled Traders!
Free Demo Account.
Get Your Sign-Up Bonus Now!
Recommended Only For Experienced Traders!
Risk Management and Psychology
While that information may be helpful, it does not fully address an investor’s risk concerns. The field of behavioral finance has contributed an important element to the risk equation, demonstrating asymmetry between how people view gains and losses. In the language of prospect theory, an area of behavioral finance introduced by Amos Tversky and Daniel Kahneman in 1979, investors exhibit loss aversion. Tversky and Kahneman documented that investors put roughly twice the weight on the pain associated with a loss than the good feeling associated with a profit.
Often, what investors really want to know is not just how much an asset deviates from its expected outcome, but how bad things look way down on the left-hand tail of the distribution curve. Value at risk (VAR) attempts to provide an answer to this question. The idea behind VAR is to quantify how large a loss on investment could be with a given level of confidence over a defined period. For example, the following statement would be an example of VAR: “With about a 95% level of confidence, the most you stand to lose on this $1,000 investment over a two-year time horizon is $200.” The confidence level is a probability statement based on the statistical characteristics of the investment and the shape of its distribution curve.
Of course, even a measure like VAR doesn’t guarantee that 5% of the time will be much worse. Spectacular debacles like the one that hit the hedge fund Long-Term Capital Management in 1998 remind us that so-called “outlier events” may occur. In the case of LTCM, the outlier event was the Russian government’s default on its outstanding sovereign debt obligations, an event that threatened to bankrupt the hedge fund, which had highly leveraged positions worth over $1 trillion; if it had gone under, it could have collapsed the global financial system. The U.S. government created a $3.65-billion loan fund to cover LTCM’s losses, which enabled the firm to survive the market volatility and liquidate in an orderly manner in early 2000.
Beta and Passive Risk Management
Another risk measure oriented to behavioral tendencies is a drawdown, which refers to any period during which an asset’s return is negative relative to a previous high mark. In measuring drawdown, we attempt to address three things:
- the magnitude of each negative period (how bad)
- the duration of each (how long)
- the frequency (how often)
For example, in addition to wanting to know whether a mutual fund beat the S&P 500, we also want to know how comparatively risky it was. One measure for this is beta (known as “market risk”), based on the statistical property of covariance. A beta greater than 1 indicates more risk than the market and vice versa.
Beta helps us to understand the concepts of passive and active risk. The graph below shows a time series of returns (each data point labeled “+”) for a particular portfolio R(p) versus the market return R(m). The returns are cash-adjusted, so the point at which the x and y-axes intersect is the cash-equivalent return. Drawing a line of best fit through the data points allows us to quantify the passive risk (beta) and the active risk (alpha).
The gradient of the line is its beta. For example, a gradient of 1.0 indicates that for every unit increase of market return, the portfolio return also increases by one unit. A money manager employing a passive management strategy can attempt to increase the portfolio return by taking on more market risk (i.e., a beta greater than 1) or alternatively decrease portfolio risk (and return) by reducing the portfolio beta below 1.
Alpha and Active Risk Management
If the level of market or systematic risk were the only influencing factor, then a portfolio’s return would always be equal to the beta-adjusted market return. Of course, this is not the case: Returns vary because of a number of factors unrelated to market risk. Investment managers who follow an active strategy take on other risks to achieve excess returns over the market’s performance. Active strategies include tactics that leverage stock, sector or country selection, fundamental analysis, position sizing, and technical analysis.
Active managers are on the hunt for an alpha, the measure of excess return. In our diagram example above, alpha is the amount of portfolio return not explained by beta, represented as the distance between the intersection of the x and y-axes and the y-axis intercept, which can be positive or negative. In their quest for excess returns, active managers expose investors to alpha risk, the risk that the result of their bets will prove negative rather than positive. For example, a fund manager may think that the energy sector will outperform the S&P 500 and increase her portfolio’s weighting in this sector. If unexpected economic developments cause energy stocks to sharply decline, the manager will likely underperform the benchmark, an example of alpha risk.
The Cost of Risk
In general, the more an active fund and its managers shows themselves able to generate alpha, the higher the fees they will tend to charge investors for exposure to those higher-alpha strategies. For a purely passive vehicle like an index fund or an exchange-traded fund (ETF), you might pay 15 to 20 basis points in annual management fees, while for a high-octane hedge fund employing complex trading strategies involving high capital commitments and transaction costs, an investor would need to pay 200 basis points in annual fees, plus give back 20% of the profits to the manager.
The difference in pricing between passive and active strategies (or beta risk and alpha risk respectively) encourages many investors to try and separate these risks (e.g. to pay lower fees for the beta risk assumed and concentrate their more expensive exposures to specifically defined alpha opportunities). This is popularly known as portable alpha, the idea that the alpha component of a total return is separate from the beta component.
For example, a fund manager may claim to have an active sector rotation strategy for beating the S&P 500 and show, as evidence, a track record of beating the index by 1.5% on an average annualized basis. To the investor, that 1.5% of excess return is the manager’s value, the alpha, and the investor is willing to pay higher fees to obtain it. The rest of the total return, what the S&P 500 itself earned, arguably has nothing to do with the manager’s unique ability. Portable alpha strategies use derivatives and other tools to refine how they obtain and pay for the alpha and beta components of their exposure.
Managing The Risks – Risk Management
Request a call-back
Request a call back
Leave your details and we will call you back with information on your preferred program.
- Program fees
- Course descriptions
- Career pathways
- Workload and tips
- Academic profiles
When you left for work this morning, did you pack an umbrella to mitigate the risk of arriving in the office soaked? Or did you consider the need for sunglasses to ward off that nasty glare on your walk to work? There’s always a risk of what the weather might bring, so naturally, you plan and prepare accordingly. As a project manager, handling project risk management in your organisation is the same.
In this article, we’ll discuss the fundamentals of risk management in project management. We’ll share tips and techniques for managing project risk in your organisation, providing examples and outlining an actionable plan to give you a head start for managing risks in your projects.
What is project risk management?
Managing project risk refers to the steps you take to identify, analyse and deal with problems or issues that might arise during the project. The reason why project risk management is important is that risks can throw a project off course. If you had planned a large, outdoor networking event for dozens of notable clients and it rained, you’d have a lot of unhappy – and damp – clients (if they decided to show up at all). It’s good practice to stay on top of the things that might cause problems and have a plan to deal with them before they create problems.
There are plenty of benefits for looking out for risks in project management. You’ll have a smoother project and more successful outcomes if you can handle risks effectively – we’ll come to strategies for risk management in project management a little later in the article.
Successful project managers understand how to use project and risk management together to offset potential issues – and they would have likely checked the weather forecast and organised a marquee.
How do you define risk in project management?
The definition of risk in project management is anything that might have an impact on your ability to get the project completed in line with the business case or project charter. Often, you’ll see teams define risks as being negative: situations that might cause problems on projects. There are some examples of typical project risks below.
However, during your risk identification, you should also look to define positive risk. These are situations that, if they happened, would present an opportunity too good to miss. For instance, if you launched a new website, you might get more traffic than you were expecting, which would be an opportunity worth capitalising on. What’s next?
Considering positive risk as well as the negative in a thought-out plan can help you achieve more from your projects and could lead to new, untapped opportunities.
If you can do this well, you will feel confident taking on larger and more complex projects at work, because you’ll know that you have a plan to cope with whatever challenges come along.
Top 10 examples of project risk
It’s easier to understand the ideas behind risk management if we look at some situations where risk might occur. While the top 10 project risks will be different for every project, here are some examples that will give you inspiration for your own risk log:
- Poor estimates might lead to longer delivery times;
- A natural disaster might affect our ability to deliver the project on time;
- Poor communication across our virtual team might lead to misunderstandings;
- The supplier might not be able to deliver on time;
- The price of a core raw material may increase during the project, putting the budget up; and
- We may not be able to secure the resources required for delivery.
More specifically, the IT environment can often have specific challenges, so here are some software project risk examples to consider:
- The data centre might be the subject of a hacking attack (in which case, these tips on disaster recovery will help with planning you management approach);
- The testing phase might take longer than planned – this is a common risk;
- There might not be adequate documentation around legacy systems that allows us to integrate effectively with existing software; and
- The team may not have adequate skills to code to a high enough quality standard.
These are project management risk examples only, so it’s important that you can run a risk workshop with your team to identify risks that relate specifically to your project. Try to find as many as you can. This will not only help you manage the project more confidently but will also boost your chances of success – and bringing in a project on time, on budget and without any major issues.
RMIT student, Mitchell Hart talks about the benefit of his further education and how that helps him assist colleagues with scenarios they might find themselves in.
A postgraduate education can expose you to case studies across all different industries, by examining a range of common and specific risks in different situations. You’ll also get the opportunity to meet people from a variety of backgrounds. Learning from past experiences – both your own and of others – is a good way to help identify more risks on projects, as you’ll have a greater understanding of the kinds of things to look out for.
Developing a project risk management plan
Risk planning will provide structure to a project, ensuring you mitigate risk at every corner. Looking at risks don’t just happen during project initiation or on a reactive basis. You should be reviewing risk throughout the project, and a plan will help with that.
A solid plan usually includes a review of the environment in which the risks will take place. In other words, the business context. This provides direction for all those involved in the project and sets the scene for how short and long-term term risks are managed. For example, the risks inherent in managing software development projects are different from those that you would find on a construction project.
The role of risk management in the project planning process is to ensure that risks are given adequate visibility during the early stages of the project. It also helps to embed a culture for risk mitigation from the very beginning of a project.
As project risk is highest during the initiation and design phases – because you don’t yet know exactly how the work will be done or what’s required – you should carry out a thorough planning process as early as practical during the project, supporting your activities from the very beginning.
Here’s an example:
A compliance project was being undertaken by a large organisation, to ensure the business complied with upcoming legislation. The project manager in charge completed a risk log at the beginning of the project, but it was not regularly reviewed. As a result, one potential risk identified at the beginning was not adequately managed and grew into a significant problem for the team. External auditors needed to be brought in to review the impact of the issue and help focus the team on getting ready for the legislative change.
The team in the above example only paid lip service to the idea of project risk management, and the project suffered as a result. Planning helps you to set a clear process from the beginning. The importance of a plan was not lost on this team following the auditors’ visit.
Portfolio risk management is the area where risk and portfolio management intersect. A portfolio manager took all the risks from projects across the portfolio and aggregated them to see the total impact of risk. The risk exposure on individual projects seemed manageable, but when viewed holistically across the organisation, it was clear that the risk profile the business was carrying was simply too high. Portfolio and risk management skills, from the PMO team and the project teams working together, were able to adjust the project mix to get the risk exposure back to a level that senior managers felt comfortable with.
Ideally, a project risk management plan should follow the standards set out by your organisation, so that all risks across the portfolio are managed in the same way. If you aren’t sure how to write a risk management plan, your first point of call should be your organisation’s Project Management Office. They should be able to provide you with a template. They should also be able to share an example plan, perhaps from another project. You can also take a graduate diploma program in project management online from RMIT, which provides theoretical frameworks to help you develop a project plan and understand how they are applied in real-work contexts.
While the details of a project may be substantially different from another, what should be included in a project risk management plan is going to be similar across the board. You should be able to use a sample plan to construct your own.
How can you manage project risk?
Before you can manage risk, you need to identify it. Brainstorm as many possible scenarios or problems that might hit your project. Assessing risk is one of the first points of call. From here, we need to understand what risk analysis in project management entails.
Risk analysis is examining each project risk and working through a structured set of criteria to assess the potential impact on a project, should the risk occur. This, combined with how likely it is to happen, gives you a quantifiable assessment of the risk based on your analysis.
The output of your risk analysis will tell you how much effort you should be putting into managing the risk in your project.
Risks with a high likelihood of occurrence and a high possible impact are the ones where you want to spend most of your time.
Now that you have a list of priority risks, you can agree with the team on how to manage them. There are many risk management techniques in project management. The most commonly used are:
- Avoid: prevent the risk from happening at all e.g. cancelling an outdoor event if the forecast was bad weather;
- Transfer: pass the impact of the risk (or some of it) to another party e.g. taking out insurance;
- Mitigate: reduces the impact of a project threat or the chance of it happening by acting e.g. providing each attendee with an umbrella on arrival; and
- Accept: don’t take any action at all as a way to facilitate project risk management.
The approach to turning risks into a positive is a bit different. Let’s use the case of a new website getting lots of unexpected traffic:
- Exploit: take action to make sure the situation happens e.g. trying to get some publicity in advance of the site launch to encourage extra traffic;
- Share: get other people on board to help pursue the opportunity e.g. reaching out to influencers online to get them to share your new website with their followers, to boost traffic;
- Enhance: do what you can to make a situation even better, should it occur e.g. thinking about what you could do to capitalise on the extra traffic, like offering a free download or making sure your sales pages look smart; and
- Accept: don’t take any action at all and just accept whatever you get.
However, your ‘rules’ of risk management need to reflect the size and scale of your project. For example, you wouldn’t perform detailed, extensive risk analysis on a small project. Equally, a detailed analysis isn’t enough on large-scale, high budget projects.
The best way to handle risk is to think critically about the situation, carry out a structured project management risk analysis, and then decide on a course of action. A cookie-cutter approach won’t work, which is why it’s important to have an advanced understanding of the discipline and be able to apply the techniques.
Postgraduate study is one way to deepen your knowledge of project management. RMIT student, Clinton Truong, says that the learnings from the RMIT’s diploma of project management modules can often be used immediately in daily life. Whether it’s managing risks or program management, it’s not unusual for him to begin using course knowledge on the job the very next day, as he works full-time alongside his studies.
The benefits of Scrum and agile methodologies for managing project risk
Agile methods like Scrum are widespread for managing projects. Some agile approaches naturally mitigate risk, such as shorter delivery windows or sprints. However, this doesn’t mean that you can ignore more formal approaches.
Agile risk management is very similar to risk management on any other project. The risk workshop, where you identify risks and do an initial assessment, will likely happen during sprint planning. Risks are assessed, prioritised and managed throughout the sprint. A core feature of Scrum is the ability to tweak what the team is doing to serve the project better. This process flags areas where the agile approaches used can be adapted to accommodate project needs.
Scrum and agile methods are known for their close working relationships between team members, and this can really help with flushing out risks and managing them effectively. Project managers who work closely with Scrum Masters ensure risk is considered, analysed and effectively managed across the project.
Working with your team on project risk management
Scrum teams may be far more aware of the impact of risk than teams using other project methodologies. Having said that, it’s not the methodology that is important. Whether you are in an agile environment or a more traditional project delivery setting, successfully managing risk in your organisation relies far more on people than processes. It’s essential to communicate regularly, foster honest relationships and build competencies to ensure project management team success.
Risk management and teamwork go hand in hand, but your project team won’t always have the relevant experience. They will be looking to you to guide them. You can create a smaller group to be your risk management team. This group should be made up of the people responsible for carrying out the risk action plans. On an IT project, your team members might be developers or workstream leaders, for example. Meet regularly to review the risk log, add new risks, update progress on existing risks and close risks that have passed.
Your project risk management checklist
So, how do you manage risk? This checklist will help.
The need to balance risk and reward is inherent in any change project. Understanding the core concepts is one thing but being able to transfer them to the workplace is another.
We’ve only started to touch on the complexities, benefits and processes in project risk management in this article. It’s important to keep your skills up to date and relevant for today’s business climate.
You can boost your knowledge of project management through online study with our graduate certificate in project management online, as well as graduate diploma in project management. Additionally, you will have the opportunity to network with a peer group interested in the same things as you. You can also learn more about our online project management programs by contacting our Student Enrolment team on 1300 171 701.
Risk management is a systematic process of identifying and assessing company risks and taking actions to protect a company against them. Some risk managers define risk as the possibility that a future occurrence may cause harm or losses, while noting that risk also may provide possible opportunities. By taking risks, companies sometimes can achieve considerable gains. However, companies need risk management to analyze possible risks in order to balance potential gains against potential losses and avoid expensive mistakes. Risk management is best used as a preventive measure rather than as a reactive measure. Companies benefit most from considering their risks when they are performing well and when markets are growing in order to sustain growth and profitability.
The task of the risk manager is to predict, and enact measures to control or prevent, losses within a company. The risk-management process involves identifying exposures to potential losses, measuring these exposures, and deciding how to protect the company from harm given the nature of the risks and the company’s goals and resources. While companies face a host of different risks, some are more important than others. Risk managers determine their importance and ability to be affected while identifying and measuring exposures. For example, the risk of flooding in Arizona would have low priority relative to other risks a company located there might face. Risk managers consider different methods for controlling or preventing risks and then select the best method given the company’s goals and resources. After the method is selected and implemented, the method must be monitored to ensure that it produces the intended results.
THE EVOLUTION OF RISK
The field of risk management emerged in the mid-1970s, evolving from the older field of insurance management. The term risk management was adopted because the new field has a much wider focus than simply insurance management. Risk management includes activities and responsibilities out-side of the general insurance domain, although insurance is an important part of it and insurance agents often serve as risk managers. Insurance management focused on protecting companies from natural disasters and basic kinds of exposures, such as fire, theft, and employee injuries, whereas risk management focuses on these kinds of risks as well as other kinds of costly losses, including those stemming from product liability, employment practices, environmental degradation, accounting compliance, offshore outsourcing, currency fluctuations, and electronic commerce. In the 1980s and 1990s, risk management grew into vital part of company planning and strategy and risk management became integrated with more and more company functions as the field evolved. As the role of risk management has increased to encompass large-scale, organization-wide programs, the field has become known as enterprise risk management.
TYPES OF RISK MANAGERS
AND TYPES OF RISK
Company managers have three general options when it comes to choosing a risk manager:
- Insurance agents who provide risk assessment services and insurance advice and solutions to their clients;
- Salaried employees who manage risk for their company (often chief financial officers or treasurers); and
- Independent consultants who provide risk-management services for a fee.
Because risk management has become a significant part of insurance brokering, many insurance agents work for fees instead of for commissions. To choose the best type of risk manager for their companies, managers should consider the company’s goals, size, and resources.
Managers also should be aware of the types of risks they face. Common types of risks include automobile accidents, employee injuries, fire, flood, and tornadoes, although more complicated types such as liability and environmental degradation also exist. Furthermore, companies face a number of risks that stem primarily from the nature of doing business. In Beyond Value at Risk, Kevin Dowd sums up these different types of risks companies face by placing them in five general categories:
- Business risks, or those associated with an organization’s particular market or industry;
- Market risks, or those associated with changes in market conditions, such as fluctuations in prices, interest rates, and exchange rates;
- Credit risks, or those associated with the potential for not receiving payments owed by debtors;
- Operational risks, or those associated with internal system failures because of mechanical problems (e.g., machines malfunctioning) or human errors (e.g., poor allocation of resources); and
- Legal risks, or those associated with the possibility of other parties not meeting their contractual obligations.
In addition, environmental risks constitute a significant and growing area of risk management, since reports indicate the number and intensity of natural disasters are increasing. For example, the periodical Risk Management reported that there were about five times as many natural disasters in the 1990s as in the 1960s. The year 2004 was one of the worst in history, with three major hurricanes hitting the state of Florida and a tsunami causing death and devastation in the Pacific Rim. Some observers blame the rising number of natural disasters on global warming, which they believe will cause greater floods, droughts, and storms in the future.
Furthermore, any given risk can lead to a variety of losses in different areas. For example, if a fire occurs, a company could lose its physical property such as buildings, equipment, and materials. In this situation, a company also could lose revenues, in that it could no longer produce goods or provide services. Furthermore, a company could lose human resources in such a disaster. Even if employees are not killed or injured, a company would still suffer losses because employers must cover benefits employees draw when they miss work.
ASSESSING RISKS ASSOCIATED
WITH DOING BUSINESS
One way managers can assess the risks of doing business is by using the risk calculator developed by Robert Simons, a professor at the Harvard Business School. Although the risk calculator is not a precise tool, it does indicate areas where risks and potential losses exist, such as the rate of expansion and the level of internal competition. Using the risk calculator, managers can determine if their company has a safe or dangerous amount of risk. The risk calculator measures three kinds of internal pressures: risk stemming from growth, corporate culture, and information management. Rapid growth, for example, could be a risk and lead to losses, because if a company grows too quickly, it may not have enough time to train new employees adequately. Hence, unchecked growth could lead to lost sales and diminished quality.
Managers can assess the increased risk associated with growth by determining if sales goals are set by top management without input from employees. If a company sets sales goals in this manner, then it has a high level of risk in that the goals may be too difficult for employees to meet. In cases where employees feel extreme pressure in trying to achieve goals, they may take unnecessary risks. Similarly, companies that rely heavily on performance-based pay also tend to have higher levels of risk.
To assess risk arising from corporate culture, managers should determine what percentage of sales comes from new products or services developed by risk-taking employees. If the percentage is high, then the amount of risk is also high, because such a company depends significantly on new products and the related risks. In addition, a corporate culture that allows or encourages employees to work independently to develop new products increases company risk, as does a high rate of new product or service failures.
Finally, managers can determine business risks resulting from information management by determining if they and their subordinates spend a lot of time gathering information that should already be available. Another way of assessing these risks is by managers considering whether they look at performance data frequently and whether they notice if reports are missing or late.
RISK MANAGEMENT METHODS
Risk managers rely on a variety of methods to help companies avoid and mitigate risks in an effort to position them for gains. The four primary methods include exposure or risk avoidance, loss prevention, loss reduction, and risk financing. A simple method of risk management is exposure avoidance, which refers to avoiding products, services, or business activities with the potential for losses, such as manufacturing cigarettes. Loss prevention attempts to root out the potential for losses by implementing such things as employee training and safety programs designed to eradicate risks. Loss reduction seeks to minimize the effects of risks through response systems that neutralize the effects of a disaster or mishap.
The final option risk managers have is to finance risks, paying for them either by retaining or transferring their costs. Companies work with risk managers insofar as possible to avoid risk retention. However, if no other method is available to manage a particular risk, a company must be prepared to cover the losses—that is, to retain the losses. The deductible of an insurance policy is an example of a retained loss. Companies also may retain losses by creating special funds to cover any losses.
Risk transferring takes place when a company shares its risk with another party, such as an insurance provider, by getting insurance policies that cover various kinds of risk that can be insured. In fact, insurance constitutes the leading method of risk management. Insurance policies usually cover (a) property risks such as fire and natural disasters, (b) liability risks such as employer’s liability and workers’ compensation, and (c) transportation risks covering air, land, and sea travel as well as transported goods and transportation liability. Managers of large corporations may decide to manage their risks by acquiring an insurance company to cover part or all of their risks, as many have done. Such insurance companies are called captive insurers.
Risk managers also distinguish between preloss and postloss risk financing. Preloss risk financing includes financing obtained in preparation for potential losses, such as insurance policies. With insurance policies, companies pay premiums before incurring losses. On the other hand, postloss financing refers to obtaining funds after losses are incurred (i.e., when companies obtain financing in response to losses). Obtaining a loan and issuing stocks are methods of postloss financing.
During the implementation phase, company managers work with risk managers to determine the company goals and the best methods for risk management. Generally, companies implement a combination of methods to control and prevent risks effectively, since these methods are not mutually exclusive, but complementary. After risk management methods have been implemented, risk managers must examine the risk management program to ensure that it continues to be adequate and effective.
EMERGING AREAS OF RISK
In the 1990s, new areas of risk management began to emerge that provide managers with more options to protect their companies against new kinds of exposures. According to the Risk and Insurance Management Society (RIMS), the main trade organization for the risk management profession, among the emerging areas for risk management were operations management, environmental risks, and ethics.
As forecast by RIMS, risk managers of corporations started focusing more on verifying their companies’ compliance with federal environmental regulations in the 1990s. According to Risk Management, risk managers began to assess environmental risk such as those arising from pollution, waste management, and environmental liability to help make their companies more profitable and competitive. Furthermore, tighter environmental regulations also goaded businesses to have risk managers check their compliance with environmental policies to prevent possible penalties for noncompliance.
Companies also have the option of obtaining new kinds of insurance policies to control risks, which managers and risk managers can take into consideration when determining the best methods for covering potential risks. These nontraditional insurance policies provide coverage of financial risks associated with corporate profits and currency fluctuation. Hence, these policies in effect guarantee a minimum level of profits, even when a company experiences unforeseen losses from circumstances it cannot control (e.g., natural disasters or economic downturns). Moreover, these nontraditional policies ensure profits for companies doing business in international markets, and hence they help prevent losses from fluctuations in a currency’s value.
Risk managers can also help alleviate losses resulting from mergers. Stemming from the wave of mergers in the 1990s, risk managers became a more integral part of company merger and acquisition teams. Both parties in these transactions rely on risk management services to determine and control or prevent risks. On the buying side, risk managers examine a selling company’s expenditures, loss history, insurance policies, and other areas that indicate a company’s potential risks. Risk managers also suggest methods for preventing or controlling the risks they find.
Finally, risk managers have been called upon to help businesses manage the risks associated with increased reliance on the Internet. The importance of online business activities in maintaining relationships with customers and suppliers, communicating with employees, and advertising products and services has offered companies many advantages, but also exposed them to new security risks and liability issues. Business managers need to be aware of the various risks involved in electronic communication and commerce and include Internet security among their risk management activities.
ENTERPRISE RISK MANAGEMENT
As the field of risk management expanded to include managing financial, environmental, and technological risks, the role of risk managers grew to encompass an organization-wide approach known as enterprise risk management (ERM). This approach seeks to implement risk awareness and prevention programs throughout a company, thus creating a corporate culture able to handle the risks associated with a rapidly changing business environment. Practitioners of ERM incorporate risk management into the basic goals and values of the company and support those values with action. They conduct risk analyses, devise specific strategies to reduce risk, develop monitoring systems to warn about potential risks, and perform regular reviews of the program.
In the United States, the Sarbanes-Oxley Act of 2002 provided the impetus for a number of large firms to implement enterprise risk management. Passed in the wake of scandals involving accounting compliance and corporate governance, the act required public companies to enact a host of new financial controls. In addition, it placed new, personal responsibility on boards of directors to certify that they are aware of current and future risks and have effective programs in place to mitigate them. “Fueled by new exchange rules, regulatory initiatives around the globe, and a bevy or reports that link good corporate governance with effective risk management, attention is turning to ERM,” Lawrence Richter Quinn noted in Financial Executive. “[Some executives believe that it] will save companies from any number of current and future ills while providing significant competitive advantages along the way.”
In late 2004 the London-based Treadway Commission’s Committee of Sponsoring Organizations (COSO) issued Enterprise Risk Management-Integrated Framework, which provided a set of “best practice” standards for companies to use in implementing ERM programs. The COSO framework expanded on the work companies were required to do under Sarbanes-Oxley and provided guidelines for creating an organization-wide focus on risk management. According to Financial Executive, between one-third and one-half of Fortune 500 companies had launched or were considering launching ERM initiatives by the end of 2004.
Revised by Laurie Collier Hillstrom
Braunstein, Adam. “Strategies for Risk Management.” CIO (24 February 2005). Available from .
D’Arcangelo, James R. “Beyond Sarbanes-Oxley: Section 404 Exercises Can Provide the Starting Point for a Comprehensive ERM Program.” Internal Auditor (October 2004).
Dowd, Kevin. Beyond Value at Risk. New York: Wiley: 1998.
Lam, James. Enterprise Risk Management: From Incentives to Controls. Hoboken, NJ: John Wiley, 2003.
Mills, Evan. “The Coming Storm: Global Warming and Risk Management.” Risk Management (May 1998): 20.
Quinn, Lawrence Richter. “ERM: Embracing a Total Risk Model.” Financial Executive (January-February 2005).
Risk and Insurance Management Society, Inc. “(RIMS) Website.” Available from http://www.rims.org.
Simons, Robert. “How Risky Is Your Company?” Harvard Business Review (May 1999): 85.
Telegro, Dean Jeffery. “A Growing Role: Environmental Risk Management in 1998.” Risk Management (March 1998): 19.
White, Larry. “Management Accountants and Enterprise Risk Management.” Strategic Finance (November 2004).
The Best Binary Options Broker 2020!
Perfect For Beginners and Middle-Leveled Traders!
Free Demo Account.
Get Your Sign-Up Bonus Now!
Recommended Only For Experienced Traders!