In 2005, CIMA gave an official definition of risk : “risk is a condition in which there exists a quantifiable dispersion in the possible outcomes from any activity. It can be classified in a number of ways”. Another definition could be “the effect of uncertainty on objectives”. Definitions are several and they can get very specific, but regardless of the way you define it, risk usually belongs to one of four areas of the organisation: the long term, the management of change, the short term (daily) and the overall finance.
There’s two types of risk :
Quantitative risk : this concerns quantifiable losses of resources, like people, time and money.
Qualitative : this concerns aspects of the business where it’s not possible (probably just yet) to quantify the risk. The data is not enough to lay out forecasts and calculate the amount of resources you’re going to risk. It’s pretty obvious that not being able to quantify the risk is going to make things harder, it’s what in gambling they call “a blind bet”, and to avoid the chance of this happening you should focus on turning the qualitative risks into quantitative ones.
Three common risk management techniques :
- Risk avoidance : this is the refraining from taking action. It works perfectly, it brings the amount of risk to zero in no time, and without any action. It makes sense that, if a business move holds risk within, we could eliminate that risk by not going further with that move. Companies that avoid the risk by not taking action tend to become stagnant, resistant to change and inevitably move toward business closure. It’s literally impossible to avoid all risks and an organisation’s ability to change and adapt through different times is extremely vital and therefore risk will always be a part of every operation. Sometimes you can’t avoid taking action, that’s exactly what risk management is for.
- Risk reduction : it’s sometimes possible to minimise the risk. This happens when the cost of minimising risk is low enough to create potential savings. There are several ways you can minimise risk and they all depend on the kind of business you operate and the kind of risk you’re facing. If you’re worried about robberies, a guard outside the shop would minimise the risk of that. A security camera next to an ATM minimise the risk of robberies by intimidating criminals of being recognised. In-depth market research and testing will minimise the risk of new products placements going wrong and by carefully planning the operation. If the case of the risk is a management decision, an extra focus on decision making will help minimise the risk.
- Risk assumption : this means that the organisation will go ahead with the operation and assume the risk. This technique is used when risk management has reduced the risk to a minimum, so it’s the safest to assume it, or the potential loss is too insignificant to be brought to attention. It’s also used when insurances on the potential loss are too expensive. Companies with several facilities and a large number of employees find it useful to create a self-insurance, hence to put aside a fund to use when machinery breaks down or any other losses present themselves.
The four T’s of responding to risk are:
- Tolerate : when you can deal with the possible consequences of risk you can accept and tolerate it.
- Treat : this is an action that mitigates the risk, in example, if a bank is not going to give you the full funding you need, you’ll need to perform an action to find some other sources.
- Transfer : if you include a third party in your operation, that’s called “transferring the risk”. The third party is usually an insurance that will cover up eventual losses.
- Terminate : this is simply stopping the activity that creates risk.