Risk has had a lot of bad press, making it almost a dirty word and something to be avoided.
Shirley Liew flips that concept and looks at risk as an opportunity to grow your business.
Entrepreneurs know all about taking risks and the rewards they can bring. But few businesses actually take a managed approach to dealing with risk and using it to grow their business.
The basic rule of risk-taking is if you don’t fully understand the risk you shouldn’t engage in it, regardless of what profits are claimed or reported. Unfortunately, companies and individuals violate this basic rule as promises of impressive returns entice many to participate in fraudulent activities. Think of Enron, HIH, OneTel, or National Australia Bank: all examples of companies that did not effectively manage their risk.
The business world is full of risks. There are the operational risks such as worrying about whether your business can continue if your IT system fails, or if the office burns down, and you need to consider threats like terrorism, theft, or the failure of your customers’ business. As a manager you also have to ensure you comply with continually evolving regulatory changes such as the Occupational Health and Safety (OH&S) laws, anti-money laundering, or the new workplace relations legislation. And of course there is financial risk and the increasing burden of compliance, particularly for listed companies.
It is no wonder that executives tend to think of risk as something to be avoided, managed, reduced, hedged, or sold to others. However, forward-thinking managers are starting to take control of the risks facing their business, adopting an approach called enterprise risk management (ERM). This allows businesses to take more risks, achieve planned outcomes, and minimise the chance of failure by making informed decisions.
ERM is a company-wide process, driven by senior management, which considers the potential risks facing the organisation and seeks to manage them in a way that supports the overall business objectives. The principle of ERM is about taking a positive approach to identifying risks and turning them into opportunities to grow the business.
Because risk and opportunity are inextricably linked, past conventions and attitudes about risk as a hazard or threat have resulted in too narrow a view of the role of risk management in business. The traditional approach to risk has been to see risks as isolated one-off threats, not part of everyday business. Risk management is often an afterthought and an appendage to the core business. The ERM approach turns this notion around and states that risk management:
• is everyone’s responsibility, but the business leader sets the tone for how the business approaches it;
• is a culture, a way of thinking, not a product or a transaction;
• should be pervasive across the organisation, embedded within the culture and business management, not an ‘add-on’;
• reflects a formal and systematic approach;
• should be indistinguishable from business management;
• must focus on risk in the context of the whole business, not isolated incidents.
An important first step in the process is to determine your company’s approach to risk: your appetite and tolerance for risk. Risk appetite is the acceptable balance between growth, risk and return. What are you prepared to risk in order to get the return you’re looking for? For example, a company who is looking to grow its export market may decide there are higher returns (but also higher risks) to be made by undertaking projects in countries that are politically unstable or where the legal system is less enforceable than in Australia. In order to address and embrace this risk, the company not only takes up necessary insurance and security of project cash flow, it also has a clear view of what maximum loss it’s prepared to bear and the maximum amount of investment or financial resources it will commit—it sets its risk appetite.
Risk tolerance is the amount of variation the business is willing to accept in achieving its objectives. For example, you may be prepared to invest up to $20,000 in a new business opportunity, but not $25,000.
Understanding your risk appetite and tolerance enables you to develop appropriate responses to the various categories of risk identified for your company, and ensure these are strategically aligned with your business objectives. It also ensures you are better prepared to accept any losses arising from risks you have anticipated and planned for.
Enterprise Risk Management (E.R.M.)
Once you have determined your approach to risk, you need to design a system that actively manages it. You should consider facilitating a management session to develop the organisation’s ERM vision and components, to establish clear business objectives, as well as assessing all potential risks facing your business and their likely impact. Develop strategies to manage each risk, in line with your appetite and tolerance for risk, and design and implement risk management capabilities, putting new systems in place and training staff as appropriate. After they are in place you should monitor the performance and progress of the new system, continually improving risk management capabilities and supporting the process with relevant information for rapid decision-making.
Implementing a proactive risk management system often calls for changes to the way you think about risk. For example:
• Focus on the upside of taking the risk, not just the negative impact it may have.
• Balance the costs of risk reduction against the need for financial performance.
• View risk as a potential profit opportunity rather than as something simply to be minimised or eliminated.
• Embrace risk with a combination of exploitation and exploration strategies.
• Focus on creating value not just preserving value.
• Expect greater speed, skill and confidence from your staff in the pursuit of strategic growth opportunities.
• Don’t just focus on loss prevention, risks should be comprehensively managed, not just insured.
• Integrate risk management with the identification, evaluation, and optimisation of growth and capital.
Rather than simply looking at taking out insurance against fire and recovery of financial losses to the business, look at changing your operations to reduce the likelihood of fire occurring, or minimising the damage a fire would cause. This would reduce your insurance premiums and benefit the bottom line.
Another risk facing all businesses is the proposed changes to Workers’ Compensation premiums. Employers with a low cost of claims will see their premiums reduced. Conversely, higher premiums will apply to employers with a higher cost of claims. This means there is an incentive for employers to improve their OH&S management practices as well as their return-to-work programs. By improving these aspects of their business, an employer who pays $600,000 in premiums may be able to reduce this amount by up to $180,000. Clearly, employers that invest time and money in good OH&S policies and procedures and return-to-work programs, will benefit from the changes.
Key Points
The key to effective implementation is to remember that ERM is a journey, not a destination. Think about the risks facing your business in the context of your business vision, object
ives and goals.
Integrate ERM into your strategic planning and prioritise your key business issues. Rather than trying to address all the risks facing your business at once, focus on quick wins, and set realistic goals.
Look at opportunities to work and collaborate with industry groups and business partners to simulate risks, and design and develop cost-effective risk management strategies. Involve industry specialists and engage their expertise and technology, particularly when it comes to regulatory compliance.
Recognise the internal communication and cultural challenges involved in implementing a new approach to risk management. Implementing an organisation-wide ‘risk vocabulary’ can help everybody understand what you define as a risk, and can be crucial to successful implementation. This helps avoid differing expectations and anomalies. Communicate your risk management plan thoroughly throughout the organisation and don’t expect change to happen overnight.
Set the tone at the top and ensure the ERM culture is pervasive, with senior management and board members, as appropriate. Experience consistently shows the most critical success factors in creating a new approach to risk management are executive leadership, the level of stakeholder commitment, and personal ownership of the concept of risk management among all staff.
Implementing a systematic approach to risk management will take time and commitment, but the benefits will be significant. You’ll be able to deal with risks more effectively, see them in the context of your business objectives, achieve planned outcomes, and free up your entrepreneurial spirit, confident that the risks you take are the right ones, which you fully understand and can profit from.
* Shirley Liew is an associate director at Grant Thornton NSW, of the Grant Thornton International network, and she leads the Business Risk and Improvement Services group www.grantthornton.com.au