|
‘Risk’ – It’s not all bad
John Mutton, Managing Principal
InterRISK
Consulting Pty Ltd
A quick Google search on the work ‘risk’ identifies many variations of what it means. References to hazard, exposure and gambling were the consistent themes - no where did I find reference to the fact that Risk can also be the source of immense opportunity for an individual or enterprise.
I would like to explain the methodology of using risk to create a position of competitive advantage. This can be achieved when considering the process of risk management. There is considerable literature available on this subject, including the latest Australian Standard (AS/NZS ISO 31000: 2009).
For the purposes of this discussion, we will consider the following model:
Establish the context
The target business must be serious about Risk Management to realise the benefits because it will involve time and money. This commitment must be demonstrated from the most senior point within the business.
This preliminary step is focussed on understanding who’s who within the business. When I say within the business, this can also include external stakeholders that matter to the business – for example: shareholders, the community, students, investors, media and the like. If any stakeholder to your business can be adversely affected by what you do, then you have an opportunity to remove this exposure and create a positive outcome.
The context of this step looks at the culture of the business and the environment in which it operates. It also considers the objectives – that is, does the business want to follow or does it wish to lead? Does the business have a clear plan as to where it wants to be, and how it wants to be seen?
Objectives are one thing, committing the resource and/or capital is another.
Identify the Risks
For a business to manage its risks, it must first know what they are. It is easy to list the risks you know about, but what about the ones that haven’t happened yet or of which you are unaware?
If we consider the current oil spill of the Gulf of Mexico, did BP do something wrong in respect of the risks it was aware of, or was it simply unlucky and suffer a catastrophe caused by something totally unforseen? Either way, this incident has already stripped US$67b from BP’s value. Stakeholders of BP in this context are spread far, wide and will doubtless be very unhappy.
The question to ask in this context is what can go wrong? There are many tools available to support this process but one of the most efficient ways to do this is to sit down as a group of leaders/stakeholders within the business and talk about what keeps them awake at night. Within an educational institution as an example, this may include the faculty heads, maintenance staff, security personnel, representative student bodies. The list goes on and they will all have a different perspective.
Analyse the Risks
With a broad list of identified risks, we then need to consider what it means to the business.
Is the resulting exposure/impact of each risk to the business likely to cause loss? In this context loss can include: injury/illness to people; financial loss; damage to property; damage to the environment and the like. These are broad categories and represent ways in which you can consider the potential implications of actions within your business.
This process focuses on the potential consequences of Risk, with due consideration to the likelihood of the event occurring. A proven method of focussing attention on Risk is to quantify what a loss can cost your business. Again, in this context, we have broad considerations – loss of life, damage to the environment, lost productivity, damage to property, and many more.
Evaluate the Risks
The importance of each identified Risk is now quantified and needs to be ranked – key weightings will include the quantum of potential loss of life and potential financial cost to your business.
This list of priorities will provide you with the business case to justify changes to behaviours within the business. Added to this, it is inevitable some improvements will require a capital commitment to the business.
Treat the Risks
With a clear focus on the key Risks to the business, the next step is to identify what if any options are available to the business to mitigate or eliminate such risks. These Risk Treatment/Control Improvement Plans should allow the business to avoid, transfer, manage or simply accept the affects of each Risk.
For example:
- avoiding Risk may involve obtaining hold harmless indemnities from a supplier
- transferring Risk may be achieved through insurance
- managing Risk is the process we have been discussing; and
- accepting Risk is simply an acknowledgement by the business that issues will happen and they are effectively deemed a cost of doing business
Once the Risk Treatment Plan is developed, it then needs to be implemented and reviewed.
Sometimes we get it wrong. A robust Risk Management program encourages and fosters a process of ongoing review and challenge. Are the Control Improvement Plans doing what we expect, is the outcome in line with our expectation and can we do things better? These are constructive questions focussing on improvement as opposed to dwelling on those strategies that are less successful.
A good Risk Management program should evolve with your business.
Conclusion
So the question now is – how has this very detailed approach and methodology turned Risk within your business into an opportunity?
Let’s consider the following as a means to answer this question:
- If you have reduced the likelihood of injuries to people, you will have created a safer working environment for your staff. RESULT: Higher staff retention; enhanced staff morale supported by the notion that the company (their employer) genuinely cares; reduced down time, greater productivity; lower Workers Compensation costs;
- If you have implemented a compliant Risk Management framework, the directors and officers of the organisation will be seen as driving a program that protects the longevity and prosperity of the business. RESULT: Increased brand and enterprise value; reduced inherent risk exposures to the business as the identified risks will have been treated, transferred, avoided, or in some cases accepted (and accounted for); a demonstration of prudent management enhancing the reputation of the business to investors, shareholders, suppliers and customers.
Whilst there is no linear link between money spent on risk management and that saved – there is a strong case that an operational and effective Risk Management program creates the opportunity for a business to achieve a position of relative competitive advantage against its peers.
Risk is only bad if you choose to do nothing about it.
InterRISK Australia Pty Ltd (InterRISK) is a risk and insurance advisory firm. Australian based, InterRISK operates within a world-wide network that provides global risk and insurance market access to our clients.
Our client base includes many ASX listed and multi-national organisations in a myriad of industries.
With its origins as a corporate insurance broking operation, InterRISK now provides a full suite of offerings in the risk consulting, life and affinity markets.
The success of our business model is that we provide our clients with direct access to leading senior industry professionals. Our service model is tailored for each engagement and our remuneration is fee based ensuring full transparency.
Should you with to learn more about InterRISK or speak with one of our senior professionals, please contact John Mutton on +61 3 8610 8100, john.mutton@interrisk.com.au or visit www.interrisk.com.au.
| |
