Risk Management: Learning to Manage Threats

What Will Happen to Your Business if a New Sanctions Package is Passed Tomorrow? What If a Partner Comes with a Complaint? What Will a Hacker Attack on Your Servers Mean for Your Company?

Risk management helps answer these and other questions. That’s what this article is about.

What is Risk Management and Why is it Necessary? Risk management involves identifying potential threats to a company and developing a strategy to either eliminate them or adapt the business to new conditions.

Of course, it’s not a magic pill that will save you from all risks. However, competent threat management allows a business to navigate possible obstacles and know in advance what plan to follow in case of emergencies. In short, an entrepreneur can sleep a little more peacefully, knowing what to expect for their company under different external and internal circumstances.

«Risk» in the context of threat management doesn’t always have negative consequences for a company. For example, you might invest money in a friend’s startup—a risk that could lead to disappointment due to lost money or joy from additional profits.

Why is Risk Management Necessary? On a global scale, it’s needed to protect the company and allow it to grow. Looking at this question in more detail, risk management helps businesses:

  • Handle emergencies – You’re prepared in advance for different outcomes and know exactly what to do.
  • Adjust business strategy – Risk management involves analyzing all processes within the company, helping identify gaps in business processes and correct them.

For instance, the company «Bubenchik» outsourced advertising tasks to freelancers because hiring in-house specialists was more expensive. This often led to delays in advertising: outsourced specialists missed deadlines or disappeared. While these issues didn’t seem particularly significant to the company, risk managers assessed the actual damage. In the long term, «Bubenchik» could lose a significant portion of potential revenue and the trust of partners. These losses would require a larger budget than maintaining an in-house team of specialists.

Risk analysis helps a company identify potential threats, implement crisis solutions, and eliminate factors that could hinder the implementation of these strategies.

Types of Risks Risks can be different—controllable and uncontrollable, external and internal. In risk management, the classification by D. Rasfeld is often used, which defines four types of threats:

  • «Known knowns» – Risks are known, measurable, and can be prepared for.
  • «Known unknowns» – Risks are known but difficult to measure, making preparation challenging.
  • «Unknown unknowns» – Risks are unknown, so they cannot be managed or prepared for.
  • «Unknown knowns» – Risks are known but are exaggerated or deliberately manipulated.

Another equally important classification: controllable and uncontrollable risks.

Controllable Risks: The company can influence controllable risks. For example, if an employee damages a batch of products, the organization can start selecting employees more carefully and develop a plan for such incidents.

Uncontrollable Risks: These are beyond the company’s control. You can’t do anything about an impending economic crisis or a flood. However, you can develop a plan of action for such cases. Let’s take a closer look at which risks are controllable and uncontrollable.

Controllable Risks:

  • Commercial Risks – Increases in costs or decreases in revenues. These can be external or internal. External risks arise due to rising raw material costs or office rent. Internal risks are related to decreased demand due to, for example, deteriorating product quality or not achieving planned profits. Since commercial risks are largely related to errors in product realization, they are further divided into marketing, logistics, transportation, service, and other categories.
  • Production Risks – Failures, errors, or stoppages in production. Generally linked to any external and internal changes that affect the product. Your product might be removed from sale due to declining production performance.
  • Property Risks – Loss of property due to your own fault or natural disasters. This risk is the easiest to protect against, as insurance services are available.
  • Financial Risks – Any problems with financial resources. Two main risks are associated with finances: credit risk and liquidity risk. Credit risk is the possibility that a borrower won’t repay the funds. The company can be both the creditor and the borrower in this situation. Liquidity risk is associated with the business being unable to sell its assets without risking losses.

For example, the company has unsold winter gear taking up space in warehouses, and it’s now summer. The company will either have to sell the expensive products at a significant discount or, for instance, distribute them to employees. In either case, the company will incur losses.

  • Legal Risks – Administrative or criminal liability. Often related to errors in handling intellectual property and fines from government agencies. This also includes lawsuits from partners against each other or from clients against the company.
  • Reputational Risks – Deterioration of the company’s image. These are linked to ambiguous statements or actions by business representatives that provoke public outrage. The company’s reputation also suffers if its advertising generates mixed reactions.

One widely known case of a damaged reputation is the 2021 «Vkusvill» commercial, which didn’t appeal to the conservative part of its customer base. When the company removed the materials and apologized, it alienated the more liberal segment of its audience. «Vkusvill» did not plan its actions in advance, resulting in reputational losses.

  • Information Risks – Losses associated with the use of technology. Improper data storage, data loss, and hacker attacks can lead to serious business problems.

Uncontrollable Risks:

  • Macroeconomic Risks – Related to market changes. These include the likelihood of inflation and deflation, currency rate fluctuations, and other factors that affect the business economy.
  • Social Risks – Social changes that may impact the company. This includes unemployment levels, crime rates, migration, and changes in infrastructure, such as healthcare, education, culture, and other areas.

Risk Management To manage risks, follow these six steps:

  1. Define the context. A risk manager identifies the company’s strengths and weaknesses, examines external working conditions (politics, society, competitors, finances), and then determines the main criteria for assessing risk and sets the results to be achieved.
  2. Identify risks. A team of specialists determines the types and causes of potential problems. Experts forecast how these risks could affect the company’s goals. This involves studying market research, audits, and databases of similar cases. Risk managers strive to exclude situations that could lead to a loss of control.
  3. Analyze threats. Risks are assigned levels, and the consequences and patterns of occurrence are described.
  4. Evaluate the cost of risk. At this stage, potential company losses are determined. After calculations, experts propose options to reduce or mitigate risks if they can’t be avoided.
  5. Accept and implement risk decisions. The most effective expert recommendations are integrated into operations to increase benefits and minimize potential losses.
  6. Monitor the effectiveness of decisions. The effectiveness of risk management strategies is checked, improvements are made, and constant monitoring is conducted.

Risk assessment should be conducted in the early stages of a project, before important decisions, or when conditions change. Continuous threat analysis allows for the identification of new risks and the adjustment of management strategies.

It’s essential not just to eliminate risks but to manage them. This is what risk management is for—it helps minimize consequences, proposes solutions, finds ways to turn any outcome to the company’s advantage, and sometimes accepts risks without attempting to prevent them.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *