Principles of Risk Management
This article focuses on the principles of risk management and the current day application of them. The first step is to identify risks; potential and realistic ones. The next step is to prevent or manage the risks. Three common risks are information technology, weather and business ethics. Information technology risks relate specifically to online data theft issues, identity theft and computer viruses. Weather concerns involve all forms of precipitation that can affect businesses like, too much rain, too little rain and not enough snow. This is very impactful to the agricultural, vacation/resort and restaurant business market. All businesses would be adversely impacted due to catastrophic weather that could destroy large geographical areas like Hurricane Katrina did (Louisiana, Mississippi and Alabama). Company leadership entails business ethics and the problems that arise due to the lack of them in the workplace. The banking industry is an example of an industry that is greatly impacted by the risks mentioned in this article because of the great financial impact brought on by the use of technology and the unpredictability of weather. Due to these reasons, it is quite obvious of the need to assess risk in all business industries.
Keywords Banking Industry; Business Ethics; Company Leaders; Cyber-risk Management Insurance; D&O Liability Insurance; Ethics; Hurricane Katrina; Information Technology; Internet; Principles of Risk Management; Rain Hedges; Risk Management; Temperature Risks; Weather; Weather Derivatives
Principles of risk management are needed even more today than ever before. In the past, many organizations either ignored the risks altogether or simply lived through the unfortunate consequences caused by them. In many cases, these organizations didn't have anyone dedicated to look at or out for potential risks that could adversely impact the company. It was, for lack of a better word, an afterthought. This apathetic way of conducting business, in turn, has caused many companies to go bankrupt and some to permanently close their business doors. Therefore, a closer look at the topic of risk management is essential.
Two Types of Risk
The process of identifying risk entails examining the likelihood of two types of risk: Potential risk and realistic risk. Regardless of the industry impacted, such an assessment is needed to not only identify risks, but to address them.
- Potential Risks — these types of risks may or may not occur, but a plan must be put in place to stop or reduce the impact. Examples are: Stock market crashes, unusually high-levels of precipitation in a typically dry area, employees leaving the department or company and poor executive level decisions. These risks can come from internal and external forces as shown by the above mentioned examples.
- Realistic Risks — these risks are based on known threats. Typically these threats are common for a specific industry or all industries. Examples are: loss of profits, legislative decisions, overseas regulations, information theft and computer viruses. Many times these risks come from external forces and can, as a result, cause quite a challenge to manage.
Now that the risk has been identified, steps must be taken to prevent or manage the risk. There are four main categories to consider. They are elimination, limitation, acceptance and transfer.
- Elimination — This technique involves avoiding any and all activity that could create a risk. Therefore, a company may choose not to sell products and services in a certain geographical location due to historically inclimate weather. Another example would be a company choosing not to use the Internet as a means of selling their products and services due to concerns of information theft. The decision to eliminate an activity is one that comes with a great deal of consideration. Loss of profits and market capitalization could result from such a decision.
- Limitation — This method entails the reduction of an actual exposure to a risk. A company or entity decides to limit the likelihood of suffering severe losses by taking precautionary steps to reduce risks. One example would be a company that chooses to sell a limited amount of products online to limit its exposure. Those products would most likely be high selling items and ones most commonly sold online. Another example is remote office locations put in place to reduce the impact of catastrophic losses of offices in areas where the weather could become volatile. Office daycares instituted to offset employee absenteeism due to childcare issues could impact work productivity and could prove helpful. Also, work safety programs implemented to educate employees on how to properly operate equipment to reduce employee injuries and/or deaths would be beneficial.
- Acceptance — This method involves accepting certain losses incurred. In particular, risks that can't be insured against and are not worth it in the long run because the expense to insure it will not cover the overall exposure. Common examples are damages caused by War. In most cases, these damages are not covered by insurance and as a result must be accepted as a loss by businesses. Another example is a national catastrophe like a tsunami. Events like these could potentially bring about a total loss.
- Transfer — This is the process of transferring a risk to another party. One common way of doing this is by obtaining insurance coverage. When contractors are utilized, a contract is established to assign the contractor the appropriate risk responsibility. Consultants are also utilized by some organizations to better manage risk due to the expertise they bring for their respective industry. Attorneys help companies to stay compliant and in proper legal standing. Over the past decade, many industries have incorporated the use of derivatives to hedge potential losses, protect themselves and manage the risk.
Common Risks Companies Face
Some areas that commonly create risk are:
- Company Employees
- The weather is a risk in itself due to the potential damage it can cause. The main problem that comes from this risk is a company's inability to do anything about the potential damage. Even if they see something coming, time may not be on their side to properly address it.
- Legislation can be introduced at any time, which could adversely impact a business' practices, productivity and profitability. What was once a normal practice or way of doing business may have to be completely revamped, which could be extremely costly.
- People resources are always unpredictable and that in itself is a huge risk for companies. Hiring, training and retaining quality employees is a challenge for companies and causes the biggest expense. An employee's lack of productivity or unexpectant departure can greatly impact project work and plans for implementing new products and services.
- Technology is both exciting and risky. The use of new technology can be very expensive and if it doesn't work properly it can take an organization down. This could cause loss of profitability and consumer retention. Yet, if an organization doesn't keep up with new technology it could be left behind and become uncompetitive.
There are several types of risks an organization faces today. This article will discuss a few of them. These risks involve information technology, weather and business ethics.
Technological advances have improved and made life more enriching for everyone who has taken advantage of them. In particular, the information highway, also known as the Internet, has been a huge contributor to such improvements. The conveniences that a click and a few keystrokes make are priceless to many consumers each day. The Internet is used to conduct research, make purchases, communicate with friends and family across the world, find directions, store data and countless other processes.
Along with access to endless quantities of information comes the risk of such information falling into the wrong hands. This information includes addresses, phone numbers, bank accounts, credit card account numbers and business data. Computer hackers have repeatedly been able to infiltrate confidential data from consumers and businesses. As a result, there have been frequent reports of computer viruses that have crippled companies and in some cases put them out of business. Business transactions conducted on the Internet can be quite profitable and convenient, but at times also very dangerous. That's why information theft has come to the forefront of what concerns corporate executives and consumers as a whole today. It can take months, if not years to clear up this type of information theft problem. Credit reporting information may take even longer to restore.
Cyber-risk Insurance Policies
Though there are issues, businesses have found a saving grace because now they have an option to purchase cyber-risk insurance policies. These policies provide coverage for companies that have experienced breaches in information security on the Internet. This type of insurance provides some relief for businesses, which they haven't had before. Some things cyber-risk insurance protects against are theft of trade secrets, destruction of hardware, software, data and extortion of hackers. Some third-party risks that are covered are computer viruses inadvertently forwarded internally, failure to provide products because a hacker or virus stopped the insured's delivery system, unauthorized contents placed on the company Website and the theft of credit...
(The entire section is 4606 words.)