While stepping out on a rainy day, it is prudent to carry an umbrella. You cannot stop rain, but with adequate preparation, you can minimize your chances of getting wet. Similarly, risk assessment and management allows companies to prepare better for the future.
In simple terms, risk is the probability of occurrence of any undesirable effect related to some present process or future event. In a corporate environment, risk can be related with many assets. There might be risks to financial assets, such as cash and investments or physical assets, such as buildings and land. Apart from these, there might be risks to intangible assets, such as human knowledge and skills and brand name and reputation and information.
The type of risks that a company faces might be very industry specific and vary according to its size and capital structure. This also impacts the way the risk is assessed. Historically, risk assessment has been the domain of financial institutions and numerous regulations and practices governing risk assessment of the financial services industry have emerged. Broadly referred to as financial risk management (FRM), these practices are now also being adopted to the non financial services domain. Coupled with asset liability management (ALM), FRM provides the general framework for contemporary corporate risk management. However, corporate risk management is not as binding as FRM and firms have the flexibility to pick and choose best practices to match their setup.
Corporate risk management involves understanding the objectives of the firm, identifying risks related to the objectives, measuring risks, implementing controls to manage risks, and then reviewing the risk management initiatives. Of these, identification of risk and measurement of risk form the core of risk assessment.
Risk identification, a more subjective activity, is no less tough than measuring risk. In a corporate environment, any event that causes a change includes some risk. Risk identification requires a clear understanding of the business environment including competitors' as well up to date information about the internal parameters of the firm's performance. Risk identification may reveal several areas, such as employee turnover, supply chain issues, demographical changes, and government regulatory environment.
Risk measurement is among the most complex components in corporate risk management. Risk measurement involves quantifying the risks to give them a dollar value. The quantification of risk uses the concepts of exposure and expected loss. The exposure is the amount that the firm stands to lose if the probability of the occurrence of risk is 100 percent. The expected loss therefore is the product of the estimated probability of risk and exposure. For example, if the daily cash transaction of a restaurant is $10,000 and there is 15% risk of fraud in cash management, the exposure can be considered at $10,000 and the expected loss at $1,500. It should be noted that the expected loss is a notional figure, and does not necessarily mean that the risk will materialize.
The risk management efforts of a company are geared towards minimizing this expected loss. However, the cost of implementation of control procedures to counter must be justified by the expected benefit that would accrue from the activity.
Information is for educational and informational purposes only and is not be interpreted as financial or legal advice. This does not represent a recommendation to buy, sell, or hold any security. Please consult your financial advisor.