by Corporate risk management refers to all of the methods that a company uses to minimize financial losses. Risk managers, executives, line managers and middle managers, as well as all employees, perform practices to prevent loss exposure through internal controls of people and technologies. Risk management also relates to external threats to a corporation, such as the fluctuations in the financial market that affect its financial assets.
Protecting Shareholders
A corporation has at least one shareholder. A large corporation, such as a publicly-traded or employee-owned firm, has thousands, or even millions, of shareholders. Corporate risk management protects the investment of shareholders through specific measures to control risk. For example, a company needs to ensure that its funds for capital projects, such as construction or technology development, are protected until they are ready to use.
Types of Risk
Consider the types of risk that a corporation must address every day. A corporation may become insolvent if it hasn’t bought insurance, implemented loss control measures and used other practices to prevent financial loss. Insurance is no substitute for successfully identifying measures to prevent losses, such as safety training to prevent worker injuries and deaths. Risks can include hazard risks, financial risks, personal injury and death, business interruption/loss of services, damage to a corporation’s reputation, errors and omissions and lawsuits.
Probability and Consequences for corporate risk management
To prevent financial losses, a corporation engages in a certain amount of speculation. A risk manager calculates the probability of each type of event that would damage the firm’s financial position and the consequences. Calculating the likelihood that something will happen and its associated costs enables a risk manager to recommend ways to address the most probable risks to senior management, the board of directors and owners of the corporation.
Solutions for corporate risk management
A corporate risk manager is a multi-disciplinary professional with an understanding of internal business processes and many financial instruments. This professional might have a background in business management, finance, insurance or actuarial science. She might suggest solutions to a corporation to protect its assets. For instance, she might recommend buying millions of dollars in commercial liability insurance coverage. Some risks that she calculates, as potentially damaging to the corporation, are ignored while others are covered by this liability policy. She might recommend buying other types of insurance, such as fire or fraud, after first weighing the costs versus the benefits of each type of coverage.
Building strategies for Corporate Risk Management
Strategies for corporate risk management usually consist of two processes: setting the framework for the company’s risk management and setting the communication channels in the organization. Risk management is, though, useless unless you measure and know your risks first. You must also have a robust procedure for ongoing monitoring and a cycle of continual assessment.
Risk management planning encompasses three elements:
- Operational risk management, such as damage to property or other risks that can’t be planned for.
- Financial risk management, which emerges from the effects of markets on an entity’s assets; this includes risks to credit, price and liquidity.
- Strategic risk management, or thinking about the bigger picture and the future of the company.
Consider what happened to Kodak once digital cameras came along, and ask if that was a failure of operational risk management or strategic risk management.
One of the best available metrics of risk measurement is economic capital, which is the amount of equity required to cover any unexpected losses. The economic capital required to support an individual risk can be calculated and results aggregated across all risks. Dividing the anticipated after-tax return on each strategic initiative by the economic capital gives you a RAROC, or risk adjusted return on capital, figure – if the RAROC is less than the cost of capital, it will destroy value and is, therefore, a huge risk to the company.
Outside of economics, there are five steps to take when first assessing the risk and deciding on the best solutions for mitigation:
- Identify the risk: Risks can be internal or external, so include any events that could cause problems or benefits for the company.
- Analyze the risk: Thoroughly analyze the potential effects each risk will have on consumer behavior, the company or any endeavors underway.
- Evaluate the risk: Rank risks according to the likelihood of each outcome to see how severely a set risk could impact the company or its strategy.
- Treat the risk: Look at ways to reduce the probability of a negative risk and increase the probability of positive risks, preparing preventative and contingency plans as needed.
- Monitor the risk: Track variables and proposed possible threats, and calmly treat any problems that arise as your tracking system identifies changes.
Once the risk assessment is complete, assign a strategy to treat the identified risks. Generally, there are four ways to handle a risk:
- Avoid the risk, or forfeit all activity that carries the risk – though this also means forfeiting all associated potential returns and opportunities.
- Reduce the risk, or make small changes to reduce the weight of both risk and reward.
- Transfer or share the risk, or redistribute the burden of loss or gain by entering partnerships or bringing on new entities.
- Accept the risk, or assume any loss or gain entirely; this is usually put into play for small risks where any loss can be easily absorbed by the entity.
