Napa, CA Office

phone: 888.536.7539
CA License No. 0590760

Bend, OR Office

phone: 888.536.7539
OR License No. 816726

Business Philosophy

Total Cost of Risk

Risk Management Consulting

Insurance Services

Contact Us

risKey - weekly enewsletter

Testimonials

Home

An event or action that can keep your organization from achieving its objectives presents a risk, and must be managed.  This includes recognizing the risk in advance and taking steps to mitigate its potential impact.  An effective risk management program minimizes the possibility of unwanted surprises and enhances your ability to take advantage of opportunities and their potential gains.  Like brakes on a car allow it to come to a STOP, they also allow the driver more control in order to go FASTER.  Risk management gives you more control over the future of your business.

If managing risk is such a good business practice, why don’t we see it being utilized more often?  I have asked many executives to tell me about their programs, and the answers reveal some of the myths about risk management.  Following are the more common misconceptions that I have heard:

• Risk management is only for large companies. While large companies have the advantage of full time risk management professionals, the risks remain the same for small businesses, only on a slightly different scale.  Losses do not discriminate based upon the size of a business.
• We have lots of insurance.  Insurance is often confused with risk management.  Insurance simply transfers the risk to another entity, i.e. the insurance company. However, like lifeboats on the Titanic, insurance only comes into play after the loss, and there is never enough to cover all the costs.  In reality, it is up to the organization’s management team to proactively avoid the icebergs.
• We already have a safety program.  While safety is an important aspect of risk management, it is just one of many tools available in the process.  Most safety programs are built around injury and illness prevention, and fall short on addressing other aspects of the organization’s risks, such as property, third parties, disaster planning, etc.
• We haven’t had any problems so far.  This viewpoint from a company assumes that whatever they have done, even if they have done nothing to manage risk, is working well.  In other words, if it isn’t broke, why fix it?  A program based upon luck is truly risky, yet the longer time passes without a problem, the more complacent the organization can become.
• We are too busy to implement a program.  Time, like all other resources in the organization, will be spent based upon management’s priorities.  If a sense of urgency is instilled, and the right coalition exists in order to smoothly manage the program, time will not be an issue.

Of course, there is another alternative, and that is to avoid risk altogether.  This would involve selling or closing the business.  Assuming this is not one of your options, it may be worthwhile to explore the subject and learn about some techniques to increase your risk intelligence.

Evolution of Risk Management

For many years risk management was focused on two types of risk: property & casualty risks, and financial risks.  Through the 1970’s environmental and regulatory risks were beginning to be addressed as well.

The next decade brought financial risks into the mix, with currency, interest rates, commodity prices, and credit risks to name a few that were coming under the umbrella of risk management.

Operational risks were beginning to be considered during the 1990’s, including such things as inventory, information systems, capacity, and supply chain.  Added to this were strategic risks like technology, brand collapse, customer shift, and stagnation.

Businesses today are exposed to greater risks across the board, and many companies have begun to address other forms of risk under the rubric of enterprise risk management (ERM). 

Enterprise Risk Management

• In the 2004 publication Enterprise Risk Management—Integrated Framework: Executive Summary Framework, the Committee of Sponsoring Organizations of the Treadway
  Commission (COSO) stated that ERM is:
• “A process, ongoing and flowing through an entity,
• Effected by people at every level of an organization,
• Applied in strategy setting,
• Applied across the enterprise, at every level and unit, and includes taking an entity-level portfolio view of risk,
• Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite,
• Able to provide reasonable assurance to an entity’s management and board of directors,
• Geared to achievement of objectives in one or more separate but overlapping categories.”

Raising Your Risk Intelligence

In our next issue we will look at the various stages an organization goes through to implement and operate in a risk intelligent environment utilizing the ERM concept.  We will also discuss an overview of the ERM process and how it can be utilized by companies of all sizes and from any industry.