Friday, 23 March 2012

Top 10 Methods for Identifying Business Risks

It’s cliché, but risk is everywhere. If you ask a business executive to answer “what is your biggest risk,” you may get 100 different answers from 100 different people. The worst answer is no answer at all; just a blank stare. The reason for the variance is the word “risk” is used too freely and can be defined in too many different ways to be interchangeable in all industries. So, let’s put some definition around it and narrow it down for a business context. All executives can do this by asking themselves some simple questions that will slowly start to identify the biggest threats to the business. Only after a risk has been defined will the 10 best methods for identifying that risk be useful.

What’s a Risk?
In its simplest form, a risk is a chance of a loss, an uncertainty of loss, a possibility of various outcomes, or the difference between something that is expected versus what actually happens.

What’s at Risk?
We can classify a risk in several ways, and depending on the industry, the biggest risk to a business lies somewhere in these classifications:
Property – tangible or intangible
Human Resources – employees, contractors, suppliers/vendors, and other business relationships in general
Liability – Liability risk can be strict liability or negligence coming from tort, contracts, or statutory law, but the most prominent characteristic of a liability risk is that it cannot be accurately measured ahead of time.
Net Income - Net Income is a bottom line number that contemplates fluctuations in human capital, financial markets, governmental regulations, or customers.
The Top 10 Methods for Identifying Risks:
  1. Checklists and SurveysBenefits: Checklists can be customized and standardized, require minimal training to implement, and the information can be easily classified and tabulate. Weaknesses: Checklists and surveys cannot coverall areas or operations, they provide limited financial effects and they do not prioritize exposures. Bottom line is that checklists are great for controlling and avoiding very specific hazards (think accident investigation), but lack the scope necessary to identify risks across an entire business.
  2. FlowchartsBenefits: Flowcharts offer a graphic display of systems and processes and illustrate interdependency within organizations. They can easily pinpoint bottlenecks and determine critical path. Weaknesses: Flowcharts don’t indicate frequency or severity and they are limited in regard to liability. Bottom line is flowcharts are great to ensure quality control and efficient administrative process, but lack the ability to measure the scale or potential size of a risk.
  3. Insurance Policy ReviewBenefits: Insurance policies define many risk perils, and specifically state what is covered and not covered. Weaknesses: Insurance policies are wide in scope, and therefore lack focus before a loss. Insurance policies are also not standardized and can be disregarded by case law. Bottom line is an insurance policy review is helpful to identify risks (covered and not covered), but only after a loss occurs.
  4. Physical InspectionsBenefits: Inspections are personal and can provide visualization of process and locations. While on site, an inspector may uncover unreported hazards and/or assets. Weaknesses: Inspections are time consuming and the results may become moot due to changes in the location or process. Bottom line is a physical inspection is often the most time intensive therefore costly risk identification method, and should be reserved for the highest frequency and severity potential risks.
  5. Financial Statement AnalysisBenefits: Financial reviews can assist in financially forecasting losses (i.e. quantifying severity) from specific events, and can demonstrate the impact from the loss on other areas of the business. Weaknesses: Cold and impersonal analysis that doesn’t identify imminent hazards. Bottom line is a financial analysis is useful for modeling effects of theoretical losses, but does nothing to control or stop immediate hazards.
  6. Compliance ReviewBenefits: A compliance review is performed by an outside statutory or governmental authority, most of which are free, and will provide an unbiased third party opinion related to a specific topic. Weaknesses: You have little or no control over the review process and follow up activities can often be mandated and expensive (think OSHA). Bottom line is unless mandated by a certification process or industry association, most organizations do not voluntarily select a third party compliance review as a method of risk identification.
  7. Contract ReviewBenefits: Contract reviews can cover a wide variety of materials, agreements and contracts, and can identify “holes” in documents. Weaknesses: A contract review most commonly involves a 2nd party that may prevent control or changes in the contract. Bottom line is the best time to conduct a contract review is before entering into the contract. There is much more latitude and flexibility in the contract language prior to its inception.
  8. Policy and Procedures ReviewBenefits: This review typically includes internal company documents such as Bylaws, employee manuals, procedure manuals, safety manuals, and risk management policies. The review can identify “holes” in company policies and recommended additions and deletions can be implemented quickly and without 2nd or 3rd party involvement. Weaknesses: Internal “politics” may prevent effective treatment of the review process and/or the recommended changes. Bottom line is if you gain the involvement and support of all necessary parties, effective procedures can have an immediate and long lasting impact on identified risks.
  9. Loss History ReviewBenefits: A quantitative analysis of historical losses can identify specific loss benchmarks across a wide variety of risks (property, liability, human capital, net income). The outcome of a loss history review should provide specific metrics with which to use as positive or negative indicators moving forward. Weaknesses: Past performance is not always an indicator of future results, especially if there has been a significant change in operations (locations, process, workforce, leadership). Bottom line is that as long as long as you put in what you’ve always put in, you’re going to get what you’ve always got. Knowing this, it is helpful to use specific performance metrics (loss frequency, severity, net income, maximum probable loss, top loss sources) to gauge the effectiveness of changes to operations.
  10. Experts Benefits: Outsourcing specific aspects of risk identification can be more time/cost effective and provide a level of experience normally not found within the organization. There are experts in a wide variety of fields including financial, legal, health and safety, risk management, etc. Weaknesses: Outside experts can be expensive and difficult to find for niche businesses or operations. Bottom line is if a needed expertise doesn’t exist within an organization, or there is limited capacity for an internal expert, then retaining an outsourced expert on a fee for service basis can be very valuable and cost effective.

No comments:

Post a Comment