Risk Management Part 1 of a Series
“The essence of risk management lies in maximizing the areas where we have some control over the outcome while minimizing the areas where we have absolutely no control over the outcome.”
– Peter L. Bernstein
March 5, 2019 – Most of the businesses that I partner with survived the Great Recession between 2007 and 2009, albeit a bit scarred and bruised. The quote above resonates with the most successful of them. It was common to see companies become obsessed with insulating themselves from what may have been seen in better days, as opportunities. Eventually this led them to think about how many projects to take on, how large/complex, and how many hands they’ll need. They began to proceed with more caution than ever before; but there is a flip side to that coin. They patted themselves on the back for being so risk adverse. However, being this overly cautious meant missing the risks worth taking: the jobs that widen your profit margins help you see what you’re capable of, and sometimes give you the ability to grow your staff. Sophisticated businesses have started to realize that managing risk effectively helps organizations to perform well in an environment full of uncertainty.
If you consider the actions of downhill skiers or racecar drivers, they are faced with having to make critical decisions on whether to take a risk in an instant and almost on reflex. In a flash, they make decisions like cutting off the lead racer in a hairpin turn, or working the dangerous edge of their ski to pick up speed and shave off crucial seconds. In both scenarios, they have a very clear understanding of the rewards of taking such a risk. These risks are taken for great gain, but when taken recklessly or not fully appreciated and prepared or anticipated for can lead to great folly.
When I speak to business owners, one of the first questions I ask is, “what is your biggest fear right now for your company – what is it that keeps you up at night?” Usually the first response is employee welfare, making sure everyone gets home in one piece. This is usually followed with an explanation on how important their safety program is and how they make sure that they maintain contractual compliance. Sometimes they point at their experience modifier, and others will post signs and banners applauding their zero injury successes. The conversation usually falls apart when I ask how that safety program helps offset risk in other areas that the company is exposed to.
A risk manager looks at risk from a holistic standpoint based on data and experience. Having a strong health and safety program will do well to address Health and Safety Risks. However, it is just as important to understand the other types of risks a company may face, and how that strong health and safety program is lending itself in execution to help in other areas. Without proper risk management, businesses have a lot to lose. There are many different types of risk to look out for, but here are some of the more common types of risk I have helped companies address.
Technical Risks – Technical risks are anything that restricts the product creation your customer wants. This can include the above risk as well as other factors.
Logistical Risks – These risks should be addressed and prepared for before the project starts. These can include equipment availability as well as transportation.
Environmental Risks – Environmental risks are the factors that prevent the project from completion on schedule or cause rework.
Management Risks – Management risks are risks that arise from management issues, whether someone didn’t hire enough staff or there is confusion over responsibilities and duties.
Regulatory Compliance Risks – Risk when an organization’s adherence to laws, regulations, guidelines and specifications relevant to its business processes are not followed. Sometimes businesses will actively skirt the regulations that the feel slow business or are onerous, in other cases companies are just unaware of the regulatory landscape or changes. Violations of regulatory compliance regulations often result in legal punishment including federal fines.
Reputational Risks – Reputational risk is the chance of losses due to a declining reputation as a result of practices or incidents that are perceived as dishonest, disrespectful or incompetent. The term tends to be used to describe the risk of a serious loss of confidence in an organization rather than a minor decline in reputation. All it takes is one major injury as a subcontractor, a product recall in manufacturing or a failed line of code in technology to blemish your company name.
Supply Chain – This is the potential for failures related to the day-to-day operations of an organization. Such as a natural disaster or unforeseeable circumstances that reduce available supplies or prevent owner specified items from being available on time. These risks are hard to predict and can be hard to manage.
Operational Risk – Often times, operational risk is seen as the result of insufficient or failed processes. However, operational processes that are deemed complete and successful also generate risk.
Richard S. Fuld, Jr., former Chairman and CEO of Lehman Brothers, said it best in that, “The key to risk management is never putting yourself in a position where you cannot live to fight another day.”
Risk Management is considering so much more than just safety or buying insurance. It is interdependent upon many factors which can work in harmony, or when ill-considered, against the goals and objectives of a company. Risk is unique for every company and as such one should steer clear of cookie cutter, or knee jerk solutions that may have a negative financial impact while not really addressing the risk at hand. There are many approaches to addressing risks to your business and over the next few weeks, we will look at ways to effectively evaluate and control risk.