The art of living life to its full potential inevitably involves taking risks. The same is true of any successful business. Risk is the chance that something will happen which has negative impact on your plans. The key for today’s business leaders is how to understand, measure and manage risk.
Risk management has grown strongly as discipline in the past decade with Australia and New Zealand organisations thought to be leading the way. There is no substantiated reason for this but indications are that it may be because Australasian organisations are open to innovation and new thinking. They’re also likely to be relatively small and adaptable, meaning they can therefore monitor and adapt to risk effectively.
Properly handled, risk management can enhance an organisation as the risk analysis and mitigation planning required means keen eye will be cast over all operations and that process itself can often identify cost savings and operational efficiencies. Badly handled, unacceptable levels of risk can damage business or, on the flip side, an over-cautious approach can consume dollars which would otherwise boost the bottom line.
A widespread misconception about risk management is that its purpose is to avoid risk. In fact its purpose is to make success more likely by allowing measured and appropriate risks to be taken.
As NZIM’s national president Phillip Meyer – keen advocate of measured risk taking – asks “what do Sir Edmund Hillary, Bill Gates, Sir Peter Blake, Warren Buffett and Sam Morgan all have in common? They have all achieved great success in their chosen fields by understanding the risks they faced and managing them successfully.”
Meyer cautions against working to mitigate all risks because certain risks have the potential for adding value to the business.
“You have to take some risk, but it’s question of the timing and level. Not taking any risk means losing an opportunity which in itself is risk,” he says. “But you have to make sure you can work out exactly what you are risking so you know the whole scenario. You need to identify the risks and introduce acceptable levels of mitigation for those classed as important.”
Meyer stresses the point of ranking risks and choosing which to address. “Risks ought to be contained, particularly for contingent events that are likely to have more than minor effect on the business.”
He adds that there are no rights or wrongs in finding acceptable levels of risk as it’s something individual to each organisation and set of circumstances. “Embrace risk – but understand it. If you don’t understand it, don’t take it.”
There are three main types of risk an organisation can face.
Strategic Risk This occurs when either external or internal forces (such as national and global economies and/or government policy) have significant impact on the ability of an organisation to achieve its key strategic objectives.
Operational Risk This is the risk associated with the day-to-day operation and performance of an organisation.
Project Risk These can occur with projects of specific, sometimes short-term nature and are often associated with new teaching and learning courses, significant new research or acquisitions, change management, integration, major IT and capital development projects.
Effective risk management will always need to be conducted on two levels – governance and operational. Boards need to determine level of risk that they are comfortable with for the organisation and ensure that managers are aware of this and have adequate procedures in place to monitor, report and manage.
A common language across an organisation is key to effective risk management, says David Bignell, consultant and former director, ethics and independence, KPMG. That’s because there’s little point in even looking at risk if those involved have different interpretations of terms and definitions used. What one party may term ‘catastrophic’ risk must be recognised as such by everyone within the organisation.
Bignell says risk management starts with the strategic plan – in looking at anything which could prevent the organisation from meeting the goals set out there. Once the risks are identified, management must determine what operational steps can be taken to mitigate them. Risks can be deemed inconsequential, minor, moderate, major or catastrophic, and mitigation will be planned accordingly.
Monitoring should be an ongoing operational activity and, as for how often risks should be reviewed, Bignell says while current economic conditions mean boards are likely to discuss them each month, under more normal circumstances quarterly should be enough.
Questions he advises asking during these reviews include:
• Is the organisation’s risk profile still appropriate?
• Is management doing what it said it would in terms of review and mitigation?
• Is there anything new on the horizon in terms of changes to the marketplace, global economy or legislation?
While encouraging rigorous and regular risk management, even Bignell acknowledges that there are some risks which simply cannot be dealt with.
“There are some issues about which you just have to say ‘this risk is part of the price of being in this type of business’.”
Sharon Buckland is policy, government and public affairs manager for Chevron New Zealand. She says the key to managing reputational risk is understanding your stakeholders, as this allows you to decide whose opinion matters. That might sound harsh, but the reality is that most organisations have resource constraints and it can be very easy to spend lot of time and effort attempting to mitigate reputational risk which, in reality, has very little impact on an organisation.
“If they are not able to influence the outcome of what you need to achieve, leave them alone and conserve your resources,” Buckland advises. She explains that an organisation’s reputation is determined by how outside stakeholders perceive the organisation’s character.
“It’s about character, not press releases,” Buckland says.
The best way to enhance character is to ensure every person working for an organisation understands the vision, buys into it, feels enrolled in it and feels it in their hearts, she adds. “That gives you consistency through an organisation in terms of character which is the best way to protect your reputation.”
Buckland admits in-depth stakeholder research and analysis can be costly process but says the investment will pay the company back because if you do the analysis and make sure you are satisfying the actual needs of your stakeholders then your organisation will benefit. “You work on your organisational character and the needs of your stakeholders and reputation is the gift you get back,” Buckland says.
In the current climate, now more than ever we need, as effective leaders, to incorporate risk management as part of good management practice. Developing your business character, understanding the climate and the risks of potential opportunities is critical as you grow your business to its full potential.
Karin Callaghan is CEO of NZIM Central.