.
By Rakis Christoforou BBA, CPA/ABV/CFF, CGMA, ACFE)
John F. Kennedy once said, "There are risks and costs to a programme of action, but they are far less than the long-range risks and costs of comfortable inaction".
When making any business decision, there are risks that must be measured. Risk management is a key element for any successful business. It starts with identifying, assessing and quantifying business risks, then taking measures to control or reduce them. The risks are then reassessed and business decisions are made based on the remaining risk vs. reward. Having a clear understanding of all risks allows an organisation to measure and prioritise them, then take the appropriate actions to reduce losses. The same also stands true for government departments, small businesses and individuals.
I. Risk Assessment
The Risk Assessment Process represents the cornerstone of an effective Enterprise Risk Management Programme (ERM). In order to understand the art of good risk management, one must be able to identify the different types of risk associated with each decision. Risk can come from uncertainty in financial markets, previous bad decisions, project failures, legal liabilities, credit risk, time risk, human risk, accidents, natural causes and disasters, as well as deliberate attacks from an adversary. Effective risk management reduces the opportunity for finances to be used fruitlessly, making sure that all resources are utilised efficiently.
II. Enterprise Risk Management
Enterprise Risk Management (ERM) in business includes the methods and processes used by organisations and businesses in general to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organisation's objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their shareholders, including owners, employees, customers, regulators, and society overall.
III. Risk Management Process
1. Establishing Context: This includes an understanding of the current conditions in which the organisation operates on an internal, external and risk management context.
2. Identifying Risks: This includes the documentation of the material threats to the organisation’s achievement of its objectives and the representation of areas that the organisation may exploit for competitive advantage.
3. Analysing/Quantifying Risks: This includes the calibration and, if possible, creation of probability distributions of outcomes for each material risk.
4. Integrating Risks: This includes the aggregation of all risk distributions, reflecting correlations and portfolio effects, and the formulation of the results in terms of impact on the organisation’s key performance metrics.
5. Assessing/Prioritising Risks: This includes the determination of the contribution of each risk to the aggregate risk profile, and appropriate prioritisation.
6. Treating/Exploiting Risks: This includes the development of strategies for controlling and exploiting the various risks.
7. Monitoring and Reviewing: This includes the continual measurement and monitoring of the risk environment and the performance of the risk management strategies.
The biggest problem in organisations, businesses and government in the implementation of a sound ERM programme is not having competent personnel to assess the risk. This however, should be under the control of shareholders and government who have a duty to employ the right professionals, that is qualified professionals with ethos, in order to protect shareholders’ interests and the society’s in general.
Risk management is crucial as risk can suddenly materialise as losses, and in extreme cases threatens the viability of entities. This situation is now experienced in Cyprus by many organisations, businesses and government departments.
A detailed step by step approach from “Risk Assessment to the Development of a comprehensive ERM Programme” will be addressed in a workshop organised by CIIM (Cyprus International Institute of Management) on June 18. For information contact CIIM at 22 462246.
Rakis Christoforou is the first Cypriot to hold the CFF (Certified in Financial Forensics) and ABV (Accredited in Business Valuation) certifications. He is a member of many professional accounting associations including the Institute of Certified Public Accountants of Cyprus (ICPAC), and Vice Chairman of ICPAC’s Economic Crime and Forensic Accounting (ECFA) Committee.
[email protected]
