In our article today we embark on a mission to understand risk management, what it is, why it’s important, it’s key processes and how we can take advantage of the knowledge gained and apply it in our day to day lives and businesses.
In this article, we shall describe risks as a happening that impedes from achieving strategic objectives having already identified a path to take you to your goal.
Risks need to be taken as they increase reward, the higher the risk the higher the returns, however with great risks we stand chance for great losses. That is the reason as to why management of this associating factors need to be balanced to ensure we achieve the most at any given time; if not, then ensure losses realized don’t swing back and strangle the business to death.
Risk management is therefor key as we get to be in the know of what is going to happen, this can however be reached by identifying possible scenarios and occurrences we deem might happen.
People and business take risks because the risk places the business in a possible high return avenue. The higher the risk, the higher the rewards. No risks taken, means no chance of future reward while much risk taken on the other hand means chancing a great loss.
At this point, allow me to bring your mind into the banking sector.
Variety of areas through which a bank can acquire risks can be classified into 3, namely Assets (Investments by the bank), Liabilities (Borrowings taken by the bank) and off balance sheet items (Letters of credit, bank guarantees and other solutions banks can sell to obtain income).
These can further be divided into sub classes namely,
- Credit risk
- Market risk
- Operation risk
- Liquidity risk
- Business strategy risk
- Legal risk
- Reputation risk
Management of risks does not mean avoiding them all together but rather, taking risks within our capable limits, what is commonly referred to as taking calculated risk.
This shouldn’t be too high to cost the organization or the individual huge losses.
We thus have to manage this risk by continuous balancing of factors to ensure exposure to maximum returns through different environments that present. Risks uncontrolled leads to losses, Whatever the losses possible should be within what the organization can absorb without causing it to collapse
It’s main objective therefore is to optimize risk returns.
This is done through identification of possible events that can occur, weighing their impact and effect on either us or the business and then properly managing these events in a structured way and their appropriate action to be taken to mitigate if and when it occurs.
Any potential threat is further scrutinized and ways to mitigate the threats identified, these are later to be managed to ensure gains are still realized to their highest possible potential.
The objectives of risk management approach is to identify, assess and mitigate risks where possible whilst continually monitoring risks throughout as other risks or threats emerge.
Risk management is an ongoing process, a risk register and risk management plan must be kept and updated regularly. It should as well be relevant to the field.
Risk management has three typical management approaches one can use
- Upward management
This kind of management approaches identification of opportunities that emerge and strategically position to take advantage of the opportunities. We identify the risk, analyze and use it to make money. Upward is from the school of though that seeks to increase return through the presenting risks.
- Downward management
This on the other hand is the approach to stay safe by not incurring expenses. More of wanting to arrest the situation by withholding new commitments.
- Uncertainty management.
This involves managing the uncertainties we totally have no control of, most falling in the category of nature caused occurrences like floods, droughts, earthquakes and the like. Managing these uncertainties is what we refer to as uncertain management
Everyone is involved in risk management at some point in life, it could be an individual, a business, an organization or even a corporation.
Taking an example of a business, every venture has some goal, part of which making some profit and growth top the list.
These goals expose the business to certain type of risks, when a business say a bank wants to take risks, it takes the risk in such a way that it’s able to maintain it’s profitability, liquidity and solvency, all these three balanced and maintained at all times.
By profitability, I mean when cost is less than expenses, that’s how profits get realized. And while yearning to earn these profits, expose to so risks we can cushion comfortably.
Liquidity means that it must have adequate money at all times to remain prepared to commitments, case of a bank, when a depositor wants to withdraw their deposits, the bank has has to have adequate money out of which the repayment can be done.
Solvency on the other hand is a long time scenario through which the bank must be able to withstand turmoils presenting as problems and losses.
Liquidity is thus short term while solvency is long term.
Risk management in a bank therefore means the bank has to manage all the three mentioned elements, against the risks while remaining in operation at all times
Different banks have different capacities for risk absorption, what one bank can do may not be possible for another, thus every business must understand it’s risk appetite.
Risk appetite is the capacity or measure a venture can take risks while acting within capacity to absorb the consequences if they get realized.
These are based on strength and ability to manage the risks. Thus decide the extent the business can take on risks beyond which it shall be a problem.
Before taking on any new venture, one must understand his appetite, how much risk he can bite into without exposing themselves to risks they cannot come out of.
Case of banks, risk appetite is decided by the respective boards or directors through the risk management department that sets guidelines captured on the document, risk management policy.
This varies depending on expertise of the institution, for banks; retail banking, private or even corporate banking solutions.
Now let us look at the risk management process.
The risk management process takes us through key steps that identify all the risks that can be faced, understand their effects on the business, both positive and negative as well as the necessary actions to be taken to ensure success.
- Risk identification
The likelihood of a risk or threat occurring. It involves identification of risks or threats that may lead to delays, reduced quality or compromise in one thing or another.
Example, in a bank, when lending money, one of the risks faced is if the borrower does not pay back, commonly referred to as non-payment, another risk is when the borrower repays the loan before time, both of this can be classified as risks.
- Risk measurement.
Here, different tools can be used to measure different kind of risks.
- Risk Analysis and Assessment.
This step helps in identification and assessment of whether one is able to handle the risks or not
They can further be ranked and marked as Low (L), Medium (M) or High (H)
Once done, we go into the next step of prioritization.
- Risk Prioritization.
This means deciding the more critical ones to manage as compared to the less critical ones. It is deciding which risks need to be tackled first and which ones can be tackled later. We set priorities under which risks have to be managed.
We further have to apply the 4T principle of management which involves
- Transfer – Can be introducing an insurance to take the loss
- Treat—Involves taking collateral from your borrower to treat impact if a loss occurs.
- Tolerate – Living with it as is.
- Terminate – Stopping the activity or not starting it at all. These are the rejected loan applications when a bank chooses not to go ahead and take the risk.
The above four only manage negative impact and must understand the positive side of risk that presents opportunities to invest.
A bank can implement either one of these or a combination of more in appropriate measures to control the risk they face.
While at this, other factors come into play to assist safeguard risks taken, one of such is Residual Risk; This are the risks or dangers we remain exposed to by an action or event even after having though roughly considering all risks.This is arrived at through a process that scrutinizes all theoretical possible measures that can be taken to safeguard against risks. One must therefore ensure residual risk is remains less than or at the most, equal to his/her risk appetite. What is residual must be acceptable and digestible by the business. Residual risk identification exercise seeks to arrive at gross risk with Residual risk as regarded as the net risk. Usually considered as worst case scenario.
- Risk mitigation implementation is the process of executing risk mitigation actions. Risk mitigation progress monitoring includes tracking identified risks, identifying new risks, and evaluating risk process effectiveness throughout the project.
Risk Management should be an interactive and continuous process built into the management processes. It must be closely linked to Management functions and activities and most important started early in the commencement of any kind of undertakings.
The process and methodology of risk approach highlighted in this article is applicable not only in the banking case scenario example used, but also in many ventures around our day to day lives and commitments to achieving goals.
More on risk management pointers below to provoke thoughts on the same subject.
-Anyone can tell risks, but only entrepreneurs can turn them into rewards
-All of life is risk management, not it’s elimination
-Only from great risks can great results be achieved
-Better risk management may be the only necessary element of successful banking.
-If you don’t attack risk, risk will surely attack you
-Risk models are of value only if used effectively.
-Risks come from not knowing what you are doing – Warren Buffet
Mind grid perspectives