Risk Management and Control - Assignment Example

 Risk Management and Control The aim of the paper is to discuss risk management from the viewpoint of its importance; moreover, with the increasing role of preventing risk factors in any business performance, notions of continuity management become more popular and applicable. The key words are: business continuity, management, risk, development, standards The meaning of risk management 'Business Continuity can be seen as a bridge between Risk management and Emergency Planning; it utilizes the risk identification and management processes of formal risk management and the crisis management capabilities of emergency planning'. (Myers, 2006) This note is given by Myers (2006), and though it cannot be called one of the risk management definitions, but it gives better understanding of the terms and the area of its application. Thus risk management is aimed to work in both daily and emergency situations; according to the abovementioned citation, it becomes evident, that risk management should both work for the prevention of the critical situations (its primary aim) and for the minimization of the negative consequences for the events which have already taken place. This two-fold role is revealed no matter in which company risk management is implemented. It is difficult to implement risk management notions into the company's performance, but it is even more difficult to make risk management a part of the company's corporate culture. The Royal Society Study Group defines risk management as “the making of decisions concerning risks and their subsequent implementation, and lows from risk estimation and risk evaluation.” (Royal Society Study Group, 1992: 3) Many UK organizations at present fail to implement effective plan of prevention critical incidents, which interrupt and may threaten their business activity. Disaster planning and risk management, as well as managing company's benefits is the area which is rarely addressed by the modern businesses. The principal question, which the companies ask, is 'why implement risk management notions? How it will positively influence company's performance? Are the minimized risks comparable to the costs involved? In order to understand how important risk management is for the modern companies, it is interesting to look into the 2006 risk management survey which gives the principal lacks (problems) faced by the companies and thus give the reader basic understanding of reasons for implementing risk management principles. 1. Risk management implementation protects and enhances company's reputation. Even despite this understanding, the survey has discovered that with 77% of the British enterprises understanding the importance of risk management, less than half (49%) can state that they have anything similar to a contingency plan or that they use the risk management principles in their company. (Stone, 2004) Enhancing reputation will mean that effective risk management strategy will show the better capabilities of the company to act in the emergency situations and to prevent them, thus displaying higher level of credibility and better business performance. 2. The present economy can be characterized as being digital networked economy, which actually has no clear boundaries and thus is more vulnerable to various undesirable invasions (either computer and Internet viruses, or financial frauds). Such events can interrupt business performance, and this is why with the development of the company and with the implementation of the new technologies, risk management becomes an integral part of these information technologies' effective work. Thus, implementations as it is not enough to make risk management effective; it should be implemented properly and exercise the necessary techniques to work successfully; and it is also essential that there should be certain drivers for the correct implementation of the risk management strategies but they have not been discussed in any literary resource researched. The firms which undertake risk management truly believe it is advantageous despite the additional costs it requires for the implementation of the practice. Risk management has not yet become a good business practice and there is still much to achieve for this practice to become widely-accepted and well known. Firms which apply this practice in their performance weight the costs and the benefits which risk management gives to them, and see many advantages. They are not relying on the legal requirements, and probably due to the fact that Governmental policy dos not require private entities to use risk management principles on the obligatory basis the number of the firms which implement risk management is drastically small. The drivers which make firms undertake risk management are various, and among the most effective one may name regulation, stakeholder pressure and probably customer expectation with the IT security. These are the drivers which are seen as the most vulnerable and which may affect the company’s performance the most. It is even worse that the implementation of risk management usually becomes the consequence of some critical situation which could be handled in case the firm had the necessary knowledge and practice for reacting to such situation through risk management. One of the brightest cases is London Bus and Tube bombings – one third of the London firms have been negatively impacted by the incident (Thejendra, 2007) but it is still evident that: 1. less than half of the UK organizations have a business continuity plan in place; 2. inanimate objects are still the key focus for protection, even though a business can’t run without people; 3. employees, suppliers and stakeholders don’t know what to do in the event of disaster. (Thejendra, 2007) Among the other drivers of risk management implementation the following can be listed: a. customer expectations. Customers appear to be increasingly concerned when it comes to the moment when they have to be assured that the companies they invest money in (or buy products, which is the same) are able to support their performance without any serious interruption and to store the customer private information without any threat of it being revealed to the side participants. (Proctor, 2000) b. IT Security. This is partially related to the previous driver, and is also connected with some regulatory drivers, among which the BS 7799 has been described. This driver comes into action because companies need informational integrity and security, and these characteristics can be provided only through risk management implementation. c. Business Insurance. ‘Effective risk management can demonstrate to underwriters and insurers that they are pro-actively managing their business risks. It is often a requirement of the policy and can lead to reduced premiums’. (Keller, 2002) d. Stakeholders pressure. Stakeholders appear to be the driving force making the company work reliably for bringing reliable and sustainable profits and development; this is why stakeholders’ pressure often appears to be one of the most important drivers for the private companies in making them implement the risk management principles. (Keller, 1994) e. Corporate governance. Corporate governance is what risk management directly supports. It is required for the public entities to produce the annual statement of the internal control; this report is the instrument in identifying and assisting in assessment f. of the risks and providing clear roles and responsibilities within the company to safeguard the assets of the company. (Peppers, 2004) g. More efficient performance. This driver is not an obligatory instrument, and as it has been seen through the survey (implying that companies prefer using other means for increasing the efficiency of their performance) but risk management is seen as one of the best means to identify the key roles and responsibilities of everyone in the company, which ultimately leads to the better performance. (British Standards Institution, 2003) Thus, the drivers which at present exist for the risk management implementation among the private sector of economy are insufficient and ineffective to make the entities implement them and use them for the benefit of their performance. In the light of everything above said, it would be of use and should be recommended for the governmental policies and the entities which consult and develop risk management policies at the state and local levels, to consider the possibility of developing a set of requirements and legal regulations, the implementation of which would be obligatory for every enterprise. The set of these requirements should be balanced and to be as minimal and cost effective as efficient; it should be implied that implementation of this minimum will allow the enterprise to have effective risk management policy, with the rest of requirements being optional and only expanding the scope of risk management principles for each specific enterprise. The minimal set of requirements should be thoroughly chosen on the basis of the most probable emergency situations, and may be either unique, or differ based on the type of the entity, that is based on the risk assessment of each specific entity. This is another proof for the fact that risk assessment and risk management are the two integral parts of one whole notion and are interrelated. Governance framework First, we’d take into account that any organization consists of business groups. Their integrity and functions are decisive for their business success. There is a crucial necessity to divide these groups in accordance with their direct functions. Thus any organization can have four main groups (e.g. pharmacy organization can have such subdivisions as Nutrition, Pharma, Performance Materials and Industrial Chemicals) (Corporate Governance). Therefore any organization can develop its framework as follows: Values Governance model Strategies and multi-year programs in working fields. Risk management plan In such a way, risk management will bear fruits and due to its transparency, it can be controlled and viewed both by Managing Board and business groups. Risk management in organization Enhancement of risk management is a preference of many modern campaigns. It’s considered to be a remedy from bankruptcy. Such issues as business processes of money and good flows are taken under proper consideration, analysis and control with constant improvement. A guarantee of risk management further implementation and involvement is seen in internal supervision rules (e.g. proper tasks distribution, understandable instructions and correct records compilation of rules and processes) (Corporate Governance). Risk management and control through management and audit A reliable basis for effective risk management is a strong balance sheet and financial risks limitation. In such a way, organization’s policy can be oriented to solidity, reliability and optimum protection of cash flows (Corporate Governance). At this point, supervision and accounting task are reliable and accountable for accounting and evaluation. Furthermore constant analysis of business processes lead to organizational goals completion. Financial report should be viewed by “Managing Board with the Supervisory Board's Audit Committee and the external auditor, and subsequently with the Supervisory Board” (Corporate Governance). Consequently, the organization’s risk management and supervision system are responsible for risk prevention. Nevertheless, there is no 100% guarantee of complete success, because the nature of risk is various. Consider Appendix I. The risk management implementation in the company Talen IT Operating any business at present without any strict strategy for its development, as well as without any knowledge in the field of strategic risk management means leading this business to decline and bankruptcy. Thus, the role and meaning of the strategic management as a whole and separate strategy is essential for the present day business development. The resources of each enterprise should closely viewed and correspond to its objectives and goals. Talen IT was created as an accidental idea but it was also made a successful enterprise; though to keep this success there had to be developed a whole set of measures to keep the company from the fall and decline in sales. There has been a whole set of events, which made it obvious that Talen IT needs ‘fresh breath’ and absolutely new turn in its development. Budgeting is a part of any strategic planning and management, and planning without budgeting are the two areas which cannot exist separately. It is essential that the development of any company goes according to the cycles, thus periods of increase in sales is usually followed by certain declines, but through these short cycles the general line of the company’s development must display the tendency to growth. It is accepted, that the company could have survived through the proper management and clearly defined strategies. However, in relation to the research of the target markets and the definition of those which could be the most attractive for the Talen IT products, it should be noted, that the attempt of the enterprise to win the IT market was a step aimed at the expansion of the assortment as well as acquiring the bigger market share. Branding is the means of making the products recognizable at the market. The brand should always be associated with the quality – actually, brand is the instrument, which makes the customer understand what he buys before he has bought it, and Parnell understood this. However, in the attempt to expand the market and to enter the new markets, the branding options should be reconsidered and made optimal. The key areas to be addressed in this relation are the particular names, which are given to the brands, slogans and the use of those slogans. The brand should be associated with the way customer management is performed, as well as with the way the products are packaged and sold. All the values and strengths of the company’s profile should be made in line with the brand. The beneficial and profitable step will also to make this brand in the cultural and national peculiarities of the country, in which it is planned to be promoted. It is also important to appoint a person who will be directly responsible for the branding. The recruitment and choice of the employees is one of the important factors in making brand work, because their behavior, conduct and service creates the reputation of the brand, the idea for which it stands and delivers this idea to the customers. Branding should be discussed, changed an adjusted for the needs of the global market on the regular basis through the meetings, and through the use of the already mentioned CRM systems. On the one hand, the employees should understand the importance of the brand and their role in presenting this brand to the consumers; on the other hand, they should also understand the proper ways of delivering branding information to the management of the company for its more effective performance. . (Peppers 2004) Branding is the means of keeping the product on the market for a continuous period of time. That is why in branding strategies of Talen IT is also essential to perform regular review of brands, how they work and what changes should be needed to make the brand work on the constant basis. (Myers 2006) Branding needs thorough budgeting and costs should be reviewed constantly. In branding Talen IT it is necessary to focus on the needs of the customers, but it is also essential to know what message should be delivered to them. It is important to know that any changes in relation to brand are not negative, but are rather the proofs of the fact that branding is the strategy pearly viewed on the side of management as well as on the side of employees. . (Peppers 2004) Based on the knowledge of the theoretical risk management and the case study on the Talen IT enterprise, working in the sphere of the information technology, and as well as looking through the history of the development of this enterprise, it becomes clear, that a number of serious strategic failures in managing company can lead to the necessity of transformations. The main factors are: lack of clear strategic objectives; lack of budgeting; lack of skilled managerial staff to amend the strategy of the enterprise with the requirements of time and consumers; absence of any strategic plan of development as well as the absence of any clear vision of the way the enterprise should expand and develop. Conclusion The work has been designed not only to consider the principal drivers for risk management principles implementation, but its aim has also been to analyze the effectiveness of these drivers and to conclude, whether these drivers are able to make private firms implement the risk management principles into their practice. It is clear that implementation of risk management requires additional costs, and this becomes the principal obstacle for many private entities on their way to implement the risk management principles. Moreover, with the absence of the necessary regulation requirements for the private entities in the sphere of implementation the risk management standards, it becomes evident that the necessary steps should be undertaken at the state level. The governmental policies should address the existing issue and make the implementation of the risk management standards for private firms obligatory; the main conclusion of the work is that the existing drivers are not effective for the firms to implement risk management principles, and this is why the necessary minimum of the approaches should be made obligatory for each company which will increase its kevel of corporate governance and credibility. Works Cited Adams, J. (1985). Risk and Freedom: the Record of Road Safety Regulation. London: Bale, J. (1991). Playing at home: British football and a sense of place. In J. Williams British Standards Institution 2003, Guide to Business Continuity Management: PAS 56, BSI Standards Corporate governance, risk management and internal control. Retrieved Jan 11, 10 from Keller, Kevin Lane. Strategic brand management, Pearson US, 2002. Myers, KN 2006 Business Continuity Strategies: Protecting Against Unplanned Disasters, J Wiley & Sons Nichols, Grove. Strategic plans that work are a must, ABA Banking Journal, 1996, 88, p. 27-34 Peppers, Don (2004). Managing customer relations: A strategic framework, London: Wiley & Sons. Proctor, Tony (2000), Strategic marketing: An introduction, London: Routledge. Royal Society Study Group (1983). Risk Assessment. London: The Royal Society. Stone, Marylin (2004). International strategic marketing: A European perspective, London: Routledge Thejendra, BS 2007, Disaster Recovery and Business Continuity IT Governance Publishing. Appendix I Generic risks • Macro-economic trends • General market developments • Low-cost competition • Political risks • Currency risks and interest risk Strategic risks • Acquisitions, disposals and joint ventures • New markets, products and technologies • Innovation risks • Human resource risks Specific risks • Corporate reputation risks • Customer risks • Production process risks • Product liability risks • Insurable risks • ICT risks • Project risks • Financial risks • Control failures (Corporate Governance) Read More