eBook - ePub

The Complete Guide to Business Risk Management

Name: The Complete Guide to Business Risk Management
Author: Kit Sadgrove

Kit Sadgrove

Share book

578 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

The Complete Guide to Business Risk Management

Kit Sadgrove

Book details

Book preview

Table of contents

Citations

About This Book

Risk management and contingency planning has really come to the fore since the first edition of this book was originally published. Computer failure, fire, fraud, robbery, accident, environmental damage, new regulations - business is constantly under threat. But how do you determine which are the most important dangers for your business? What can you do to lessen the chances of their happening - and minimize the impact if they do happen? In this comprehensive volume Kit Sadgrove shows how you can identify - and control - the relevant threats and ensure that your company will survive. He begins by asking 'What is risk?', 'How do we assess it?' and 'How can it be managed?' He goes on to examine in detail the key danger areas including finance, product quality, health and safety, security and the environment. With case studies, self-assessment exercises and checklists, each chapter looks systematically at what is involved and enables you to draw up action plans that could, for example, provide a defence in law or reduce your insurance premium. The new edition reflects the changes in the global environment, the new risks that have emerged and the effect of macroeconomic factors on business profitability and success. The author has also included a set of case studies to illustrate his ideas in practice.

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is The Complete Guide to Business Risk Management an online PDF/ePUB?

Yes, you can access The Complete Guide to Business Risk Management by Kit Sadgrove in PDF and/or ePUB format, as well as other popular books in Business & Management. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Routledge

Year

2016

ISBN

9781317037590

Edition

Topic

Business

Subtopic

Management

Index

Business

1
A Powerful Tool for Protecting the Business

It’s 1,700BC, and you’re a merchant in the busy city of Babylon. You have several rolls of cloth you want to ship 200 miles (320km) down river to the distant town of Ur where there’s a demand for your merchandise.

But what happens if the boat sinks, or is set upon by pirates? Until recently you suffered the loss. But now you can manage your risk. Thanks to the new code of Hammurabi, King of Babylon, there is a new service called ‘insurance’. You can borrow money to buy your cargo. And the lender will cancel your loan if your ship is lost at sea. The Code of Hammurabi is the earliest known form of risk management.

History of Risk Management

Cargo insurance was introduced nearly 4,000 years ago. And until recently insurance was still the main way that companies managed risk. In turn, insurance companies sought to reduce their potential losses by encouraging businesses to make their premises safer.

This was the first age of risk management, as shown in Figure 1.1. Businesses considered only hazard risk (such as fire or IT failure). They also used risk reactively, to see how much insurance they should buy.

In the 1970s and 1980s, businesses started to introduce quality assurance, to ensure that products conformed to their specifications. This was epitomized by ISO 9000, successor to the British Standards Institution BS 5750, the quality standard, itself the successor to US military standard MIL-Q-9858 which had been launched in 1959.

In this, the second age of risk management, companies treated risk in a more proactive or preventative way.

Risk awareness was fostered by government legislation that aimed to make businesses think about the risks they posed to workers and customers. New concerns also emerged in the 1980s about environmental risks. And risks to shareholders caused by bad governance became an issue in the 1990s. In 1993, James Lam became the world’s first chief risk officer (CRO), at the US financial services firm GE Capital.

Finally, the third age of risk management arrived in 1995 with the publishing by Standards Australia of the world’s first risk management standard, AS/NZS 4360.

Figure 1.1 The three ages of risk management

RISK MANAGEMENT STANDARDS

After Australia’s risk management standard, two others followed in quick succession. In 2001 Japan launched a risk management system (RMS) called JSI Q 2001, which introduced continuous improvement. And in 2002 the UK’s Institute of Risk Management (IRM) introduced its own risk management standard.

Finally the International Organization for Standardization (ISO) launched its ISO 31000 in 2009, based largely on the Australian standard.

Meanwhile, the New York Twin Towers disaster had taken place in 2001, and companies came to think more about business continuity. In 2003 the British Standards Institution launched PAS 56, a specification for business continuity, which ultimately emerged as ISO 22301, the international continuity standard.

PUBLIC COMPANIES AND FINANCIAL REPORTING

From the 1990s onwards, successive failures in public companies led to demands for greater accountability and more visibility of the companies’ risks.

The scandals at Polly Peck, BCCI and Robert Maxwell led to the UK Government’s Cadbury Committee report in 1992. It recommended measures for better governance, such as the separation of the roles of Chairperson and CEO.

Following public concern about directors’ rising pay, the Greenbury Report advocated controls on boardroom pay through the creation of remuneration committees.

In 1998 the UK’s Department for Trade and Industry launched a review of company law aimed at developing a more modern framework for doing business in twenty-first century. A year later the Institute of Chartered Accountants in England and Wales published the Turnbull Report. This called for stronger internal financial controls and better monitoring of risk.

The European Union (EU) was equally concerned. In 1999 it decided to harmonize accounts across Europe, so that investors in one country could understand and trust annual reports from a company based in another country. The EU Accounts Modernization Directive required, among other things, a report on ‘environmental and employee matters’. From then on, company reports were to be broader in scope.

But the scandals continued to erupt. In 2001 the $101bn energy business Enron was found to have committed massive accounting fraud. Its auditor, Arthur Andersen, was found guilty of criminal charges and collapsed. The scandal led to the US’s Sarbanes–Oxley Act of 2002 which demanded more risk management and better annual reporting. To meet this requirement, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) organization (a respected US-based private sector grouping that sets out best practice in enterprise risk management) launched a document called ‘Enterprise Risk Management – Integrated Framework’. It outlined how public companies should implement risk management and report on it.

In Europe, meanwhile, Italian shareholders discovered that nearly €4 billion of funds purportedly owned by dairy company Parmalat, and supposedly held in a Bank of America account, did not actually exist.

Partly in response to the EU Accounts Modernization Directive, the UK published its Operating and Financial Review (OFR) in 2004. This required companies to publish information in their annual report about their principal risks, as well as non-financial information about environmental and employee matters.

In 2006 the EU passed the 8^th Directive which formally embedded risk management into public companies and ‘public interest entities’ such as banks. These businesses were to have an audit committee to whom the external auditors would report findings about weaknesses in internal controls. This directive ensured that what was good practice in many countries was applied all across Europe.

Today all organizations have to comply with a raft of legislation and are watched by regulators. There is no going back to the buccaneering days when companies could do as they liked. These measures ensure that large companies are better managed and that they have systems for identifying risks. This means that organizations are less likely to fail. However critics point out that such controls failed to prevent Western banks from precipitating the 2008 global recession.

THE EMERGENCE OF ENTERPRISE RISK MANAGEMENT (ERM)

The phrase Enterprise Risk Management (ERM) has come to the fore. It means managing risk systematically. A RMS ensures that the company manages its threats in a proactive, co-ordinated, cost-effective and prioritized way.

There is a certain inevitability about all this. ERM sits neatly alongside company-wide audits and enterprise resource planning (ERP) software that links all departments.

Nevertheless the power of risk management is limited. Every time a company scandal erupts, it becomes apparent that risk management is only as good as the integrity and commitment of the players. If regulators turn a blind eye or are captured by the industries they are supposed to manage, if rogue traders manage to hide big losses, or a powerful CEO browbeats the Board, all the risk systems will be of no avail.

Getting Corporate Strategy Right

As we will see in Chapter 20, the organization has to be in the right markets and have the right products. This is the most basic of all risks: finding that customers no longer want the service that the company offers.

In 1999, at the height of the dot com boom, Marconi (formerly GEC) got rid of its dull retail, defence and food businesses, and bought exciting telecomms companies instead. Two years later, the telecomms market collapsed, and Marconi’s share price fell 54 per cent in one week. In the six months to September 2001, it lost £5.1bn. But it’s easy to be wise after the event.

Conglomerates were once seen as a way of reducing risk. If one market was doing badly, another would be performing well. Many companies diversified, only to find that they owned too many loss-making businesses that they were unable to turn around.

Since then, companies have tended to return to their roots. However, some conglomerates do well. In the past these have included GE, Virgin and Mitsubishi.

Diversified companies can use their core skills in marketing, management, strategy and raising capital to direct a range of businesses. However they tend to be short lived and depend on one individual’s management or entrepreneurial skills.

What are Business Risks?

As we have seen, there are two types of business risk. The first and more traditional type is hazard risk. It is found in fire, pollution or fraud. Companies used to protect themselves by buying insurance but, as we shall see, insurance is only one way to protect the company: there are many others.

The second type is entrepreneurial or opportunity risk. This happens when a company builds a new plant, launches a new product or buys a company. If the company gets its forecasts wrong, it loses money. There are ways of reducing entrepreneurial risk, as we shall see. In this book we don’t seek to eliminate risk. It’s a necessary part of the enterprise. It’s a precondition for innovation; and without innovation the business will fail. An organization that tries to obliterate all possible dangers can’t create value.

Risk applies to any management decision that could have a good or bad outcome. It follows that most management decisions and projects contain risk. Most risks are not catastrophic, but as Table 1.1 opposite shows, the major ones cause loss of life and great damage. Better risk management could have forestalled some of them.

In other cases, organizations have been overwhelmed by the forces of nature, whether tornados, earthquakes or war. At that point, the business needs a continuity plan, something we examine in Chapter 22.

Risk is also a future event that results from actions taken now. That is why managers should consider different options for any problem, and evaluate the consequences.

It is easy to focus on obvious risks, such as workplace accidents. Important though they are, the company must be alert to the big or unexpected risks. The company that is not expecting change is especially prone to suffer.

Risks often defy conventional thinking. For example, what is the most likely cause of death for a New York police officer? It is not being kil...