- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
About this book
Effective risk management - the identification, assessment and prioritization of risks - is a vital consideration when looking to safeguard your company's commercial future and deal with the latest regulatory requirements. Managing Business Risk will enable your company to maintain controls on risks that may threaten your business while at the same time delivering transparent reporting to your stakeholders. The book examines the key areas of risk in today's competitive and complex business market. Drawing on expert advice from leading risk consultants, lawyers and regulatory authorities, it shows you how to protect your business against a rising tide of risks. If you don't build risk controls into the structure of your company, from the boardroom down, then your business could be vulnerable to a number of threats - both internal and external. Identify and neutralise them now, and give your company a competitive advantage.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā even offline. Perfect for commutes or when youāre on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Managing Business Risk by Jonathan Reuvid in PDF and/or ePUB format, as well as other popular books in Business & Insurance. We have over one million books available in our catalogue for you to explore.
Information
PART ONE
Boardroom risk concerns and strategies
1.1
Beyond resilience: turning volatility and uncertainty into business opportunity
BEN CATTANEO, ACCENTURE FINANCE & RISK SERVICES
Organizations around the world have been compelled to operate in an environment of increasing volatility, uncertainty, complexity and ambiguity; hence the coining of the acronym, VUCA. Companies face the risk of sudden, severe events as evidenced by recent incidents in Ukraine, concerns over the eurozone and market wobbles stemming from a slow down of the Chinese economy. Sudden and unexpected events in remote locations can affect, and have already affected, company operations and supply chains.
This vulnerability extends to natural disasters. The eruption of the Eyjafjallajƶkull volcano in Iceland in 2010 affected air travel for weeks, sending some travellers on round-the-world routes simply to return home. āSuperstorm Sandyā, which hit the north-eastern United States in October 2012, caused an estimated $30ā50 billion in property damage and effectively shut down most of lower Manhattan.1 And in 2013, natural disasters in China cost the country $68 billion, nearly double the total from the previous year.2
New, previously unconsidered risks emerge all the time. For instance, cybercrime, which was essentially unheard of 20 years ago, now threatens large corporations and governments as well as individual citizens. The shift to contract manufacturing ā often conducted in offshore locations ā can expose companies to reputational as well as operational risks, as evidenced by the recent collapse, accompanied by horrendous loss of life, of a manufacturing facility in Bangladesh.
There is a growing understanding that, over time, even the most risk-aware organizations can experience low-probability, high-impact events. These occurrences ā commonly called āBlack Swanā events after Nassim Nicholas Talebās (2007) book ā can fundamentally change businesses and even entire industries. Companies typically have measures in place to respond to such events under the banner of āresilienceā. These include business continuity and crisis management, disaster recovery and emergency response.
Accenture believes that traditional resilience management is often inadequate to deal effectively with extreme events. Such efforts are too often overly tactical and not integrated with other core risk management activities. We think that even fewer organizations actively prepare themselves to benefit from the upside of extreme events by embracing volatility and uncertainty. We believe that companies should consider addressing these shortcomings.
There is evidence that some organizations are already starting to do so. In Accentureās 2013 Global Risk Management Study: Risk management for an era of greater uncertainty, a survey and interviews with risk executives at 446 organizations around the world, we found that leading companies, which we call ārisk mastersā, comprising 8 per cent of surveyed companies, are more focused on strategic and emerging risk than their peers. As will be seen, these firms are more likely to integrate resilience programmes into core risk management activities.
Where traditional resilience management often falls short
While recognition of the changing nature of risk is growing, few organizations are truly resilient, let alone able to benefit from acute events. In our view, there are a common set of deficiencies with traditional approaches to resilience which are summarized below.
Development of resilience initiatives by non-core business functions
Most business continuity management programmes are developed and managed separately from companiesā core business operations, and most plans are tactical, rather than strategic. As a result, they are often focused on important but lowest common denominator items such as availability of spare office space and laptops. Conversely, when crisis management and business continuity plans are developed by business stakeholders ā for instance, those leading key producing assets or managing supply chains ā critical risk exposures are often uncovered and resilience can be improved. For example, a key supply chain choke point may be identified or an opportunity may become clear should certain types of risk events occur.
Disconnect from financial metrics
Few resilience programmes link risk exposures to cash flows and financial metrics, even though these elements are heavily exposed to the impact of highly disruptive events. This can, therefore, lead to an underestimation of crisis impacts or an overestimation of what is important to the business. Stress-testing and financial simulations, much like those carried out in the banking sector, can help overcome this deficiency.
Lack of integration with other risk activities and functions
Business continuity and crisis management are not typically central to enterprise risk management (ERM) programmes or similar functions. In some cases, they are only loosely connected. This creates a āpre-event biasā as the role of risk management is skewed towards forecasting and implementing controls to mitigate events before they occur. Nonetheless, risks can manifest themselves in spite of the best planning, and this ignores other types of uncertainties, as seen in Figure 1.1.1.
FIGURE 1.1.1 Event categories
SOURCE: Accenture Risk Management, October 2013
Taking a new approach
We believe that resilience management can be just as important as other aspects of risk management. When a business integrates the management of acute events and disruptions across the organization with an integrated view of risk categories and exposures, it may be better positioned to protect its ability to grow and achieve its objectives. We call this āadvanced resilienceā. The most forward-looking practitioners of risk management, however ā the companies we call ārisk mastersā ā are seeking ways, not just to respond and recover from acute events, but to gain competitive advantage from them. They are looking to go ābeyond resilienceā.
The maturity model seen in Figure 1.1.2 illustrates our view of the various stages of maturity that resilience programmes often take.
FIGURE 1.1.2 Resilience maturity framework
SOURCE: Accenture Risk Management, October 2013
Advanced resilience
Overcoming common deficiencies in resilience programmes involves integrating resilience within ERM and the core business. This consists of accepting that not all types of risks can be forecast and creates a risk management function that can encompass the many dimensions of risk, as well as the concept of uncertainty. These organizations can deal effectively with both types of events, as illustrated in Table 1.1.1.
TABLE 1.1.1 Risks from uncertainty
| Risk | Uncertainty (illustrative examples) |
| Strategic risk | Natural disasters |
| Market risk | Price collapse |
| Credit risk | Politically-driven country default |
| Operational risk | Loss of critical systems |
| Reputational risk | Reputational event |
We have identified three components critical to this approach:
- Leadership. In advanced resilience, senior management is fully engaged and plays an active role in setting the resilience agenda. This involves the elements of:a. Preparation: roles, responsibilities in a crisis or acute disruption event are clearly assigned, understood, and rehearsed by all parties.b. Communication: clear communications to all audiences takes place before, during and after crisis events. These organizations have communication strategies for all stakeholder groups and use both traditional and social media to communicate.c. Action: once a crisis event occurs, leadership has access to needed information and is empowered to take quick, decisive action.Part of the leadership role involves setting pre-defined parameters around what constitutes a crisis or significant event. āRisk mastersā establish clearly defined loss limits, and action plans may be triggered by certain situations, such as the loss of access to a specific market, an event that removes a critical process, or an acute supply chain disruption.
- Positioning. High-performance practitioners closely integrate risk management and business continuity planning into ERM programmes. The reverse is true, as well; ERM criteria and risk profiles can help support risk management and business continuity plans.Comprehensive resilience programmes are closely aligned with overall company strategy and financial performance. For example, there is a clear understanding of what assets are to be protected in the event of a crisis event or acute disruption. This strategy drives resilience planning, and the impact on cash flow and other financial metrics also features heavily in plan development.In practical terms, this means that, while the risk function may facilitate the development of crisis management and business continuity plans, these plans are developed for and by the business. Just as the business owns risks, business units may be seen to lead planning and testing of resilience measures.This also involves quantification of critical aspects of the business, using financial metrics such as cash flow, earnings and gross margin-at-risk. Finally, advanced performers are able to aggregate business unit plans up to the enterprise level, just as they would do with other core risk management processes.
- Execution. Advanced companies innovate when it comes to plan execution.They use technology to monitor events and identify issues, and they engage in scenario-neutral planning to simulate various events and outcomes. High performers also use real-time stress tests to help identify discrepancies between plan assumptions and how things would play out in case of an actual disruptive event. Finally, advanced performers ensure that plans exist in multiple formats, including tablet and mobile devices. Gone are the days when crisis management and business continuity plans existed only in thick, hard-copy binders and folders.
High performance: going beyond resilience
We believe there are significant opportunities for companies to prepare themselves, not only for the downside, but for the upside of extreme events ā akin to becoming āantifragileā, to use another term coined by Nassim Nicholas Taleb (2012). Achieving this level of readiness can entail moving from advanced resilience to a much higher state of integration and readiness.
Beyond resilience: components
No matter where the organization is on the spectrum of preparedness for unforeseen occurrences, there are a number of initiatives that can help companies take advantage of opportunities presented while protecting themselves from potentially damaging events. These include:
- āUnthinkable Upsideā playbooks: companies can prepare plans and options not only to restore operations and recover lost business, but also to potentially take advantag...
Table of contents
- Cover
- Title page
- Imprint
- Table of contents
- Foreword
- Contributorsā notes
- Introduction
- Part One Boardroom risk concerns and strategies
- Part Two Managing information and online risk
- Part Three Operational risk and key employment issues
- Part Four Managing risk in emerging markets
- Appendix
- Index
- Index of advertisers
- Full imprint