Effective Risk Management

Uncertainty bounds today’s economy, and every organization needs a structured process for effective risk management to sustain a competitive edge (K. J., A., V. R., and U., 2017). Numerous corporate governance regulations, like the SOX Act 2002, COSO Enterprise Risk Management Framework 2004, Companies Act 2013, and Clause 49 of SEBI, have made the existence of a risk management committee mandatory. A risk management committee, a person, or a group of persons, is required at the top management level for effective risk management. These individuals are important influencers and play a significant role in the organization.

These executives set up the risk management system with the help of other management officials and disseminate the risk information within the organization. This reduces risk information asymmetry among stakeholders, unifies the risk management process across the entire organization, and avoids redundancy in departments, thereby leading to improved organizational efficiency. The committee must possess excellent communication, interpersonal, negotiation, and team-building skills. Enterprise Risk Management (ERM) is found to be proactive, continuous, value-based, focused, and process-driven activity. The integrated approach of ERM guides management to diagnose risk and evaluate effective strategies for managing the organization’s exposure to its risk requirements.

Risk management is the process by which an organization diagnoses threats, explores alternatives, and alleviates those risks. In today’s dynamic business environment, overseeing risk is a vital and challenging concern for organizations in each sector. Enterprise Risk Management (ERM) embodies a holistic, enterprise-wide procedure and control system for diagnosing the effects of numerous risks – such as financial, operational, strategic, compliance, etc. – on the organizational objectives and providing solutions to mitigate them. ERM is considered as a major component of successful firms as it enables them to anticipate and mitigate risk through a standard plan. Another important aspect of ERM, which results from risk identification, is the prevention of destruction of shareholder value by protecting assets from bad lower-tail earning outcomes. High-profile corporate scandals in the USA, such as Enron and Worldcom, followed by encouragement from the New York Stock Exchange (NYSE) and the Securities and Exchange Commission (SEC), have compelled firms to adopt risk management activities. Various corporate governance stipulate risk management as a mandatory compliance requirement. Firms that embrace ERM possess a long-lasting competitive edge by balancing risk and returns, thus enhancing firm value.

Organizational uncertainty has become more complicated, and the organization’s success depends on risk management (K. J., A., V. R., and U., 2017). Effective risk management is beneficial to all organizations, irrespective of their size and sector. The benefits include a better financial position, an improved basis for setting strategic objectives, greater service delivery, a more competitive edge, optimum utilization of resources, more value for money, waste reduction, and efficient management of contingencies. The various dimensions of risk management practices, such as financial, operational, and strategic, have to be well-defined to ensure that the firm makes efficient use of risk management approaches. Based on the acceptable level of risk, risk management helps to decide on a plan of action. The Sarbanes-Oxley Act of 2002 was a response to the corporate scandals of the early 21st century. It incorporates directions in regards to the Public Company Accounting Oversight Board (PCAOB), auditor independence, corporate responsibility, enhanced financial disclosures, and corporate and criminal fraud accountability. ERM is a technique that helps to identify, analyze, and manage contingencies that could hinder the organization from attaining its goals. For successful ERM, a risk manager should focus on people, intellectual property, brand image, managerial knowledge and skills, source of profit, and the business environment. It will help the risk manager to create an awareness of the various associated risks, monitor its vulnerability, and change strategies to ensure that the organization faces only an acceptable level of risk. In the long run, this will optimize the trade-off between risk and return. A well-implemented ERM can create value when it reduces financial distress. ERM doesn’t avoid risk; it helps management to prepare for or prevent the risk, thus enhancing maximum firm value.

Efforts to reduce organizational risk through risk management plans and risk mitigation procedures address external and internal organizational policies, strategies, and decisions. Risk mitigation is the process of identifying risks and articulating and introducing measures to reduce them (Grabowski and Roberts, 1997). Organizations and individuals increasingly partake in larger industrial, manufacturing, regulatory, or environmental systems. These large-scale systems comprise networks of humans and technical resources, such as computers, machines, and communications equipment, that perform tasks and support the missions and goals of more than one organization. Large-scale systems differ from other groupings due to the attention paid and importance given to interfaces, interconnections, and interdependence between and among the system elements. Such complex systems are difficult to comprehend as a whole and are often decomposed or factored into smaller subsystems, leading to the development of numerous subsystem interfaces. Large tightly coupled systems can also exhibit physical problems associated with resource movement, coordination, and communication.

Decoupling tightly coupled systems – which reduces the need for communication and allows subsystems to communicate with each other on an exception basis – eases some of these problems but incurs costs. These costs are associated with maintaining decoupling mechanisms such as inventories, buffers, and waiting lines. Recent advances in information technology have changed perceptions about the capabilities of large-scale systems. Large human-machine intelligent systems now appear in areas such as warehousing and materials handling, manufacturing, aerospace process control, and air, land, and marine transportation. Intelligent subsystems are often embedded within a larger system to formulate and implement decisions made by a computer or humans to control parts of the larger system. Over time, these systems can evolve into decision-makers which managers must manage as they do any other system resource. The nature and composition of large-scale systems are also changing. Virtual organizations have emerged in systems where boundaries have become more diffuse. These large-scale systems have helped organizations transcend geographical, temporal, size, or scope limitations and have changed our notions of organizational behavior and form.

Risk mitigation in increasingly global, multi-organizational, large-scale systems is managed by a variety of owners and operators (Grabowski and Roberts, 1997). However, the mechanisms for risk reduction in such systems are poorly understood both by organizational researchers and managers. Risk mitigation in virtual organizations is particularly challenging, as these large-scale interdependent systems often fail to articulate their boundaries or the behavior expected of their members. Clarifying goals and roles in these systems is imperative for its members to understand how their systems are simultaneously autonomous and interdependent. Risk mitigation in such systems involves developing trust and respect in working relationships, and in bolstering the organization’s ability to learn and adapt. Risk mitigating communications in large-scale systems serve two purposes: they clarify roles, goals, relationships, and responsibilities, and they provide a means of developing a culture of trust and shared values.

To be effective, risk mitigation measures in large-scale systems need to address the cultural needs of these systems. Managers can reduce unintended consequences in risk mitigation if they provide safe areas and flexibility within the system. This allows decision-makers to consider the potential impacts of their decisions offline. Another way managers can mitigate risk is by requiring individuals to take responsibility for their actions and to express when they are unsure about decisions, situations, or interactions with other individuals or groups within the system. This notion aligns closely with the need for open conversation and clear communication. In distributed decision-making settings, clearly defining responsibility and ownership for outcomes aids in risk mitigation by nurturing a culture where the buck stops everywhere. Managers can further mitigate risk by understanding the dynamics of negotiation and bargaining in a large-scale system, and by maintaining consistency between beliefs, actions, and decisions throughout all parts of the distributed system. These activities amplify organizational vigilance to ensure members do not become complacent or desensitized to risk. As a result, they can swiftly respond to the unintended consequences of risk mitigation measures.

References

Grabowski, M., & Roberts, K. (1997). Risk Mitigation in Large-Scale Systems: Lessons from High Reliability Organizations. California Management Review, 39(4), 152-16.

A., K. J., & U., V. R. (2017). The Determinants of Firm Value from Enterprise Risk Management Perspective: A Conceptual Model. Journal of Management Research (09725814), 17(4), 194-203.

Did you like this example?

270

14