Manage your risks to ensure your company’s long-term success
This article is from the quarterly Canadian Overview, a newsletter produced by the Canadian member firms of Moore Stephens North America. These articles are meant to pursue our mission of being the best partner in your success by keeping you aware of the latest business news.
It is impossible to completely eliminate the risks that can threaten a company’s success, but we can manage and minimize them by implementing a risk management process.
The main risk categories are:
- Strategic: Related to running the business, including industry developments
- Operational: Related to the company’s operational and administrative procedures
- Financial: Related to the company’s financial structure and external factors such as exchange and interest rates
- Conformity: Related to the obligation to comply with laws and regulations
- Other: Related to reputational and human risk
The risks a company faces are constantly changing. They change based on the market (new competitor, new product), the organization (international expansion strategy, acquisition of another company, initial public offering), products (product obsolescence, major recall of a defective product), etc. As such, risks must be re-evaluated regularly according to changes within the company, the business sector, or regulations, for example.
According to a study on the state of enterprise risk management in Canada conducted in 2015, 61% of respondents confirmed that their organization did not have a chief risk officer or equivalent. With no designated manager for risk assessment, it is hard to plan and adjust strategies before threats arise. As a result, companies end up encountering emergency situations, and they often do not have the time to evaluate possible solutions, leading to less-informed decision-making and sometimes the wrong decision.
A risk management process is therefore the solution for being proactive and managing threats faced by your company.
- Ask front-line employees for their opinions. They will pinpoint risks that are different from those identified by upper management, but still just as important.
- Establish an official communication plan with your employees.
What about you,
- Do you have a risk management process?
- When was your most recent risk assessment?
- Are front-line employees as aware of the company’s risks as upper management and the board of directors?
Aspects of the risk management process
The risk management process involves five steps:
1. Risk identification
2. Risk assessment
3. Strategy development for addressing risks
4. Implementation of strategies
5. Follow-up and re-assessment, as necessary
After risks are fully identified, they must be assessed. This allows you to determine the probability that the risk will arise, as well as the company’s tolerance for each risk, so a strategy can be established for each one.
A company might decide to accept, transfer, minimize, or eliminate the risk.
Strategies might be as simple as periodic maintenance of machines to prevent damage that would have a major impact on production (operational risk), obtaining an exchange rate contract to protect the company from a currency’s volatility (financial risk), or even performing due diligence during acquisition of a new company (strategic risk).
- Due diligence during acquisitions
- Optimization of your resources
- Review of your internal controls
- Creation of an ethics policy
- Employee training (internal control, fraud)
- Upper management assistance
(1) Chartered Professional Accountants of Canada and the Canadian Financial Executives Research Foundation, “The State of Enterprise Risk Management in Canada.”
Remember: we are your risk management partners. We want to hear from you!