Corporate Governance is a system by which companies are managed and controlled. Shareholders who appoint the board of Directors to manage and control the company, the board comes up with accountable mechanisms that suit the company’s management system and apply it. One of these mechanisms is on how to manage risk, in a company.

Risks are the threats or situations that may affect a company and cause it loss in either a significant or minimum way.

What is considered risky?

It is Risky when the possibility of an outcome will deviate from expectations, for example, the possibility of loss where profit is expected in a given venture. For example, if Juma decides to invest in the shares of a company expecting the share value to go up and earn a profit when he resells the shares later on. The element of risk would be the possibility of loss as profit from the increased value of shares would be dependent on the company’s performance.

What is to manage risk?

Risk management is the process by which organizations identify, evaluate and control threats, risks or unexpected outcomes that could negatively affect their overall strategies and earnings. Examples of risks are, financial uncertainties, legal liabilities, technological issues, management errors, accidents and natural disasters.

Proper risk management is proactive in nature and acts to prevent, avoid or mitigate risks long before they occur instead or responding after the risk has occurred.

Risk management should be integrated into an organisation’s overall strategy and objectives. This aids the organization in not only identifying potential risks but also helps in ascertaining exactly how much risk an organization is willing to be exposed to, i.e., the organization’s risk appetite.

Risk management process

The risk management process can be broken down into the 4 steps highlighted below, namely:

1. Identification

The organization analyses its objectives and strategies and identifies the potential risks involved in the strategies chosen or objectives to be attained.

2. Analysis

The organization analyses each of the identified risks in depth and prioritises them on the basis of probability and overall effect on the organisation.

3. Response

Once risks have been analysed and prioritized, the organization responds to each risk on the basis of priority. This response can take one of the following forms, namely:

(a) Avoidance – the source of the risk is identified and eliminated before the risk occurs. For example, a technology-based company would avoid the risk of data breaches by firewalling its network, encrypting its data transmissions or salting its employees’ passwords into its internal network.

(b) Mitigation – the probability that the risk will occur is mitigated. For example, in the wake of a possible financial crisis such as an economic depression, a company may opt to increase its cash reserves and reduce borrowing in a bid to secure itself and avoid the risk of insolvency

(c) Acceptance – the existence and possibility of the risk is acknowledged and accepted by the organisation. For example, an organisation may accept the risk of volatility when it chooses to invest in cryptocurrencies.

(d) Sharing – the risk is shared or transferred to another organisation in a bid to shield against complete exposure. For example, an insurance company may reinsure itself by purchasing an insurance policy from another insurance company so as to protect itself from losses occasioned by major claims.

4. Monitoring

The organization continues to monitor the risks that have been identified and dealt with. The organization also continues to monitor the market or environment and takes note of any trends in consumer needs, technological developments, environmental changes and political stability.

This helps in identify newer risks likely to affect the organization that had not been considered. As such the organization is better able to adapt to any changes and continue to provide value.

Conclusion

Good risk management is absolutely essential to the survival of any organization.  This helps the organisation continue to meet its objectives and adapt to any circumstances.