The business climate is becoming more and more unpredictable, as such, more prone to risk. The success of any firm is dependent on an effective strategic approach to planning and execution as well as to managing risk. The significance of risk management cannot be overlooked post COVID-19. Uncertainty is at the heart of risk, as a result, risk awareness has increased because we are currently living in a less stable economic and political context. Here, we provide an overview of risk management and explain why organisations need to manage business risk.

Risk Management

The Institute of Risk Management (IRM) (2017) defines risk as the combination of the probability of an event and its consequence. Consequences can range from positive to negative. There are different definitions of risk in theory but this is a widely applicable and practical definition for firms.

However, research by Holton (2014) view risk as involving the exposure to a proposition of which one is uncertain. Suppose a man leaps from an airplane without a parachute. If he is certain to die, he faces no risk. Hence, risk requires both exposure and uncertainty. To shift from the jargon, risk is a condition of individuals—humans and animals—that are self-aware. Therefore, since organisations are not self-aware, so they are incapable of being at risk. Rather, they are conduits through which individuals— members, investors, employees and other stakehoklders—take risk.

Every firm faces risk, not all manage it effectively. The rationale of Risk Management is that it should provide a mechanism to facilitate risk classification as well as risk response, while at the same time ensuring control over reality, effectiveness of actions and regulatory compliance. A sound risk management system provides a new understanding of the situation’s internal or external, projected or retrospective exposures. In view of managing risk, it is mandatory for firms to determine the level of risk appetite, the amount of risk they are willing to take on in pursuit of their objectives, before action becomes necessary to reduce the risk.

Let us now look at how to classify the different risks that exist within organisations.

Risk classification can occur at two levels: External Risks and Internal Risks

External Risks, are those types of risks that are beyond the control of organisations such as financial market risk, political and compliance risk, macro-economic risk and environmental risk. Within each risk categories, there are many sub-categories.

However, why organisations need to manage business risk is strictly related to managing risks that can be controlled. These risks fall under the category of internal risks.  

Internal Risks, are those risks which organisations need and choose to manage in case any of these risks materialise.

Strategic Risk

Strategic Risk relates the adverse effects of poor management decisions on business strategies and the execution of them. This risk represents the alignment of strategic priorities, business continuity management and the tools deployed to meet those organisational objectives. Strategic risk often involves a lack of management capacity to adequately assess and respond to external factors such as market conditions and natural disasters that could impact the firm’s vital operations and prevent critical resources from being resilient.

Operational Risk

Operational Risk is the potentiality of damages arising from inefficient processes, systems malfunctions, human capital errors, failure to adhere to internal policies, poor cyber security or worst of all, business frauds.

Financial Risk

Financial Risk, as the term implies, are threats that include financial losses for companies. That is primarily attributed to uncertainty and declines in the financial market caused by fluctuations in stock markets, currencies, reserves, interest rates and more.  Financial risk relies heavily on proper capital management, an accounting game plan that aims to preserve adequate and equitable ratios of working capital, current assets and current liabilities throughout.

Reputational Risk

Reputational Risk refers to the likelihood for negative media attention, public sentiment or uncontrollable incidents to have a detrimental effect on the image of a business or brand, thus impacting its revenue. Risks related to company reputation can be caused by several determinants, this may include how a firm responds to disruption. Moreover, if the customers of believe that their requirements or a disruption have not been adequately handled, there is a high probability for them to switch to competitors.

Every firm faces risk, not all manage it effectively

Risk Management in Mauritius

Risk management is not new in Mauritius. Leading companies have been assessing operational risk over many years. Today, with high volatility in the marketplace, Mauritian firms have begun to regard risk management from the inclusive perspective; the different types of risks are considered and reviewed at all times, particularly in the aftermath of the Coronavirus pandemic. Furthermore, in a world of uncertainty, the International Organisation for Standards, provides clear guidance on managing risk via the ISO 31000 standard.  In order to be certified ISO 31000, firms need to actively manage risk and this starts with the promotion of an open risk culture and clear risk appetites within organisations.

Risk Management is not only quadruple

Finally, the repercussions of risk are not only quadruple (strategic, operational, financial and reputational). Risk Management should also take into account human factors and the impact on them. With disruptive technologies or natural hazards, people feels threatened by redundancy. Therefore, risk management extends to HR Risk Management. There is a need to upskill and equip the workforce with augmented knowledge to be able address risk at different levels. In the wake of this, it is important to consider HR risk management as an integral part of the organisational agenda.

In essence, risk management is a broader statement of approach. If a firm does not risk anything, it risks even more. Companies need to engage in calculated risk taking. However, managing risk at the different levels is requisite. Conversely, poor risk management has the ability to severely impact a firm’s both short-term and long-term success.

When the only certainty is uncertainty, today, risk is regarded as a profession and an entire organisational division. Learn more about our Risk Management programme.