Comprehensive Guide to Business Risk Management 9781774695760, 9781774694244

Table of contents :
Cover
Title Page
Copyright
ABOUT THE AUTHOR
TABLE OF CONTENTS
List of Figures
List of Abbreviations
Introduction
Preface
Chapter 1 Introduction to Business Risk Management
1.1. Introduction
1.2. Risk
1.3. Business
1.4. Sustainability
1.5. Methods
1.6. Framework
1.7. Public Relations
Chapter 2 Fundamentals of Risk Management
2.1. Introduction
2.2. Risk
2.3. Hazards
2.4. Risk Matrix
2.5. Risk Management
2.6. Attitude and Risk
2.7. Compliance
2.8. Enterprise Risk Management
2.9. Risk Criteria
2.10. ERM
2.11. Operations
Chapter 3 Integrated Risk Management
3.1. Introduction
3.2. Techniques
3.3. Operational Risk
3.4. Foreign Exchange
3.5. Analysis
3.6. Classification
3.7. Risk Elements
3.8. Structure
3.9. Information
3.10. Problems
3.11. Cash Flow
Chapter 4 Project Management
4.1. Introduction
4.2. Issues
4.3. Banks
4.4. Projects
4.5. Funds
4.6. Industries
4.7. Threats
4.8. Uncertainty
4.9. Contracts
4.10. Project Management
4.11. Accidents
4.12. Milestones
Chapter 5 Enterprise Risk Management
5.1. Introduction
5.2. Pillars
5.3. Opportunities
5.4. Piracy
5.5. Risk
5.6. Discrepancy
5.7. FMEA
5.8. Model
5.9. Quality
Chapter 6 Corporate Governance and Risk Management
6.1. Introduction
6.2. Compliance
6.3. Business
6.4. Liabilities
6.5. Payments
6.6. Laws
6.7. Funds
6.8. Cost-Savings
6.9. Principles
6.10. Claims
6.11. Information
Chapter 7 Supply Chain Risk Management
7.1. Introduction
7.2. Supply Chains
7.3. Integration
7.4. Risk Management
7.5. Outsourcing
7.6. Production
7.7. Strategies
7.8. Variables
7.9. Scorecard
Chapter 8 Sustainable Business and Risk Management
8.1. Introduction
8.2. Risk
8.3. Goals
8.4. Managers
8.5. Factors
8.6. Assessment
8.7. Activities
8.8. Processes
Bibliography
Index
Back Cover

Citation preview

本书版权归Arcler所有

本书版权归Arcler所有

本书版权归Arcler所有

Comprehensive Guide to Business Risk Management

本书版权归Arcler所有

本书版权归Arcler所有

COMPREHENSIVE GUIDE TO BUSINESS RISK MANAGEMENT

Jonah C. Pardillo

Publishing

www.societypublishing.com

Comprehensive Guide to Business Risk Management Jonah C. Pardillo

Society Publishing 224 Shoreacres Road Burlington, ON L7L 2H2 Canada www.societypublishing.com Email: [email protected]

e-book Edition 2023 ISBN: 978-1-77469-576-0 (e-book)

This book contains information obtained from highly regarded resources. Reprinted material sources are indicated and copyright remains with the original owners. Copyright for images and other graphics remains with the original owners as indicated. A Wide variety of references are listed. Reasonable efforts have been made to publish reliable data. Authors or Editors or Publishers are not responsible for the accuracy of the information in the published chapters or consequences of their use. The publisher assumes no responsibility for any damage or grievance to the persons or property arising out of the use of any materials, instructions, methods or thoughts in the book. The authors or editors and the publisher have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission has not been obtained. If any copyright holder has not been acknowledged, please write to us so we may rectify. Notice: Registered trademark of products or corporate names are used only for explanation and identification without intent of infringement.

© 2023 Society Publishing ISBN: 978-1-77469-424-4 (Hardcover)

Society Publishing publishes wide variety of books and eBooks. For more information about Society Publishing and its products, visit our website at www.societypublishing.com.

本书版权归Arcler所有

ABOUT THE AUTHOR

Jonah C. Pardillo received her degree for Masters in Business Administration from University of the East, Philippines. Her bachelor was also earned from University of the East. Currently, she is affiliated at University of Mansford, California, USA. She has professorial experience and teaches several business courses in undergrad from Far Eastern University, Technological Institute of the Philippines, Manila Business College, Global Reciprocal College. Further, she was also a Content developer for undergrad and graduate business subjects. Aside from academic experience, she also manages her own business.

本书版权归Arcler所有

本书版权归Arcler所有

TABLE OF CONTENTS

List of Figures ................................................................................................xi List of Abbreviations ....................................................................................xiii Introduction .................................................................................................xv Preface.......................................................................................................xvii Chapter 1

Introduction to Business Risk Management ............................................... 1 1.1. Introduction ........................................................................................ 2 1.2. Risk .................................................................................................... 3 1.3. Business.............................................................................................. 5 1.4. Sustainability ...................................................................................... 7 1.5. Methods ........................................................................................... 12 1.6. Framework........................................................................................ 17 1.7. Public Relations ................................................................................ 27

Chapter 2

本书版权归Arcler所有

Fundamentals of Risk Management ......................................................... 31 2.1. Introduction ...................................................................................... 32 2.2. Risk .................................................................................................. 33 2.3. Hazards ............................................................................................ 34 2.4. Risk Matrix ....................................................................................... 37 2.5. Risk Management ............................................................................. 39 2.6. Attitude and Risk .............................................................................. 43 2.7. Compliance ...................................................................................... 45 2.8. Enterprise Risk Management ............................................................. 48 2.9. Risk Criteria ...................................................................................... 53 2.10. ERM................................................................................................ 56 2.11. Operations...................................................................................... 59

Chapter 3

Integrated Risk Management ................................................................... 61 3.1. Introduction ...................................................................................... 62 3.2. Techniques ........................................................................................ 63 3.3. Operational Risk ............................................................................... 64 3.4. Foreign Exchange.............................................................................. 65 3.5. Analysis ............................................................................................ 67 3.6. Classification .................................................................................... 68 3.7. Risk Elements.................................................................................... 68 3.8. Structure ........................................................................................... 70 3.9. Information ....................................................................................... 74 3.10. Problems ........................................................................................ 81 3.11. Cash Flow....................................................................................... 84

Chapter 4

Project Management ............................................................................... 89 4.1. Introduction ...................................................................................... 90 4.2. Issues ................................................................................................ 90 4.3. Banks................................................................................................ 91 4.4. Projects............................................................................................. 94 4.5. Funds................................................................................................ 95 4.6. Industries .......................................................................................... 99 4.7. Threats ............................................................................................ 101 4.8. Uncertainty..................................................................................... 104 4.9. Contracts ........................................................................................ 105 4.10. Project Management ..................................................................... 106 4.11. Accidents ...................................................................................... 107 4.12. Milestones .................................................................................... 109

Chapter 5

本书版权归Arcler所有

Enterprise Risk Management ................................................................. 113 5.1. Introduction .................................................................................... 114 5.2. Pillars ............................................................................................. 115 5.3. Opportunities ................................................................................. 116 5.4. Piracy ............................................................................................. 117 5.5. Risk ................................................................................................ 119 5.6. Discrepancy ................................................................................... 122

viii

5.7. FMEA.............................................................................................. 125 5.8. Model ............................................................................................. 129 5.9. Quality ........................................................................................... 131 Chapter 6

Corporate Governance and Risk Management ...................................... 135 6.1. Introduction .................................................................................... 136 6.2. Compliance .................................................................................... 137 6.3. Business.......................................................................................... 138 6.4. Liabilities ........................................................................................ 141 6.5. Payments ........................................................................................ 143 6.6. Laws ............................................................................................... 146 6.7. Funds.............................................................................................. 148 6.8. Cost-Savings ................................................................................... 152 6.9. Principles........................................................................................ 153 6.10. Claims .......................................................................................... 154 6.11. Information ................................................................................... 159

Chapter 7

Supply Chain Risk Management ............................................................ 161 7.1. Introduction .................................................................................... 162 7.2. Supply Chains................................................................................. 163 7.3. Integration ...................................................................................... 166 7.4. Risk Management ........................................................................... 166 7.5. Outsourcing.................................................................................... 168 7.6. Production ...................................................................................... 173 7.7. Strategies ........................................................................................ 174 7.8. Variables ......................................................................................... 177 7.9. Scorecard ....................................................................................... 180

Chapter 8

本书版权归Arcler所有

Sustainable Business and Risk Management .......................................... 183 8.1. Introduction .................................................................................... 184 8.2. Risk ................................................................................................ 185 8.3. Goals .............................................................................................. 186 8.4. Managers ........................................................................................ 189 8.5. Factors ............................................................................................ 191

ix

本书版权归Arcler所有

8.6. Assessment ..................................................................................... 192 8.7. Activities ......................................................................................... 197 8.8. Processes ........................................................................................ 199 Bibliography .......................................................................................... 203 Index ..................................................................................................... 223

x

LIST OF FIGURES

Figure 1.1. Risk management Figure 1.2. Sustainable ERM system Figure 1.3. Risk appetites Figure 1.4. Taxonomy-based risk identification Figure 1.5. Risk prioritization Figure 1.6. Sustainability challenges Figure 1.7. Corporate social responsibility Figure 1.8. Global warming Figure 1.9. Trading of greenhouse gas Figure 1.10. Risk ratings Figure 1.11. Record management Figure 1.12. Compliance Figure 1.13. Corporate environment Figure 1.14. Kenneth Lay Figure 1.15. E-commerce Figure 2.1. Fundamentals of risk management Figure 2.2. Hazard risks Figure 2.3. Opportunity risks Figure 2.4. Risk matrices Figure 2.5. Hazard risk management Figure 2.6. Start-up businesses Figure 2.7. Brexit plan Figure 2.8. Organization’s risk exposure Figure 2.9. Enterprise risk management Figure 2.10. Insurance Figure 2.11. Opportunity management strategy Figure 2.12. Risk management frameworks Figure 2.13. IRM risk management standard

本书版权归Arcler所有

Figure 2.14. Risk criteria Figure 3.1. Integrated risk management Figure 3.2. Price fluctuations Figure 3.3. Foreign exchange fluctuations Figure 3.4. Risk elements Figure 3.5. Alternative risk transfer Figure 3.6. Finite risk insurance Figure 3.7. Future cash flows Figure 4.1. Political and societal unpredictability Figure 4.2. Investment banks Figure 4.3. UK Institute of Actuaries and Institute of Civil Engineers Figure 4.4. British TSR2 supersonic fighter project Figure 4.5. Federal Aviation Authority Figure 4.6. Risk analysis and management of projects system Figure 4.7. Munich plane accident Figure 5.1. Katrina Figure 5.2. Piracy Figure 5.3. Failure modes and effects analysis Figure 6.1. Corporate governance Figure 6.2. Money laundering Figure 6.3. IPR Figure 6.4. London maritime arbitrators association Figure 6.5. EHS crisis management Figure 7.1. Supply chain risk management Figure 7.2. Silk road Figure 7.3. Outsourcing Figure 7.4. Vendor-managed inventory Figure 7.5. Bullwhip effect Figure 7.6. Monte Carlo simulation Figure 8.1. Sustainable business and risk management Figure 8.2. Cause-and-effect analysis Figure 8.3. Pareto analysis

本书版权归Arcler所有

xii

LIST OF ABBREVIATIONS ART

alternative risk transfer

CPR

civil procedure rules

CR

continuous replenishment

D&O

directors and officers

EDI

electronic data exchange

ERM

enterprise-wide risk management

ERP

enterprise resource planning

EU

European Union

FMEA

failure modes and effects analysis

FRI

finite risk insurance

GHG

greenhouse gas

GRC

governance, risk, and compliance

ICE

Institute of Civil Engineers

IPRs

intellectual property rights

NGOs

non-governmental organizations

ORM

operational risk management

R&D

research and development

RAD

rapid application development

RASP

risk, architecture, strategy, and protocols

SMEs

medium-sized enterprises

SOX

Sarbanes-Oxley

UPS

uninterrupted power supplies

VMI

vendor-managed inventory

本书版权归Arcler所有

本书版权归Arcler所有

INTRODUCTION Any financial institution must handle a wide range of risks, including market, credit, liquidity, event, and operational risks. Senior management in large institutions around the world is changing how they see their future as a result of five important forces: new technology, globalization, non-bank competition, deregulation, and the opening up of formerly closed markets. Risk is constantly increased by cross-border business, and the trend toward globalization among the clients means that they must follow the trend, go worldwide, and deal with a continually expanding range of risks. Profits are always under pressure due to increased competition, at least in the short term. This pressure is partially a result of liberalization. In order to sustain bottom lines, compromises and risks might be made. In fact, no single technology can do all the necessary recovery tasks. Certain technologies can provide the foundational elements, for there is no one-size-fits-all answer for a company continuity plan. Companies are expanding and depend on technology to function; hence, recovering those processes requires technology. However, you still must have a well-thought-out plan for handling unanticipated circumstances or downtime. Many of the current systems in use today in most organizations cannot be used as an addition to the business continuity plan. Servers continue to be heavily dependent on aging, outdated recovery strategies, and backup procedures that won’t match corporate needs requirements. Consequently, a thorough and validated business continuity plan is required. More than ever, and given the increased reliance on IT systems, potentially much greater than ever before. Planning for business continuity is much more crucial as a result of this dependency. The more dependent a business is on IT, the more essential it is to have not just a very strong not only strong continuity plan, but also a strong and resilient IT infrastructure. Organizations increasingly understand that they cannot have one without the other. There are now a lot more tools available to assist boost the resilience and redundancy of systems, and using those approaches as a backup plan is now more practical than aspects that are active in the business continuity plan. However, in the actual world, choices are typically made to satisfy specific needs.

本书版权归Arcler所有

本书版权归Arcler所有

PREFACE

Businesses are changing into more effective and dynamic entities as a result of increased competition. These companies will need to be robust to unforeseen and potentially catastrophic occurrences, be able to respond swiftly to external factors and increase their variable-to-fixed cost ratio. For a large part of this, it’s important to have a solid grasp of risk, how to analyze and manage it, and finally, how to use this information to your benefit. Understanding and weighing the effects of not fulfilling service level agreements for a while, however, is one thing; setting a lower level of fixed resources in response is quite another. The specification of a system or process to be resilient to both internal and external variables is also simple. Organizations must meet rising corporate governance standards with respect to ethical and social responsibility while also delivering on higher stakeholder expectations in this more uncertain business climate. For instance, legislation to widen the scope of regulations surrounding the management of bribery risk and the avoidance of modern slavery has been introduced in numerous nations. Given all of these developments, it is highly appropriate to emphasize the value of enterprise risk management (ERM) to corporate performance. All organizations still view effective ERM as a commercial necessity, which includes protecting corporate reputation. A successful ERM program improves an organization’s capacity to meet goals and guarantee sustainability through transparency and moral behavior. Everyday hazards are something we all deal with. Personal activities have risks, which might include those related to travel as well as those related to financial decisions. This book focuses on the responsibilities we play in our jobs or occupations, as well as business and commercial risks. However, assessing risks and making decisions about how to handle them is a daily process that must be completed not only at work but also at home and when engaging in leisure activities. We live in a period of immediate communication, media attention, and growing tendencies in global management. As a result, it’s crucial to have precise technology and tools as well as greater business understanding and commercial awareness. Due diligence, corporate governance, and risk management are concepts that must be acknowledged as integral parts of larger company challenges when traditional barriers and lines between responsibilities are being broken down. This book serves as a handbook for business risk management for graduates and research students.

本书版权归Arcler所有

本书版权归Arcler所有

1

CHAPTER

INTRODUCTION TO BUSINESS RISK MANAGEMENT

CONTENTS

本书版权归Arcler所有

1.1. Introduction ........................................................................................ 2 1.2. Risk .................................................................................................... 3 1.3. Business.............................................................................................. 5 1.4. Sustainability ...................................................................................... 7 1.5. Methods ........................................................................................... 12 1.6. Framework........................................................................................ 17 1.7. Public Relations ................................................................................ 27

2

Comprehensive Guide to Business Risk Management

1.1. INTRODUCTION A number of interconnected social, cultural, environmental, and economic aspects have been incorporated into the sustainable development framework over the past 10 years. Our ability to generate economic growth and wealth from the finite resources this planet has to offer will be impacted by the increasing severity of breakdowns in our life support systems that have followed the rise in ecological stressors (Nyoman Pujawan & Geraldin, 2009). As local habitats are harmed, these pressures will have an impact on the level of social development we can attain. Without economic income, social capital development and ecological capital preservation would not be supported by capital revenues. Identifying, measuring, and assessing risks while formulating management plans is the process of risk management. Moving the risk to a third party, avoiding the risk, lessening the risk’s negative effects, and accepting some or all of the consequences are all strategies. As detrimental to company interests as a lack of controls is excessive risk management. The target of risk management is to actively manage hazards in a commercial setting, not necessarily to eliminate or reduce them. This could indicate that certain risks are being overcontrolled and that extra expenses are being incurred (Nocco & Stulz, 2006) (Figure 1.1).

Figure 1.1. Risk management. Source: https://profiletree.com/wp-content/uploads/2018/07/What-is-risk-management-process.jpg.webp.

本书版权归Arcler所有

Introduction to Business Risk Management

3

1.2. RISK All risk management strategies fall into one of four broad categories once risks have been identified and evaluated. Some methods of risk management can be divided into several groups: Risk transfer refers to getting a third party to take on the risk, usually through a contract or financial hedging; Avoiding risk is avoiding engaging in potentially dangerous activities. An illustration would be to refrain from purchasing a home or company in order to avoid the obligation that comes with it. Risk reduction (mitigation) refers to strategies that lessen the severity of the loss. Risk acceptance (retention) entails accepting the loss when it occurs. This type of insurance includes true self-insurance. For minute risks where the cost of insurance would outweigh the overall losses incurred over time, risk retention is a practical strategy. Traditional risk management prioritizes threats with physical or legal origins (natural disasters, fires, accidents, death, and lawsuits). Contrarily, financial risk management concentrates on hazards that can be controlled through the use of traded financial instruments. Financial as well as regulatory and compliance concerns, are all included in a sustainable ERM system (Figure 1.2), but they are organized around the three pillars of sustainable development (Schanfield & Miller, 2005). However, it places more emphasis on analyzing the risks that threaten intangible assets like reputation and includes a wider range of external risk variables. Compared to more conventional approaches, the risk reward assessments and strategic risks analyzes have a wider scope and time frame. These more recent factors may nevertheless have an impact on your business operations directly or indirectly, and we can illustrate the risk levels by using a nonfinancial risk rating system, the SERM risk rating system, as a model of typical loss experiences (Mainelli, 2004). The SERM model will provide a quantitative assessment of effects on businesses that are pertinent to their financial performance or, more precisely, their market worth. While most organizations have a basic level of risk management capability to meet regulatory requirements, investing in risk management processes that are in line with business goals and strategy is advantageous for performance. An assessment of the risks identifies the threats to the organization and the advantages of controlling the risk environment in accordance with corporate goals. The opportunity cost on risk management would be better spent on more profitable activities, and this is where resource allocation becomes challenging. Once more, effective risk management maximizes the reduction of risks’ negative impacts while minimizing expense. Risk appetite refers to the sum that a company is ready to achieve its goals. An organization can

本书版权归Arcler所有

4

Comprehensive Guide to Business Risk Management

create a strategy that is suitable for it by defining the type and level of risk that is acceptable. A corporation that adopts a high-risk strategy but has a poor taste for risk might anticipate a difficult period. In reality, different areas of the organization will have varying risk appetites (Figure 1.3).

Figure 1.2. Sustainable ERM system. Source: https://cengssud.org/wp-content/uploads/2018/12/serm-1170x500.jpg.

Figure 1.3. Risk appetites. Source: https://cdn.ttgtmedia.com/rms/onlineimages/risk_appetite_vs_risk_ tolerance-f_mobile.png.

本书版权归Arcler所有

Introduction to Business Risk Management

5

1.3. BUSINESS For instance, a pharmaceutical business will approach its quality assurance activity with a low-risk appetite because it recognizes the need for this activity to be highly managed, but it may have a dissimilar risk appetite for risk in its research and development (R&D) sector; creating a risk management strategy. It is obvious that the formulation of the overall business strategy would be influenced by a clearly defined risk appetite and risk environment (Adil, 2008). According to the organization’s understanding of the risk environment, all strategy documents submitted to the board for endorsement should include a commentary on the key perils related to the organization’s objectives and strategy and their acceptability in accordance with the agreedupon risk appetite; A properly created and formalized business plan should outline how an organization will prioritize, concentrate, and distribute its resources to take advantage of possibilities that have been recognized. A number of supporting strategies, including HR and IT, will be developed for the allocation of resources and investment to aid an organization in achieving its business strategy. This does not change how risk management investments and resources are allocated; additionally, a risk management statement based on organizational goals and company strategy. An investigation of the source of the risk, the problem, or the event that gave rise to the risk is used to identify the risk. Common risk identification techniques include taxonomy-based risk identification (Figure 1.4) or a breakdown of potential risk sources, objectives-based, scenario-based analysis, common-risk checking and risk assessments. After risks have been identified, they must next be evaluated based on the likelihood that they will occur multiplied by the likely extent of the loss; this roughly equates to the risk level. These values may be easy to measure or almost impossible to determine. Therefore, it is crucial to provide the most accurate assessment to support the prioritization phase of the risk management plan. A key point is that studies have shown that the frequency of risk assessments has a greater impact on financial benefits of risk management than any formula.

本书版权归Arcler所有

Comprehensive Guide to Business Risk Management

6

Figure 1.4. Taxonomy-based risk identification. Source: https://www.garp.org/hubfs/Website/Imported_Blog_Media/a2r5d000003oPzXAAU_Figure-1.jpg.

A risk prioritization (Figure 1.5) process should then be used, with risks with the highest loss and highest probability of incidence being handled first and risks with the lowest probability of occurrence and lowest loss being handled later. In practice, it can be challenging to strike a balance between risks with a high likelihood of incidence but lower loss and risks with a high likelihood of occurrence but lower loss; a risk management framework or system used to meet the aforementioned requirements and foster an organizational risk management culture. While the risk environment, risk appetite, and risk management plan are essential components for organizations to successfully implement their business strategies, they must be supported by an overarching framework for risk management (Ullah et al., 2022).

本书版权归Arcler所有

Event

Risk

Unmitigated Likelihood"

Unmitigated Impact"

Unmitigated Risk Score (Likelihood x Impact)

Lack of skilled labor willing to relocate

operation becomes infeasible

Medium (3)

Very High (5)

Cannot find another oil company to partner with

Entire risk borne by ExploriCo if failure

Medium (3)

High (4)

Introduction to Business Risk Management Environmental impact statement unfavorable

Extra cost to ensure low impact

High (4)

Medium 131

Cannot acquire land from Canadian government

Project untenable

Low (2)

Very High (5)

10

No good natural harbor

Delay of one year

Low (2)

Very High (5)

10

Not enough icebreakers available for rent

Lose 6 months of port usability

Low (2)

Very High (5)

10

Environmental advocacy group protests

Some bad publicity

High (4)

Very Low (1)

4

7

per year

Figure 1.5. Risk prioritization. Source: https://www.dummies.com/wp-content/uploads/389002.image0.jpg.

1.4. SUSTAINABILITY Sustainability challenges (Figure 1.6) may have an economic bearing on all of the major management choices that businesses make, from strategies to investment choices (Child & Tsai, 2005). These selections may have an impact on the economic levers, which in turn may have an impact on an organization’s competitiveness and value drivers. Risk management and sustainability management have an impact on operations and productions, which is why they are connected to revenue and profits. Costs are rising as resource demand skyrockets and resource base prices rise if supply cannot keep up with demand, which has an inflationary impact on the entire supply chain. When possible, expenses are reduced by not investing in fixed assets, yet predictions call for ongoing cost rises. The idea that the government was the best or primary institution for addressing significant social problems has generally lost favor. As global welfare changes continue, it is anticipated that this tendency will persist. Certain obstacles to this approach will be more widely known. In the US, decisions have been made to replace private safety inspectors with a federalized public screening agency staff in the post-9/11 era in the belief that government management in this area is superior (Van

本书版权归Arcler所有

8

Comprehensive Guide to Business Risk Management

Ryzin, 2014). Government has an indirect impact on the risk agenda, and the number of informal government recommendations is rising. Government authorities at all levels are urging businesses to provide the public with more information on their methods and performance, both in terms of quantity and quality.

Figure 1.6. Sustainability challenges. Source: https://www.mdpi.com/sustainability/sustainability-12-03534/article_ deploy/html/images/sustainability-12-03534-g001.png.

Recently, the European Commission presented a plan for how it sees corporate social responsibility (Figure 1.7) developing within the EU, urging all businesses to follow the triple bottom line of economic, social, and environmental responsibility; The European Commission is supporting efforts to tighten vehicle emissions limits beyond those anticipated in current proposals in response to calls from European Union (EU) governments and lawmakers for stricter standards, which has significantly increased calls for more product responsibilities and controls. The OECD is also in favor of greater corporate responsibility because in the coming decades, corporate

本书版权归Arcler所有

Introduction to Business Risk Management

9

social responsibility will become increasingly important, posing challenges for businesses. The industrial revolution of the past 150 years was made possible by the switch from coal to oil and gas, mechanization, and the huge exploitation of all natural resources, including clean air, water, and soil, in order to facilitate increased production and prosperity (Cannadine, 1984). Increasing sea levels and desertification together will present the world with fewer land resources and an unprecedented flow of environmental refugees and the possibility of civil strife.

Figure 1.7. Corporate social responsibility. Source: https://www.thebci.org/static/uploaded/c731f52f-8be9-4ea880751b50ed523a81.jpg.

本书版权归Arcler所有

10

Comprehensive Guide to Business Risk Management

As a result of global warming (Figure 1.8), both drought and floods may become more frequent. Species loss is anticipated to grow as a result of global warming, which is particularly dangerous to migratory species like birds and marine animals. Trading of greenhouse gas (GHG) emissions (Figure 1.9) will become more significant (Clarkson, Li, Pinnuck, & Richardson, 2015). Over the coming decades, the climate on Earth will warm, leading to an increase in sea level. Its goal is to promote reporting of GHG emissions. It should be emphasized that the expense of putting a risk management plan into place is always less than the potential expenses incurred if the organization does not manage risk. The banking industry, which is under increasing pressure to show transparency to all stakeholders, is a good example of how compliance risk management works. It allows the board, for instance, to verify the connections between securities, their issuers, associated subsidiaries, and affiliates and acquire a detailed image of a company’s corporate hierarchy to better grasp their overall securities structure and global exposure. Identify any conflicts of interest relating to their current or potential holdings or relationships with their clients.

Figure 1.8. Global warming. Source: https://www2.deloitte.com/us/en/insights/industry/financial-services/climate-change-credit-risk-management/_jcr_content/root/responsivegrid_380572564/advanced_image.coreimg.95.800.jpeg/1641881523401/ us164768-figure1.jpeg.

本书版权归Arcler所有

Introduction to Business Risk Management

11

Figure 1.9. Trading of greenhouse gas. Source: https://nap.nationalacademies.org/openbook/12784/xhtml/images/ p2001c3c6g206001.jpg.

Legal hazards can be used in a way that causes some uncertainty. It can be used to describe the impact of the risk or its origin such as a shift in the regulatory environment. Additionally, it could suggest a specific course of action to manage a risk, such as getting legal counsel to make sure a crucial contract satisfies a business’s strategic needs. Applying a more uniform process for assessing legal risks may reveal that risks have been overcontrolled perhaps as a result of an excessive weighting of legal issues, as well as reveal which legal repercussions call for more investment in control mechanisms. The SERM method discovered that if risk management strategies are not consistent with the concepts and policies used elsewhere in the organization, their effectiveness will be diminished. For instance, if compensation plans for certain people or units favor shortterm financial performance, a risk-based methodology for pricing projects with possible long-term obligations may not have much of an impact. It should be highlighted that the main goal is risk management, not necessarily risk reduction or elimination. It may be clear through a comprehensive study of risks and how they are currently managed in a business whether hazards are being overcontrolled. Disproportionate control implementation can have negative effects, including the creation of extra expenses and a reduction in the ability to seize opportunities. For instance, situations like competitive

本书版权归Arcler所有

12

Comprehensive Guide to Business Risk Management

bidding for new business may make this particularly clear. For instance, a set of controls that are too stiff may prevent the organization from reacting rapidly enough to support success.

1.5. METHODS A systematic method to risk recording is necessary for a successful risk management program so that risks may be managed and regularly tracked. Risk management professionals have indicated that categorizing hazards is beneficial so that protocols may be established to monitor and control them. It is more crucial to have mechanisms in place to manage the risks involved and to consistently assess them than it is to employ a particular classification approach. At the appropriate organizational level, information about individual risks should be compiled. Actions to address risks might be prioritized using the overall risk ratings emissions (Figure 1.10) generated by an evaluation matrix or other methods (Zeng, An, & Smith, 2007). But keep in mind that stakeholder perception of a risk may be just as significant as the grade determined by taking its impact and possibility into account. For instance, the public’s image of an organization’s actions may be particularly impacted by environmental difficulties, necessitating the need for procedures that can be clearly demonstrated to handle environmental hazards. As a result, there should be less tolerance for certain risks and a larger priority placed on the appropriate controls.

Figure 1.10. Risk ratings. Source: https://www.mckinsey.com/~/media/mckinsey/business%20functions/ risk/our%20insights/banking%20imperatives%20for%20managing%20climate%20risk/svgz-banking-climate-risk-ex1.svgz.

本书版权归Arcler所有

Introduction to Business Risk Management

13

It is crucial that the reactions to the pertinent hazards be commensurate with their likelihood and impact. This has to do with more than just the price of risk control or mitigation techniques. Certain answers could have an indirect cost by reducing the organization’s capacity to seize chances or the possible uncertain situations. Instead of only striving to eliminate or reduce hazards, it is important to optimize the management of risk. Reviewing the controls now in place and their costs and side effects in comparison to other available measures should be part of the process of assessing and managing risks. It should be understood, nevertheless, that varied reactions might only cover a portion of the potential effects of a given risk. For instance, product liability insurance may only cover the immediate financial consequences of a compensation claim, not the negative impacts on the company’s reputation. It’s important to keep in mind that some reactions could lead to the creation of fresh hazards when it comes to managing legal issues. For instance, by terminating certain operations and outsourcing the process to a different provider, the risks connected with a specific manufacturing method may be transferred. This will result in a unique set of risks for managing the supplier’s performance and the related financial connections. Although some liability risks may be transferred as a result of this, the business will still be affected by unfavorable events. It’s obvious that there are a wide variety of methods and strategies that can be used to manage risks. Like the principles for the management of credit risks, elaborate recommendations have been produced in several industries. The Basel Committee on Banking Supervision’s established principles should be taken into consideration in this situation. Organizations have historically minimized risk and compliance management, today’s business complexity, reliance on IT and processes, expansion of business partner relationships, and increased liability and regulatory oversight have amplified risk to the point where governance is necessary (Viterbo, 2019). Additionally, the sheer number of compliance mandates that organizations must adhere to raises the danger of non-compliance, which could result in civil and criminal penalties. Although operational risk and compliance are not directly addressed, their effects have been felt across the whole organization. Following the Enron scandal and SOX reaction, executives are subject to harsh sanctions over the accuracy of their financial statements. To limit the impact on the financials, they therefore demand that risk and compliance be constantly managed within outlined limits of risk tolerance. Increased control and oversight are the sole means of fending off potential legal action resulting from one of the primary risks that must be managed in

本书版权归Arcler所有

14

Comprehensive Guide to Business Risk Management

the US. Management frequently finds a disjointed approach as they struggle to understand how risk and compliance are managed inside the organization. SERM has discovered via pertinent case studies that risk and compliance management has been dispersed across organizational silos, leading to a duplication of technology and activities with inconsistent methodologies, measurement, and reporting. Islands of information trapped in papers and people across the organization as a result of the lack of central visibility and oversight. One of the effective instruments in the compliance and risk management strategy is now record management (Figure 1.11). Significant regulatory concerns in the United States and overseas include financial transparency, corporate governance, anti-terrorism, and privacy protection. Recent events have given corporate directors numerous reasons to pay attention to enterprise risk. For example, energy giant Chevron Corporation has been acutely conscious of the need for risk management given its $184 billion in revenue and 59,000 employees across 180 countries (Shelden & Brown, 2000). Chevron executives were ready when SOX was enacted because they had a risk-based system in place for years before it called for a risk-based approach to evaluating internal control over financial reporting. However, it appears that less than 25% of businesses are giving their internal audit operations the thorough external assessments that the Institute for Internal Auditors recommends as a requirement for sound corporate governance in the post-SOX economic context. Additionally, businesses trying to comply with SOX’s internal control requirements are learning that they must assess the controls of both their own operations and those of potential alliance partners. The fact that the material discloses how the target has been managed with relation to sustainable risk management is, as previously mentioned, a significant advantage of the legal due diligence process. This is extremely pertinent to the discussion. It may consider the history of the target and candidate as well as their goals, as well as their chosen organizational structure whether that be a corporation, partnership, or owner/manager operation. It is important to realize that while many due diligence operations involve very big transactions, there are also many smaller deals that draw the due diligence process and various organizational vehicles.

本书版权归Arcler所有

Introduction to Business Risk Management

15

Figure 1.11. Record management. Source: https://d3i71xaburhd42.cloudfront.net/2c63b34f9a92dbf9c88a645d1e 00bc50c2907fb/12-Figure5.1-1.png.

Although some of the process’s challenges are unquestionably better suited to the larger transaction, others are as relevant regardless of its size. For instance, the administration of the company will be reflected in late or imprecise returns to the authorities. They might also point to money problems, as in the case of late financial statements filed with corporate registrations. The knowledge gathered throughout the due diligence process can be a priceless asset in the target’s continued management after the sale. Organizations should be aware that there are more people benefiting from the risk management and due diligence processes as a result of the constant demand from regulators, security exchanges, and stakeholders. It is crucial to take the user of this information into account when the parties are designing the methodology for legal risk management and due diligence assignments because there may be overlaps in the functions. For instance, there are often certain forms and formats in which data must be delivered if it is to a government authority. Recasting the material numerous times only to satisfy the regulator’s obsession with precision will be exceedingly annoying and more expensive. The idea is to have each due diligence team decide the level of exposure based on what can or cannot be replied, keeping in mind how important high-quality data is. Due diligence is often not completed because there is insufficient information about the business operations. The deal can be

本书版权归Arcler所有

16

Comprehensive Guide to Business Risk Management

risky, much like in personal partnerships like marriage, because there can never be a full examination into each party’s pasts in terms of their health, emotions, and finances. All due diligence procedures must include a balance as part of the risk-reward calculation. For instance, failing to authenticate a £1,000 transaction in a £50 million trade could not be worth the thousands it would cost to validate the transaction. The due diligence team’s skills and experience are crucial in this situation. To be able to differentiate between what is vital and what is not, they must first acquire the necessary training and experience. Second, they must have the right equipment at their disposal in order to carry out their duties. Information presentation is also crucial. Accurate and timely information can satisfy shareholders, investors, and stakeholders, but they are often less interested with the accuracy. In actuality, most people would rather prefer simpler information to complex information. They may be making judgments on the company’s adherence to a certain regulation, but they are also interested in knowing the company’s prospects for survival and growth. As stated, it is crucial to identify the risk owner. For instance, it’s crucial to make sure that nobody in this procedure forgets about the employees. All employees who earn remuneration from the company, including clerks, middle managers, management, and associated parties, like hearing about it. Additionally, the exercise in due diligence can involve the creation of reports without transgressing privacy laws or other legal requirements. At the highest level of the organization, commitment to the program must be paramount. The program won’t become fully implanted throughout the organization in order to provide the anticipated results without the personal involvement of the board members or similar body. This is frequently represented in the delegation of responsibility for risk management implementation to a specific officer or committee. It is crucial that risks are assessed and tracked uniformly across the pertinent operations. For this, there needs to be a precise framework for identifying and rating risks as well as precise reporting and oversight processes. Additionally, an internal program will be required to outline the strategy to be used as well as the roles and responsibilities of individuals and groups within the organization. It’s important that everyone in the organization is aware of the main goals and components of the risk management strategy. Different people’s duties and responsibilities should be transparently defined. The implementation of a risk management program involves a major investment in terms of management time and resource. Information concerning risks should be communicated both upwards and downwards in order to bring

本书版权归Arcler所有

Introduction to Business Risk Management

17

about the most benefit. It could be necessary to seek outside counsel on specific matters. These expenses must be acknowledged and budgeted for. Being realistic about the time that may be needed to set up the necessary mechanisms is equally crucial.

1.6. FRAMEWORK Contingent on the complexity of the systems involved and the type of systems already in place, this could take months or years. It’s critical that the risk management system be viewed as an ongoing program of improvement and adjustment rather than a static framework. A strong procedure for tracking development and re-evaluating priorities is also essential. To do this, active input on risk issues is necessary. It has also been discovered that implementing any risk management system, no matter how flawed or insufficient, usually offers advantages over not implementing one at all. Efficacy ought to increase with time as the organization gains experience. Similar to this, an organization’s risk profile will alter as a result of both internal and external variables, like regulatory changes or an increased threat of terrorist attack, as well as changes to the type or scope of the business. For any risk management system to be effective, it must be able to respond to these changes. The organization’s culture must support the goal of open and transparent risk management. Establishing a “no blame” culture that encourages risk identification rather than penalizes it is useful in managing professional or personal constraints that could otherwise tend to prevent honest reporting. Compliance was formerly managed and measured as a project rather than a process by organizations. This puts the organization at great danger in the current business climate. Compliance (Figure 1.12) must be monitored and validated continuously due to the dynamic nature of business processes, workforces, partner relationships, and IT systems. The requirement for a structured compliance management program will arise when organizations face a growing number of compliance duties. Organizations will look to tools that offer a central repository of risk and compliance management services in order to control expenses as well as to give a single interface into risk and compliance management (“Strategic Outsourcing,” n.d.). This will include reporting on metrics, assessments, and control documentation. It ought to be compatible with other technologies that focus on particular compliance and risk domains such data security, privacy, business partner relationships, and financial systems.

本书版权归Arcler所有

18

Comprehensive Guide to Business Risk Management

Figure 1.12. Compliance. Source: https://s7280.pcdn.co/wp-content/uploads/2020/07/GRC-break-down. png..

Any risk management procedure’s goal is based on established company objectives. The targets have to be prepared and be able to be expressed. If the business targets are to be understood and attained, clarity and precision are far preferable to hazy assumptions and broad generalizations. Clarity is necessary for the risk management team to be able to recognize when the company is veering off course, which is another crucial factor. If the automobile is not in motion and the keys are in another person’s pocket, falling asleep at the wheel poses no risk. However, dozing off is not advised if the business is progressing. Finding justifications and explanations for continuing is not the goal. Every procedure has exceptions, but the more consistently consistent the principles that guide corporate operations, the easier it is to spot the exceptions and assess whether they are warranted this time or not. Integration is a significant topic and a crucial business concern. It has consequences for risk culture and is crucial for continuing risk management. It is obvious that in the deal, the momentum, the need to close, and the short amount of time to evaluate the facts can lead to actions that

本书版权归Arcler所有

Introduction to Business Risk Management

19

have a significant long-term influence on the ability to integrate. Operational details and broader organizational concerns, such as the loss of implicit, codified business knowledge that was held in the minds of key individuals who have since died, can all fall under this category (Scholten, Sharkey Scott, & Fynes, 2019). Another example is the IT industry, where only the most basic inventories of physical hardware are frequently made, even if programming expertise and long-term single-source service agreements may actually be the most important aspects to take into account. The early win strategy may eventually be harmful to value in terms of sustainable risk management. It is improbable that the acquirer will have accessed the premium that was paid for in the purchase if the acquired target is not integrated into the larger corporate structure and is allowed to carry on substantially as before. Risk and market experts have stated that it’s possible that the emphasis on short-term delivery is less invasive in European or Asian nations with more conservative stock exchanges (Coffee, 2001). In fact, this might make it easier to build integration and conduct more careful analysis. A comparison study might be beneficial. Therefore, it appears that true value creation via acquisitions is only attempted in a small number of actual situations. This means that there is still a clear possibility for true wealth development. Regardless of what literature best practices suggests, it is very likely that integrating the cultures of two combining firms will not take place much below the surface in the timescale of integration. This is true even though merging episodes are frequently given high profile both by management and in the literature. A parent culture frequently persists with many people even after a number of years. It could be wiser to accept that the cultures will continue to have a particular flavor, and that if this is not acceptable, important staff members may need to be replaced. In any case, it is necessary to do a thorough analysis of the true importance of this. If it sounds doable but requires a lot of resources, the pricing should reflect this. It is obvious that significant post-merger integration will frequently be a challenging and time-consuming undertaking if it is tried. Therefore, it would seem logical that this resource and time commitment be used to counter inflate payments for the target firm as part of a negotiated target price. This partially solves the issue of shareholder value return, and it might even be a wise course of action to follow in order to determine how viable the larger merger or acquisition will actually be. It has been emphasized that risk management needs to be integrated throughout the organization for it to be completely effective. In other words,

本书版权归Arcler所有

20

Comprehensive Guide to Business Risk Management

a program for handling risks generally throughout the organization should include the assessment and treatment of individual risks developing in connection with a particular area of the business. This is due to the possibility that simultaneous occurrence of several risks could multiply their impact. For instance, if an IT system malfunction occurs at the same time as the introduction of a new product or service, the impact may be exacerbated. These interrelationships should be acknowledged and addressed in a risk management approach. Similar to this, controlling risk needs to be part of the procedures and guidelines for running the firm as a whole. It should be utilized in conjunction with more conventional information, such financial performance, to guide decision-making. If risk management practices are not in line with those used elsewhere in the organization, their effectiveness will be compromised. It should be emphasized once more that risk management rather than risk reduction or elimination is the ultimate goal. Hazards may be overcontrolled, as shown by a comprehensive review of risks and how they are being managed in an organization (Borgelt & Falk, 2007). This might be especially important in circumstances like competitive tenders for new business, where an overly strict system of controls might prevent the organization from reacting rapidly enough to allow success. The corporate environment (Figure 1.13) in which we live is dynamic. Other earlier examples related to due diligence and corporate governance, in addition to the discussion of financial transparency, show how the complicated regulatory system has evolved. For instance, the Victorians in England made provisions for company incorporation in order to respond to the significant changes in corporate structures that occurred during the 19thcentury (Wilson, 2006). This resulted in the firm becoming a distinct legal entity and the development of limited liability. As politicians responded to scandals and criminal acts periodically committed by different individuals within companies, as well as perceived shortcomings in the protection of investors or trying to stop fraudulent activities from happening, these early developments were modified over time by Parliament. Over the previous 150 years, significant parliamentary acts and fragmentary amendments pertaining to businesses have been adopted on occasion. It is vital to understand that directors must lead and advise the company, regardless of the legal framework in which boards must operate.

本书版权归Arcler所有

Introduction to Business Risk Management

21

Figure 1.13. Corporate environment. Source: https://cafe24corp.com.ph/img/culture/img_curtureEnvironment_gallery2.jpg.

Compared to most industrialized countries, Britain makes it simpler to start a company organization. It depends on the firm whether it succeeds or not, but bureaucracy rarely leads to failure. It can be surprisingly easy to put the framework in place. We should first think about the kinds of situations that could expose a trader to personal liability and jeopardize their own assets. It almost goes without saying that the trader, whether acting as a lone proprietor, a partner in a firm, or a corporate director, may be held personally liable for damages sustained by third parties as a result of dishonest or careless behavior in the course of his business. But being sincere and responsible does not exclude the possibility of personal culpability. It is common knowledge that even professional, experienced, and cautious drivers occasionally exhibit poor judgment or have a brief loss of focus. The results could be costly and fatal. Although a clean driving record may persuade the magistrates to be lenient, it is unlikely to lessen legal liability for physical harm, injury, and death brought on by driver mistake. In business, it is the same. The restaurant owner whose suppliers provide wholesome-looking but tainted food that is served to a customer, the one-man financial advisor who unknowingly offers what proves to be bad advice, and the international auditing practice who failed to uncover a fraud concealed deep in the accounts could all be at risk.

本书版权归Arcler所有

22

Comprehensive Guide to Business Risk Management

Generally speaking, the majority or many partnerships may likely function well as limited liability businesses, professional rules, regulations, and constraints notwithstanding. However, some business owners would rather stay in a partnership than become the directors of their own limited company, where they would then be viewed as workers by the Inland Revenue and subject to the corresponding taxes. Another benefit is that, unlike limited liability organizations, partnerships are not required to file partnership accounts for public record. A self-employed business partner may decide that the tax benefits he could receive outweigh the security of being a shareholder or director of a limited liability company. Perhaps the limited liability partnership, which sits in between a partnership and a limited liability company, will evolve more quickly in the future. Personal obligation can be decreased in the same methods as for a single proprietor, but the caution to pick partners prudently must be added to the list. Additionally, partners should be aware of the necessity of diplomatically policing one another. The lone proprietor frequently evolves into a partnership. The partners come to the decision that operating the company as a limited liability company is less expensive overall and thus preferable to paying expensive liability insurance premiums. They would also like to avoid worrying at night about keeping the house secure from the business or about having given the house to the spouse as exclusive ownership with that in mind. A sensitive subject when talking about risk and organizational challenges is corporate giving, problems with gifts, and the legal entities involved. The not-for-profit sector is supported and encouragement for good work is encouraged; on the other hand, it is crucial to make sure that money is used in an open and honest manner. In the UK, the Charity Commission has expanded the not-for-profit industry into a region that is now more approachable and has reviewed hybrid legal entities to foster innovation in the sector, such as charitable corporations. Everywhere a charity operates, as a general rule in this era of increasing responsibility, clarity over donations is a concern because corporate assistance is essential to numerous important facets of the voluntary sector. Giving is both highly effective and taxefficient. In the US, for example, this has been true for a while, but in the UK, the tax ramifications have taken on more significance. Transparency is therefore crucial when it comes to both the donor and the recipient. Charities are discovering that there is more public interest from taxpayers and shareholders in who is donating to charity and why, much as there has generally been in the US since the stock market collapse.

本书版权归Arcler所有

Introduction to Business Risk Management

23

The relationship between Enron and the foundation linked to the company’s disgraced former chairman Kenneth Lay (Figure 1.14) is one notable illustration of the growing interconnections between charities and corporate donations in the US (Novak, 1997). Due to the complexity of the agreements and a lack of evidence, it is unknown how much Lay and his company’s funding of organizations favored by Enron directors contributed to their success. It is evident that a significant portion of corporate giving is strategic. Giving eventually has an impact on a business’s financial line. Being a decent corporate citizen is not enough. Even small businesses should make sure that their policies regarding donations are transparent in light of the importance of governance for both companies and non-profit organizations. Since the giving varies, from small payments to neighborhood community groups to charity events used as marketing opportunities, many businesses simply are unaware of the precise amount and source of their charitable contributions. To ensure that the trend toward increased transparency is followed, there should be clarity on both sides.

Figure 1.14. Kenneth Lay. Source: https://upload.wikimedia.org/wikipedia/commons/c/ce/Ken_Lay.jpg.

There are almost daily reports of illegal conduct that is disrupting both private people and corporate citizens wherever they operate. For instance,

本书版权归Arcler所有

24

Comprehensive Guide to Business Risk Management

the UK was hit hard by crimes against businesses last year. So, if business is to become truly organized in its battle against organized crime, more and more businesses are discovering that establishing a more favorable connection with governmental institutions, particularly the police, can offer a healthy path ahead. In order to address these issues, business should in fact be more creative and, to the greatest extent feasible, stay current with advancements. Today’s economy can make running a business a challenging task that necessitates a multidisciplinary approach to problems that were previously irrelevant or handled by others. Additionally, people in charge of non-profit organizations need to take into account the risks involved because there have been instances of charities being used as fronts for financial crime. However, the majority of the challenges are pertinent to business in general. The results of the surveys and the above-mentioned actions demonstrate that economic crime is an issue of growing concern that affects not just the business community but also the general population because of its detrimental repercussions. It’s important to dispel the myth that economic crime has no victims because everyone is affected by its harmful effects. The results are startling and highlight the need for increased cooperation between government, business, and consumer organizations. Additionally, as was already mentioned, economic crime has no bounds and transcends all geographical and industry borders. It is crucial that the topic of economic crime is highlighted in industry forums and that there is closer cooperation between industry bodies and consumers in this age of technological innovation in order to increase public awareness of the issue. The trust that companies have in their employees is typically rewarded by their diligence and commitment, but since employee disengagement by a single staff member can have serious consequences, this must be prioritized. For instance, both music and software piracy are serious issues. Additionally, while teaching management and staff about preventative techniques is essential, it must be done in tandem with strict and efficient regulation. There is no doubt that the price of crime and the cost of crime prevention is significant for business, especially given the global trend toward increasing economic crime. Businesses experience the cost of crime both directly and indirectly, for instance, in the form of stolen items and greater security and insurance costs. All firms, regardless of size and location, must prioritize increased risk management in order to become more organized against organized economic crime. There is no question that all interested parties need to work together more, and that this is a situation that has to be watched closely and on which expert advice should be sought. In light of the

本书版权归Arcler所有

Introduction to Business Risk Management

25

aforementioned, a major source of concern is the relative lack of attention paid to the ethical issues faced by small and medium-sized firms. Numerous business counselors have remarked that an excessive amount of research on company ethics makes the assumption that all private sector commercial organizations behave similarly or experience identical issues. It is therefore surprising that this disparity between large and small businesses, which operate in various ways, has not been more widely acknowledged with regard to ethical behavior. Furthermore, it is surprising that straightforward behavioral codes of conduct, which might improve the organization’s overall performance and transparency, are not used more frequently. Commercial dishonesty is illustrated in one straightforward manner. Business executives should first evaluate their own behavior and ethics if they want to deter stealing and scamming in the office (“Code of Business Conduct and Ethics,” n.d.). Of course, they should lead by example, and this example is crucial for employee morale and behavior in the workplace. However, practical recommendations that take into account contemporary corporate practices are sometimes absent. For instance, it should be noted that in a world where individuals work from home, it is debatable if the pen needs to be checked in when they leave the office. In general, not enough is being done to educate staff members and human resources as a whole on ethical challenges and how to take moral initiative. Business ethics must be viewed as having a high value in order to be taken seriously. Therefore, this can only be accomplished if staff members understand the difference between right and wrong and are given direction in this area in addition to bottom line justifications. Numerous statistics, for instance, show that economic crime often begins with workplace discontent. Once more, a suitable company code is crucial as a tool for long-term risk management in business. The ground has obviously changed from that under the old insurance purchasers in several ways at once, starting with risk management. First, it’s highly likely that their employer’s organization is undergoing such significant transformation that the old organization from only a few years ago and the new organization hardly resemble one another. After mergers, it will probably be much bigger, and more global. Communications and computerization have produced new options for marketing, service delivery, and cost-cutting. The demand for places and people has significantly decreased as a result of these advances. The emphasis on adding value at each distinct supply chain level has led to the development of new, crucial dependencies in third-party organizations that are more difficult to closely

本书版权归Arcler所有

26

Comprehensive Guide to Business Risk Management

monitor. With these dependencies, the amount of time that can pass without causing harm is dangerously decreasing. Customers now expect a smooth, seven days a week service, and there are entirely new hazards as a result of e-commerce, internationalism, and other factors. E-commerce (Figure 1.15) is one significant field where the benefits of the first pioneer are utterly disproportionate to the others (Chen, Liu, & Li, 2019). Here, fundamental entrepreneurial inclinations are fueled by ever-more-powerful computers, together with telecommunication and data mining technologies.

Figure 1.15. E-commerce. Source: https://www.thestatesman.com/wp-content/uploads/2020/10/iStockecomm.jpg.

Therefore, the implication is that contingency planning is merely one of the risk manager’s options. Risk spending and resources are choices, too, if reliable, tried-and-true preparations can be made so that the organization can navigate through an occurrence without suffering major damage. This is especially true when dealing with low frequency, high impact exposures

本书版权归Arcler所有

Introduction to Business Risk Management

27

and when risk management prevents the organization from doing what it does best. Finance directors love the fact that subsequent expenses accrued after the incident are frequently covered by insurance. However, before we go, it’s crucial to emphasize the need for trustworthy, tried-and-true plans. The continuity manager, who is tasked with identifying risks and evaluating them in light of their potential influence on safety as well as the urgency, survival requirements, and obligations of the organization, is familiar with all of this. The inclusion of contingency plans for kidnapping, extortion, bomb threats, suspicion of large fraud, succession planning, media attacks, product recalls, and other situations should also be made here, in addition to business continuity plans. Of course, there are similarities between them, but each person’s demands must be satisfied. Risk management may not be able to completely eliminate risk since it is not cost-effective or just not possible. When all practicable preventive measures have been taken, continuity planning may be the only remaining option.

1.7. PUBLIC RELATIONS Some businesses have expended a significant amount of money working with competent public relations agencies and attorneys to build EHS crisis management plans. Too many of them, though, simply take the plan and store it, content in the knowledge that it will be available when needed. This is incorrect. The first or even second time you should test a plan is not during a crisis. Furthermore, there just isn’t time during a crisis to study a strategy, especially a lengthy one, that you aren’t already intimately familiar with. Companies, both plant people on the scene and senior management, must respond almost immediately to crises. Everyone tangled in managing an EHS crisis, from the CEO to the process operator on second shift, needs to be aware of both the plan’s contents and, more crucially, their specific position in the crisis management procedure. The type of organization needed to manage an EHS emergency involves careful consideration, planning, testing, practice, and upgrading. These prospects have been made possible by new technology, which has sped up and improved business-tobusiness and business-to-customer communications. Because of the sheer size of merging businesses and the encouragement of the internet and more open marketplaces in the developed world, they are becoming more and more global. Outsourcing has allowed spin-offs to extract new values from supply and distribution networks. A modern multinational’s board is focused on the company’s survival through a potentially devastating calamity. The

本书版权归Arcler所有

28

Comprehensive Guide to Business Risk Management

replacement of buildings and contents are not the most pressing issues. That is the comparatively simple part. However, the large organizations of today have incorporated new and risky sites of exposure into their processes, which, if and when the risk incident occurs, could eliminate essential dependencies on which the entire organization depends. In other words, the likelihood of a quick demise or expulsion from their market has increased, not decreased. When evaluating an organization, the risk manager should take into account the expectations of its stakeholders and determine whether the failure to achieve any of them could result in a single point of potential catastrophic failure. As a result, not only have the risks themselves changed, but so has the likelihood that these new hazards would harm the organization. Furthermore, the level of damage that may result from old, maybe insurable risks may be incomparable to anything we could have predicted in the past. Older business models had the organization’s locations scattered throughout the host nation so they could be close to their clients. Nowadays, the product delivery often comes from one or two important technology factories that, if inoperable, may bring the entire organization to a halt. Additionally, these factories themselves rely on postage-stamp-sized information and communication technology (Schweer & Sahl, 2017). As a result, a small team’s or an individual’s skills may be what an international company counts on for its whole delivery. The true issue is not the hardware’s loss, but rather how it is used, the data it contains, and the effects its introduction has had on the larger production process. It has taken the place of a sizable number of trained employees who are now simply non-existent. It provides the fundamental data about the product and the client. It makes the audit criteria and audit trail credible. It allows other authorized people access and has the company principles incorporated within its software. Both internally and publicly, it communicates. Both sensitive information and useful management data are secured. The first thing to emphasize is the significance of adequate liability coverage, both in terms of the scope of coverage and the adequateness of the limit of indemnity. Liability awards may be many times the organization’s net asset worth in some cases. In other words, a successful claim coupled with a breach in insurance coverage could undermine the company’s very financial soundness and force its liquidation. The inadequacy of the limit of indemnity may not be the main cause of such insurance failure. Exclusion clauses will be present in policies. Claims filed in American or Canadian courts may be excluded as one exclusion, and any goods or

本书版权归Arcler所有

Introduction to Business Risk Management

29

services provided to the aviation sector may be excluded as another (Salter, 2008). Policies may also contain warranties stipulating those particular actions or restrictions be followed in order for the coverage to continue in effect. The accountability of the risk manager is to keep track of the specific actions taking place within the organization and make sure they adhere to the terms of the insurance policies, which is in fact a matter of corporate survival. Finally, it’s important to keep in mind that liability insurance can never provide protection against intentional misconduct. Insurance policies for material damage may be able to cover the costs necessary to start the rebuilding process. Before the factory or office can resume operations as normal, however, the actual task of rebuilding must pass through several stages. It’s necessary to clean up the area. The design of the new facility must then be decided, and planning approvals are almost certainly required. The tender document cannot be created until after estimates have been collected, discussed, and decided. After that, there is a delay until the construction companies or the manufacturers of the machinery can get to work, and then another delay until the buildings are finished and delivered. Except for the uncommon application of business interruption policies, which have shortcomings that have already been mentioned, material damage insurance does not provide any aid in addressing delivery issues during this delay.

本书版权归Arcler所有

本书版权归Arcler所有

2

CHAPTER

FUNDAMENTALS OF RISK MANAGEMENT

CONTENTS

本书版权归Arcler所有

2.1. Introduction ...................................................................................... 32 2.2. Risk .................................................................................................. 33 2.3. Hazards ............................................................................................ 34 2.4. Risk Matrix ....................................................................................... 37 2.5. Risk Management ............................................................................. 39 2.6. Attitude and Risk .............................................................................. 43 2.7. Compliance ...................................................................................... 45 2.8. Enterprise Risk Management ............................................................. 48 2.9. Risk Criteria ...................................................................................... 53 2.10. ERM................................................................................................ 56 2.11. Operations...................................................................................... 59

32

Comprehensive Guide to Business Risk Management

2.1. INTRODUCTION In order to clearly oversee and govern the risks that are thought to be material to its business and to continuously monitor its operational environment for new hazards. The strategy aims to make sure that a defined risk appetite is established that strikes a balance between opportunities and risks to help the organization accomplish its strategic goals (Bojanić, Nerandžić, Stevanov, & Gračanin, 2022). The board is in charge of developing the group’s risk appetite, defining the risk framework, and making sure that risk controls are included into management’s operational strategy. The audit committee is in charge of evaluating the efficacy of the existing risk management systems and conducting an impartial examination of the risk mitigation strategies created for significant risks. The purpose of the monthly meetings of the risk committee is to perform a thorough evaluation of the risk register and make sure that management is doing an effective job of identifying and managing risks when they come up (Figure 2.1).

Figure 2.1. Fundamentals of risk management. Source: https://46ev833n9u2l3zs8zp44sst3tpr-wpengine.netdna-ssl.com/wpcontent/uploads/2019/03/1.-Figure-Risk-Management-Flow-Simple.png.

本书版权归Arcler所有

Fundamentals of Risk Management

33

To ensure that risks are detected promptly and that appropriate action plans are put in place, the committee holds working sessions with departmental and divisional management. In order to guarantee that risk registers are complete, this strategy makes sure that risk is identified both top-down and bottom-up from the various management levels of the business. The risk committee is assisted by group internal audit, which carries out independent evaluations of the business’s risks and its progress in implementing the mitigating action plans set forth for any pertinent risks (Bozkus & Caliyurt, 2018). The status of these reviews is communicated to the risk committee on a monthly basis. An event must happen for a danger to manifest. So perhaps the simplest definition of a risk is an unplanned event with unforeseen repercussions. If the focus is on occurrences, the risk management approach is likely to become more transparent. Think about what may interfere with a theatrical performance, for instance. Power outages, the absence of a key actor, considerable transportation problems or road closures that delay audience arrival, as well as a sizable staff illness are some of the occurrences that could create interruption. The management must decide what to do after identifying the potential performance-disturbing incidents to lessen the likelihood that one of them would result in the cancellation of a performance. This examination by the administration is an illustration of risk management in action.

2.2. RISK Risk can result in either positive or negative outcomes, or it can only create uncertainty. As a result, risks may be thought of as being connected to a chance, a loss, or the existence of uncertainty for a business. Every danger has unique characteristics that call for specialized management or investigation. Risks are categorized into four groups: hazard (or pure) risks, control (or uncertainty) risks, hazard (or speculative) risks, and compliance (or required) risks. Organizations will generally aim to reduce compliance risks, mitigate hazard risks, manage control risks, and accept opportunity risks. It’s crucial to remember that there is no correct or wrong way to divide up risks. Perhaps more frequently, risks are divided into two categories: pure risks and speculative risks. Indeed, there are numerous arguments over terminology used in risk management. Regardless of theoretical debates, it is crucial that an organization choose the risk classification system that is best appropriate for its particular set of circumstances. There are certain

本书版权归Arcler所有

34

Comprehensive Guide to Business Risk Management

dangerous situations that can only end badly. These risks, which can be categorized as operational or insurable risks, are hazard risks or pure risks. Organizations will typically have a tolerance for hazard risks, and these risks need to be controlled within the organizationally acceptable limits (Black & Baldwin, 2010). Theft is an excellent illustration of a hazard issue that many firms deal with. There are various dangers that cause uncertainty regarding how a scenario will turn out. These are typically related to project management and are referred to as control hazards. Organizations generally dislike taking risks under control. Uncertainties can be linked to the project’s advantages as well as the completion of the project on schedule, within budget specifications. To make sure that the results of the business activities fit within the desired range, the management of control risks will frequently be implemented. The aim is to lessen the discrepancy between expected results and actual results. In order to generate a profit, companies also consciously assume risks, particularly those related to the market or the economy. These risks can be categorized as speculative or opportunity risks, and a company will have a particular appetite for taking such risks. Opportunity risks have to do with how risk and return are related (Lenz, 2016). The goal is to take risky action in order to acquire benefits. Opportunity risks will be geared toward investing.

2.3. HAZARDS Hazard risks (Figure 2.2) are connected to a source of possible harm or a circumstance that has the potential to adversely affect objectives, and hazard risk management is focused on minimizing the potential impact (Yeung & Morris, 2001). The most frequent hazards connected to operational risk management (ORM), including programs for workplace health and safety, are hazard risks. Unknown and unforeseen events are linked to control risks. They are occasionally referred to as uncertainty risks, and it can be quite challenging to quantify them. The use of strategies and project management are frequently linked to risk control. In certain situations, it is obvious that certain things will happen, but it is difficult to anticipate and regulate exactly what those things will lead to. As a result, the strategy is built on controlling the ambiguity around these events’ potential effects and consequences. Opportunity hazards can be divided into two categories. While there are risks and dangers involved in taking advantage of an opportunity, there are also risks involved in passing it up.

本书版权归Arcler所有

Fundamentals of Risk Management

35

Figure 2.2. Hazard risks. Source: https://www.securingpeople.com/wp-content/uploads/2019/09/BPS_ Enterprise_Risk_Chart.jpg.

Opportunity risks (Figure 2.3) are sometimes of a financial nature and may not be obvious or readily evident. Even while opportunity risks are taken with the hope of getting a good result, there is no guarantee of this. Nevertheless, the main strategy is to seize the chance and any accompanying dangers. Small firms face opportunity risks from moving to a new location, buying new land, expanding, and diversifying into new goods (Luo & Tung, 2007). The usage of computers as an example aids in clarifying the differences between compliance, hazard, control, and opportunity risks. The hazards of compliance come from operating a computer system while adhering to specific legal standards, particularly those pertaining to data protection. An organization that experiences a viral attack on its software programs will not gain from it. Control risks are related to the upgrade project when a business installs or upgrades a software product. The decision to install new software is also an opportunity risk because the goal is to improve results; nevertheless, it is possible that the new software may not provide all of the capabilities for which it was designed and that the opportunity benefits will not materialize. In reality, the organization’s operations could be seriously harmed if the new software system’s functionality fails. It is

本书版权归Arcler所有

36

Comprehensive Guide to Business Risk Management

crucial to comprehend the full extent of each and every risk that has been noted. Before any steps are made to alter the likelihood or severity of the danger, this is the degree of risk. Although there are benefits to knowing the level of risk that is inherent, some dangers make it difficult to do so in practice. The relevance of the implemented control measures can be determined by defining the inherent level of risk. The IIA has historically held the position that determining the risks inherent level should be the first step in the assessment of all risks. According to prior IIA guidelines, “we look at the inherent hazards in the risk assessment before evaluating any controls.” The goal of any risk assessment remains the same, despite the heated argument over whether to conduct it at the inherent or current level. Its purpose is to determine what is thought to be the current level of risk and to list the major safeguards in place to make sure that it is really maintained. A risk matrix is frequently used to display the underlying risk level in terms of likelihood and size (Anthony (Tony), 2008). Once the control or controls have been implemented, the risk’s residual or current level can then be determined. The risk matrix may clearly show the work needed to minimize the risk from its inherent level to its current level.

Figure 2.3. Opportunity risks. Source: https://www.journalofaccountancy.com/content/dam/jofa/archive/issues/2008/06/creating-growth-exhibit1.gif.

本书版权归Arcler所有

Fundamentals of Risk Management

37

The inherent amount of risk may also be referred to as the absolute risk or gross risk depending on the context. The residual level, net level, or managed level of risk are other terms frequently used to describe the current degree of risk. The classification can also be done on the basis of the risk’s origin. In this situation, a risk could be categorized in terms of where it came from, such as counterparty risk or credit risk. To further categorize hazards, take into account the impact’s type. While some risks may have an adverse effect on the organization’s finances, others may have an adverse effect on its operations or physical infrastructure. Furthermore, risks may have an effect on the company’s standing and perception in the market, as well as its reputation and position. Additionally, risks may be categorized based on the aspect or function of the company that will be harmed. For instance, hazards can be categorized based on whether they will affect people, places, processes, or things. Determining whether the risks will be categorized in accordance with the source of the risk, the component impacted, or the consequences of the risk materializing is crucial for organizations when choosing their risk categorization system. Contingent on the type of business and its activities, each organization will choose the risk classification system that best suits them. Additionally, a lot of risk management frameworks and standards recommend using a certain system for classifying risks. If the organization accepts one of these standards, it will likely adhere to the suggested classification scheme. The risk classification system chosen must be completely appropriate for the organization in question (Schwartz & Davis, 1981). There isn’t a single classification scheme that meets the needs of every organization. To fully comprehend each risk’s possible impact, it is likely that it will be necessary to classify it in a number of different ways.

2.4. RISK MATRIX The easiest way to illustrate risk likelihood and magnitude is through a risk matrix. Risk matrices (Figure 2.4) can be generated in a variety of ways. A risk matrix is a very useful tool for risk management practitioners, regardless of its structure (Woods, 2009). The fundamental risk matrix shows the probability of an event against the size or impact, should the event actually occur. This approach is frequently used to depict risk likelihood and the size (or gravity) of the event, should the risk manifest. A crucial risk management tool is the usage of the risk matrix to show risk likelihood and size. To define whether a risk is acceptable and within the organization’s risk appetite and/ or risk capability, the organization might utilize the risk matrix to depict

本书版权归Arcler所有

38

Comprehensive Guide to Business Risk Management

the characteristics of individual hazards. Probability is displayed on the horizontal axis. Because the word frequency indicates that occurrences will undoubtedly occur while the risk matrix tracks how frequently these events occur, the term likelihood is used instead of frequency. The term likelihood has a wider definition that covers frequency as well as the likelihood that an unexpected event would actually occur. However, the word probability will frequently be used to express the likelihood of a risk materializing in risk management literature. It is not acceptable for enterprises to be in a situation where unanticipated events result in monetary loss, disruption of routine business operations, reputational harm, and loss of market presence. Stakeholders increasingly anticipate that organizations will fully account for the risks that could result in business interruption, project delays, or strategy failure. An individual risk’s exposure can be described in terms of the possibility of the risk occurring and the impact of the risk if it does. The likelihood of an impact will rise along with the level of risk exposure. A collection of risk criteria may be used to describe the risk appetite. Hazardous risks defeat goals, and the severity of such risks is a gauge of their importance. The management of hazard has the oldest history and the most fundamental roots in risk management. The management of insurable risks and hazard risk management are closely related. Keep in mind that a risk can only result in harm (Young & Tomski, 2002).

Figure 2.4. Risk matrices. Source: https://www.business2community.com/wp-content/uploads/2019/08/ Risk-Matrix.jpg.

本书版权归Arcler所有

Fundamentals of Risk Management

39

2.5. RISK MANAGEMENT Hazard risk management (Figure 2.5) addresses problems including workplace health and safety, preventing fires, avoiding property damage, and dealing with the effects of faulty products (Bründl, Romang, Bischof, & Rheinberger, 2009). Hazard risks can interfere with daily operations and result in higher expenses and negative PR from disruptive incidents. Risks associated with hazards are connected to company dependencies, such as IT and other auxiliary services. Most firms are becoming more and more reliant on their IT infrastructure, and IT systems are susceptible to disruption from computer failure, server room fires, virus infections, and malicious hacking or computer attacks. For many firms, theft and fraud can also pose serious risk factors. This is true for businesses that deal in cash or oversee a large volume of financial transactions.

Figure 2.5. Hazard risk management. Source: https://slideplayer.com/4893322/16/images/slide_1.jpg.

Adequate security protocols, the separation of financial responsibilities, authorization, and delegation procedures, as well as the pre-employment screening of workers, are all significant prevention methods for theft and fraud. It is worthwhile to consider language since, should an occurrence occur, this is crucial in connection to hazards and dangers. If a danger of hazard materializes, it might have a very significant impact. The organization will be affected by this major event in terms of potential financial losses,

本书版权归Arcler所有

40

Comprehensive Guide to Business Risk Management

infrastructure damage, reputational harm, and the incapacity to operate in the market. The risk’s gross or inherent level is represented by its magnitude. A large-scale catastrophe of this nature might not have much of an effect on the organization’s finances if it results in a huge financial loss that is insured (Han & Nigg, 2011). Finally, it is important to recognize the significance of compliance concerns. For many firms, especially those in highly regulated industries, compliance risks can be significant. Another characteristic of risk and risk management is that firms frequently take risks in order to reap rewards. A company will introduce a new product because it thinks that good marketing will result in more profits. The company will risk resources when introducing a new product since it has determined that taking some risk is acceptable. The value at risk is a representation of the organization’s risk tolerance in relation to the activity it is engaging in. When an organization takes this kind of risk, it should do so fully aware of the risk exposure and confident that the level of risk exposure is acceptable to the business. It should make sure it has the resources to cover the risk exposure, which is much more crucial. In other words, the organization’s ability to bear any anticipated negative outcomes should be clearly established, the risk exposure should be assessed, and the appetite to take that degree of risk should be affirmed. Not all commercial endeavors will yield the same return for the same degree of risk. Start-up businesses (Figure 2.6) frequently carry a high level of risk and may have low initial expected returns.

Figure 2.6. Start-up businesses. Source: https://ddi-dev.com/uploads/swot.png.

Risks must be considered in the context in which they first surfaced. When a board has decided that an opportunity should not be passed up, it may look that an organization is taking excessive risks. The opportunity’s

本书版权归Arcler所有

Fundamentals of Risk Management

41

significant risk component, however, might not have been completely taken into account. Making sure that strategic decisions that seem high risk are actually made with all of the information available is one of the primary contributions of effective risk management. One of the main advantages of risk management is an increase in the robustness of decision-making processes. The organization’s risk appetite and attitude toward risk are closely linked but not the same concepts (Aquino & Douglas, 2003). Risk appetite and risk attitude both reflect how a company views risk over the long term and the short term, respectively. This is comparable to the distinction between a person’s current hunger for food and their long-term or established attitude toward the food they eat. The maturity cycle stage is another important aspect that will impact the organization’s attitude toward risk. A more proactive approach toward risk is needed for a start-up company than it is for one that is growing or one that is an established company in a well-established industry. In mature markets where a business is in decline, there will be a considerably more risk-averse attitude toward risk. It is frequently argued that certain high-profile business people are very good at entrepreneurial start-up but are not as successful in managing established firms since the attitude toward risk must alter whether a company is a startup operation rather than a mature organization. Overall, the UK government’s challenge is to maintain the UK economy’s prosperity based on a Brexit plan (Figure 2.7) and other measures that will maintain the UK’s resilience (Billing, McCann, Ortega-Argilés, & Sevinc, 2021). Risk is sometimes referred to as result uncertainty. This term, while a little technical, is nonetheless helpful and is especially relevant to the management of control risks. The most challenging risks to recognize and quantify are control risks, which are frequently connected to projects. A project’s overarching goal is to provide the required results on schedule, within budget, and in accordance with the project’s specifications for quality or performance. More details on the nature of the conditions will become available as the construction work progresses. Alternatively, it might be found that the earth is contaminated, weaker than anticipated, or that there are other potentially harmful circumstances, including the discovery of ancient remains. Given this uncertainty, these risks ought to be viewed as control risks, and the project’s overall management ought to take the uncertainty of these various risk types into account. The project manager shouldn’t expect that only negative features of the ground conditions would be found. The project manager should also avoid assuming that things will go more smoothly than anticipated just because they want to. Because control

本书版权归Arcler所有

42

Comprehensive Guide to Business Risk Management

risks introduce uncertainty, it’s possible to assume that an organization will dislike them.

Figure 2.7. Brexit plan. Source: https://www.onepager.com/community/blog/wp-content/uploads/2016/06/Brexit.png.

Analysis of an organization’s risk exposure (Figure 2.8) can be done very effectively by categorizing risks according to their long, medium, and short-term impacts. These risks will be connected to the organization’s strategy, tactics, and operations, in that order. Risks might be viewed in this sense as being connected to things like occurrences, changes in the environment, actions, or choices. Strategic choices therefore have an impact on long-term risks. When the decision is made to introduce a new product, it may take some time before the outcome of that choice becomes clear. The impact of medium-term risks often manifests a year or so after the event or decision, depending on the circumstances. Medium-term hazards are frequently connected to specific projects or work programs. For instance, choosing a computer system is a long-term or strategic choice if new computer software needs to be installed. The endeavor to implement the new software, however, will include medium-term decisions with mediumterm risks. Short-term dangers start to affect you as soon as the incident

本书版权归Arcler所有

Fundamentals of Risk Management

43

happens. Short-term hazards include theft, fire, road accidents, workplace accidents, and other occurrences that have an immediate impact and lasting effects. These short-term risks disturb regular, effective operations right away and are probably the simplest types of risks to recognize, manage, or minimize. Despite the uncertainty surrounding the precise timing, amount, and impact of insured occurrences, insurable risks are frequently transient hazards. In other words, insurance is made to offer defense against risks with immediate repercussions. When it comes to insurable risks, the event’s nature and effects may be known, but its timing is uncertain. In fact, when the insurance coverage is purchased, it is unknown whether the incident will happen at all.

Figure 2.8. Organization’s risk exposure. Source: https://pm-training.net/wp-content/uploads/2021/11/OrganizationalRisk-Exposure-Types.png.

2.6. ATTITUDE AND RISK If risk management is to contribute as much as possible within a company, there needs to be a shared language of risk. The organization will be able to establish a shared understanding of risk and attitude toward risk by using a single language (Gilmore, Carson, & O’Donnell, 2004). The agreement on a risk classification system, or succession of such systems, is a necessary step in creating this shared vocabulary and sense of risk. Consider someone who is assessing their financial situation and the hazards they currently face. It’s possible that generating enough money and controlling spending are the

本书版权归Arcler所有

44

Comprehensive Guide to Business Risk Management

main financial dependencies. An evaluation of the risks to pension plans, real estate ownership, and other investments should be part of the examination. The dangers of noncompliance here concern the responsibilities of owning and operating a vehicle under the law (Frederiksen, 2018). The owner does not want the events that pose a risk to occur. The costs that are known to be involved in uncertainty can change. The advantages of owning a car are, finally, the opportunities. Organizations take some risks voluntarily in order to accomplish their goals. These risks are frequently business or market risks that have been taken with the hope of making a profit. Alternative terms for these opportunity risks include commercial, speculative, or business risks. Opportunity risks are the kind of risk that have the potential to improve the accomplishment of the organization’s mission. These are the risks connected to seizing business opportunities. Every firm has a desire to take advantage of possibilities and a willingness to invest in them. The organization will continually strive for effective and efficient operations, tactics, and strategy. Opportunities can also be created through increasing the effectiveness of operations and putting change efforts into place, although opportunity risks are typically linked to the development of new or modified strategies. Each firm will need to determine its hunger for capturing new possibilities and the necessary amount of commitment. For instance, a company can be aware that the market needs a new product that it can create and deliver. It may not be able to implement that approach if the company lacks the means to produce the new product, and it would be foolish for it to pursue such a potentially dangerous course of action. The decision to take advantage of the apparent opportunity will be made by the company’s management. The organization may have that appetite, but that does not necessarily mean it is the right thing to do. The company’s board should be cognizant of the possibility that, despite their desire to seize the opportunity, the organization may not have the risk tolerance to sustain that course of action. The goal of opportunity management is to maximize the advantages of taking entrepreneurial risks. Businesses will be willing to take investment risks in opportunity. Strategic planning and opportunity management are clearly related (Calantone, Garcia, & Dröge, 2003). The target is to increase the possibility that investments in business opportunities will produce a major positive consequence. It is generally agreed upon that organizations should have zero tolerance for health and safety concerns and should take all necessary steps to remove them. In reality, this is not feasible, and businesses will reduce safety hazards to the minimum that still complies with the law and is cost-effective. For instance, it is technically possible to fit trains with

本书版权归Arcler所有

Fundamentals of Risk Management

45

an autonomous braking system to prevent them from running red signals. However, the railway operating corporation might consider this to be an excessive investment. The organization’s risk exposure or hazard tolerance may be viewed as being affected by the effects of trains running past red lights, yet the expense of installing an automatic braking system may be viewed as being unreasonably costly. Theft is a less emotional illustration. Most businesses will experience a small amount of petty theft, which may be manageable. Businesses operating in an office setting, for instance, may experience some stationery theft, such as the loss of paper, envelopes, and pencils. It may be more expensive to prevent this small-scale theft, thus the organization finds it more cost-effective to accept that these losses will happen.

2.7. COMPLIANCE The extensive range of compliance criteria that enterprises must meet will be known to all of them (Gunningham, Thornton, & Kagan, 2005). These regulatory standards differ greatly amongst company sectors, and many are heavily regulated with a specific regulator for the sector or industry. For instance, most nations throughout the world set strict regulatory restrictions on businesses engaged in the gambling or gaming industries. The regulator may revoke the license to operate if the required regulatory conditions are not met. This drastic response by a regulator could lead to the organization’s eventual departure. All businesses that deal with money are obligated to implement policies to lessen the likelihood of money-laundering operations being carried out. Banks and other businesses that deal with large sums of cash must implement anti-money-laundering procedures, and frequently, a top executive who is solely focused on this issue. Compliance issues are important and can be difficult in the insurance sector (Baker & Griffith, 2007). Compliance problems pose special challenges when an insurance policy is issued in one nation to safeguard assets or pay liabilities in another nation. If an unapproved form of insurance or illegal insurance policies have been issued, failure to comply with all requirements may result in insurance claims not being paid or, in the worst-case scenario, being illegal in a certain country. There are still many regulatory standards that must be met by organizations even if there aren’t specific regulators for that area of the economy or industry. Most nations across the world, in particular, have health and safety regulations that impose duties on organizations to protect

本书版权归Arcler所有

46

Comprehensive Guide to Business Risk Management

the welfare and health of workers and other people who may be impacted by their job activities. These safety criteria typically cover not only locations within the organization’s direct control, but also the health and safety of employees working abroad. Organizations with cars will also be subject to certain road safety requirements, particularly if they transport persons or hazardous materials (Sheffi, 2001). Risk management has several different historical roots and is used by many different types of professions. One of the earliest innovations in risk management came from the handling of insurance in the United States. Because insurance in the 1950s was so expensive and had such a narrow scope of coverage, risk management became more common and better coordinated (Dionne, 2013). Companies understood that buying insurance alone was not enough to ensure the safety of both persons and property. As a result, insurance buyers started to worry about the level of property protection, health, and safety regulations, product liability problems, and other risk management difficulties. In Europe throughout the 1970s, a combined approach to risk finance and risk control emerged, and the notion of total cost of risk gained significance (Allen & Santomero, 2001). As this strategy gained traction, it also became clear that corporations faced several risks that could not be insured. There have been institutionalized disciplines of risk management for at least 100 years. Its early roots can be found in the specialized field of insurance, which has a long and illustrious history. The demand for risk control criteria grew as insurance got more regulated and structured, particularly in regard to the insuring of cargo being moved by ships throughout the globe. Education programs to support the growth of risk management as a profession emerged as risk management grew more established. At this time, risk management laws related to corporate governance started to emerge, and different regulators received more power in regards to certain risks as well as in regards to certain business sectors. During the 1980s, the development of risk management credentials became more formally structured (Knechel, 2007). Risk management standards have emerged as a result of increased risk management knowledge and expertise, as well as a more organized regulatory approach. Particular risk management strategies have also developed in certain sectors, such the banking sector, in addition to the generic risk management guidelines applicable to all industries. A higher level of risk management maturity is expected of financial organizations, as evidenced by the establishment of regulated capital requirements for banks and insurance companies.

本书版权归Arcler所有

Fundamentals of Risk Management

47

In the 1950s, the American business risk management function expanded to include choices about buying insurance (Bertinetti, Cavezzali, & Gardenal, 2013). The importance of contingency planning to organizations increased in the 1960s. Beyond risk financing, loss prevention and safety management also received attention. Self-insurance and risk retention procedures emerged within corporations in the 1970s. Additionally, captive insurance firms began to emerge. Business continuity plans and catastrophe recovery plans later evolved from contingency plans. Occupational health and safety practitioners’ use of the risk management strategy underwent significant changes at the same time in the 1960s and 1970s. The use of risk management strategies in project management advanced significantly in the 1980s. Throughout the 1980s, financial institutions continued to refine how to apply risk management tools and procedures to market risk and credit risk. The financial institutions expanded their risk management programs throughout the 1990s to incorporate methodical evaluation of operational hazards. Treasury departments also started to adopt the financial approach to risk management in the 1980s (Bezzina, Grima, & Mamo, 2014). The need for better coordination between insurance risk management and financial risk management policies was acknowledged by finance directors. Risk finance solutions that integrated insurance and derivatives first appeared in the 1990s. A discipline that is continuously growing and changing is risk management. Risk management has strong ties to the credit and treasury operations in addition to its roots in the insurance sector and other areas of hazard management. Several departments inside major firms, including tax, finance, human resources, procurement, and logistics, will have a sizable risk management component to their operations. However, experts in those fields are unlikely to view their work as merely a subset of the risk management discipline. Health and safety at work may be one of the most well-known and specialized fields of risk management. Planning for catastrophe recovery and business continuity is another area of expertise. By making certain that important dependencies are analyzed, tracked, and reviewed, risk management can enhance the management of an organization’s essential activities. Tools and approaches for risk management will help in managing the hazards, controls, and opportunities risks that could have an impact on these critical dependencies. The practice known as enterprise or enterprisewide risk management (ERM) is another area where the risk management discipline has advanced recently (ERM) (Simkins & Ramirez, 2007). The primary characteristic that sets ERM apart from what would be called more

本书版权归Arcler所有

48

Comprehensive Guide to Business Risk Management

conventional risk management is the more holistic or integrated approach used in ERM. It can be seen as a concept that unifies the management of all risks in various ways rather than as a novel or innovative strategy.

2.8. ENTERPRISE RISK MANAGEMENT An organization is beginning an enterprise risk management (Figure 2.9) approach when it takes into account all of the risks it confronts and how these risks could affect its strategy, projects, and operations. If a person depends on a specific prescription, it is crucial that the medication be always available. If the pharmaceutical business adopts this strategy, it will examine all potential risks that could have an impact on this crucial procedure or stakeholder expectations. Analysis of the supply chain, assessment of the manufacturing processes, and review of the delivery arrangements will all be part of this. What could stop the constant delivery of drugs is the main query that needs to be addressed. Ingredient scarcity, manufacturing interruption, product contamination, a breakdown in supply transportation plans, and distribution disruption are all risks to the continuous supply. There are several charities and volunteer organizations in the majority of the nations. The directors or trustees of these organizations should be highly concerned and aware of risk management, which is understandable and quite appropriate. But it’s frequently said that trustees are more focused on risk management and good governance than they are on generating money for the charity they support. The causes that the charities are supporting would suffer if the organization’s operations were paralyzed by this risk management concern. Risk management professionals should value the contribution that alternative approaches to risk management can make as their level of sophistication rises and they become aware of them. Operational risks that are insurable or hazard risks might have an immediate effect. Therefore, the primary goal of the initial implementation of risk management concepts was to assure that regular, effective operations would continue. Project management and the execution of programs to improve key business processes have become increasingly important as risk management has grown (Bojanić et al., 2022). Processes must be both efficient and effective in that they provide the desired results. For instance, having an effective software program is of limited use if it cannot do the necessary variety of functions.

本书版权归Arcler所有

Fundamentals of Risk Management

49

Figure 2.9. Enterprise risk management. Source: https://www.nexigroup.com/content/dam/corp/img/sustainability/enterprise-risk-management/roles-and-responsibilities/ERM-process_notext.png.

The most crucial choices a company must make are strategic ones. Better information is delivered through risk management, allowing for the more confident execution of strategic decisions. An organization must be able to achieve the desired goals with the plan it chooses. There are numerous instances of corporations that chose the wrong strategy or failed to implement the chosen strategy effectively. Numerous of these businesses experienced corporate failure. When technological advancements or shifts in consumer expectations occur, as is frequently the case with grocery shops, strategic decisions are frequently the most challenging. The goal of strategy should be to seize chances. For instance, a sports club might recognize the opportunity to increase product sales to its current clientele. Some organizations will set up a travel agency and offer related travel insurance to their supporters who travel abroad. Additionally, a club credit card could be established and run by a fresh financial division (Zumello, 2011).

本书版权归Arcler所有

50

Comprehensive Guide to Business Risk Management

Any hazard event’s outcome will be less detrimental with the help of hazard management. Insurance (Figure 2.10) serves as a technique for limiting the financial cost of losses when a risk materializes in the context of hazard management. Techniques for risk management and loss management will cut down on anticipated losses and guarantee that overall costs are kept in check. The organization’s risk tolerance will inevitably decrease as a result of the combination of insurance and risk control/loss management lowering the actual cost of hazard losses. The organization’s risk capacity will then be more readily available for opportunity investment. The variety of potential outcomes from any event is reduced via control management. Internal auditors’ well-established methods of internal financial control serve as the foundation for control management. The major goal is to lessen losses brought on by ineffective control management while also narrowing the range of potential outcomes. This is the contribution internal control should make to an organization’s overall risk management strategy. The goal of opportunity management is to increase the likelihood and importance of favorable outcomes. The company should consider opportunities to boost sales of the good or service as part of its opportunity management strategy (Figure 2.11).

Figure 2.10. Insurance. Source: https://www.researchgate.net/publication/268259388/figure/fig3/AS:6 69396536131584@1536607979033/The-major-players-in-insurance-business. png.

本书版权归Arcler所有

Fundamentals of Risk Management

51

Figure 2.11. Opportunity management strategy. Source: http://wiki.doing-projects.org/images/f/f1/Pyramid.png.

Opportunity management should make it easier to give better value for money in not-for-profit organizations. The most crucial thing to stress is how critical it is to have top management’s backing and, preferably, a board member’s sponsorship. A plan for implementation is also required to address the doubts of the workforce and other stakeholders. Although risk management is essential to an organization’s performance, many managers might need to be convinced that the advised implementation strategy is the best one. It’s vital to remember that not all actions and responsibilities conducted by managers should be attributed to risk management by the risk manager. Even while risks are inherent in all choices, processes, procedures, and activities, not all actions inside the business will be guided by risk management (Lavastre, Gunasekaran, & Spalanzani, 2012). There are numerous risk management frameworks (Figure 2.12) and standards that have been developed by numerous businesses. It is widely accepted that a standard is a written document that provides information on both the risk management framework and process. It is mentioned in many risk management standards that risk management activities should be carried out in the context of the organization, the business environment, and the risks that the organization faces. A framework is needed to implement and assist the risk management process in order to explain and define the context. The risk management context should be taken into account when

本书版权归Arcler所有

52

Comprehensive Guide to Business Risk Management

conducting risk management activities. The risk management framework is mentioned in all of the published risk management standards, despite the fact that it is depicted in various ways. The acronym risk, architecture, strategy, and protocols (RASP) has been created in order to give a clear description of the extent of the risk management framework (Nel & Jooste, 2016). For risk management efforts to be successful, these three-risk architecture, strategy, and protocols elements must be present. Prior to defining the framework that supports the risk management process, there must be a clear understanding of the process itself. The risk management framework must make it easier for people to communicate and exchange information about risks in order to implement and support the risk management process. Two distinct factors are taken into account in the risk management framework. It must, first and foremost, support the risk management process and, second, make sure that the process’ outputs are shared within the business and result in the benefits that the organization expects. An organization would need to build up a framework that encompasses the structure, responsibilities, administration, reporting, and communication components of risk management if it chooses to adhere to the IRM risk management standard (Raz & Hillson, 2005) (Figure 2.13).

Figure 2.12. Risk management frameworks. Source: https://upload.wikimedia.org/wikipedia/commons/thumb/4/47/Risk_ Management_Framework.svg/779px-Risk_Management_Framework.svg.png.

本书版权归Arcler所有

Fundamentals of Risk Management

53

Figure 2.13. IRM risk management standard. Source: https://www.researchgate.net/profile/Barbara-Adams-3/publication/235184165/figure/fig4/AS:393539851702279@1470838620383/Examples-of-the-drivers-of-key-risks-AIRMIC-ALARM-IRM-2002-p-3_W640.jpg.

2.9. RISK CRITERIA The determination of risk appetite or risk criteria (Figure 2.14) is a crucial factor to take into account in the context of risk management (Mishra, Raut, Narkhede, Gardas, & Priyadarshinee, 2018). This will assist the organization in determining the controls that need to be implemented and whether the existing or residual level of risk is acceptable. The context of risk management should also offer a way to determine the whole total risk exposure so that it may be related with the organization’s risk tolerance capacity. The internal context includes the organizational culture, the resources available, receiving the outputs of the risk management process and making sure that they have an impact on behaviors, as well as assisting in the governance of

本书版权归Arcler所有

54

Comprehensive Guide to Business Risk Management

risk and risk management. A good risk management strategy is built around an effective and dynamic risk register. The risk register, however, runs the risk of turning into a static record of the current state of risk management operations. This has the practical repercussions that senior management may believe their risk management responsibilities have been satisfied by attending a risk assessment session and creating a risk register, and no further measures are necessary. It is preferable to think of the risk register as a risk action plan that offers a record of the key controls that are already in place as well as the specifics of any additional controls that need to be implemented, as well as the state of the organization with regard to risk management. It shall be made clear who is responsible for carrying out the suggested steps when creating such a risk action plan.

Figure 2.14. Risk criteria. Source: https://international.gc.ca/world-monde/assets/images/funding-financement/criteria-en.gif.

The organization’s intranet may host the data contained in the risk register, which will aid in communicating and understanding risks. In some businesses, the risk register is designated as a restricted record that internal audit can utilize as one of the primary sources of reference while conducting an audit of risk management practices. Even in the event that this is not the case, the data included in the risk register should be extremely

本书版权归Arcler所有

Fundamentals of Risk Management

55

thoroughly thought out and assembled. To accurately identify the origin, source, occurrence, magnitude, and impact of any risk event, for instance, the risks included in the register must be precisely described. Additionally, all proposed additional controls must be defined in detail and their proposed additions must be accurately noted. For the controls to be auditable, risk control procedures should be documented in sufficient depth. This is crucial when the risk register has to do with the organization’s regular business operations. Additionally, risk registers for projects and to support strategic choices should be created. An extremely dynamic document is required for a project risk register. At each project review meeting, specifics of the project’s risks, as listed in the risk register, should be discussed. Risk registers must assist business decisions in addition to being pertinent to projects. In this situation, a risk register’s exact format could be less formal (Ghasemzadeh & Archer, 2000). The risk analysis of the proposed strategy should be included when a board-level strategic decision needs to be made. The hazards of implementing the strategy and an analysis of the risks posed by not implementing the suggested strategy could both be included in this risk assessment. There have been significant advancements in risk management techniques during the past few years. First, specialized disciplines of risk management, such as project, energy, financial, operational, and clinical risk management, have emerged. Second, firms have accepted the ambition to approach risk management from a wider perspective. This larger strategy has been referred to by a number of names, including holistic, integrated, strategic, and ERM. The most popular and widely accepted nomenclature for this broader approach is enterprise or ERM. Moving away from risk management as the discrete management of specific risks is the primary principle of the ERM approach. ERM adopts a unified, more comprehensive, and integrated methodology. An organization that uses the ERM approach examines all of the risks that it faces in all of its operations. The control of risks that could have an influence on an organization’s goals, critical dependencies, or fundamental activities is the focus of enterprise risk management (ERM). Along with managing control and hazard risks, ERM is also concerned with managing opportunities. The fact that many hazards are interconnected and that conventional risk management ignores the relationship between risks has also been taken into account. The ERM technique uses the possibility of two or more risks having an impact on the same activity or objective to determine the link between risks. The ERM strategy is centered on analyzing all of the risks that could have an influence on the target, critical reliance,

本书版权归Arcler所有

56

Comprehensive Guide to Business Risk Management

or core process (Soltanizadeh, Abdul, Mottaghi, & Wan, 2016). Risk management is a practice that organizations use in many different ways. But most of these approaches have a lot of characteristics. The characteristics of enterprise risk management are compared to the silo-based strategy, in which risk management tools and procedures are applied to various risk types separately. In most firms, enterprise risk management is now the standard method for carrying out risk management tasks. In order to take coordinated action to control these risks, the organization is able to have a comprehensive picture of all the hazards it confronts. However, specialized risk management activities like business continuity and health and safety continue to be important.

2.10. ERM Consider a sports club as an illustration of the ERM strategy, where the main objective is to increase game attendance. This process contains a number of steps, including marketing, promotion, the distribution, and sale of tickets, as well as logistical planning to make sure that fans have the best possible experience during the game. Making sure there are sufficient parking and transportation options, together with acceptable catering and other welfare preparations in the stadium, will help maximize attendance at sporting events. The treasury function and the specialized knowledge of hedging against the price of a barrel of oil are frequently used in energy sector ERM. Several energy companies have built quite sizable departments in this field of financial risk management. However, the management of treasury risks continues to be intimately linked to the practice of ERM in energy businesses. The regulatory environment is one of the factors influencing risk management in the finance industry. Banks have been subject to Basel II for a while, and they are getting ready to adopt Basel III standards by that year. The Solvency II Directive will soon impose comparable restrictions on the European insurance industry (Gatzert & Wesker, 2012). Financial institutions are obligated as a result to assess their operational risk exposure. The ability to estimate the capital that needs to be held in reserve to meet the effects of the identified risks materializing is the result of ORM efforts in financial institutions. These ORM operations have the effect of improving risk identification and management, which lowers the capital needed to cover the repercussions of the risks materializing. The ERM technique can be considered as having a specific use in ORM inside financial firms.

本书版权归Arcler所有

Fundamentals of Risk Management

57

A good risk effort is destined to develop and become more complex, just like any management program that is in-built into how the business functions. Histrionic changes have occurred in the field of risk management, particularly over the last 10 years. Additionally, there has been significant integration of risk management needs into corporate governance. During that period, numerous new risk management innovations have emerged. Risk management practitioners used to refer to integrated or holistic risk management in the 1990s, but enterprise risk management is now the standard phrase for the broad application of risk management across the entire company (ERM. The fact that the field of risk management is continually evolving and adapting to new situations can be considered as advantageous in many ways. However, there is a chance that risk management professionals will be perceived as conveying a message that is inconsistent since it is constantly changing. This is not to imply that risk management should become a static discipline, but it is crucial to keep in mind that senior board members will grow confused and lose interest if the premise on which risk management analysis and advice is provided is changed. The global financial crisis and the part risk management played in its emergence must be acknowledged in any analysis of how risk management has evolved (Fidrmuc & Korhonen, 2010). Organizations must take calculated risks, and the failures that contributed to the global financial crisis were due to poor risk management implementation rather than poor risk management in general. Without a doubt, taking on too much risk can be improper and lead to the failure of the entire firm. However, many organizations have found that they almost always manage to get away with it or survive. It is not intended to prevent all audacious strategic decisions from being made in light of a thorough grasp of the level of risk contained in the organization. An organization should not refrain from pursuing a high-risk plan due to risk awareness, but decisions will be made fully cognizant of the dangers involved. Businesses should keep looking for chances and occasionally admit when one looks particularly risky but is actually quite good. The company may still be interested in pursuing that risky course of action, but the next phase of the conversation should center on how to manage the risks so that they stay within the organization’s risk tolerance and how to measure the risks so that the board is always aware of the actual risk exposure. It is incorrect to say that risk management fell short during the global financial crisis. It indicates a failure to correctly and fully implement risk management practices. When a company is risk-averse, there is less room to classify

本书版权归Arcler所有

58

Comprehensive Guide to Business Risk Management

hazards as high likelihood/high impact, which reduces the spectrum of risks that the board will examine. In other words, the organization’s risk space is extremely constrained and will not include hazards that require the board’s attention. Being risk aggressive for a company, however, is not intrinsically wrong. A risk-aggressive firm will have a greater need to evaluate risk assessments, question the scope and outcomes of risk analysis activities, and make sure that a highly dynamic approach to risk management is maintained constantly and at all organizational levels. Other difficult problems for risk management exist in addition to the doubts about risk management sparked by the global financial crisis. The ideas of risk appetite and the upside of risk are helpful ones, but additional research is needed before their definitions and their implementation can ensure advantages. An organization should determine if the risks should be handled as hazard, control, or opportunity risks while trying to manage these rising risks. Many of these new hazards could either be dangers to the business or chances for growth in the future, contingent on the actions of the organization. In some circumstances, the new risks will only add to the existing uncertainties that need to be addressed. The pace at which new threats can materialize is a crucial factor to take into account. Risk development and change velocity is a term used by some risk management professionals (Power, 2004). Nanotechnology is a prime illustration of an emerging risk. In order to increase the efficacy of esthetic treatment for skin disorders, nanotechnology is widely used in the medical and, to some extent, cosmetics industries. The adoption of mobile phones is another excellent illustration. Although mobile phones are now widely used, technology has advanced significantly in the last 25 years. Around 25 years ago, mobile phone signals were substantially stronger (Henderson, Kotz, & Abyzov, 2004). Therefore, if any health complaints start to surface about the use of mobile phones, these health impacts are probably related to the outdated technology. Determining whether any health risks no longer exist due to changes in technology or whether they are still extant and will turn out to be equally related to current technology will create substantial hurdles. Practitioners of risk management are conscious of the significant contribution their field makes and that risk management operations should be included with other management activities. There is always a chance that risk management and auditing efforts will combine in some circumstances, turning these three lines of defense into only two.

本书版权归Arcler所有

Fundamentals of Risk Management

59

2.11. OPERATIONS Instead of approaching risk management operations as a separate management function requiring a separate set of management information, firms must integrate risk activities across the board. Perhaps this is one of the main drawbacks of the risk register’s widespread adoption in many organizations. The risk register represents a snapshot of the organization’s risk management operations, but there is a risk that it is not continuously examined. The risk register is frequently a static record that offers little resistance to organizational management. Perhaps the era of the risk register is over, and businesses should instead integrate risk assessment, risk recording, and risk action plans into the management data that is utilized to run their operations on a daily basis. In conclusion, maintaining risk management operations that are appropriate, aligned, comprehensive, entrenched, and dynamic is a challenge for risk managers and risk management. However, as boards, executive management, managers, and staff become more aware with the theory and practice of risk management, the difficulties of achieving this are growing. Management reforms frequently come and go. A particular strategy temporarily gains popularity before going out of style. Since risk management practices are already required in many industries, it is unlikely that this would ever happen to risk management. The global financial crisis has also prompted a thorough review of the advantages that risk management can provide and how these advantages can be realized.

本书版权归Arcler所有

本书版权归Arcler所有

3

CHAPTER

INTEGRATED RISK MANAGEMENT

CONTENTS

本书版权归Arcler所有

3.1. Introduction ...................................................................................... 62 3.2. Techniques ........................................................................................ 63 3.3. Operational Risk ............................................................................... 64 3.4. Foreign Exchange.............................................................................. 65 3.5. Analysis ............................................................................................ 67 3.6. Classification .................................................................................... 68 3.7. Risk Elements.................................................................................... 68 3.8. Structure ........................................................................................... 70 3.9. Information ....................................................................................... 74 3.10. Problems ........................................................................................ 81 3.11. Cash Flow....................................................................................... 84

62

Comprehensive Guide to Business Risk Management

3.1. INTRODUCTION Risk has intensified as a result of the quickening company pace. The way businesses engage has undergone significant changes as a result of new technologies and commercial strategies (Miller, 1992). While using information technology more frequently has increased productivity, it has also added new sources of complexity and uncertainty. Value chains are more streamlined and reliant on the meticulously planned coordination of a vast network of supply chain partners. Shorter product life cycles and quick product uselessness are commonplace in many sectors. Because business operations have gotten more automated, minor issues can quickly get out of hand without adequate monitoring and management. In addition to increasing a company’s reliance on outside parties, increased outsourcing has also made it more challenging to identify risk events and take appropriate action. The implications of ineffective risk management have also gotten worse. Because of how intertwined today’s value chains are, even a minor error made by one party might affect several other trading partners (Miller, 1992) (Figure 3.1).

Figure 3.1. Integrated risk management. Source: https://www.researchgate.net/profile/Bijan-Khazai/publication/291312102/figure/fig2/AS:614348313604096@1523483460033/Components-of-the-framework-for-integrated-risk-management-Cardona-2010-Carreno-et-al_W640.jpg.

本书版权归Arcler所有

Integrated Risk Management

63

Equivalently harsh are the equities markets. Even for well-managed companies, missing financial targets can cause sharp drops in market value. Businesses have hitherto been unable to manage risk in an integrated way. The lack of a standardized set of risk measurements makes it difficult to assess and manage risk across organizational boundaries, and many risks are only managed at the corporate level. Risk factor interactions and potential correlations are frequently disregarded. Due to this, it is challenging for businesses to comprehend their overall risk exposure, let alone monitor, manage, or control it.

3.2. TECHNIQUES A technique for managing risks comprehensively and tightly binding risk management to a company’s financial and economic goals is enterprise risk management. It starts by establishing the firm’s appetite for risk on a strategic level. Using a uniform framework for measurement, monitoring, and control, risk issues influencing the company are addressed. Across business divisions, functions, and risk sources, risk is managed in an integrated manner. Programs for corporate risk management are becoming more popular among executives. Market risk, credit risk, operational risk, and business risk are just a few of the hazards that businesses must deal with. Market risk is the degree of uncertainty brought on by shifts in the value of financial or nonfinancial assets (Linsmeier, Thornton, Venkatachalam, & Welker, 2002). Changes in foreign exchange rates, for instance, can significantly affect both the income statement and the balance sheet when a company operates in different nations. Changes in interest rates can have an impact on a company’s interest costs, loan portfolio value, and market value of its debt. Price fluctuations (Figure 3.2) for commodities like steel and copper can have an impact on the price of things sold, while price variations for commodities like heating oil and electricity can have an impact on the cost of maintaining factories and office buildings. The possibility that parties to whom a company has granted credit may not meet their obligations is known as credit risk. Customer defaults or missed payments from customers can have different effects on a business. These can range from short-term changes in liquidity to downgrades in ratings or even bankruptcy. Although it might seem that financial services companies should be primarily concerned with credit risk, this is not the case. A strong credit concentration in a high-risk customer group can occasionally have serious financial ramifications, even

本书版权归Arcler所有

64

Comprehensive Guide to Business Risk Management

for industrial enterprises, as recent experience in the telecommunications and computer industries has demonstrated.

Figure 3.2. Price fluctuations. Source: https://www.new.treasury-management.com/wp-content/uploads/2020/09/TMI187-P19-24-Validus-1no.jpg.

3.3. OPERATIONAL RISK Operational risk is the term for risks brought on by how a company conducts its operations. It encompasses the dangers of technical breakdowns, financial losses brought on by processing mistakes, and quality and cost issues resulting from production mistakes. It also covers losses brought on by human mistake, including fraud, poor management, and ineffective supervision and monitoring of activities (Coleman, 2011). Uncertainty related to important business drivers is the root source of business risk. Business risks can be the most challenging to handle since they have a tendency to be more strategic than other risks. The general status of the economy, changes in customer demand, interruptions in supply, rivals’ competitive actions, technology change, legal liabilities, and regulatory changes are all examples of business risk factors. It is crucial to analyze and manage risk in an integrated, global manner for a number of reasons. Understanding interaction effects is challenging when risk factors are examined separately. Because businesses may needlessly hedge some risks that are actually mitigated by others, this can raise risk management expenses. A dispersed approach to risk management makes it more likely to overlook significant threats. Otherwise,

本书版权归Arcler所有

Integrated Risk Management

65

risk mitigation efforts can just create new hazards or move the risk to areas of the company that are less obvious. Additionally, failing to take into account risk interactions might lead businesses to drastically overestimate their risk exposures. For instance, the sharp reduction in capital expenditures by telecom companies a few years ago created risk for producers of telecom equipment on a number of fronts. As demand for their products became increasingly unpredictable, manufacturers faced significant business risk. They were exposed to higher credit risk. High-flying consumers were given loans whose credit quality quickly declined since many of them were on the verge of default (Taskinsoy, 2013). As stock valuations for recent strategic purchases plummeted, triggering multibillion-dollar write-offs, they also faced heightened market risk.

3.4. FOREIGN EXCHANGE Historically, managing exposures to foreign exchange fluctuations (Figure 3.3), changes in interest rates, credit downgrades, and the risks of catastrophes like fires, earthquakes, and liability claims were under the purview of the corporate treasury function (Dreher & Vaubel, 2009). Corporate treasurers now have a growing but well-defined range of risk management tools and strategies at their disposal. Business hazards, however, are more challenging to control. Managers frequently have to be content with qualitative assessments of risk based on little more than intuition because they might be challenging to quantify. Company hazards can be challenging to identify and characterize due to their intricate relationships with business operations. There are less well-defined risk management tools and strategies than there are for financial risk. Businesses often handle business risk on an as-needed basis. Anywhere along the extended value chain of an organization is susceptible to business hazards. They influence all business processes within a company and are also influenced by them. Between the time a new product is conceptualized and when it actually reaches the end of its useful life, good risk management can play a significant role in enhancing business success. There is a chance that two key changes may change how businesses manage risk along their extended value chains. Increased financial innovation is the first. New products are starting to appear in the traditional insurance and financial derivatives markets that help businesses manage risks including sensitivity to weather fluctuations, bandwidth costs, and energy expenses. In order to transfer risks in a way that appeals to a wide range of investors, the financial markets have evolved creative methods. Additionally, there

本书版权归Arcler所有

66

Comprehensive Guide to Business Risk Management

are greater options for supplier diversification due to the increased use of auctions and spot markets. Additionally, it increases price transparency for a variety of goods and services (Hanna, Lemon, & Smith, 2019). Firms will find it simpler to quantify a wide range of risk factors as a result. The development of new risk management products will also be influenced by it.

Figure 3.3. Foreign exchange fluctuations. Source: https://d3i71xaburhd42.cloudfront.net/aa4b14b52817bef28e758e9ade 5879c5b1344a62/14-Figure1-1.png.

Access to corporate information is now easier, which is the second important shift. Businesses now have unparalleled access to fairly standardized information because of the widespread deployment of enterprise-level software packages to assist corporate operations like enterprise resource planning (ERP) and supply chain management. Both within the company and amongst partners in the value chain, these systems are becoming more tightly connected. Businesses will be in a position where they can see their supply chains from beginning to end, from the early stages of product design through after-market service. They will be able to notice risk occurrences earlier and respond more skillfully as a result. The implementation of new business procedures and organizational controls may be necessary to address

本书版权归Arcler所有

Integrated Risk Management

67

other risk categories. For this, a company needs to assess the level of risk that may be accepted and then modify its business strategies or financial risk management programs accordingly. This procedure might involve shifting some or all of the risk to a third party, either through the use of financial derivatives or insurance, in order to reduce the exposure to risk. It could also entail passing up on specific business possibilities, quitting certain product or customer groups, or selling some business units in situations when derivatives and insurance are either unavailable or too expensive.

3.5. ANALYSIS Historical analysis has the disadvantage that important risk events are frequently rare, which is a downside (Bucheli & Salvaj, 2018). By integrating in the analysis events affecting other organizations with comparable business characteristics, this challenge can be at least partially overcome. Another issue with historical analysis is that, by its very nature, it can only pinpoint risk variables that have already led to problems. This raises the likelihood that significant risk factors, particularly those connected to shifting technological, commercial, or industry dynamics, would go unnoticed. Risks can also be discovered through process mapping. This method starts by developing a business process map, a graphic representation of business workflows for various company tasks that resembles a flowchart. Process maps are thorough because they give a complete picture of the business or value chain processes that are being examined. Each step on the map describes a specific business process, offering information about its goal, method of execution, personnel involved, and potential pitfalls. Following completion, the process map is examined for control openings, potential weak points, and vulnerabilities. Risks that might develop during meetings between departments or organizations are given particular consideration. The analysis looks for missing control procedures that are not depicted on the process map, such as a missing approval process. Additionally, it searches for steps where poorly defined tasks or responsibilities could result in mistakes in processing or a loss of control. Process mapping is especially helpful for locating risks related to subpar execution. Process mapping, as opposed to historical research, can spot risks with a significant potential impact before a loss really occurs. Clarifying the expected effects of a prospective risk exposure on the organization as a whole can also be helpful.

本书版权归Arcler所有

68

Comprehensive Guide to Business Risk Management

3.6. CLASSIFICATION For recognizing particular classifications of risk, certain risk identification techniques work well. Finding operational risks and prospective risks related to value chain interactions can be done through process mapping and historical analysis. On the other hand, market risk is virtually typically examined using historical analysis. Although it might be challenging to apply for threats to intangibles like reputation, historical analysis is frequently the method of choice for evaluating the frequency and magnitude of risk events. The best method for identifying a variety of value chain risks, such as quality, quantity, and price risk, is historical analysis. And finally, scenario analysis is a flexible method for locating significant risks at the corporate level. There are several value chains hazards that merit in-depth discussion. When a company develops and produces new products, buys goods, and services from its suppliers, or sells goods and services to its clients, it is exposed to risk. Price risk, for instance, results from uncertainty regarding both the prices that a company will ultimately realize for its products in the market as well as the cost of goods and services required for production. Quantity risk, or the chance that the intended quantity of a good or service may not be offered for purchase or sale, is a related risk. Quantity risk can occasionally be very serious, as is the case when there is a supply disruption. In other circumstances, it is just the outcome of typical supply unpredictability. Inventories of raw materials and component parts, products in the manufacturing pipeline, and inventory retained to satisfy expected consumer demand all present quantity risk to businesses (Christopher & Peck, 1997). The danger connected to having too much or too little inventory is sometimes referred to as inventory risk. A company that has too much inventory may be vulnerable to product or pricing changes that lower the value of its inventory. Contrarily, a company may be unable to satisfy client demand if there is a scarcity of inventory.

3.7. RISK ELEMENTS Risk elements (Figure 3.4) like quality risk and complexity risk have an impact on a wide range of business activities. The risk connected to variation in quality, dependability, or execution is known as quality risk (Houston, Peters, & Pratt, 1999). Both the products and services that a company produces or sells as well as the ones that are purchased might be subject to quality risk. It can be utilized for a wide range of value chain processes, such as design, logistics, and customer service. Similar to this, complexity

本书版权归Arcler所有

Integrated Risk Management

69

risk is caused by complicated products, complex supply chains, or corporate processes. Understanding which business processes, they impact is crucial when describing value chain risks. Risk issues for value chains frequently have a wide influence. Quantity risk, for instance, has an impact on practically the whole value chain. Parts shortages have an influence on procurement because management is focused on finding other sources of supply and negotiating more capacity with new suppliers. Production is also hampered by part shortages, which briefly reduce utilization. They may decrease productivity, particularly if regular operations are suspended to meet accelerated deadlines for impacted products. Along with lowering income and harming a company’s reputation, input shortages can prohibit businesses from satisfying client demand. The need for quicker shipping may result in higher logistics costs and complexity. Even after-market support and service may be impacted by supply constraints, which may restrict the supply of replacement parts. Some hazards spread along the value chain in a generally well-behaved way, maintaining a fairly steady impact on value chain participants. Other dangers behave differently. Their impact increases as they progress up the value chain, often with disastrous results. Price risk is one value chain risk that generally behaves well.

Figure 3.4. Risk elements.

Source: https://www.cloudapper.com/wp-content/uploads/2020/07/nine-elements-in-a-hipaa-risk-analysis-hipaa-ready.png.

本书版权归Arcler所有

70

Comprehensive Guide to Business Risk Management

Now think about how risk is increased when a defect in a malfunctioning semiconductor device is discovered at various points throughout the value chain (Hofer, Leitner, Lewitschnig, & Nowak, 2017). The loss will be relatively minor, or about the device’s price, if the issue is found at the time of purchase. However, the impact would be higher if the issue is discovered only after the device has been mounted on a printed circuit board since either the circuit board will need to be reworked or trashed. If the flaw goes unnoticed and the circuit board is installed in a high-end computer, the effect will be even more severe. Field repairs are expensive, and equipment breakdowns might put the owner of the device in a difficult financial situation. The expenses to the computer manufacturer may rise dramatically if the flaw is not a single incident, which could sometimes result in harm to the company’s reputation and brand. Supply risk is another instance of nonlinear risk propagation. A scarcity of even one component can stop the manufacture of a complete product that is made up of many different parts. This may result in circumstances when a cheap, little component effectively halts manufacturing. Such shortages can result in revenue losses that are orders of magnitude greater than the cost of the limited portion.

3.8. STRUCTURE Ensuring that a company’s organizational structure is suitable for the risks it faces is one of the first stages in building an efficient risk management program (Zaridis & Mousiolis, 2014). This entails a number of actions, such as identifying the company’s risk objectives, outlining the senior management position, setting up efficient monitoring methods, and developing a set of suitable internal controls. In order to develop a successful risk management program, senior managers are crucial. They are in charge of outlining the risks the company is willing to accept and its tolerance for risk. They ensure that the company has the resources and expertise it needs to support its risk management plan. Senior management determines suitable roles and duties for individuals either directly or indirectly involved in risk management by developing an appropriate organizational structure. Additionally, many nonfinancial companies are using similar strategies. An integrated framework for risk measuring and management is one of the crucial mechanisms that must be put into place. In order for a company to effectively monitor and manage its overall risk exposure, it is essential to build methods for measuring and reporting various forms of risk as part of this process. To give a means of staying up to date on industry best practices, businesses must also set up risk assessment and audit systems in conjunction with a benchmarking process.

本书版权归Arcler所有

Integrated Risk Management

71

Three major categories can be used to categorize the essential tools and resources needed for effective risk management: policies, procedures, and infrastructure. They assist in the measurement, monitoring, reporting, regulating, and minimizing of risk, among other risk management activities. Risk management strategies are defined and put into action by risk management policies in a variety of ways. They provide guidelines for assessing the trade-off between risk and return in the context of the firm’s overall business objectives and, at a high level, define a firm’s tolerance for risk. Guidelines are provided by disclosure policies to assist top managers in recognizing and disclosing the risks that are present in their organizations. Disclosure policies outline the appropriate internal controls, including selfmanagement, that must be implemented and clearly lay out the roles and responsibilities for each business unit. A company can manage uncommon conditions and keep the business running efficiently when disaster hits with the help of specific rules. A continuity of business policy outlines a series of operational steps for handling problematic situations. It offers suggestions for how to react in emergency situations and details backup plans, risk monitoring strategies, and steps to resume operations after a disruption. Risk characterization, risk modeling, and risk valuation are just a few of the many risk management activities that can be supported by a variety of frameworks, models, tools, and analytics that make up risk management approaches. Methodologies give principles and techniques for evaluating various forms of risk as well as for building and validating models. They go beyond the basic mechanics of risk analysis. Capital planning and the evaluation of strategic acquisitions both require valuation procedures (Adams, Bourne, & Neely, 2004). They also offer crucial information when negotiating and structuring contracts for outsourcing, strategic partnerships, and joint ventures. A thorough set of risk management procedures aids a company in regularly taking risk into account when making decisions, especially when calculating risk-adjusted returns for specific projects and divisions and when modifying performance metrics to take risk into account. The operating leverage of a company can be significantly impacted by a number of value chain decisions. Increased fixed costs and risk result from investments in highly automated manufacturing and distribution infrastructure. Operating leverage is impacted by outsourcing agreements, with the degree of the change depending on how the deal is set up. If planned payments to the provider simply replace the fixed expenses of companyowned warehouses, a long-term contract to outsource warehousing to a third-party logistics provider would have little impact on a firm’s operating

本书版权归Arcler所有

72

Comprehensive Guide to Business Risk Management

leverage. On the other side, if contractual volume commitments are modest, a manufacturing outsourcing deal to a contract manufacturer can significantly reduce operating leverage. Strategic alliances and joint ventures frequently require shared financial obligations, which can impair operating leverage (Walters, Peters, & Dess, 1994). A company’s risk profile can be significantly impacted by the way it arranges its supplier and customer contracts. Take-orpay supply contracts and other contracts with volume commitments improve operating leverage by raising fixed costs. Through diversity, a business can also proactively control risk. Financial diversification is utilized to lower the risk in financial asset portfolios. It is predicated on the idea that because different securities are vulnerable to various risk factors, movements in the prices of securities such as stocks and bonds do not move precisely in tandem. Price movements typically cancel out in portfolios made up of stocks and bonds that move in opposing directions, lowering portfolio volatility. At both the strategic and tactical levels, operational diversity can be broadly applied to a range of business operations. Businesses can diversify by purchasing new companies in unrelated industries, focusing on various market segments, expanding their product lines, and selling to various consumer segments and geographical markets. For the purpose of efficiently managing financial asset portfolios, finance theory has produced a vast array of management strategies. Operational hedges can also be built in other configurations. By carefully balancing supply and demand, the process of managing supply and demand can be enhanced, making financial performance less susceptible to various value chain risks (Boyabatli & Toktay, 2004). The method can also be used to manage contracts and balance investments in manufacturing capacity with spending in sales and marketing efforts. Restructuring the value chain is another method that businesses may use to lower risk. Restructuring enhances a company’s extended value chain’s efficiency by eliminating or combining unnecessary or ineffective phases. By getting rid of middlemen, streamlining corporate procedures, or providing novel forms of connection between value chain participants, it does this. The use of middleware to assist business process integration as well as online marketplaces and collaboration networks to conduct transactions and exchange information are some of the new value chain restructuring strategies that have been raised in recent years because of information technologies. There are many ways value chain reorganization can lower risk. A shorter value chain ensures that products are processed more quickly and are therefore exposed to less risk (Macher, Mowery, & Simcoe, 2002). This is crucial for fashion and technology

本书版权归Arcler所有

Integrated Risk Management

73

products in particular because every extra minute in the supply chain raises the possibility of price drops. Since uncertainty tends to grow over time, the longer it takes for a product to reach its intended consumer, the greater the risk. Value chain restructuring lowers risk by simplifying the value chain. As a result, it is simpler to coordinate operations with suppliers, which helps to eliminate execution errors and lower supply risk. An organization has fewer middlemen between it and its end clients, which gives the company quicker access to information regarding changes in supply and demand. Thus, inventory and manufacturing resources can be used more effectively. Risk can also be decreased by altering the way value chain interactions function. This frequently has the effect of changing information flows and incentives. Without physically shortening the value chain, cooperative business models like vendor-managed inventory (VMI), for instance, give suppliers improved inventory visibility. The provider nevertheless continues to get more precise and timely information regarding client demand. Since eliminating one type of risk might also introduce others, many of these decisions involve trade-offs. It is necessary to implement methods, metrics, and procedures for controlling and mitigating operational risk in order to develop integrated risk management systems that connect strategy, planning, and execution. Operational risk management (ORM) is to reduce business interruptions, enhance crisis response, and limit the negative effects of risky events. This is achieved by incorporating various types of risk management capabilities into operational processes. They can be used as a guide for developing information systems that track and react to dangerous supply chain occurrences. They also offer a useful set of metrics for monitoring and tracking operational risks and outline a hierarchical method for determining risk limits that may be used in a production scenario. The first step in ORM is figuring out how much risk a company is willing to take. The amount of money the company is willing to lose as a result of risky actions is used to define this. A firm’s overall financial goals, including its profit and sales ambitions, are taken into consideration when determining acceptable losses because a firm’s potential for profit depends on its appetite for risk. At the business unit level, where business managers have the power to influence and control risk, risk limits are created once acceptable risk levels have been determined for the company as a whole. The value at risk is frequently used to indicate risk limitations, with different time periods having differing acceptable loss thresholds. The process of establishing these restrictions often include assessing the unit’s operations and how well they align with the firm’s overall risk appetite. It takes some skill to strike the right balance when

本书版权归Arcler所有

74

Comprehensive Guide to Business Risk Management

establishing restrictions. The goal is to manage business unit risk without imposing limitations that needlessly restrict flexibility. If risk limitations are set too low, the business unit may be unable to reach its overall revenue and profit goals (Hawtin, 2003).

3.9. INFORMATION Information in plenty is necessary for effective risk management. Systems collect data directly from business operations in order to enable the necessary management controls and conduct risk analysis (Woo, 1987). The risk management process can be organized so that hazards can be controlled collectively by adopting a modular approach. This enables multitasking, allowing various organizational units to successfully coordinate their risk management operations. An ideal ORM system would also have ways to record and organize organizational risk learning. Continuous monitoring of hazards as well as the program’s efficacy is necessary for effective ORM (Panisello & Quantick, 2001). Losses avoided, opportunities taken advantage of, the pace at which new products are introduced, management comfort level, control efficacy, and overall company risk-return profile are among the metrics used to measure program effectiveness. Programs for minimizing operational risk can provide a capacity for handling company emergencies. These include methods for dealing with extreme circumstances as well as backup systems. They want to provide quick crisis resolution while striking a balance between risk management and business flexibility. Foreign exchange, interest rates, equity prices, and commodity prices are just a few of the many market risks that companies have historically used the financial markets to manage. New derivatives products have arisen as financial engineering approaches have advanced to protect against a wide range of new hazards. Some of these goods are standardized, while others are extremely adaptable to the unique requirements of a certain party. Moving risk from one party to another is the main focus of financial risk management. In a business situation, a company frequently looks to offload some or all of its risk to a third party, such as a bank, an insurance provider, a trader, or an investor. Transferring risk does not automatically make it safer. A company will occasionally genuinely take on more risk as part of its financial management strategy. Instead of just switching from one type of risk to another, a company may choose to maintain a steady level of overall risk exposure.

本书版权归Arcler所有

Integrated Risk Management

75

A firm should take into account a variety of variables when determining whether it makes sense to use by-products to hedge a certain risk. The first is how the risk factor will probably affect the company. It probably doesn’t make sense to hedge if prices for a certain risk factor are not extremely volatile, or if a firm’s profitability or market value is not particularly sensitive to fluctuations in the risk factor. Despite the fact that a firm’s costs may be highly sensitive to changes in the price of a certain component or commodity, hedging is not always necessary. Hedge may not be necessary, for instance, if a company can pass on price increases for purchased components to its clients. Hedging may be necessary if a company must maintain sizable stocks of a part or commodity since doing so exposes it to risk. The chance of being able to build an efficient hedge is another aspect to take into account. The risk that a corporation faces may not always be precisely offset by the risk management tools deployed. This might occur, for instance, if an electronics company buys a unique kind of gold for electrical interconnects. It’s possible that the price it pays its gold manufacturer does not exactly correspond to the price of gold traded on a commodities exchange. This introduces basis risk, which is the discrepancy between price movements in the hedging instrument and those in the asset being hedged. Hedges that are ineffective have two main drawbacks. First, if basis risk is high, hedging is no longer helpful and may even make riskier situations worse. Furthermore, for financial accounting purposes, ineffective hedges might not be eligible for hedge accounting treatment. When this is the case, the asset being hedged and the hedging instrument offsetting price changes may be reported at various periods. Even if cash flows are actually less unpredictable from an economic standpoint, this might have the impact of raising the volatility in reported profitability. Businesses must also take into account the costs of hedging. Transacting can be expensive, especially when using alternatives. Furthermore, it can frequently be challenging to fully comprehend all of the expenses connected with financially managing risk (Bode, Hübner, & Wagner, 2014). This increases the chance of experiencing substantial unforeseen losses if certain unwanted circumstances take place. It could occasionally be challenging to obtain a reasonable price for derivatives. This is not the case with commonly traded over-the-counter securities like forward contracts and foreign exchange options, as well as exchange-traded derivatives. Prices for customized derivatives items, however, are notoriously challenging to model. This might make it challenging to judge whether a price being offered is reasonable, especially given how challenging it can be to

本书版权归Arcler所有

76

Comprehensive Guide to Business Risk Management

compare prices on highly customized products. The strategic ramifications of a company’s risk management efforts must also be taken into account. The expense of hedging with options may leave little room for profit in low-margin companies. Using forward contracts to lock in the prices of purchased components may help a company reduce cost uncertainty, but it may also increase earnings uncertainty. For instance, if DRAM prices drop significantly, a personal computer manufacturer that uses DRAM swaps to fix the price of its computer memory purchases would find that its pricing structure is no longer competitive. While the company must continue to pay the higher fixed price set under the swaps contract, competitors will benefit from purchasing at low market prices. The nature and conditions of supply contracts frequently contain characteristics that cause them to behave quite similarly to financial derivatives. Examples include pricing that is based on the price of commodities and pricing that is fixed to a certain foreign currency. Risk is successfully transferred across value chain participants via embedded derivatives, such as between suppliers and their buyers. There are various ways to profit from embedded derivatives. Since the amount of risk transmitted varies according to the actual quantity of products or services purchased through the contract, they frequently offer a particularly strong hedge. They are occasionally overpriced as well. This gives one value chain partner the chance to transfer risk more affordable than they could with conventional financial derivatives. The introduction of new risk management solutions that can be used to hedge risks closely associated with a firm’s operating earnings is an intriguing trend. As an illustration, consider weather derivatives, which are financial products whose returns are based on variations in local temperature. Electricity, telecommunications bandwidth, and electronic components like computer memory chips are among industries that are seeing the emergence of derivatives. As these derivatives products become more widely available, businesses will be able to manage a wider range of risks, many of which are essential to their ability to operate. The main goal of traditional insurance is to protect a company against losses. There are insurance policies available to protect against a wide range of risks, including theft, property damage, injuries, and other potential liabilities. A variety of products that insurance companies offer are loosely referred to as alternative risk transfer (ART) (Figure 3.5) products or unconventional insurance (Bode et al., 2014). These services often aim to handle substantial risks whose management necessitates specialist knowledge not offered by

本书版权归Arcler所有

Integrated Risk Management

77

noninsurance organizations. Structured transactions that provide specific accounting or tax treatment, insurance against operational risk, and defense against exposures like credit risk and weather are a few examples. These products are especially made to reduce downside risk on a firm’s income statement or balance sheet and are frequently used to address a firm’s need for capital after large business losses. A lot of ART products are a special kind of debt where payments depend on a specific occurrence. Principal or interest payments on structured debt are based on the market price of oil or another commodity. Another type of ART offering combines financing and equity. When money is tight, the issuer may choose to convert reverse convertible debt to equity in order to minimize its financial leverage. Products that restrict the amount of risk transfer include structured transactions and finite risk insurance (FRI) (Figure 3.6). Additionally, they frequently combine several risks (Baranoff & Sager, 2003).

Figure 3.5. Alternative risk transfer. Source: https://d3i71xaburhd42.cloudfront.net/387843cbffea63d7ff1a10d1c22 e4434a380264e/23-Figure1.2-1.png.

本书版权归Arcler所有

78

Comprehensive Guide to Business Risk Management

Figure 3.6. Finite risk insurance. Source: https://d3i71xaburhd42.cloudfront.net/20f18ec0b62d2f00e3dc964157 99e6c8a201c44e/8-Figure2-1.png.

A profit-sharing mechanism is frequently a part of FRI and enables expost insurance rate adjustments based on the purchasing company’s claim history. Compared to traditional insurance products, FRI has a longer term, with coverage often lasting three to five years. It might be challenging to tell financial risk management products apart from insurance. Additionally, the line separating the two is continually changing. For the financial markets to become more liquid, risk needs to be reasonably standardized. In order for diverse market players to easily exchange it, it also needs to be pretty simple to price. Insurance can be a good substitute for risks that the financial markets are unable to absorb. For instance, the financial markets have

本书版权归Arcler所有

Integrated Risk Management

79

increasingly displaced insurers as the source of weather insurance. Liquid markets for weather derivatives have swiftly emerged because weather risk can be fairly easily standardized and can be modeled using current pricing techniques. Risk management has experienced tremendous expansion and greater specialization during the last 10 years. The banking industry has been driven to develop ever-more exotic types of risk packaging and risk transfer products as a result of the maturation of the financial engineering profession. On the basis of their capacity to transfer clients’ financial risks to the capital markets, banks continue to engage in intense competition. Insurers have created unique products to secure the risk of natural disasters and safeguard against hazards like weather, cybercrime, rogue trading, and terrorism. This has led to some novelty in the insurance business. Through a variety of onshore and offshore captive insurance companies, businesses have also gotten better at self-insuring their own risks. Along with an increase in product and market specialization in risk management, risk management activities multiplied. Companies at the forefront of risk management innovation have set up their risk management function to reflect the specialized nature of their markets and products. For example, interest rate risk, foreign exchange risk, commodity price risk, credit risk, operational risk, and insurable property and casualty risk each have their own risk managers. Although the finance function consolidates the entire investment in risk management activity, the risk management decisions are often not coordinated. Companies have forgotten how hazards interact as a result of this process. Many businesses can predict how much oil they will require in the near future. For instance, an airline will be able to forecast how much jet fuel it would use over the upcoming three months. In this instance, figuring out the company’s risk exposure to oil price fluctuations is rather simple. However, it won’t be that easy for a lot of businesses. It could be challenging to determine the precise amount of a large company’s direct oil purchase. Additionally, because of how the economy as a whole may be affected by the secondary or indirect consequences of changes in the price of oil. If suppliers are negatively impacted by oil prices, the cost of items may be indirectly influenced. If customers are impacted, sales volume and price competition may also be affected. In these circumstances, a corporation must first build a financial model of earnings as a function of oil prices in order to minimize the risk of rising oil prices. It is crucial to understand that defending something of value against a knowledgeable and adaptable adversary differs significantly from defending it against natural disasters

本书版权归Arcler所有

80

Comprehensive Guide to Business Risk Management

or accidents. For instance, simply because buildings have earthquake safety features does not make an earthquake wiser or stronger. A clever and determined adversary, however, would probably change their attack tactics when a certain set of safety precautions were put in place. For instance, an adversary is likely to target a different point of entry if one point of entry into a system is safeguarded and rendered practically invulnerable. As a result, effective defense tactics must consider the intentions and actions of prospective enemies. It is crucial to consider the objectives, drives, and capabilities of the possible adversaries from whom we seek to defend our systems since defensive strategy selection must take adversary behavior into consideration. Similar to this, skilled crooks target computers to obtain personal financial advantage. Individual criminals and organized crime are further distinguished. Other attackers are more interested in obtaining information than they are in doing harm or making money for themselves. Insider threats are frequently seen as a particular area of concern among the different potential attacker characteristics. In particular, many components of an organization’s computer system may already be accessible to insiders. Insiders may also be known and trusted by others inside the business, which makes it easier for them to access (and learn about) more areas. Finally, insiders might have a wider range of offensive options than outsiders. For instance, an insider may be able to affect the life cycle of a certain product by exerting influence over developers or other people with access to the product’s development, interfering with the distribution process, and so on. In general, opportunistic attackers will typically have little or no reason to prefer one target over another and may have a wide range of targets that would be of interest to them. An opportunistic attacker is only seeking for an easy target and will switch to another if their initial target proves to be too challenging or expensive to successfully attack (Manworren, Letwat, & Daily, 2016). A successful system protection against such an attacker may only require that a single system be significantly more difficult to successfully attack than those of other similar organizations. In the same way that many computer hackers may not care specifically whose Internet firms they harm, common vandalism often falls into this category. Taxonomies of human error are directly applicable to the field of e-business security (Damanpour & Damanpour, 2001). Human mistakes in computer and information systems can lead to vulnerabilities and security breaches because of suboptimal work system variables. When it comes to e-business security, the usage of human error taxonomies can help with

本书版权归Arcler所有

Integrated Risk Management

81

both recognizing and responding to vulnerabilities and security breaches brought on by errors or accidents in computer and information systems. They also contribute to the development of stronger attack defenses. The elements of the related technological system must be integrated into the design of a work system. Lack of end-user awareness about the technical system’s components may be one issue preventing these two systems from working together. A nontechnical user may find the technical terminology of computer and information systems to be excessively challenging, resulting in a knowledge gap. It can be challenging to pinpoint end users’ primary information demands, instill technical knowledge in them through education or training, and convey the significance of this for security. Lack of enduser expertise could be an issue that causes mistakes, which then results in security lapses, vulnerabilities, and breaches. Lack of security awareness among end users is definitely tied to communication issues (D’Aubeterre, Singh, & Iyer, 2008). A technical expert’s perception of a severe security issue may differ greatly from what a non-technical end user would consider a security threat. The technical jargon used to explain security-relevant scenarios may not be known to nontechnical end users. Therefore, technical professionals may find it difficult to explain security information to nontechnical personnel due to communication obstacles. Not only should end users be informed about proper security procedures and guidelines, but avenues should also be provided for them to contact technical professionals with questions or concerns about security. Additionally, information must be delivered to end users in a way that allows them to grasp how it pertains to the business as a whole and apply it to their own job in a meaningful way. Failure to complete these communication activities may result in end-user mistakes that erode the organization’s overall security.

3.10. PROBLEMS Another difficult problem is installing software. Software design, coding, implementation, and maintenance mistakes can happen (Verdon & McGraw, 2004). Software upgrades are challenging to implement throughout the complete technical system from a technical standpoint as well. A thorough understanding of the technical system is necessary to determine whether the software installation or upgrade will fit into the system’s overall structure and to determine how the installation or upgrade will affect the system’s overall usability. Good software installation also requires being aware of security holes and patches from the security community. Technical experts

本书版权归Arcler所有

82

Comprehensive Guide to Business Risk Management

must consider not just how changes to the system will affect security but also the kinds of problems that users of the modified system will face. Safety stock is intended to address demand uncertainties during an item’s inbound lead time, or the period of time between placing an order with a supplier at the warehouse and the delivery of the products. It also covers lead time uncertainties. However, in this case, demand uncertainty will be the main topic. If the safety stock level is set too high, more resources than necessary are committed to inventory. The intended serviceability may not be achieved if, however, the safety stock level is set too low and stock runs out too frequently. The majority of inventory control software applications work by assuming that daily needs are regularly or Poisson distributed or by simply setting a fixed safety stock level to determine the level of safety stock for each product. It is essential to apply an adjusted demand distribution for every single product in order to solve this issue and enhance the accuracy of safety stock estimates, enabling accurate risk management (Medina, Muller, & Roytelman, 2010). By giving each product its own continuous demand distribution based on either historical or anticipated daily demand data. Additionally, it enables adaptive adjustment of the safety stock calculation scheme. Failures are a possibility with IT infrastructures. In terms of dependability, a failure is an occurrence that takes place when the delivered service differs from the intended service. Here, we distinguish between intentional system failures that are accidental or non-malicious and intentional system failures that are malicious. For instance, a failed disc drive falls under the first category, whereas a hacker assault falls under the second. While coping with accidental faults is something we understand very well, malicious faults still present a number of unresolved issues. Here, we’ll focus on the latter category of errors and risk management for IT security. While dynamic security risk management deals with security vulnerabilities as they arise, static security risk management addresses architectural difficulties. It is more difficult to get data for ORM and measurement than it is for credit or market risks. Given the general lack of interest in strict cost controls, banks rarely gather or store data about their internal control environment in a systematic way. As a result, designing and putting in place a suitable infrastructure to compile these loss events and indicators could be expensive and take several years to complete. Instead of only previous losses being the proof of operational risk, operational risk is a result of both the institution’s internal control environment over which it has some degree of control and the external environment. The control environment is far more of a leading

本书版权归Arcler所有

Integrated Risk Management

83

signal as to where the primary operational risks may lie in an organization than the observed losses, which are used to educate management of where the major risks are. The initial layer of the data model that is being provided here is a data gathering exercise for losses. To fully comprehend how operational risk manifests itself, one must also have a thorough awareness of the internal control environment. The loss data alone cannot provide this understanding. In addition to any qualitative characteristics that will aid in our comprehension of the inputs and outputs, some quantitative factors referred to as control environment factors and key control indicators must be established in order to model the control environment. The impact of risk is always on the downside under traditional investment analysis, whether using the net present value or any other technique based on discounted cash flows, as the presence of risk depresses the value of an investment (Guidara, Lai, Soumaré, & Tchana, 2013). Real options theory acknowledges that managerial flexibility may actively influence an organization’s level of risk, and that taking on additional risk can serve as a key tool for value generation. Therefore, under certain situations, higher risk may actually boost the value of an investment opportunity. One can then proceed to incorporate other types of corporate real options that capture the inherent value of active management of the risk factor by taking into account the novel viewpoint that the ability for management to actively increase the level of risk is a key element in valuing an investment. There are several methods to group the risk variables, also known as risk determinants, but it is most straightforward to do so under the categories of credit, market, and operational risks. Understanding how each risk factor contributes to the many types of risk and how much administrative control there is over it is desirable, particularly in the context of real options. The amount of fixed costs in an organization is an example of a risk factor in the domain of operational risk. When production levels or market conditions change, an operating structure typified by a predominance of fixed costs will be stiff and challenging to adapt. The impact that variations in volume may have on operating results is significantly conditioned by the degree of cost structure rigidity, other things being equal. Real options theory may help guide management choices like recruiting or firing staff members or purchasing a better operating system. For instance, high fixed costs, which could be brought on by a large number of transactions that were handled incorrectly, would often make it impossible to undo business decisions and entail substantial reconversion expenses. Given this, it may be advantageous to postpone project implementation in the face of such uncertainty and to

本书版权归Arcler所有

84

Comprehensive Guide to Business Risk Management

base such decisions on the occurrence of positive risk factor conditions. Evaluating the prospective market for their goods and services and the associated risks involved in the business is one of the major issues facing new enterprises (Swani, Milne, Brown, Assaf, & Donthu, 2017). The problem is particularly important in brand-new markets like virtual banks, brokerages, or financial institutions. Due to these factors, the theory of real options has been crucial in both valuing and determining the risk of these new e-businesses. It is crucial to decide which real choices model to use in the modeling process as well as when it might be used. The future is very uncertain, particularly for start-up businesses in a market that is still developing: in addition to the usual market potential problems, there are questions about the efficacy of the technology underlying the e-bank, customer acceptance, the appropriate level of operational framework, etc. Another difficulty is that, because these e-banks are proposing to operate in a new field, there is frequently insufficient historical data that is specifically relevant to a given industry or business. Future cash flows may be considered as being dependent on a number of risk factors in the structural architecture of the e-banking firm, which may be grouped in this case under the headings of operational, market, and credit risks. Contingent on the level of detail required, more elements may also be included in this list, which is not meant to be exhaustive. The materialization of operational risk will affect the actual number of clients serviced and, thus, impact the cash flows realized, impacting the earnings volatility given a finite upper bound on the number of clients that may be served at a given time. The ability of management to respond to changing market conditions, such as an unexpected increase in the number of potential clients if a competitor departs this line of business, may also be negatively impacted by the same operational variables. Contrary to traditional brick-and-mortar banks, where credit risk is typically more prevalent, operational risk may be regarded as the primary risk that an e-bank confronts (Sharma & Kansal, n.d.). Market risk, as opposed to the risk of holding financial instruments, may be more effectively viewed in the context of the general business model for e-banks as demand risk from the market for its products and services. Depending on the chosen business strategy, credit risk should be minimal.

3.11. CASH FLOW Future cash flows (Figure 3.7) in the risk architecture above depend on how management responds to the specific materialization of any uncertainty

本书版权归Arcler所有

Integrated Risk Management

85

(Hsu, Fournier, & Srinivasan, 2016). Therefore, to assess how a specific element will affect the profitability, all types of uncertainty should be taken into account under a variety of future business scenarios. Following this mapping of all the risk components, the computations can be performed using a Monte Carlo simulation or even more complex methods like stochastic dynamic programming. The consolidated data are evaluated to identify subgroups of projects that exhibit or have previously displayed comparable health characteristics. The similarity is determined by a set of measurements. In the early stages of a project, this segmentation can be quite helpful for project profiling. Before continuing with the project development cycle, it can be quite beneficial to establish a few project profiles in order to ascertain the precise requirements that must be met by a given proposal. The various portfolios are examined in light of the segmentation process’s findings in order to find statistically significant reasons why certain behaviors are healthy or problematic. In this step, data mining techniques are utilized to identify key project characteristics that, when combined, result in the patterns of project health that are visible. In order to establish an accurate baseline for performance measurements, analysis should be performed on data for both healthy and troubled projects. An approach like this would prevent one from identifying erroneous trends or root causes that would be skewed by problematic project data and would not actually affect project health management.

Figure 3.7. Future cash flows. Source: https://www.starbreeze.com/sbz-media/2019/10/Estimated_cash_ flow_1923-e1570799009450.jpg.

本书版权归Arcler所有

86

Comprehensive Guide to Business Risk Management

The management of price risk and quantity risk is the main focus of financial risk management for the more advanced conventional utilities. The utility industry’s players can be divided into retail customers, wholesalers, and traders for the purpose of financial risk management. Since they frequently have fixed-price variable-quantity contracts, retail users typically incur little to no price or quantity risks. Although there are frequently some daily or weekly variations in the price schedule, prices for retail users are fixed in the sense that they are known in advance with certainty. They don’t, however, suffer any quantity risks because when someone turns on a light, they always assume that there will be enough electricity to power it. Wholesale customers and suppliers typically deal with market-determined costs and supply constraints; therefore, they actively manage risk. These procedures estimate risks and carry out mitigation plans for those that the businesses do not want to keep. In utility markets, where the fundamental commodities are purchased and sold, traders act to create liquidity. Energy deregulation is either advanced or complete in the majority of Western nations, meaning that wholesale customers are still subject to the whims of market-based rates and availability. The markets themselves, however, can be a significant source of risk. Some power markets, including those in the UK and California, have experienced serious issues with their commercial models, necessitating a recent revamp. Prices for spot contracts and a variety of forward contracts are often available due to the deregulation of the energy markets (Tanlapco, Lawarree, & Liu, 2002). Once more, the presence of a market does not guarantee that all potentially valuable contracts are readily available in sufficient numbers. The specific forward contracts that are offered depend on the commodity in issue as well as the region. Gas is expensive to transport, electricity is still governed by some interstate transmission restrictions, and oil is transported by tankers and pipelines. Thus, to name just three of the more frequently occurring risk categories for energy, wholesalers must contend with market risks, liquidity risks, and location risks. These factors will still be present in utility computing, although location risk will play a less role due to the constant need for high-capacity, dependable network connections between remote supply and consumption locations. The most frequent comparison to computational utilities is electricity. Electricity, on the other hand, is a very unique good and utility since it incorporates certain physical laws that will be upheld no matter what the market wishes to happen and must thus be incorporated in to prevent

本书版权归Arcler所有

Integrated Risk Management

87

physical harm to utility system components. Since there is free disposal in computing, price models with negative prices are unnecessary and should be avoided. This shows that while the lessons learned from the design of energy markets are very instructive for the potential types of issues, they are not entirely relevant. Based on the maturity of the utility and the sectors it supports, a wide variety of contracts are employed in conventional utilities for financial risk management.

本书版权归Arcler所有

本书版权归Arcler所有

4

CHAPTER

PROJECT MANAGEMENT

CONTENTS

本书版权归Arcler所有

4.1. Introduction ...................................................................................... 90 4.2. Issues ................................................................................................ 90 4.3. Banks................................................................................................ 91 4.4. Projects............................................................................................. 94 4.5. Funds................................................................................................ 95 4.6. Industries .......................................................................................... 99 4.7. Threats ............................................................................................ 101 4.8. Uncertainty..................................................................................... 104 4.9. Contracts ........................................................................................ 105 4.10. Project Management ..................................................................... 106 4.11. Accidents ...................................................................................... 107 4.12. Milestones .................................................................................... 109

90

Comprehensive Guide to Business Risk Management

4.1. INTRODUCTION Wherever goods or services are produced, processed, supplied, or bought, business risk arises. Enterprises can have a variety of outcomes, including continued operation, bankruptcy, a natural disaster, or a change to a different type of organization. Project risk arises during the phase from the limited number of business operations that are predetermined from the project’s beginning until its conclusion in order to achieve specific objectives (Van Der Merwe, 2002). A business is typically a group of projects; frequently, the organization manages a portfolio of related projects at once. A project is an endeavor or activity that is planned to make use of a variety of resources, most notably money, land, labor, and time, in order to accomplish a goal or set of goals. An expected or fixed budget and a predetermined timeline or time period are two conventional project instruments introduced by the project control. Lenders may become more risk prone in a variety of circumstances even when they still desire high investment returns and fear worse-case scenarios. There will be non-monetary returns, but the project equation will still need to take these into account. Some organizations will establish their objectives to be defined by non-monetary ideals or to achieve a benefit other than financial gain. The optimal compromise to balance the risk-return ratio is what today’s leaders seek.

4.2. ISSUES Political and societal unpredictability (Figure 4.1) are current issues. A significant aspect for firms is globalization. Competition for today’s enterprises might easily come from the next town over or from across the world (Gummesson, 2005). The management teams of today must be more agile, proficient, and rapid than before. Standing still is not an option given the rate of technological advancement, which indicates that this is probable to last long into the future. Only adaptable organizations will be successful; change management develops into both a business requirement and an art. The rate at which a company can enhance the variety of goods and services it offers, as well as the way in which they are created and delivered, is the actual indicator of its success. Because of the numerous and varying ways in which project participants might affect the project’s result, risk is notoriously difficult to assess. The typical project scenario involves a project team working together within the corporate framework. The varied influences of individuals and parties on your progress mean that you can never be totally certain of the speed or direction of your project.

本书版权归Arcler所有

Project Management

91

Risk need not always have a negative effect on the person. The chances of winning a Western European or American state lottery are incredibly slim. Banks and fund managers that lost billions of dollars on foolish schemes include some of these skilled investors. Investing in increasingly cuttingedge financial products carries a bigger risk of failure than success. One would like to assume that we would be satisfied to let risk and investment experts determine the benefit or risk of an investment or project. Although it may seem implausible, many businesses pay little attention to how their employees perceive risk, especially when it comes to risk management. Risk analysis frequently amounts to nothing more than a gut instinct, the belief that one has just made a wise purchase. Few people would openly admit to being risk averse or seeking in any form.

Figure 4.1. Political and societal unpredictability. Source: https://media.springernature.com/lw685/springer-static/image/art% 3A10.1007%2Fs11192-020-03416-6/MediaObjects/11192_2020_3416_Fig4_ HTML.png.

4.3. BANKS Investment banks (Figure 4.2) frequently claim that their foreign exchange trading operations are risk-hedging, but in reality, they are just betting that

本书版权归Arcler所有

92

Comprehensive Guide to Business Risk Management

their open positions will increase in value (Geyfman & Yeager, 2009). Since both profit and loss are canceled out during a hedging investment, a perfect hedge has neither. Short-term market speculation, which is a riskseeking tactic, is how banks and corporations that acknowledge losing money on hedging operations have lost money. Similar to this, businesses that hire personnel on a temporary basis solely by offering more and higher compensation are not risk-averse. In reality, these businesses increase the likelihood that employees will be drawn to them for the wrong reasons, such as greed, by raising wages in their industry. The potential drawback is that employee turnover must have an impact on the project’s health because loyalty to the organization is typically shorter than the length of the most recent pay check. The practice of screening employees is not always present in businesses that are seen as well-run. Therefore, the organization and their projects must be at risk due to critical project staff that lack self-control. We have seen instances where project members who engage in risk-taking behavior must be considered as staff who engage in excessive drinking, drug use, prostitution, and other immoralities. A business that has minimal control over its employees must be thought of as risk averse. A lot of computerbased technology has been developed that fall under the risk management category.

Figure 4.2. Investment banks. Source: https://cdn.corporatefinanceinstitute.com/assets/investment-bankingdiagram.png.

The UK Institute of Actuaries and Institute of Civil Engineers (ICE) (Figure 4.3) developed RAMP (Risk Analysis and Management of Projects),

本书版权归Arcler所有

Project Management

93

a more recent approach of managing business risk, specifically to manage project risk (Allan & Davis, 2006). It is specifically intended to stop or lessen the risk or effects of cost overruns, schedule delays, or quality failures. The RAMP technique attempts to classify various business hazards before assessing and limiting their possible effects. It works analytically first before enforcing risk management or containment, as appropriate, for the current project context. This includes the initial idea, as well as implementation and conclusion. Ad hoc operations sadly become less appealing when there are millions at stake and professional reputations are at stake. Best practices, protocols, and checks are incorporated into the processes to lessen the likelihood of failure. Since they are not industry-specific, RAMP aims to manage any sizable project, such as construction or the delivery of a clear final product. In some ways, bureaucracy and paperwork are inevitable, but since there are significant financial and human resources at stake, procedures are created to minimize the likelihood that something will slip through the cracks. Without a reliable system of checks and controls, there is a high likelihood that people may forget or ignore crucial details. These are especially helpful when there are numerous participants and we need to establish standards or continuity. To ensure that the final performance trends toward the design objectives, change controls and quality reviews are essential. Key definitions of product, service, and process planning are needed at the outset. Despite alterations in people, materials, and the environment, a documentation tracking method keeps the project on schedule.

Figure 4.3. UK Institute of Actuaries and Institute of Civil Engineers. Source: https://www.ice.org.uk/media/pqhnnzz5/fish-building.jpeg.

本书版权归Arcler所有

94

Comprehensive Guide to Business Risk Management

4.4. PROJECTS Large projects frequently have numerous tasks ongoing at once; there is not always a clear distinction between project phases. The traditional methods can occasionally provide the mistaken impression that projects advance smoothly and proceed to completion. Perhaps this isn’t the case. Throughout history, the same errors have been made. Some tasks ought to never be finished. The projects should never have been launched in the first place, the final product is completely wrong, or the cost-benefit analysis demonstrates the projects’ lack of value. Such ventures must be stopped in their tracks or abandoned before they squander your company’s precious resources. The old models are being questioned due to the complexity of combining various project stages and the rise in the specialized project skills required. In the past, a lot of project scheduling and budgeting exercises were geared on mechanistic forecasting and control. For many reasons, a housing complex is typically created as a prototype. To demonstrate the clients, the architect will create a cardboard or acetate mock-up. This can be manufactured using satisfactory endorsement. The structures don’t have to be finished simultaneously. The first should be finished before the others. This will enable any design flaws. The requirement for self-financing via the sale of finished selling homes before construction is complete to cover the costs of building acquired thus far. Real estate sales need the use of show houses, as they gain notoriety and draw clients. There is a custom of inviting potential purchasers to show homes to increase exposure. Revenue is generated far before the remaining construction has been completed. Other concepts have emerged recently, although a lot of them have included prototyping techniques. One illustration is rapid application development (RAD) (Coleman & Verbruggen, 1998). This is comparable to prototyping and incorporates its fundamental ideas. However, RAD uses a more rigid and rigorous technique. The installation of packages or existing products for customization has grown in popularity. This essentially consists of a toolkit or partially developed product that you may customize to meet your needs. It is frequently believed that producing these packages will be quicker and less expensive than attempting to develop the entire thing from scratch. In computer software systems where software packages are purchased off the shelf, this technique is common. The capacity to quickly advance along the learning curve without incurring the large start-up costs associated with creating the product from scratch is what appears to be advantageous. This will not always be the case; there are many instances

本书版权归Arcler所有

Project Management

95

where purchasing packages and then customizing them has turned out to be more expensive than creating the entire project from scratch.

4.5. FUNDS Raising the necessary funds to complete a project is one of the major difficulties or hurdles. The use of venture financing is frequently advocated, particularly for technology ventures that are commercial or in the preliminary stages of R&D. It is important to recognize the scope of this issue because venture capital markets in other countries are not as developed as those in the United States. When there is no functional prototype or patent, this task is more difficult. The type of project they are working on must be understood by both the project manager and the project owner. There are several types of project inertia for every project and every project type. There are those that start out slowly but finish quickly. Some initiatives, on the other hand, start out quickly yet take an incredibly long time to finish. Neither the project owner nor the project manager being aware of the type of project inertia is one of the primary risks in project management. As a result, they might invest excessive amounts of time and money at the beginning or finish of the project. The nature of the sector and the types of project inertia present must be understood by an experienced project manager. Business is by nature a risky endeavor since there are dangers lurking everywhere. There is a common misconception that because projects dedicate set quantities of resources, risk cannot be effectively taken into account without degrading the final product. A power generator, for instance, should not be constructed in an area where thunderstorm activity is known to occur. The issue of performance or project quality emerges if the project’s costs and timeline have already been agreed upon and fixed. One solution is to externalize the risk of a power outage during thunder by including provisions in insurance policies that safeguard the plant in such circumstances. A risk manager may not always be welcomed by a firm or client. They face resistance, much like a pest control operator. Calling them in carries some social shame because it’s equivalent to admitting you have a problem. Controlling your workforce, particularly if they are unskilled, incompetent, or dishonest, is a key component of risk management. Your project success may be in jeopardy because of some of your workers who hold key project positions. Someone working for your organization may be unintentionally committing project errors, disclosing private information, accepting bribes, or incurring losses in secret. However, nobody actually wants the general

本书版权归Arcler所有

96

Comprehensive Guide to Business Risk Management

public to know they have pests in their home. By soliciting perspectives, many businesses try to balance out prejudices or individual errors. On a specific area of risk, such as maritime insurance for shipping crude oil around the Indian Ocean, we can solicit the opinions of experts. The group is asked to rank their subjective assessments of the risk. It is hoped that the biases of the other experts in the sample will balance out their own. Their comments can be compiled into information that helps us determine what we believe the anticipated cost will be in the future. There are political, regulatory, and market conditions. This area of study involves a lot of disciplined thought, work, and legal requirements to control how businesses and organizations are run. Your ability to function is constrained before you run into legal snags or unauthorized political protests that could jeopardize the success of your enterprise and your brand. The project could be harmed by counterparty risk, commercial conflict, poor communication, and technological failure. For the project to be successful, human performance, skill availability, competence, and motivation are crucial components. While risk cannot be completely eliminated, it can be managed under certain circumstances. Certain risks can be avoided, and the project manager has influence over these. The environmental risk is largely outside of one’s control, but we can learn to operate better where the law allows us to make our project more efficient. This interaction is typical of customs, tax, and operating license authorities. It’s conceivable that restrictions will occasionally be used against your project. However, you can take further safeguards for unforeseen events, such as having more reserve money or insurance, to lessen the impact of regulatory damages. In order to better absorb project shocks, the project manager is recommended to adopt risk management steps to try to avoid the risk, to accumulate reserves, and to establish a network of contacts. There are numerous methods for conducting risk assessments. We can experience the phenomenon either up close or from a distance with them. We can observe a tornado’s devastation from a safe distance; we can study a business process by carefully examining the current system; past experiences may be documented in company files, reports, third-party company analytical reports, or newspaper accounts in electronic or paper format. Interviews bringing people with the most firsthand experience of the phenomenon into face-to-face sessions to determine the nature and extent of the risks. The implementation of new policies can have a big impact on how a project run. Political risk exists on two different levels, the first of which is project-level. Although neither their actions nor the impacts may always

本书版权归Arcler所有

Project Management

97

be immediately visible within the project, the interactions of various organizations and administrative agencies in the market will have an impact (Posner, 1972). When the project team and support staff were defined too narrowly, some projects ended up failing. Key staff may determine the overall project’s success or failure. These individuals may have been properly recognized in advance or overlooked during project analysis or design. These individuals may not be readily apparent as members of the project team, but their participation, exclusion, or underperformance may have a significant detrimental effect on the project as a whole. Backup team members, or those working in the office or corporate headquarters performing administrative duties, must be included when defining a project team. However, this perspective of the project environment must be expanded to take into account the larger context of the fringe supporters who may have considerable input that is not immediately apparent. The obscurity of the project landscape makes it difficult to identify these important project stakeholders. Other people have a propensity to desire to join the action even when they are not legally or morally entitled to do so. Their demand could be perfectly reasonable perhaps to make amends for an earlier error or it could be a bribe or payoff demand that is reinforced by a threat. The truth is that for the project to go as intended, members may need to be included by default. This inclusion can only be accomplished after a thorough assessment of how they might help or hurt the project. Through a variety of risk management techniques, an investor has options for guarding against probable loss (Rehman & Anwar, 2019). Proper business ventures are deliberate endeavors that unite individuals and interested parties in the pursuit of mutual objectives and profit; they are not careless bets or swindles. A genius investor could be dishonest, unlucky, or even genuinely clever. They were later exposed to be scammers who either made up trading profits or used illegal insider knowledge to manipulate the market. Investors can reduce their nominal returns by taking risk into account, which will provide them a more accurate picture of the project’s health. By implementing hedges, risk management aims to shield the investor from an unfavorable change in foreign exchange rates. Similar to this, a company can strive to prevent insolvency when faced with a decline in demand by diversifying its products or markets, or by splitting the risk with partners. These steps are deliberate attempts by the investor to lessen a chance shock, not components of chance. Public discomfort is a frequent occurrence when interest rates rise and mortgage holders must make larger monthly payments. Many firms take

本书版权归Arcler所有

98

Comprehensive Guide to Business Risk Management

out loans of one kind or another with floating interest rates; the changes in the rate could be disastrous. The net present value or actual rate of return on project investments is directly impacted by the interest rate. A variety of interest rate derivative products are available for investors to choose from in order to hedge against an unpleasant rate increase due to the expanding scope of global trade and the creation of innovative financial products. Most investors steer clear of short-term bets by diversifying their investments over a longer period of time, investing in a variety of stocks and bonds. Additionally, fixed-rate loans are becoming more widely available. Examples include mortgages, which have interest rates fixed for a set time, like two years, but then increase to a maximum rate, like 10.85%, after the fixed period has passed. The advantage for the client is that he can budget his limited resources to prevent changes in interest rates, which cannot increase to the point where they bankrupt mortgage holders. It is possible to say that the consumer has adopted a risk limiting or risk mitigation plan. The project owner or leader might ask a series of questions to the customer to screen them and determine what kind of credit performance they will likely face. To create a picture of the expected credit risk, the credit screening uses a standard template with points for each element and pass/fail judgment boxes. The customer could be the project owner; thus, subcontractors and the project manager should confirm that the customer has a solid credit history before beginning work to ensure timely completion and payment of all employees. For someone who wishes to open a trading account with a broker or investment bank, a straightforward template would resemble this. Screening is based on the assumption that the bank or organization initially wanted to screen the client. Giving unauthorized soft loans to chosen friends or associates of the company is a common practice. Although the British TSR2 supersonic fighter project (Figure 4.4) is sometimes acknowledged as a technological achievement, the World War II government considered it to be a monetary disaster (Reed, 1970). Similar to the Grand Canyon, the Channel Tunnel is a feat of engineering but not often one of business. Numerous instances of projects running out of money or being canceled are reported. These occurrences frequently originate from political and business decisions made by the project owner and other connected parties and are not always within the project manager’s control. One of the disturbing trends in management science is the occurrence of projects running later than expected. The increased interconnectivity of adjacent projects is another cause of scheduling difficulties. The project manager or owner may not be solely to blame for such failures. Thus, it

本书版权归Arcler所有

Project Management

99

might be claimed that Charles Babbage’s 19th-century Analytical Engine was partially a scheduling mistake. His project would have produced the first computer in history that could resolve moderately challenging mathematical equations, making it significantly more sophisticated than his earlier engine. Budgetary issues and the technical inadequacy of Victorian engineering to create parts with the necessary accuracy prevented the development of his Analytical Engine. The NASA space shuttle was a textbook example of a program that was running behind schedule and had to make compromises on safety in the futile attempt to get back on track.

Figure 4.4. British TSR2 supersonic fighter project. Source: https://upload.wikimedia.org/wikipedia/commons/0/09/BAC_TSR.2_ XR219_Warton_11.06.66_edited-2.jpg.

4.6. INDUSTRIES In high-tech industries like pharmaceutical or computer hardware and software, this is typically a cause of failure or underperformance. Companies engaged in cutting-edge research and development (R&D) are referred to as being on the cutting edge of technology, as well. Usually, project commencement is approved once it reaches a set of required or desired performance thresholds. When these thresholds are not met, it frequently suffices to end the project in its early stages. An example of one of these abandoned yet once ambitious endeavors is biotechnology. Even the most anticipated medications, like Viagra tablets for treating impotence, will have some negative effects (Gallagher & Chapman, 2010). British

本书版权归Arcler所有

100

Comprehensive Guide to Business Risk Management

Biotech, for instance, was fined $50,000 by the US Securities and Exchange Commission for its publicity releases for its cancer drug called Marimastat. Companies must exercise extra caution when obtaining regulatory approval for pharmaceutical products since delays and schedule risks might arise in the areas of a drug’s therapeutic effects, the reliability of its testing, consumer safety, and regulatory authority decisions. Another example is the Iridium satellite phone system’s introduction. Projects that originally appear promising may face a minefield of technology. Different levels of influence are occasionally exerted on businesses and organizations within an industrial sector. An industrial directive or fine may exert pressure on a project to change its course of action. This could be done to lengthen the testing time, as in the pharmaceutical business, to force a modification in the design of automobiles or buildings, or even to revoke the project owner’s operating license. For instance, it could be a decision made by the Federal Aviation Authority (Figure 4.5) regarding operating standards and flying safety. The options typically include appealing the regulatory decision in court, paying any fines, changing the location of operations, or closing up. Operational risk thus has an impact on or even takes precedence over other considerations. The project is seriously at risk from a project manager or project owner who lacks integrity. Once more, the model may have been a fine concept, but its implementation was subpar. Smaller projects must be evaluated on a cost-benefit basis, where you must determine whether the costs of creating a contract are excessive given the amount at risk. Unexpectedly many businesses start projects without a comprehensive contract; frequently, a letter of intent is sufficient to guarantee the production and order for the beginning of a significant project. Small and medium-sized businesses, as well as solo enterprises, frequently lack the resources, money, time, people, and legal knowledge to form contracts (Dvorsky, Belas, Gavurova, & Brabenec, 2021). So, there is still a chance that they won’t get paid for their services. Knowing where the risks are and how likely it is that you will run into them is risk analysis. Knowing where not to fly and how to sail safely around icebergs are both examples of risk management. Project risk management is the application of knowledge; it is not pseudoscience.

本书版权归Arcler所有

Project Management

101

Figure 4.5. Federal aviation authority. Source: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c8/Seal_ of_the_United_States_Federal_Aviation_Administration.svg/1200px-Seal_of_ the_United_States_Federal_Aviation_Administration.svg.png.

4.7. THREATS A map of potential threats and the damage they might create is what risk analysis is like. Using the map, risk management determines how to avoid the dangers. Recent years have seen an increase in coordinated efforts to define risk and risk management approaches. The RAMP or Risk Analysis and Management of Projects system (Figure 4.6), which was introduced by the Institute of Civil Engineers (ICE) and the Institute of Chartered Actuaries in the UK, is one such instance (Hallikas, Virolainen, & Tuominen, 2002). They have made a clear effort to offer a project framework to define and lower risks. The goal is to combine risk analysis and risk management in the context of project operations in order to recognize and address risk factors that could cause substantial delays or overspending in projects. The system develops a thorough and comprehensible framework for project control and risk detection. RAMP operates by focusing on describing and quantifying risks throughout a project’s life cycle. RAMP and comparable approaches may be seen by some as a collection of common sense. However, RAMP is

本书版权归Arcler所有

102

Comprehensive Guide to Business Risk Management

superior in many ways since it gives some of the project’s more unpredictable parts a structure. RAMP seeks to compel the project participants into a logical set of procedures and provide them the ability to continue having planned risk evaluations throughout the project life cycle; the goal is not to make paperwork and controls halt project development. The cost of good project risk management must be low, meaning that the value of risk management must outweigh the expense of getting there. Risk management is a tool used to keep the project on track and within budget. A construction project for a toll road bridge serves as a case study of RAMP in action. The unpredictability of an outcome where the entire investment cost will be higher than the project’s benefit or result poses a risk to the business plan. The possibility that the project schedule will take longer than expected or not be delivered at all depends on risk as well.

Figure 4.6. Risk analysis and management of projects system. Source: https://static.javatpoint.com/tutorial/software-engineering/images/ software-engineering-risk-management-activities.png.

Within the project cycle, risk fluctuates with time. Work done in the feasibility stage can lower risk to the degree where we can reasonably expect that the result will be more valuable than the investment. We must continue to keep in mind both what has been agreed upon and what is still subject to change. We must modify the contract, and either the contractor or

本书版权归Arcler所有

Project Management

103

the customer may incur significant costs. In contrast, a cost-reimbursable contract allows the project owner to change the goal but does not fix the cost or the timeline. Flexibility is allowed, but not to the point that the project is in risk of disintegrating. In this way, project contracts strike a balance between structure and change. Project management is the process of merging the many resources that are available; it entails preparing to accomplish a task or create a final result. It is risky on a daily basis. There is always a necessity for prior research. Risk management, in certain ways, adopts a risk-neutral mindset; it never tries to take an extreme stance. The practice of identifying risks and adopting proactive steps to perform better under current business conditions is known as risk management. Risk management should always be included from the beginning and is not an optional add-on that is just good to have (Chapman & Ward, 2004). Throughout the course of the project, it is an ongoing structural and iterative process. The contemporary project manager can profit from risk management. Thus, participants with better risk management can enter the market earlier to take on more rewards in cases where the yield curve is overestimated. The risk-return ratio should be appropriately calculated during the initial risk analysis stage because overestimating or underestimating profit, costs, or risk usually results in some sort of loss. Most projects run far over their allotted budgets, which is one of the major dangers they face. Even for seasoned professionals, mastering project metrics is exceedingly challenging. The estimation process is quite complicated when it comes to probability, task timetables, and revenue and cost streams. Under project risk management, predicting the future can be scientific, but it can also turn toward the creative or talented. Some project risk management professionals are better at estimating schedules and expenses and risk metrics. If the project is smaller, simpler, and easier, you can take savings out of this example; otherwise, you can include contingency expenses for project unknowns to arrive at a revised estimate. The scheduling process will be the same. The objective is to be better equipped to handle events as they arise rather than to foresee most of the outcomes or to accurately predict all future events. Being overextended without backup resources during the course of a project renders us vulnerable to unpleasant surprises. Nevertheless, the client or project owners are the ones who originally choose the budget, if only because they are in charge of the money. The strategic long-term budgets are established by the project owner or directors and must be implemented at the lower project operational levels (Shenhar, Dvir, Levy, & Maltz, 2001). We refer to these as top-down budgets. The project risk is that top managers

本书版权归Arcler所有

104

Comprehensive Guide to Business Risk Management

who don’t comprehend the nature of the project or technical challenges at the operational level have a serious communication problem. Then there are project managers who are unable to comprehend the resources available or the broad business goals on a corporate level. The components, labor, and timing of the activities and deliveries will all be totaled up, along with a margin for project management services. The highest management can be asked to approve this budget. Iterative budgeting, when the planned budget is modified by top management and the project manager until it is agreeable to both parties, is more typical. Your project team or departmental specialists can provide you with their predictions of the costs associated with each of their sub-tasks. The final estimate is calculated by adding up all of these expenditures, managerial and integration charges, and a buffer or contingency fund for the project’s unknowns.

4.8. UNCERTAINTY Most of the uncertainty and a significant amount of risk are removed from the contract by fixed costs. The downside risk is that the contractor’s actual costs could increase over the project, which would result in poor profits or worse. When contractors are frequently affected by strikes or material shortages, fixed-cost contracts are preferred since the client is bound by a set price even while staffing costs and capital equipment costs are dangerously rising. The fixed price is typically increased as a result of a force clause that allows such events to be deemed beyond the contractor’s control. If the client or project owner accepts a high price when actual labor and material costs are lower than anticipated, they may be in error. This is a typical situation for corporate workers who receive a fixed amount for expenses, such as $100 per night for hotel lodging and $40 per day for meal allowance for project work away from home, regardless of their actual costs. The client may potentially save money if hotels and meals were less expensive. The drawback of this is that if contractors are billed for labor in man-days instead of hours, they have no motivation to reduce the cost of their labor and materials. When it is discovered that contractors overcharged the client by inflating their costs, this strategy loses favor. However, it is still frequently employed when the cost of raw materials is well-known and largely stable. This is frequently the basis for price quotes from carpenters and other trades people working in small businesses. It was employed by NASA when it first began to explore space. The Channel Tunnel is an impressive engineering achievement, but it does not inspire confidence in people who first purchased shares

本书版权归Arcler所有

Project Management

105

of Eurotunnel based on the prospectus, expecting a higher rate of return (Morris, 1989). These types of project overruns serve as a good example of the necessity of contingency reserves to cover project tasks that have beyond initial estimates. This can be the result of unforeseen circumstances or overly optimistic budgeting. An immediate reaction might be to set aside a sizable sum of money to meet most expenses, as if saving for a rainy day. We’ll demonstrate how doing so can be inefficient if the project no longer requires that specific amount of contingency cash. Therefore, the restricted resources ought to be made available for use in more fruitful endeavors. If not, upper management is not effectively prioritizing the project. This may be the case if a project lacks sufficient or important project champions within management to support it, or if a project crosses over onto another person’s patch and causes friction within management. Political battles can be challenging. The ability to fight is essential for success. On the other hand, there are numerous occasions when initiatives should be abandoned in order to prevent resource waste or damage. A performance bond is a legal guarantee that the project will be completed on time, as planned, and to the client’s or project owner’s expectations for quality. It serves as protection against performance failure. A good-performance bond or payment might be obtained in advance from the contractor to put greater pressure on them to produce work of a high caliber. The project manager may be required to provide a satisfactory performance guarantee, which can be provided by a bank or credit institution functioning lawfully in the host country where the project is headquartered, in order to ensure that the project’s progress is maintained. This is done so that, in the event of a dispute, the contractor cannot put pressure on the bank or credit organization to not honor the bond.

4.9. CONTRACTS Writing bond contracts may be simple; receiving payment for bonds drawn from a bank may also be simple; but, receiving payment for insurance bonds may be more challenging because they must be verified by insurance company investigators (Black & Cox, 1976). There will likely be legal power struggles over what these mitigating circumstances are and whether clauses can be legally invoked. Additionally, there have been situations where the customer attempted to deny the contractor’s bond. The client could not have tried to pay the project manager or contractor at all. The performance bond is only used as a justification for delaying payment. Formatting and mailing an invoice are simple; collecting money is more challenging. For

本书版权归Arcler所有

106

Comprehensive Guide to Business Risk Management

the more challenging or forgetful client, reminder phone calls and faxes may be necessary. Working with screened or reputable clients is one strategy to reduce the risk of credit or default. Bad debtors find it more difficult to conduct business in this community because their reputation precedes them. If they cross the line, you may quickly spread the word by putting it out there. Another strategy is to hone your writing abilities and learn to compose professional letters of reminder and threat of legal action. If you have to go all out, it’s advantageous to establish a good working relationship with a reputed law company or barrister. Another option is to build up a relationship with a larger organization. If the debtor refuses to pay, you can use all of the resources to threaten legal action. In most circumstances, an agent working for a bigger corporation has the power to obtain payment. This is undoubtedly an option and will depend on your specific situation. Smaller businesses might not use such techniques due to financial constraints. This demonstrates that a company’s reputation is a valuable commodity that even the most difficult client is reluctant to lose quickly. However, the client can still be willing to argue with the project manager to obtain even the smallest discount or insignificant concession. It’s interesting to observe how important reputation or honor are in business. Sometimes shaming a tough client is the best course of action to deal with a non-payer. If the company’s upper management is hesitant to support the project, its lifespan is undoubtedly finite. Projects bring about change, and they are likely to encounter resistance from all sides. Managers who are unable to handle the introduction of change run the risk of having their efforts meet a brick wall. For individuals who manage to become lost in the project documentation, this has major repercussions. You or your project manager could occasionally forget or lose sight of activities that need to be completed. Other times, outside actors who aren’t technically part of the project team can have an impact on the project. When the initiative faces strong resistance, there may be enough unkind voices that can garner enough support or wield enough influence to bring the effort to an end. It is a risk management tool that you can use to defend both the project and yourself.

4.10. PROJECT MANAGEMENT Project management is the dynamically shifting process of making decisions and reallocating resources to complete the task. A project is either progressing without issues or is at a standstill if funding and labor allocation do not change. One backup plan for launching a satellite is to have a rocket available. Other scenarios have a more negative outlook on human potential;

本书版权归Arcler所有

Project Management

107

they rely on stand-by generators or uninterrupted power supplies (UPS) in the event that an electricity supply provider is unable to offer enough electricity for a variety of reasons. They are a means of purchasing time if a complete loss of power is suspected and can be activated when an electrical power outage is detected. The art of project management also includes the ability to deal with unanticipated events and their negative impacts. The management of contingencies is essential in the fight against operational risk, such as fraud. We may demonstrate that political or commercial leaders occasionally disregard or put off important IT initiatives in a risky manner by examining the issues with implementing economic and monetary unity in Europe. They were well-organized because they had early awareness of the nature of the risks and issues. As a result, project management lost its element of chance. Our approach to market dynamics serves as evidence of how management change is progressing.

4.11. ACCIDENTS The tragedy and the Munich plane accident in 1958 (Figure 4.7), which claimed the lives of the majority of the Manchester United football team, are somewhat comparable. A football squad cannot easily fly on different aircraft, which is the difference. With military air support, it is easier to separate counterterrorism personnel. If at all possible, key personnel should ride in separate vehicles. Have a backup plan in case one vehicle is late or doesn’t show up. You can never predict when issues will develop. For instance, those in Russia and certain former Soviet states are severely lowfunded, highlighting some of the challenges faced by state-run businesses in the transition economies. Among the state personnel who are affected by the backlog in unpaid payments are doctors and nurses. Under-funding of public hospitals is more of a norm than an exception worldwide. You may need to consider insurance, proper first aid, or even stand-by emergency evacuation services in the event that your team needs to receive intensive care in these facilities. In all fields of labor, including business, sports, and the arts, a top boss may abruptly depart from their position. There are numerous reasons for leaving your job, including disagreements about the working environment, poor performance, conflicts with co-workers, or the attraction of better money elsewhere. One of a company’s key concerns is succession, yet it is frequently not effectively addressed. The loss of a senior management puts the entire organization under stress and strain, which could be enough to jeopardize projects and the company’s continued existence.

本书版权归Arcler所有

108

Comprehensive Guide to Business Risk Management

Top management is frequently preoccupied with other issues and may miss the warning signs that important employees may be about to quit. Without key personnel, a project stands the serious danger of performing far below par. All initiatives must be able to resist the pressure of employee attrition or turnover, especially longer-term ones.

Figure 4.7. Munich plane accident. Source: https://icdn.strettynews.com/wp-content/uploads/2020/05/Screenshot2020-05-27-at-17.11.58.jpg.

Venture capitalists are willing to make investments and safeguard these investments through a strategy of diversification and risk taking (Macmillan, Siegel, & Narasimha, 1985). They will select a group of promising businesses and anticipate that some of them will fail in the next year or two. However, the venture capitalist also anticipates that any losses from these companies will be more than offset if a start-up company succeeds to the point where it may be listed on the stock market three years later, allowing the venture capitalist to sell his part and make a sizable profit. It has been demonstrated in the field of portfolio investing that a well-managed, balanced mix of hazardous investments can boost potential profits while actually lowering overall risk. To maximize the possible return while reducing the overall risk on the portfolio, a minor percentage of a well-balanced fund should be invested in riskier markets. A lot of interaction with numerous players takes place in business. These individuals have various responsibilities and

本书版权归Arcler所有

Project Management

109

roles, as well as various perspectives on risk. Some people, like accountants, those with large families, and those who earn salaries, try to minimize risk. Others, such as explorers, soldiers of fortune, gamblers, and stock market speculators, thrive on danger and adventure. Each of these individuals has a unique role to play in their initiatives as well as a unique risk tolerance. The project position with the highest or most established profile is the client. That has hardly altered. What has changed is that projects are now frequently so complicated that the project owner, or customer, is unable to specify the precise appearance she wants the final product to have. However, the client must view the project’s objective broadly and must not permit trivial issues to get in the way of this. The project manager has the attention to detail to turn this strategic objective into a reality. You must maintain your focus on the goal.

4.12. MILESTONES Checkpoints or milestones for the project’s development are crucial for identifying business plan deviations. Projects, especially long-term ones, should have the support and involvement of top management, in addition to being informed about them. Otherwise, the managers risk losing sight of the project’s objectives and letting it deteriorate. Keep your project on course and your finger on the pulse. The project manager has occasionally been contrasted with a government employee (Oehmen, Seering, Bassler, & Ben-Daya, 2011). While bureaucrats work to make this message a reality, ministers are zealous visionaries. The project manager must coordinate the needs of several departments as well as the work of outside contractors while combining resources, labor, and raw supplies. A successful project manager sometimes needs to be a great diplomat or politician since the art of compromise and reconciliation plays a significant role in this. He or she is responsible for tying up all the loose ends, which will inevitably result in disagreements and statements from the project participants with competing interests. An important risk of performance failure could result from a desire to consummate a contract. Make sure the promises made to customers by your sales representatives align with what you can provide for an acceptable profit. The contract may occasionally arrive at the last minute, making it difficult to carefully read every word before signing. A successful department is essential to a thriving business. Due to the traditional role of accountants in regulating cash flow, it serves as the focal point of risk management operations in smaller to medium-sized businesses.

本书版权归Arcler所有

110

Comprehensive Guide to Business Risk Management

The actions and roles of both extrovert and introvert types of business players are combined in a market. Without the functions that each of these types performs, the majority of businesses would fail. Knowing how to balance being risk-averse and risk-seeking, as well as when to take risks and when to avoid them, is essential. When a gambler wins, they may be hailed as geniuses or, if they lose, as stupid fools. They have to complete the productive effort and produce the finished goods. In mission-critical applications, when substantial loss of life is a possibility, proper design and testing are especially important. They have the most influence on the final product’s design, but they must cooperate with any requests or suggestions made by the sales and marketing, accounts, or other departments. When developing a new product or service, the project is particularly vulnerable because a lot of money is being spent while there aren’t any obvious sales or cash inflows. Making sure the project adheres to the proper health and safety procedures is your responsibility as the project manager. If neglected, these provide the risk of significant negligence lawsuits, and you also need to cope with the implementation of new employer liability regulations. Selfindemnification only addresses a portion of the whole project environment. Reviewing professional ethics and risk management is really necessary (Sison, 2000). Even if your direct staff are well-trained and risk-aware, health and safety risks might still harm you if you work with external subcontractors. It is not always adhered to those proper standards are applied. The emotional aspect of health and safety means that it will always be a delicate subject. However, it is frequently important to make an effort to get health and safety on the project schedule and to secure the required funding. Sadly, the perceived risk of injury is frequently considered to be minimal, and it may take a serious accident for health and safety concerns to become a top priority. Regulatory agencies must make sure that standards are upheld and that health and safety training is an integral element of projects. Both the federal government and local governments establish tax legislation. They also include capital depreciation, operational taxes, land taxes, personal and corporate income taxes, as well as tax credits and deductions. Successful project managers and owners are able to navigate the regulatory minefield and weigh the advantages of the tax structure against potential downside tax risk. This kind of stuff shows why it’s important to proceed cautiously, perform early employee screening, and then assemble your core team. You can consider expanding once all checkpoints and gateways have been successfully passed. Even the most prestigious western companies commit the error of extending generous salaries and

本书版权归Arcler所有

Project Management

111

compensation packages to prospective employees without even the most minimal security checks. To determine where risk management would have the greatest impact, we need to look at the value-added chain. These days, it can be enticing to purchase and install a risk management system that uses a beautiful computer, but this is insufficient on its own. Any proposed risk management system must first be evaluated for value and suitability before being properly implemented to meet the needs of the organization. There is a propensity to use systems improperly based only on appearance. Unfortunately, as we have seen, when a senior executive is scored by a salesman’s image and is enthusiastic about his offer, or disregards the risk manager’s concerns, such questions and a company’s entire risk analysis can be side-lined. Because project managers are imperfect beings who will select the most marketable solution, risk professionals are not necessarily blameless in this situation. Keeping the big picture in mind is in the best interests of both the project manager and the project itself. Risk analysts must be able to present their arguments persuasively without overusing technical language. The last thing a project manager needs to hear is that nothing can be done because of the anticipated risk associated; instead, they should be able to offer solutions to issues. There must be a workable alternative. Staff selection must be carefully considered because organized projects require it. In the past, it may have made sense for businesses to assign the sales position to the person who talks the most. To guarantee that performance objectives are being met, we refer to project control over the production process as quality assurance, or QA. Internal operational standards will outline acceptable tolerance levels, performance standards, and quality thresholds.

本书版权归Arcler所有

本书版权归Arcler所有

5

CHAPTER

ENTERPRISE RISK MANAGEMENT

CONTENTS

本书版权归Arcler所有

5.1. Introduction .................................................................................... 114 5.2. Pillars ............................................................................................. 115 5.3. Opportunities ................................................................................. 116 5.4. Piracy ............................................................................................. 117 5.5. Risk ................................................................................................ 119 5.6. Discrepancy ................................................................................... 122 5.7. FMEA.............................................................................................. 125 5.8. Model ............................................................................................. 129 5.9. Quality ........................................................................................... 131

114

Comprehensive Guide to Business Risk Management

5.1. INTRODUCTION ERM has recently experienced substantial growth. The eight most significant elements influencing this trend are Basel Agreements, September 11, 2001, Fraud in corporate accounting, Katrina, a hurricane (Figure 5.1), Review of rating agencies, financial crisis, rare occasions, and Prolonged trends. The last component covers trends that have emerged gradually over time, while the first seven elements are notable discrete events and are mentioned in chronological sequence. Some of the discrete occurrences are related to or start in the financial services industry (Stroh, 2005). However, as these occurrences are well-known in the ERM community and have an impact on ERM that is felt across all industrial sectors, it is beneficial for persons in all sectors to comprehend them. Understanding the timeline is also important because the development of ERM has been influenced by the sequence of events.

Figure 5.1. Katrina. Source: https://www.e-education.psu.edu/earth107/sites/www.e-education.psu. edu.earth107/files/Unit2/Mod5/Fig%205_512px-KatrinaNewOrleansFlooded_edit2.jpeg.

本书版权归Arcler所有

Enterprise Risk Management

115

The current environment for ERM is the result of the cumulative influence of events and the business and governmental responses to them. Basel II, a global standard for risk management, had an impact on the development of ERM techniques in the financial services industry. A group of international banking regulators created the Basel Accords as a set of rules to help risk management procedures. In Basel II, there are three pillars: Minimum capital requirements, supervisory scrutiny, and market discipline comprise Pillars 1 through 3.

5.2. PILLARS Pillar 1 describes how to calculate capital requirements, providing basic options based on industry averages and more complex options for banks with more sophisticated operations based on internal models that are tailored to the company, its operations, and its risks and, for the most part, rely on management’s own estimates for most parameters. Supervisors are able to examine the bank’s risk management procedures and risk exposures in Pillar 2, and if necessary, use a multiplier to raise the minimum required capital determined in Pillar 1 as a result of their examination (Weber, 2012). The third pillar discusses the proper disclosure of risks. The inclusion of operational risks in the scope of Basel I was the most significant development, leading banks toward a comprehensive approach to risk management. As illustrated by the global financial crisis that started in the United States in 2007, it is simple to criticize and claim that the Basel Committee failed to achieve its objectives in retrospect. These accords, however, were largely embraced and did constitute a development over earlier procedures. Even if the Basel Accords didn’t achieve their objective of creating a common baseline for excellent risk management procedures, they did lead to a greater attention on risk in the banking industry and beyond since other industries looked to the banking industry as a model for managing risk. Basel II has a clear influence on and is generally identical to Solvency II, a set of risk management rules for European Union (EU) insurance companies planned to go into effect in November 2012 (Lannoo & Valiante, 2012). By bringing to light four key components of risk, the terrorist attacks on the United States on September 11, 2001, improved our understanding of ERM. Since September 11, virtually every institution is more aware of the potential for a terrorist assault. Many of these organizations have also considered various terrorist scenarios, especially those that are based in or close to sizable cities or other potential terrorist targets. They have

本书版权归Arcler所有

116

Comprehensive Guide to Business Risk Management

considered how an assault would affect their physical assets, personnel, stakeholders, clients, suppliers, and/or the economy in which they operate. These exercises have produced improved business continuity strategies as well as some preventive mitigation. This is advantageous since ERM calls on management to maintain an open mind to a wider spectrum of potential future events. The events of September 11th increased awareness of risk complexity (George, Button, & Whatford, 2003). The aftermath of the assaults revealed a complex web of interdependencies that is hidden until a big disturbance makes it visible. There were a lot of unanticipated or, at the very least, never before considered secondary effects. Although it might be clear to see now, few would have foreseen how significantly the airline industry would be affected. Flying is still statistically much safer than other forms of transportation. The complexity of risk is, nevertheless, significantly influenced by the human aspect. It is more challenging to explain fear and other irrational human impulses, which frequently lead to actions that are against our best interests as a society.

5.3. OPPORTUNITIES Anyone working in the security industry, for instance, can tell you how many opportunities arose as a result of the assaults. Businesses that offer teleconferencing services also gained as a result of the sharp decline in business travel. Although this is not a novel idea, the magnitude of September 11th raised awareness of the need to take potential effects into account when analyzing risk scenarios. The first incident involved litigation and enhanced the board of directors’ responsibilities and, more importantly, their financial exposure personally if corporate accounting fraud went undiscovered. In a WorldCom litigation, it was revealed that a settlement required 10 outside directors to pay damages from their personal assets totaling almost 20% of their net worth without being permitted to receive reimbursement from their directors and officers (D&O) liability insurance coverage (Pitt, 2005). Similar personal payments from directors were part of the Enron litigation settlement. These settlements were noteworthy because they sparked two important trends. First, the added liability made serving on a board of directors less appealing. The retirement of many directors made it more challenging for corporations to find new directors. The second, and more significant tendency for ERM, is that the surviving directors started to ask management what steps were being taken to guard the business against significant risks. When corporations embraced ERM, it was frequently the result of pressure from a board of directors placed on management.

本书版权归Arcler所有

Enterprise Risk Management

117

Many businesses utilized process maps to find weak spots in the reporting process, and some started to use them more widely to find risks and inefficiencies in other business procedures. Employees were given more freedom by SOX to uncover and handle some new risks as well as to fundraise for and solve some well-known problems. Insurance businesses started establishing ERM programs or improving their current ERM programs swiftly. Companies were therefore very incentivized to earn a high rating. Given that most non-financial businesses have lagged behind the financial services sector in terms of risk management methods, this is a significant and much-needed improvement. However, as it appeared that the worst was gone, businesses in all economic sectors started to examine their ERM programs in order to decide which improvements were most important. The financial services industry is still very active. The non-financial services industry is progressing as well, while some businesses do so more quickly than others. The proactive management of vulnerability to commodity price swings has also received increased attention from energy corporations exposed to the low natural gas prices brought on by the recession (Hassel, 2010). The financial crisis has also made it easier for individuals working in the ERM process to convince management to take worst-case scenarios into account.

5.4. PIRACY Piracy (Figure 5.2) is worth mentioning even if it is not a very significant component because it is another illustration of something that formerly appeared unthinkable in contemporary times (van Kranenburg & Hogenbirk, 2005). Such occurrences have increased our awareness of the difference between our attitude prior to a remote incident and immediately afterwards, as well as how rapidly our mindset and reality may change. ERM is today and has been for some time a hot topic as a result of all the factors influencing awareness and implementation of ERM programs. Most businesses have started implementing ERM, are thinking about implementing ERM, or are interested in learning more about ERM. Their management is aggressively looking for information on it, and the boards of directors are asking questions about it. Even government agencies and non-profit groups are interested in ERM and how to modify it for their purposes. In order to meet this demand and serve the expanding ERM market, providers of goods and services have been spending quickly in growth. ERM is becoming a more prominent topic in conferences, and some of them are even hosting

本书版权归Arcler所有

118

Comprehensive Guide to Business Risk Management

entire ERM-focused events. Universities are developing ERM courses for both students and executives, and they are looking for both subject matter experts and experienced teachers. Consulting firms and technology vendors are competing for the limited number of certified ERM practitioners as they create and grow their ERM products and services. With all this momentum, it might seem inevitable that ERM will grow into a significant movement in business and beyond.

Figure 5.2. Piracy. Source: https://www.ncta.com/sites/default/files/inline-images/graphic-Piracy_09_19-01-%281%29.gif.

It’s helpful to think of risk as being there whenever there is a chance that an event won’t turn out exactly as predicted. You probably envision bad outcomes, like losing your career or your health, when you consider the risks in your life. Risk can be as basic as the possibility of being late for something on a regular basis due to traffic or bad weather. Risk, on the other hand, will be defined as any departure from expectations in an ERM framework. This definition of risk covers both upward and downward volatility (Annamalah, Raman, Marthandan, & Logeswaran, 2018). For

本书版权归Arcler所有

Enterprise Risk Management

119

instance, you would undoubtedly view the potential that your bonus would be smaller than anticipated as a risk, but you are unlikely to view the prospect that your bonus will be more than anticipated as a risk. Risk is typically seen as the potential for loss. Even many ERM practitioners use this as their primary reference. Loss, however, is an imperfect idea since, as was previously mentioned, it does not account for upside volatility, which is the potential for an unanticipated gain. However, loss has a more malicious flaw. People frequently unintentionally overestimate a risk’s extent or severity as a result. Sadly, this leads to the duplicate counting of some predicted losses that should not be included. The risk severity, or impact, should only contain the excess over the amount expected because our definition of risk is deviation from expected. The company’s strategic plan baseline financial projection is likely to incorporate the annual anticipated lawsuit expense.

5.5. RISK The inability to quantify strategic and operational risks is one of the causes of this imbalance. When creating risk scenarios for financial hazards, which take into account quantitative effects on financial results, a sizable amount of objective market data can be used. There is much less information accessible regarding operational and strategic risks, which strongly depend on the specific makeup of the company affected. Popular quantification techniques can fall short in supporting operational and strategic risks. The quantification techniques either offer no quantification or, even worse, drastically overstate how serious a risk is. The notion that financial risks are the most significant risks that they make up the bulk of the risks that pose the greatest harm to the organization is a second factor contributing to the disproportional attention on these risks. Research repeatedly demonstrates that the majority of a company’s significant risks and greatest threats are operational and strategic risks. The majority of people who are modeling have a focus on finances. Their training focuses on managing financial risk. They have financial risk training and certification. They only have exposure to financial danger. Even the department’s name and mandate may protect them from financial risk. Their approaches function best when a plethora of objective quantitative data is accessible, which is not the case with strategic and operational risks. In addition, their procedures cannot easily handle these risks. One or a combination of the aforementioned variables may be the cause of the inadequate inclusion of non-financial hazards. Whatever the

本书版权归Arcler所有

120

Comprehensive Guide to Business Risk Management

cause, this exposes a serious weakness in the majority of ERM programs. It is impossible to stress how important this is. The majority of the primary risks are not quantified by these quantitative ERM programs in terms of their individual and aggregate contributions to the organization’s overall volatility, in terms of the key indicators. Due to the strong impression that these partially quantitative ERM solutions are complete, management mistakenly relies on and misinterprets the data. The amount of accuracy suggested by the data that the financial modelers of these defective ERM programs delivered to management gives off this false impression. ERM is strategic in nature and concentrates on a small number of risks with the greatest potential to affect the firm. A fair number of critical risks for a corporation going through the ERM process cycle for the first time could be between 10 and 30. If management wants to increase support before implementation, about 10 risks might be suitable for a trial experiment. However, it takes 20 to 30 risks to get a reliable set of outcomes that may be used as a basis for decision-making. The precise number of significant risks that the company should consider depends on how hazards should be defined and categorized, as well as how to determine an appropriate cutoff point throughout the qualitative risk assessment process. However, the quantity of important risks is independent of the organization’s size. If the two businesses are otherwise comparable, they will have roughly the same number of major risks. This is so that senior management can concentrate on a sufficient number of risks at a given moment in a prioritized manner. It is based on people and their logical focus boundaries. This stands in sharp contrast to how many businesses now attempt to approach ERM. Many businesses are under the impression that ERM is just an expanded version of a Sarbanes-Oxley (SOX) exercise. In reaction to a string of financial reporting crises, the SOX Act was passed (Bargeron, Lehn, & Zutter, 2010). Most businesses made a list of every potential risk to the accuracy of their financial reporting in an effort to comply with SOX. For larger firms, the list of risks frequently reached the hundreds or even thousands. Every risk was monitored in relation to data on its mitigation, including the designation of a risk owner. In order to ensure that the risks were sufficiently minimized, SOX compliance became a quarterly ritual. Many businesses made the mistaken assumption that ERM was identical to the well-known SOX, with the exception that ERM applied to all risks rather than just inaccurate financial reporting. This false belief is reinforced. Similar to how some audit firms misrepresent an expanded SOX exercise as

本书版权归Arcler所有

Enterprise Risk Management

121

ERM and say it is a component of a governance, risk, and compliance (GRC) program, this misrepresentation is a contributing factor to the confusion. Only one risk event can really happen at once. Given how rare each worst-case scenario is to occur, this might be the case. However, a lot of the risks taken into account by an ERM program have a moderate possibility. If only one moderate risk event happens at a time, then every other component of your organization operates exactly as you would expect it to. For instance, everything goes according to plan for your product strategy, distribution strategy, marketing strategy, human resources plan, etc., but your technology update program is a little behind schedule. More uncertainty exists in reality than that. Some of the biggest threats to a company’s survival can stem from several risk occurrences happening at once. The enterprise is in a vulnerable situation following the initial incident, which raises the possibility of certain secondary events happening. Risks can also interact with one another to worsen each other. This is a burst of strikes that come one after another quickly. Take into account any individuals you may have heard of or known whose lives abruptly took a turn for the worst. Therefore, if you are not recording several concurrent risk events, you can be overlooking something that has the potential to bankrupt the company. One risk occurrence can cancel out another. Events that could have both a downside and an upside are included in our concept of risk, so one event’s financial impact could be mitigated by another. A scenario in which a negative risk event reduces sales growth by a certain amount, but a subsequent upside risk event results in an equivalent and compensating increase in sales growth. This appears to be quite simple. Traditional risk management evaluates hazards at the level of the local business unit or risk and determines how to mitigate them based on the management’s judgment, gut feeling, or, worse yet, arbitrary guidelines that were created decades ago for unrelated purposes. When using a standard risk management strategy, some risks may not be sufficiently mitigated, which might be disastrous if a risk event occurs and the business is not adequately safeguarded. As a result, money is wasted on extra mitigation that management would have rejected if the right information had been accessible. ERM, on the other hand, presents a rational strategy based on the enterprise’s total volatility and the level of stability, or shock resistance, that management wants. This is more logical because it reflects how shareholders and other important stakeholders see volatility: as it manifests itself at the corporate level. Depending on the organization’s unique risk culture and how they choose to

本书版权归Arcler所有

122

Comprehensive Guide to Business Risk Management

distribute their overall enterprise risk budget, lower-level decisions can be made at the business segment. ERM, however, marks a significant advancement. This indicates that the entire business spectrum is acknowledged and taken into account. Risk exposures that do not benefit the company are taken into account for mitigation. Traditional risk management included this. But with ERM, risks for which the corporation receives compensation are taken into account for exploitation, increasing exposure. This broader perspective enables the full evaluation of each business decision. For a complete risk-return analysis, the upside risk-taking potential is taken into account along with the negative risk exposures. The enterprise risk exposure assessments include and take into consideration upside volatility. As a result, ERM is able to pinpoint the locations and levels of additional risk that may be accepted within the context of acceptable risk-return trade-offs. This contains a crucial risk-return relationship that is sometimes absent from conventional risk management programs and even conventional company management strategies. For those working in risk management, the significance of this cannot be emphasized. They are no longer avoided by company decision-makers as the bearers of bad news but rather welcomed at the planning table. They are invited to participate in meetings where decisions are made at the corporate level and in the business segments. With a framework for integrating risk and return, risk experts can now provide value to crucial decision-making procedures like strategic planning.

5.6. DISCREPANCY This discrepancy between the ERM program’s internal reality and what is presented to external stakeholders poses a serious danger (Blume, Lim, & Mackinlay, 1998). Consider a situation where a company’s stock price suddenly drops by 50% as a result of a danger that none of its rivals experienced. Currently, management is being examined. The management’s estimate of shareholder value, or business value, is taken into account, but only to the extent that it has an effect on secondary stakeholders’ levels of satisfaction. For instance, rating agency restrictions must be considered because a lower rating could have a negative influence on value when looking for risk-to-value trade-offs that might maximize corporate value. In order to maximize corporate value, most corporations have long since moved away from AAA ratings, believing them to be excessively expensive and redundant. The market has recognized this movement. Another illustration

本书版权归Arcler所有

Enterprise Risk Management

123

would be that if regulators are not completely satisfied, they might take action that would diminish the value of the company. The ERM process cycle’s first stage is risk identification. It entails identifying the major risks that pose the greatest possible threats to the company. This requires condensing a lengthy list of potential dangers into a manageable number of significant risks. Using qualitative risk assessments that are based on internal judgments of the possibility and seriousness of each potential risk, this is primarily accomplished. The primary risks are quantified in the second stage of the ERM process cycle on both an individual and integrated level. In order to do this, an ERM model must be used to calculate the potential effects of various risk scenarios on certain critical KPIs. Following completion of this, enterprise risk exposure measurements are produced by quantifying the effects of integrated risk scenarios, which involve many risks occurring at once. Once a risk appetite has been established, choices on whether to enhance or decrease risk exposures can be taken. The integration of ERM into normal decision-making processes, such as strategic planning, tactical, and strategic decisions, and transactions, falls under the second category. Risk messaging is the fourth stage of the ERM process cycle. Internal risk messaging and outward risk messaging are the two different types of messaging included in this. This is an effective way of communicating internally, and it sends a clear message to management that risk and return need to be taken into account jointly. Once risk exposures are monitored by the departments, business units, and individuals that generate them and are represented in incentive compensation, it becomes obvious that increasing the firm’s risk exposure will increase the expected return. For a strong ERM program, good risk governance is a prerequisite, but it is not sufficient. Even if a corporation has created and put into place what looks to be a strong risk governance structure, that alone cannot tell us much about what is actually happening. A hollow ERM program can have all the risk governance components in place around it, similar to a complex freeway system that is empty of traffic. ERM framework is more fundamental and directly related to the effectiveness of an ERM program. Before going through the ERM process cycle at least once, just the most fundamental risk governance structure is necessary initially. It varies from firm to company how ERM develops, is embraced, and is integrated into its essential processes. It is difficult to write the entire risk governance framework needed to support ERM activities until it is known how they will actually be carried out. It’s crucial to first comprehend the ERM process

本书版权归Arcler所有

124

Comprehensive Guide to Business Risk Management

steps in order to grasp risk governance. Only within the context of ERM operations can the many essential participants’ roles and duties be discussed. The same is true of the organizational structure, rules, and practices that make up risk governance, along with roles and responsibilities. They can only be discussed once the ERM process as a whole has been well defined and comprehended. These match up with all risk categories, which for the majority of businesses include financial, operational, and strategic. A large portion of these possible risks are merely irrelevant. The business’s chosen strategy serves as a natural filter, removing unimportant risks. In other words, the strategy will decide which risks are relevant to the organization and which ones are not. There are many objective external quantitative experience data for the primary hazards for which building risk scenarios is mostly objective. The vast majority of the major hazards in this category is monetary concerns. For instance, think about market risks. We have decades of experience working with daily data on the major stock markets’ volatility. We can create a thorough, smooth, continuous distribution of historical risk scenarios for market risk as a result. Creating risk scenarios for these kinds of issues is largely objective (Miller & Waller, 2003). The comprehension of the risk event, its likelihood, and its financial repercussions is largely based on historical experience. A set of deterministic risk scenarios are chosen by management from the continuous distribution, which involves some subjective judgment. The major risks, however, for which creating risk scenarios is primarily subjective, are those for which there is either no external, objective quantitative experience data, or for which there are only very few such data that are easily available. The majority of the major hazards in this category are operational and strategic risks. Consider the strategic risk associated with strategy execution. By adapting the failure modes and effects analysis (FMEA) (Figure 5.3) method from the manufacturing industry, which heavily incorporates input from internal subject matter experts, management creates a set of deterministic risk scenarios (von Ahsen, 2008).

本书版权归Arcler所有

Enterprise Risk Management

125

Figure 5.3. Failure modes and effects analysis. Source: https://www.onupkeep.com/images/raster/learning/maintenance-tools/ fmea-matrix.png?cbh=e50368192c1ffbc11c427fa1512b5adc.

5.7. FMEA The FMEA technique can be useful in risk scenarios that are largely objective. Data from the past is frequently lacking. Experts in the field can also contribute their expertise and intuition, which can be very valuable to the process. Combining the two methods is frequently the most effective technique for these largely objective risk scenarios. The exposure to corporate risk must also be measured. The distribution of all potential effects on the baseline company value from simulations including one or more events, or one or more risk scenarios occurring concurrently, is known as enterprise risk exposure. Because more than one variable might diverge from the strategic plan during any given period in business, this is a more accurate and comprehensive portrayal of the firm’s risk exposure.

本书版权归Arcler所有

126

Comprehensive Guide to Business Risk Management

The impact of risk interaction, or correlation between risk scenarios, is a further risk-related parameter that we need in order to do this calculation. Positively associated hazards are more likely to occur together than their probability alone would suggest, while negatively correlated risks are less likely to occur together and independently occur (uncorrelated). We are able to calculate the potential financial impact of individual risk events, as well as that of several simultaneous risk events, on firm value and other important indicators once risk correlation has been established. First, though, we must take into account risk management strategies, another natural filter that lessens the financial impact of major threats. Tactics for risk management are actions that lessen the likelihood and/or gravity of risk events. When defining risk appetite, management is simply attempting to ascertain the level of risk that the enterprise’s aggregate shareholders, who are frequently a highly diverse group with varying viewpoints, expectations, and investment needs, desire. Each member of the ERM committee contributes a unique viewpoint to this activity (Daud, Yazid, & Hussin, 2010). Since each member of the ERM committee is an individual, he or she has a unique emotional sense of how much risk the company should be taking. Intellectually, however, everyone is considering a similar set of measures in addition to the overarching statistic of firm value, which promotes agreement on the concept of risk appetite. As you can see, altering your method or plan has an effect on the filters below. This in turn alters the calculations used to determine the baseline firm valuation and the enterprise risk exposure. This demonstrates how the value-based ERM approach enables management to assess alternative risk decisions, both strategic and tactical, before they are taken by quantifying their influence on the important KPIs, enterprise risk exposure and the baseline company value. Because management is informed on the effects of each decision alternative on risk and return, decisionmaking is fully supported. This is one of the value-based ERM process’s most useful and unquestionably most distinctive components. This pairing of risk and return components is a crucial component supporting decision making more broadly. In order to help in the risk appetite consensus meeting, management typically adds some instances of how the enterprise risk exposure can be adjusted by readily available strategic or tactical maneuvers to the enterprise risk exposure information that is supplied to the ERM committee. Consider the strategic planning process, a crucial component of valuebased management, to understand this. Management creates a strategy that, if carried out well, will raise the firm’s worth. A financial prediction

本书版权归Arcler所有

Enterprise Risk Management

127

for the strategic strategy typically serves as its foundation. The Plan is a static, one-scenario prediction of the future that is stated as though it will occur exactly as predicted, without a single doubt. This is a little unfair considering that the work done by the various business segments to develop the Plan frequently entails some excellent scenario analyzes, such as SWOT analyzes and sensitivity analyzes, frequently with robust quantitative workups (Gurl, 2017). When the ERM program is initially established with just the company’s main business sector in mind, this is most frequently the case. This is particularly prevalent in financial services companies with a variety of businesses, some of which must have the necessary capital on their balance sheets and others of which do not. Amounts of capital that must remain on the balance sheet to fund ongoing operations and cannot be used to finance expansion in the future are referred to as necessary capital. Various stakeholders, including regulators, rating services, and management itself, all have their own methods for defining and determining the appropriate amount of capital. To guarantee that all stakeholders are satisfied, the corporation frequently holds the highest of these amounts. Financial services firms that focus primarily on banking or insurance typically employ a capital-based ERM framework, using capital as their principal performance indicator. It makes sense why these kinds of firms would gravitate toward a capital-based strategy. For them, it is a significant metric. It is also a statistic that results from risk management, as the amount of capital that is needed is determined by how much risk the company is exposed to. Unfortunately, this makes implementing an enterprise-wide ERM program impossible for financial services organizations with nonfinancial services operations. Due to the absence of capital requirements in these non-financial services sectors, a capital-based approach is inapplicable. Consider a bank holding company that has both a consultancy division and a retail banking division. A capital-based ERM program is put in place. The amount of additional capital required that the risk exposure generates is their primary criterion for measuring risk exposure. Although the consulting industry plainly generates risk, it does not provide the necessary capital because this area of the firm is exempt from capital requirements. Because capital requirements are not a standard unit of measurement that can be used to assess risks throughout the firm, the company’s ERM program is insufficient. For these hazards, industry data is frequently lacking. The potential impact of a company’s strategic plan being wrong or the prospective impact of bad strategy implementation, for instance, cannot be quantified using any

本书版权归Arcler所有

128

Comprehensive Guide to Business Risk Management

industry data set. Each organization faces a different risk depending on its strategy and ability to properly implement it. Industry data is frequently helpful as supplemental anecdotal information for calculating risk. However, using industry data as the main foundation for risk quantification is frequently unsuitable. Depending on the risk mitigation strategies in place, the overall effect of risk on a business varies greatly. For instance, if one company has better risk management practices or higher insurance coverage than another seemingly identical company, the first company will not experience the same negative effects from the risk event as the second company. Each organization’s process for dealing with risks can differ greatly. The unique characteristics of the organization and its risk management strategies are not taken into account when using an industry data set. Finding the best internal subject matter experts for the risk in question is the first stage in the FMEA process. For some risks, this may be the most senior individual connected with the risk, such as the executive risk owner who is in charge of the risk’s overall management across the entire organization. Depending on the risk, litigation or human resources concerns may be the case. But typically, the individual who is most at risk is the best option. The identified respondents are then asked to provide a set of risk scenarios for the major risk in issue as the second step in the FMEA interview process. For each major risk, there are frequently a number of risk scenarios. Although upside risk scenarios won’t apply to all significant risks, it’s still vital to take them into account. These scenarios each represent a distinct deterministic risk scenario. In other words, these are imagined real-world occurrences (Kirchsteiger, 1999). Creating particular deterministic scenarios is essential. It is simpler for interviewers to consider the sequential succession of potential events and the implications for the business when they can visualize a specific event occurring. Modifying the plausible worst-case scenario results in some of the less extreme risk possibilities. The FMEA approach directs the experts to go through the event in detail and chronologically for each specific risk scenario. The internal subject matter expert’s knowledge about what outcomes in the external and internal environment will probably follow from the original occurrence is extracted through a series of expertled questions. The event’s likelihood is determined in the third stage. It’s challenging since everything is so ambiguous. Additionally, it is challenging since the interviewers are sometimes used to providing such estimates and frequently lack a basic understanding of probability. Creating estimations of the quantitative effects of each deterministic risk scenario on the base company value is the last stage in the FMEA interview process. Similar to

本书版权归Arcler所有

Enterprise Risk Management

129

determining likelihood, getting respondents to feel comfortable generating estimates can be challenging when assessing quantitative impacts. Another justification for using an experienced person to conduct the FMEA interviews is this.

5.8. MODEL ERM model to shock the baseline firm value, both the likelihood and the quantitative consequences are inputs used to first quantify individual risk exposures and then enterprise risk exposure (Wu & Olson, 2009a). The notion that this information can’t possibly be relevant because it is all based on mere guesses is a common initial concern brought up in early talks of the FMEA technique. Although the latter is mostly accurate, the process does require educated guesses. The ERM process does benefit greatly from this knowledge. Even highly speculative estimations are vastly preferable to no quantitative information at all for management. Even though these are only educated guesses, they are created by people who are familiar with the risks, frequently by people with decades of personal experience and even more anecdotal knowledge of risk incidents in the business. The company employs a lot of intelligent people, and their heads are jam-packed with priceless information. This valuable knowledge is taken from the subject matter experts by the FMEA process and presented on the page in a uniform quantitative way for all major risks throughout the entire organization. Many times, the FMEA process is the first time the subject matter experts are asked to consider risk scenarios and potential mitigation, and this introspective process results in better approximations than had previously existed anywhere. As a form of sensitivity analysis, ranges around the estimate are utilized to demonstrate how inaccurate the estimate could be. A business unit originally objected when an ERM team provided them with a commercial opportunity based on FMEA data because of the approximate nature of one important assumption. The outcomes of the FMEA interviews are documented, which is another aspect that elevates this knowledge above educated estimates. People are more careful about the quality of their work when they are aware that their name is formally associated with it. This happened when SOX was first put into use. Senior executives were required to sign their first attestation verifying the certainty of the risk assessments, control assessments, and financial reports at the conclusion of the first significant effort to collect and analyze a huge amount of data. As the executives started to scrutinize the

本书版权归Arcler所有

130

Comprehensive Guide to Business Risk Management

information more carefully to boost their level of comfort before signing, the quality of the information started to somewhat improve at this point. In the beginning, just one or two experts contributed to the FMEA information collection. The FMEA data is shared with other employees of the organization and published. As more people offer their insights, the data are improved and corrected as a result. This is very similar to Wikipedia’s impact, which reaps the rewards of shared information producing a general consensus. A relative comparison of risks can be made using the FMEA process. For all risks, the FMEA exercise is conducted consistently across the organization, and it quantifies the possible impact of each risk. Although the relative risks of each risk scenario are evaluated using subjective estimations, the information is more potent when taken as a whole since relative risks are more dependable than any one assessment. Priorities frequently change to those hazards that are comparatively more impactful as a result of comparison study. Only qualitative information is used in the first traditional ERM technique, which prevents decision-making based on the information. The value-based approach, in contrast, quantifies all significant hazards. The value-based approach also quantifies them in terms of how they affect the value of the company, which strongly aids decision-making. These problems are also solved by the value-based strategy. The information is accessible because the business creates its own data mostly using internal staff. This information is widely available since management is always aware of the one or two individuals who are most exposed to a certain risk and has access to them. Additionally, because it is based on the unique circumstances within the company, the data created is company and culture specific. The third conventional ERM approach uses risk capital as the primary indicator. There are two methods: The first employs a method that is not risk-based and, worse yet, occasionally measures changes in exposure in the wrong direction. Because it starts with risk scenarios relevant to the organization and because the ERM measures correctly the level of exposures, it is clear that the value-based ERM strategy is risk-based. Top salespeople and managers pass away as a result of a catastrophe during an internal meeting. The future revenues that these salespeople were expected to produce were factored into the value-based ERM approach’s baseline company value. As a result, the lost revenue would be completely reflected in the assessment of the risk, which is the shock to the baseline. Simultaneous multiple risks are ignored in traditional ERM systems utilizing silo techniques, and their interactivity including offsets and exacerbations (Wu & Olson, 2009b). The enterprise risk exposure graph

本书版权归Arcler所有

Enterprise Risk Management

131

produced by the value-based ERM approach, on the other hand, completely represents this by directly quantifying various risks and their interactivity in the ERM model. The value-based ERM strategy addresses the inefficiencies in many standard ERM programs brought on by a lack of centralized coordination and cross-departmental communication. A high level of ERM coordination and cross-pollination is ensured by the structure offered by the value-based ERM methodology and the unifying aspect of the business value metric. Any relevant area of the company is identified, and inputs from that area are included, in the development of the risk scenarios. The value-based approach also makes use of a central ERM model that business units can access from anywhere in the company to determine the marginal impact of any risk decision. Last but not least, defining risk appetite from the top down and cascading down to risk limitations results in enterprisewide coordinated approaches by risk type. For ERM, there are two essential aggregate metrics. Enterprise risk exposure comes first, followed by risk appetite. While the latter is a management-defined item, the former is a computed item. The current degree of overall enterprise volatility is represented by enterprise risk exposure. The highest level of corporate risk exposure to which management would prefer the business to be exposed is known as risk appetite. Because the metrics used to determine risk appetite should coincide with the metrics used for enterprise risk exposure, the two aggregate metrics should be mirror images of one another. Remember that each of these aggregate metrics is actually a full distribution of possible outcomes, which may be represented by a number of metrics, each with a variety of thresholds and accompanying likelihoods.

5.9. QUALITY The quality of the qualitative risk assessment portion of the risk identification process step is diminished by failing to consistently define all hazards according to their source (Burkov, Burkova, Barkhi, & Berlinov, 2018). For the qualitative risk assessment, survey respondents are asked to rate the likelihood and severity of potential major risks using a qualitative scale. Participants in the qualitative risk assessment must have a precise description and a shared knowledge of the risks they are assessing in order for the survey results to be useful. Unfortunately, it frequently leads to misunderstanding when risks are determined by their results. Different survey respondents may imagine a different source of risk when contemplating a particular risk characterized by its consequence, and as a result, the chance and severity

本书版权归Arcler所有

132

Comprehensive Guide to Business Risk Management

scores will be offered on an inconsistent basis. The risk mitigation phase of the risk decision-making process step is also hampered by inconsistently defining all risks according to their sources. The majority of risk mitigation is done at the source of risk, even though part of it is related to the. Therefore, it might be challenging to assess risk mitigation measures when you don’t know the cause. All of these problems are solved by consistently classifying hazards based on their source. Due to a shared knowledge of the precise source of each risk, it enables survey respondents to provide qualitative risk assessments with uniform scoring. It makes it simple to pinpoint the right subject-matter specialists in charge of creating risk scenarios for every single risk source. It offers a clear way to think about specific risk scenarios that can follow logically from their source. It offers the capability to create comprehensive risk scenarios. Finally, it enables assessment of all available mitigation measures, most of which take place at the source. The degree of support for the ERM program is communicated, letting invitees know they should give it some attention and make time for it in their schedules. This can include backing from the CEO, the board of directors, other top executives, as well as any heads within the participant’s specific industry. The backdrop for the exercise and the connection between survey participant efforts and the broader ERM program are provided by outlining the significance of the qualitative risk assessment to the overall ERM program. Respect for survey respondents is shown by emphasizing the need for their valuable feedback, which is based on their understanding of the industry, their experience, and their expertise. Unfortunately, a harmful misperception about ERM is that it can successfully scan the environment for unidentified risks and provide a high level of protection from such unpleasant discoveries. The fact that these threats are the most feared contributes to this mistaken assumption. A primitive fear is the abrupt appearance of a dangerous event that catches us off guard. The fact that chief risk officers are frequently let go after a significant risk occurrence shows how many individuals erroneously believe that ERM can shield them from unforeseen hazards (Hessami, 1999). This would be justified if the risk event that manifested was one that should have been known, given more priority, or more successfully managed, and the ERM program was poorly conceived or administered. Although there have been occasional instances of firings under these conditions, it hasn’t always been the case. In many other instances, senior management either mistakenly felt that ERM could shield the company from unanticipated risks

本书版权归Arcler所有

Enterprise Risk Management

133

or they thought that shareholders shared this delusion. We shall constantly be exposed to the element of surprise because it is an unavoidable truth of our existence. ERM is not, and cannot be, designed to stop the emergence of unanticipated events that could harm or even destroy the organization. Setting appropriate expectations from the outset of ERM adoption and implementation is crucial for the CRO and the ERM team. It just offers to organize and utilize information about the hazards we are aware of and to help us understand how we weigh risk versus benefit. We are tempted to accept people who provide a system that can make us safe since, unfortunately, we have such a high value for avoiding unpleasant surprises. Naturally, there are individuals who take advantage of these incentives by asserting that they have a system that can spot unidentified threats. They frequently offer complex approaches and assert that high-level mathematics can uncover hidden data, improving the detection of unidentified hazards. With a satellite called Sputnik, Russia, the United States’ principal adversary at the time, became the first country to enter space in 1957. The United States improved its math and scientific curricula and revitalized its space program because of President Kennedy’s strong leadership, appropriate identification of the issue, and capacity to acknowledge it openly. America was able to reclaim its competitive edge in space exploration and related technologies as a result. Directly addressing this risk is unlikely to be successful. Instead, then mentioning the conduct directly, one strategy is to draw attention to the deficiencies that result from the behavior. To question if the company is conducting enough competition analysis is one example. The business segments can directly address this or the ERM team can do so indirectly through the emerging risk identification process. Another example would be to question how often outcomes are benchmarked against important competitors. This can help the society regain some realism and shed its exclusive mindset. Another risk that requires special consideration is the risk of concentration. Concentration risk is sometimes defined as having too much risk exposure in one sector due to a lack of variety in the investment portfolio. A typical illustration is having a large portion of your assets invested in a single asset class, such real estate in one specific area. A bank’s loans being concentrated in a single industry area is another illustration. The concentration simply expresses the degree of exposure to a certain source of risk. For instance, concentration risk associated with stocks is correctly characterized and categorized as equity market risk, where the risk’s concentration component just raises questions about the extent of exposure to equity market risk.

本书版权归Arcler所有

本书版权归Arcler所有

6

CHAPTER

CORPORATE GOVERNANCE AND RISK MANAGEMENT

CONTENTS

本书版权归Arcler所有

6.1. Introduction .................................................................................... 136 6.2. Compliance .................................................................................... 137 6.3. Business.......................................................................................... 138 6.4. Liabilities ........................................................................................ 141 6.5. Payments ........................................................................................ 143 6.6. Laws ............................................................................................... 146 6.7. Funds.............................................................................................. 148 6.8. Cost-Savings ................................................................................... 152 6.9. Principles........................................................................................ 153 6.10. Claims .......................................................................................... 154 6.11. Information ................................................................................... 159

136

Comprehensive Guide to Business Risk Management

6.1. INTRODUCTION The ideas of due diligence and corporate governance are becoming more and more significant in today’s business world. Both ideas have expanded in terms of their application and significance. As a result of the international regulatory and voluntary frameworks that are forming, their application has in fact begun to overlap. From simply economic beginnings, they have expanded to include a variety of business behaviors (Greuning & BrajovicBratanovic, 2022). Furthermore, regardless of their size or location, all organizations should prioritize these concerns in light of the ongoing corporate scandals that make headlines and highlight the need for better corporate governance. It is imperative for business success to comprehend and appreciate corporate governance (Figure 6.1) and due diligence. Like anything else, due diligence procedures must have a beginning point. Each party to the deal must be willing to start a due diligence process if there are discussions about a potential merger. But this is when the lines between what constitutes due diligence might blur. Prior to any informal or official conversations in a merger situation, there would typically be a large amount of due diligence. The necessary diligence is to ascertain whether there is sufficient data to support discussions regarding a potential merger. Therefore, there is never a single phase with a single beginning point for every due diligence exercise.

Figure 6.1. Corporate governance. Source: https://www.researchgate.net/profile/Suhaimi-Sarif-2/publication/314153284/figure/fig2/AS:667699281657859@1536203322240/Key-elements-of-corporate-governance.png.

本书版权归Arcler所有

Corporate Governance and Risk Management

137

6.2. COMPLIANCE All businesses will engage in some type of due diligence, whether formally or informally. Larger organizations, of course, require a more formal, structured approach. An excess of people each doing things their own way might lead to a surplus of data with no information. Smaller organizations, on the other hand, might conduct all of their business informally, making a lot of impromptu decisions without any notes or documentation. It is important for any firm to comprehend how due diligence benefits everyone. Traditionally, management has this responsibility because they establish the company’s rules, practices, culture, and methods of doing business. A legal questionnaire and disclosure documents that have been attested by the candidate are the first steps in the normal traditional process, which is followed by a review, compilation, or audit of financial data (Andersen & Choong, 1997). A regulatory agency records search is typically carried out. Numerous public records are typically searched. Research is frequently added in areas like the candidate’s industry niche, as well as occasionally the media. Additionally, additional research is occasionally contributed by getting in touch with other business and governmental organizations. In order to streamline the transaction, warranties, and indemnities have evolved throughout this procedure. For instance, it is possible that the vendor is ignorant of any flaws or problems that surface during the due diligence procedure. The fact that the material discloses how the target has been managed is another significant advantage of the legal due diligence procedure. It may consider the history of the target and applicant as well as their goals, as well as their chosen organizational structure, whether that be a corporation, partnership, or owner manager business. There are many smaller acquisitions that draw the attention of the due diligence process, even though many due diligence exercises involve very large transactions. While some of the process’s concerns are better suited to larger transactions, others are applicable regardless of transaction size. For instance, the administration of the company will be reflected in late or inaccurate returns to the authorities, such as the Inland Revenue and corporate registers. They might also point to money problems, as in the case of late financial statements filed with corporate registrations. Furthermore, as said, the information gathered during the due diligence process can be an invaluable instrument for continued management of the target after the sale is finalized. It should be highlighted that there are more people who benefit from the due diligence process due to the constant pressure from regulators, security exchanges,

本书版权归Arcler所有

138

Comprehensive Guide to Business Risk Management

and stakeholders. It is crucial that the intended user of this information be taken into account when the parties are defining the procedures for the due diligence responsibilities. For instance, there are often precise forms and formats for data presentation when a government regulator is involved. Recasting the material numerous times only to satisfy the regulator’s obsession with precision will be exceedingly annoying and more expensive. Accurate and timely information can satisfy shareholders, investors, and stakeholders, but they are typically more interested in the big picture or bottom line. Making sure that staff are not overlooked in this process is crucial. All employees who earn remuneration from the company, including clerks, middle managers, management, and associated parties, like hearing about it. Reports can be prepared as part of due diligence without infringing on privacy or legal requirements. When conglomerate acquisition was simpler, managing overlaps was frequently limited to financial control. But when a synergistic acquisition occurs, it can also be necessary to integrate the marketing, manufacturing, and IT activities. As a result, the transaction is significantly riskier and more complicated. However, despite how intimidating they may seem, this risk and complexity are an important aspect of corporate life that must be effectively managed. There are several causes for this. The ability to complete a successful acquisition is likely to become a competitive advantage at the strategic level as businesses increasingly turn to this strategy for obtaining growth and differentiation (Elahi, 2013). Even overall data suggests that deep integration only occasionally happens, all acquisition types do experience a number of important alterations. The most frequent modifications are those that have symbolic significance and signify advancement to the employees and the city. As a result, acquisition integration tends to focus on early indications of success, which is a less risky and preferable approach to a longer-term involved integration which may take time to signal success, given the focus on share price and city evaluation that drives much business strategy, not least because the share options link between senior management and company stock price.

6.3. BUSINESS The type of business or transaction being considered in some situations will limit or restrict the amount of due diligence that is accessible or necessary. In contrast to a private firm where there has been no such public disclosure, the offering circular or document of a publicly traded company that is

本书版权归Arcler所有

Corporate Governance and Risk Management

139

subject to ongoing disclosure requirements to its shareholders, governing regulator, or exchange will be different. The due diligence that can be done on a recommended bid for a company will also be very different from that available for a hostile bid, where the offeror company is simply denied access to the pertinent internal financial and management information and must impose a number of conditions on the bid that it will have the authority to change or modify depending on what is learned or obtained during the due diligence phase of the bid process. The quantity of investment or financing to be made accessible, the return or pricing of the investment or financing, and the investment or financing’s structure will all be determined through the due diligence process. Additionally, the due diligence process always requires an alignment of expectations, risk, and reward, and interests. Conflicting interests exist. What a firm or business may consider to be a fair return on an investment may be very different from what an investor or financier may want (Robinson, 2012). The ability to produce the return based on the expectations set will also be addressed by the alignment of interests, in addition to the price issue. The evaluation of external factors, which have an impact on return and reward, is another concern. These factors can be systematic like interest rates, inflation, and political events, common to the business and industry as a whole, or they can be unique to the business or industry and can be compared to other businesses. Thus, risk can be identified and isolated before being evaluated in relation to the anticipated return, a procedure known as risk adjusted return. There will be differences in the importance placed on the crucial financial research tools utilized by equity investors and lenders alike. An equity investor will be more interested in profitability ratios looking at return on capital and return on equity than a lender who will be examining financial risk ratios like interest coverage and interest coverage adjusted for cash flow and debt to equity ratios. The critical ability of the business to pay its obligations as they become due and to turn over its inventory or assets in a sufficient number of days to generate cash flow and be viable and profitable are problems that both will be concerned with. Of course, each organization will place a different focus on one or more of the financial ratios. They are also affected by fashion trends. When forecasts and projections were the only factors utilized to determine value and investment during the late 1990s technological boom, for instance, many of these key financial parameters were abandoned. This strategy inevitably lost favor in the middle of 2007, when lenders discovered that they had insufficient security during a market slump brought on by the collapse of

本书版权归Arcler所有

140

Comprehensive Guide to Business Risk Management

the subprime sector and falling liquidity levels. It is common for a corporate finance transaction to involve a combination of equity, debt, or variants of both, and this will prompt a proper examination of the appropriate combination and pricing. To ascertain the proper ratio of each and the associated risks, a well-known formula is the weighted average cost of capital. Numerous aspects will need to be taken into account when deciding whether or not to invest, fund, or carry out the transaction as well as when analyzing the business or transaction overall. A team of experts from several disciplines would evaluate these issues as part of the crucial due diligence process, which would also involve looking into various aspects of the business or transaction. The due diligence process will differ significantly from one firm or transaction to another, thus the first information requests or the framework for the inquiry and study will need to be adjusted to the particular business or transaction. The evaluation and structuring process, as well as the final success or failure of the proposed investment or finance for the business or transaction, will be significantly influenced by the due diligence process (Das & Teng, 2001). Depending on the business or transaction being proposed or considered, the due diligence process will first take a high-level approach before reaching down to a more in-depth and distilled consideration of the various issues affecting the value of the business, frequently after sifting through a myriad of legal, technical, and commercial issues. These factors will then serve as the foundation for a report or reports that will ultimately be used to make investment or credit choices. The due diligence team would be made up of a variety of professional consultants, typically including expertise in law, finance, technology, the environment, insurance, and actuarial work. As soon as it is practical, these advisors should be hired so they have time to fully address the pertinent issues. The lending institution or investment bank will usually be in charge of leading the due diligence process and coordinating the due diligence team. The team conducting the due diligence exercise needs to receive precise instructions regarding the goal and restrictions of the exercise. The team will be better able to streamline the exercise, concentrate on the pertinent issues, and make it more time and cost effective if they are aware of what the company or transaction includes and what the exercise’s goals are. The due diligence team must be informed of these plans and tactics if a firm intends to purchase a target with the goal of launching or building a hotel with a casino or another type of property that will be developed and sold. The investment corporation wants to know

本书版权归Arcler所有

Corporate Governance and Risk Management

141

from the due diligence process whether these tactics are feasible and what difficulties they include. It is frequently incredibly surprising how far along advanced transactions can go before important corporate finance problems are identified. Thus, high level information overviews are advised from the very beginning. The business’s regulated status and compliance with regulatory requirements would be at the heart of this transaction. The framework for how the transaction is financed, organized, documented, and finished can then be negotiated and agreed upon based on the facts revealed.

6.4. LIABILITIES The liabilities would be quantified, the price adjusted or the purchase price deferred, and the disclosures warranted as being complete and accurate in themselves once disclosures are made, for example, as regards pending litigation, breaches of overdraft facilities, or arrangements with creditors. This would ensure that the extent of the liability is correctly provided for (Dullaway & Needleman, 2004). The exchange of secret undertakings is a crucial step at the beginning of the due diligence process. These set up the atmosphere where lenders or investors are safely given price-sensitive and important information about a business or transaction without running the danger of the information leaking into the public realm and lowering the business’s worth and reputation. The suitable environment must be created since only complete disclosure will allow for the proper examination of the proper risk and reward. The due diligence team and its advisers are often ring-fenced, and each member is required to give their commitment to uphold the engagement’s confidentiality requirements. Doing proper due diligence on the business owners or management or making sure the proposed funds to be invested in or lent to the business as part of the corporate finance transaction are clean are the first steps in any corporate finance transaction. The evaluation of the appropriate sources of finances flowing into and out of a commercial activity would thus be included in the exercise. Additionally, the professional members of the due diligence team will typically be subject to independent disclosure obligations and may be required, if they have concerns or suspicions, to disclose information to regulatory authorities without consulting the client or other due diligence team members. If a regulated adviser misses money laundering when they should have noticed it or had reason to suspect it, they may have committed a money laundering (Figure 6.2) offense.

本书版权归Arcler所有

142

Comprehensive Guide to Business Risk Management

Figure 6.2. Money laundering. Source: https://www.unodc.org/images/money-laundering/images_website_update/Money_Laundering_Cycle.png.

Any due diligence engagement’s conditions should be extremely clear on this point, and any confidentiality agreements will undoubtedly include an exception for disclosure (Trakman, 2002). Financial data that has been provided and the related financial ratios contain a wealth of information. Whatever the interpretation of the entries and financial ratio calculations, there is still a lot that could be hiding behind the numbers. The facts gleaned from a thorough study will be crucial in the ongoing discussions about the structure and cost of financing. Accounts should, at the very least, be audited in accordance with best accounting practices and local law. Examining any caveats or qualifications on the audit reports, as well as a pattern of frequent changes in auditors, is an essential component of historical analysis. Likewise, management accounts should at the very least embrace accounting principles and procedures that are in line with the audited accounts. The strength of the accounting systems used to record information, the accuracy of the postings, and the consistency and dependability of the basis on which postings are produced are of greater importance. It’s important to properly examine revenues. Contracts may be signed and bills issued even when there is no underlying delivery or delivery agreement. A rigorous examination is also required to ensure that the true costs of revenues are disclosed, rather than being hidden to artificially inflate earnings and profitability.

本书版权归Arcler所有

Corporate Governance and Risk Management

143

6.5. PAYMENTS For unique payment provisions, such as advance payments that do not necessarily require delivery or performance, capital obligations must be carefully addressed. The actual cost, delivery, and execution must be compared to financial estimates based on the projection of capital expenditures and sources of cash for the payment of such expenditures (Black & Cox, 1976). A planned capital financing might only be sufficient to cover working capital needs and fall short of meeting the company’s capital requirements, which are crucial to its future growth. Management frequently exaggerates the genuine working capital requirements in an effort to increase profits and returns. The worth of the stock and the ongoing work should be determined without taking profits into account but accounting for potential losses. It is crucial to physically inspect the inventory to make sure that the raw materials and goods are not out-of-date or redundant and that the value is appropriately recorded in the books. On-site stock checks at transaction closings are not unusual. It is important to carefully review all contingent, disputed, and other liabilities, including claims arising from contracts, as well as any defaults or cross-defaults that may occur under current borrowing facilities as a result of the financing. The effects of any defaults should also be carefully considered. The country in which the firm is located, as well as the country of the lender or investor, will have different tax effects. The tax consequences of a transaction or investment may have a significant impact on pricing, such as the withdrawal of previously held reliefs or the crystallization of charges, or the understatement or overstatement of deferred tax liabilities and tax assets as reported in the books of accounts. Tax is a crucial component of the due diligence process. It will be necessary to evaluate previous tax calculations and take the transaction’s effect into account. This will frequently influence how the transaction is set up, such as through the purchase of shares or assets, financing through debt or equity, delayed consideration, or installments, in order to maximize tax savings. The full range of applicable taxes, such as income or capital gains taxes, estate or inheritance taxes, value-added tax or sales or service taxes, as well as customs and excise duties and fees, would be covered by the tax review. An examination of the anticipated impact would be required in each scenario. For instance, value-added taxes may be applied to asset acquisitions, loans may be subject to withholding taxes on interest due, and foreign exchange controls may apply to offshore equity investments, resulting in punitive departure fees. It would be typical to see

本书版权归Arcler所有

144

Comprehensive Guide to Business Risk Management

tax warranties and representations addressing the problems of concern as well as complete tax indemnities being offered in respect of any liabilities or contingent liabilities expected to arise as part of any documentation created after such a review. It is important to thoroughly analyze all previous borrowings, including debentures, overdrafts, and loans made available to the business. The total amount of borrowings and the additional debt must not exceed the authorized limits for the existing facilities and must fall within the range set forth in the business’s charter. If not, the constitution must be changed before the company can use the new facilities. The current amenities ought to be maintained and used (Bin, Crawford, Kruse, & Landry, 2008). The default provisions of the facilities and the effects of revisions should be thoroughly examined in the terms of the current facilities. Covenants must be made that the business has not violated any of the terms of the existing facilities, and if it has, pertinent disclosures must be sought. It can be required to subordinate the existing debt or make sure that the existing debt is given priority as part of the transaction when new debt is made available in addition to the existing debt. The company would have signed a number of other commercial contracts, often with its distributors, suppliers, export agents, and marketing agencies. These agreements could be crucial for commercial activities and sales. As a result, it is critical to confirm the validity and existence of these contracts, determine the responsibilities under each, and confirm that the business is not in default or would become in default as a result of the transaction. Particularly, unpaid debts like money owed or payable would need to be taken into account. This may be a very laborious and drawn-out process. The contracts’ termination clauses could be unfavorable, come with long notice periods, or become effective following a change of management. Additionally, extra caution will need to be exercised if the business has guaranteed or indemnified any third party in relation to liabilities of a group company or otherwise. Powers of attorney, option agreements, indemnities, comfort letters, credit extensions, credit grants, or any other instrument that might, as a result of the transaction, become an obligation for the business should be carefully evaluated. If one wants to obtain the license’s assignment, they must make sure that the license is not personal to the person in whose favor it is granted, in which case it could not be possible to assign or sublicense the license. Once more, the list of things that can and cannot be registered may vary by country. According to the UK Patent Office, computer software may be eligible for patent protection if it has a technical effect, which is commonly regarded as improving technology. It must also primarily be used in the technology

本书版权归Arcler所有

Corporate Governance and Risk Management

145

industry. Establishing the point of origin of the IPR is crucial. Particularly in cases where the IPRs (Figure 6.3) are not registrable, warranties, and representations should be made. Some jurisdictions may have an additional need for registering ownership, license, or sub-license of the IPRs within a specific time frame. Additionally, care must be taken to ensure that any technology or information used by the company does not violate the intellectual property rights (IPRs) of third parties and that it is authorized for use by the company (Hanel, 2006). Confidentiality agreements should bind staff members handling sensitive data.

Figure 6.3. IPR. Source: https://www.researchgate.net/publication/339481869/figure/fig1/AS:8 62458134671360@1582637451115/Different-types-of-IPR.png.

Normally, when a business, in whole or in part, is transferred to another, existing regulations will preserve the interests of the employees. The same terms and conditions apply for the automatic transfer of the personnel. The provisions of such legislation will not apply to transfers that do not include a business transfer. As long as the employer company remains the same, the regulations will not have an impact on the transfer of shares. Any rights and obligations resulting from employment contracts, including all collective agreements established on behalf of employees, are transferred to the new employer as part of a business transfer. However, benefits related to occupational pension plans would need to be transferred separately. Irrespective of the magnitude of the enterprise, regulations may still be applicable. Any transaction involving a change in ownership must also take into account consulting with trade or employee union representatives.

本书版权归Arcler所有

146

Comprehensive Guide to Business Risk Management

A lender or investor may then seek to obtain substantial warranties and assurances from the company owners and management that can be relied upon and are included in the risk return analysis after having completed a due diligence exercise. These are frequently the subject of intense negotiation and have the power to make or break a contract since they affect how liabilities are allocated and how the risk-reward equation is balanced. The guarantees may be expressed as indemnities, which are promises that, in the event of a certain liability, a loss will be covered or made good. Indemnities are always given in cases of tax liabilities on share sales, legal claims, environmental concerns, dubious claims, third-party liabilities, and any other situation where there is a chance that a liability could arise. Due diligence should be conducted with a specific goal in mind because it is an essential component of any acquisition, investment, or loan. The goal will rely on the investment strategy employed by the investor or just the anticipated lending risks. Determining the actual risk and reward relationship should be the focus.

6.6. LAWS Laws governing product liability might vary greatly between jurisdictions. Because strict responsibility may be the basis for product liability legislation in some countries, carelessness may not even need to be shown (Henderson, 1983). Potential liability to businesses could be limited. Even though the bulk of high-profile cases have occurred in the USA, it is important to note that upcoming legal changes in the UK and the rest of the EU may broaden the potential for extensive litigation and potentially multi-million-dollar damages that are frequently seen in the USA. Product liability is not the only area of litigation risk. In fact, there are a wide range of potential causes for litigation, some of which can be connected to the proposed transaction and others might be completely unconnected. Money laundering first came under criminal inquiry in the USA in 1919. As it was not common practice for banks to inquire about the source of cash prior to making deposits, tax evasion was prevalent at the time. The Bank Secrecy Act of 1970 (BSA), also known as the Currency and Foreign Transactions Reporting Act, mandated that banks create a paper trail. Other laws governing money exchange and financial accounts were passed in the USA after the BSA was passed. The Money Laundering Control Act of 1986 established money laundering as a criminal offense in the USA (“EBSCOhost | 33768853 | The Criminal Prosecution of Banks under the US Bank Secrecy Act of 1970,” n.d.).

本书版权归Arcler所有

Corporate Governance and Risk Management

147

This Law Society guidance note makes it clear that a professional legal adviser does violate the law by tipping off if he or she discloses information to a client under privileged circumstances, such as when providing the client with legal advice, or to any third party in connection with ongoing or anticipated legal proceedings. The guidance paper states that the legal advisor is not required to inform the clients that he or she has reported or plans to disclose something to the FIU. Legal counsel should withdraw from the case and carefully examine following the Law Society’s standards while making a report to the FIU if they consult with their client about making a report to the FIU and the client objects. When a legal advisor informs a client that they have made or plan to make a report to the FIU while providing legal advice to the client or acting in connection with present or anticipated legal procedures, they are not breaking the law. The Law Society has also said that the aforementioned is true for both transactional activity and litigation. Additionally, it should be mentioned that regulatory and reporting standards, which have an impact on stakeholder and insurer confidence, are the main external factors. As small businesses and small and medium-sized enterprises (SMEs) deal with the implications of today’s business environment and scrutiny of bureaucracy, regulation, customers, non-governmental organizations (NGOs), as well as the media, the issues and concerns that were previously only the purview of large businesses have snuck into those of small businesses and SMEs. While a jurisdiction’s company law controls businesses that have been formed there, that jurisdiction’s securities rules and regulations apply to businesses, investors, and middlemen engaged in the purchase or sale of securities there. For instance, in the energy industry, two-thirds of companies with primary listings on overseas exchanges also have secondary listings on US stock markets. The majority of the big listed corporations also have their primary listings on US stock exchanges (Risman, Salim, Sumiati, & Indrawati, 2017). Therefore, modifications to US requirements have a significant impact on how business is conducted in general. Insurance can cover a sizable amount of any financial damages brought on by policy violations. Protection of premises from intrusion by unauthorized individuals has risen on the corporate agenda in recent years. Employees, clients, subcontractors, etc., now demand a certain level of protection from the possibility of a random intrusion. Budgets now include expenditure for reducing this risk since it has become necessary. It applies to integrity risk as well. There are several instances of unethical, and occasionally illegal, behavior by people or organizations within corporations that has negatively impacted a company’s reputation, if not its viability.

本书版权归Arcler所有

148

Comprehensive Guide to Business Risk Management

There are a few well-supported cases that the IBE has identified. While it may not always be able to ensure the avoidance of such unethical behavior, as is the case with other aspects of corporate governance. In order to learn how other businesses, manage the values and goals that National Grid has defined as being crucial, a set of questions would be devised. The benchmarking research would include information on the environmental policies, organizational structure, financial management, and business goals for contaminated site management. To perform the survey, it would be crucial to compile a list of numerous comparable businesses. The businesses might all be situated in the UK or they could also be spread across the USA or other nations. Additionally, all utilities or other connected businesses may be included in the company. The final benchmarking goals would rely on how National Grid defined the values and goals that were considered crucial. Active investors will alter their investments in accordance with how they choose their stocks. A passive investor will hold all of the stocks inside an index, whereas a passive investor will invest in accordance with an index and may alter how much of a certain stock is kept. This strategy is typically used by funds that need to adopt a low risk profile and are quite substantial in size. Since retirees and pensioners often invest passively, almost all major private equity firms in the USA invariably count pension funds among their top investors. In the form of employees and retirees, Ford Motor Company’s profit-sharing model also contributes to the emergence of a sizable number of passive investors. More recently, Citigroup increased the scope of its microfinance initiatives in Bangladesh by collaborating with BRAC, a countrywide anti-poverty NGO that has 5 million members, the majority of whom are women. Citigroup secured a pool of millions of low risks, passive investors for more than half a decade by providing BRAC access to $180 million over a six-year period.

6.7. FUNDS Active funds carry a lot more risk than passive funds do. Their first responsibility as a pension fund is to give their members fair compensation. Furthermore, major pension funds are increasingly being held accountable for their members’ quality of life in addition to their fiduciary obligations to them. One illustration involves Baker Hughes. Baker Hughes works in the process and oilfield industries. Additionally, it produces, markets, and sells other goods as well as offers services to sectors of the economy unrelated to the oilfield or continuous process industries. A suggestion to apply the

本书版权归Arcler所有

Corporate Governance and Risk Management

149

MacBride Principles in Northern Ireland was recently included in a proxy statement. The principles do not advocate for quotas, reverse discrimination, divestiture, or disinvestment. They’re designed to promote impartial US investment in Northern Ireland. Exxon Mobil’s six suggestions addressing social responsibility issues and ChevronTexaco’s resolution asking reporting on renewable energy are two more examples. In response to attempts by activist shareholders to apply this pressure tactic to BP, the company started posting instructions for members’ requisitioned resolutions on its investor center website. This was done to make clear the differences between UK law and US law, particularly the UK ban on shareholder resolutions that are merely opinion-based. Nevertheless, it is obvious that events in one country affect trends and choices in other countries, particularly given the strong influences of technology and the media at play. The business advantages attained by companies that adhere to effective due diligence methods and excellent corporate governance can be observed in bottom line performance and stakeholder confidence. Businesses that run their operations ethically and with consideration for these ideas are increasingly acknowledged to be better managed overall. Additionally, they are intimately related to the other well-known objectives of sustainable development. In light of this, an organization will need to determine if its management program is in line with its best practices policy, taking into account pertinent advances in risk management as well as current corporate governance best practices. Regarding current operations, the potential of lawsuits weighs heavily on many people’s business lives and can ruin relationships with clients, lenders, and suppliers. The business’s internal due diligence and corporate governance management difficulties are impacted by this. The reader should keep in mind that the approach being taken to due diligence and corporate governance is that these concepts are designed to enable the establishment and development of a sound, healthy firm in which sustainable decisions may be made. Understanding the options that are now available to lessen the effects of such confrontation is crucial because it is challenging to avoid conflict in today’s litigious corporate environment. This can help with a litigation policy so that management can try to avoid the negative effects on a corporation, no matter how big or little, by diverting resources. Many companies make an effort to ignore the realities of impending disputes and prospective court cases. A company must make sure that someone in the organization assumes responsibility for this area of running a business from the start and that they have a clear strategy for

本书版权归Arcler所有

150

Comprehensive Guide to Business Risk Management

managing litigation. This is especially true now, when corporate governance issues are receiving more attention and call for transparency in all business dealings. For instance, a realistic overview of the conflict resolution trend and alternatives should be sought through authorized advisers or organizations, as many businesses do not actually have in-house legal knowledge to assist with such a strategy. Comprehensive changes were made to the way civil cases are prepared for and handled in English courts in April 1999. The County Courts, the High Court, and the Court of Appeal are all subject to the civil procedure rules (CPR), also referred to as the Woolf Reforms (Jones‐Parry & James, 1998). They were designed to guarantee the effectiveness, fairness, and accessibility of the civil judicial system. The parties must cooperate with the court to advance the main goal. The court may actively manage cases in order to further the main goal. Previously, the parties or more specifically, their attorneys, controlled practically all aspects of case administration. Parties that were recalcitrant could be asked to approach the courts to issue orders giving them directions. The court now largely has the initiative in deciding how quickly the lawsuit will move forward. There is currently little room for the parties to withdraw, and there is less room for the attorneys to take advantage of their clients. It is reasonable to anticipate that a typical commercial dispute will take 18 to 24 months, and frequently more, to reach a trial from the date that proceedings were issued. Unquestionably, many of the CPR’s reforms are welcome, long needed, and beneficial to litigants and, in some situations, lawyers. Now, litigation can move more quickly toward its end. The ability of the parties or their attorneys to manipulate the system or cause delays has decreased. However, the expense of litigation is still considerable, and it appears that many lower-value lawsuits have been discouraged by the reforms. Law firms typically have a tendency to specialize, at least on a commercial basis. The majority of the largest law firms in the UK are located in the City of London, and some of them have more than 1,000 fee earners in addition to support personnel. They frequently have a highly diverse spectrum of knowledge under one roof, yet despite their public denials, they are frequently more expensive than smaller businesses. They do, however, have certain benefits. Sometimes it is impossible to find the necessary skills elsewhere. Sometimes a team is needed, and the issue may even call for working every day of the week, including holidays. Rarely are smaller businesses able to offer this degree of urgent service. Consider a less

本书版权归Arcler所有

Corporate Governance and Risk Management

151

expensive option if the matter doesn’t require the knowledge and assistance that a large business may offer. Additionally, many companies discover that using one company entirely is not always required or practical, and that adding a little competition might be beneficial. Many lawyers overlook the fact that there is a sizable hidden cost to litigation. Complex litigation necessitates constant collaboration between the attorneys and their client. The client is frequently expected to contribute significantly and consistently. This can consume a lot of the client’s time, energy, and there are financial considerations as well. The client should think about whether investing the necessary time and effort in their business would be a better use of their resources. The client should be clear about the goals of the case and make sure that everyone has agreed to them. Make sure the attorneys outline their approach to the litigation, when they could seek a settlement or engage in mediation, the scope of their fee arrangement, and how they intend to keep the client informed of developments. By establishing a budget with the attorneys in advance and possibly during the course of the case, some of the financial unpredictability associated with litigation can be reduced. The opposition’s actions may have a significant impact on the litigation’s cost, pace, and direction. As a result, it is challenging for attorneys to predict with accuracy how the adversary will act and react, and as a result, how much it will cost to win or lose a case. The best the attorney can typically do is either give an estimate that accounts for everything that could go wrong or give updated estimates for each stage of the litigation as the case moves forward, including likely maximum and minimum amounts. The client must be prepared to cover the expenses and risks if they want an estimate that doesn’t allow for growth. If the litigation proceeds without issues, this indicates that he or she will have overpaid. It is a little different when attorneys submit bids for bulk work that could include hundreds of conflicts over time. It is not in the client’s best advantage to bind the attorney to a fee schedule that tempts the attorney to spend less time on the case than it merits, and it is not in the lawyer’s best interest to accept work that turns out to be unprofitable. The attorneys should always be able to give accurate predictions of the future costs on an ongoing basis. It can be required to involve international attorneys when issues occur. Their costs might be more difficult to manage. For a UK-based company, for instance, they might be less expensive than their UK equivalents, but they might charge on completely different principles. In the event that a second language is involved, the client can anticipate paying a little bit extra to enjoy the luxury of a foreign lawyer reporting to and getting instructions in

本书版权归Arcler所有

152

Comprehensive Guide to Business Risk Management

the client’s native tongue. The price of having text professionally translated will be high. If a client doesn’t already have a solid working relationship with an overseas attorney in the relevant nation, they should think about asking UK solicitors with an international practice to hire foreign attorneys on their behalf. Some of the larger companies have offices abroad. Some big and little legal firms are members of one of the international bar groups that give them access to reliable foreign peers. Although hiring UK lawyers will result in higher costs, they are more likely to be aware of potential dangers. They should be able to make all the necessary inquiries on the client’s behalf and avoid unpleasant surprises about costs and fees. They will make an effort to be economical. In some cases, a portion of their price may even be reimbursed as recoverable expenses in successful international litigation.

6.8. COST-SAVINGS The sooner the better from a cost-savings perspective if the problem can be resolved without going to trial. The closer the case is to trial, the more expensive it becomes (Potkany, Stasiak-Betlejewska, Kovac, & Gejdos, 2016). In the UK, most commercial attorneys view it as part of their duty to settle the case as fast and inexpensively as feasible and, whenever possible, to avoid the high costs of a trial. They are typically good negotiators and may begin settlement negotiations without running the danger of their client viewing it as a sign of weakness. The subject of settlement can typically be brought up by the lawyers without necessarily implying that their clients’ direct instructions are required. Even still, it doesn’t hurt to periodically remind the attorneys that settlement is preferable to trial if there aren’t any fundamental legal issues or points of principle at stake. Lawyers are frequently charged with prolonging legal proceedings to raise their fees. It cannot be emphasized enough that the optimal course of action in terms of due diligence and corporate governance is generally to avoid disputes. Although it may seem like common sense, avoidable business disputes nonetheless arise frequently, even when both parties conduct their company with integrity. Misunderstandings are frequently the cause of conflicts. In most business ventures, the participants focus on all the great aspects of the enterprise rather than giving any thought to how issues will be resolved if things do not go as planned. Agreements, contracts, and other business papers should be carefully designed to account for potential misunderstandings or problems. Paying a lawyer later to clean up the mess is typically significantly more expensive than paying a lawyer now to help create something that will minimize the chance of difficulties emerging.

本书版权归Arcler所有

Corporate Governance and Risk Management

153

The client can be confident that if their attorney initiates the conversation, they will push the opposing party into hiring legal representation as well, decreasing the likelihood of an early settlement, at least temporarily. In many jurisdictions, this is the case. Even while the parties may not acknowledge it, there is frequently an emotional barrier to resolution in business. A party may feel that they have been mistreated, or it may just be a personality mismatch. If something has occurred and emotions are too intense to allow resolution, the topic should be removed from the parties control, i.e., change the negotiating team. An offer to settle a dispute or an offer to accept less money than requested may be interpreted as weakness, but not if it is made in the right way. Until a deal in principle is reached, negotiators might also seek official approval to settle from the board of directors or their management. Lawyers might offer advice during talks while remaining silent. Keep in mind the importance of what is occasionally referred to as a commercial settlement, in which the agreed-upon debt or obligation is returned by ongoing or expanded commerce between the parties.

6.9. PRINCIPLES Together with the natural justice principles, such legislation establishes a general framework of guidelines that generally restricts the scope for judicial involvement or intervention. The courts stay out of the picture, only getting involved when it is allowed and absolutely essential. In many foreign nations, an arbitration award may be enforced as such. It can be put into effect in the same way as a court order. If necessary for the purposes of enforcement, it may be converted into a court judgment, for instance if it is to be enforced abroad in a nation where a foreign judgment but not a foreign arbitration award may be executed. An arbitration award can frequently be enforced abroad more easily than a judicial verdict. Heavy commercial arbitration can involve a team of expert witnesses, senior junior lawyers, leading counsel, and junior counsel who have been briefed for the hearing. The price tag may be as high as what would be paid in court. Additionally, the parties are responsible for paying the arbitrators’ daily fees. The price of renting a room and other amenities for the hearing may also be involved. Even if there are court costs associated with litigation, the judge will preside over the case for the entire duration without charging extra. The courtroom is free of charge. In addition to the tribunal members’ costs, at least one international arbitration body imposes significant administrative expenses. For creating an administrative structure in which the arbitration reference

本书版权归Arcler所有

154

Comprehensive Guide to Business Risk Management

can take place, certain trade organizations that offer an arbitration procedure to their members levy a nominal fee. Others don’t charge anything, leaving all administrative matters to the parties and the tribunal to handle, usually with some standardization of fees. If the parties can agree on a single arbitrator, the cost of arbitration can be greatly decreased. But occasionally, if they cannot agree among themselves and there is no organizing body with a predetermined procedure for this event, they can at least agree on who will appoint the arbitrator on their behalf. Even with the CPR reforms, the process can be fairly slow and expensive when one is dealing with an obstructive opponent in another nation. In certain situations, the High Court has appointment powers.

6.10. CLAIMS For modest claims, certain organizations offer a unique process. For claims under $50,000 USD, the London Maritime Arbitrators Association (Figure 6.4), whose arbitrators frequently handle complex issues, has a small claims procedure (Steele, 2010). This process offers a straightforward, fixed-price resolution service. In accordance with this approach, the arbitrator decides the dispute solely based on the documents submitted, i.e., without holding an oral hearing. The parties have a significant amount of control over how quickly an arbitration reference can move forward. With everyone’s cooperation, the process can be completed in a few weeks, often even less, if the dispute is to be decided by a single arbitrator solely based on papers. The hearing date may need to be set months, potentially even a year or more in advance if the tribunal consists of three professional arbitrators who are very busy attorneys and solicitors, very busy expert witnesses, and witnesses of fact who have similar issues. With good faith on both parties, it is probably accurate to argue that arbitration is typically quicker than litigation before UK courts and unquestionably far quicker than litigation before some foreign courts. The goal of mediation is to help the disputing parties reach an amicable resolution of their disagreement by enlisting the help of a neutral third party, the mediator. While using certain methods, strategies, and talents to assist the parties in negotiating an amicable resolution of their disagreement without going to court, the mediator does not have the power to render any decisions that are legally binding on the parties.

本书版权归Arcler所有

Corporate Governance and Risk Management

155

Figure 6.4. London maritime arbitrators association. Source: https://www.acerislaw.com/wp-content/uploads/2021/05/How-to-Initiate-LMAA-Arbitrations.jpeg.

As a result, mediation and arbitration are very different. Contrary to arbitration, mediation does not entail the making of a factual or legal determination or the creation of a final, binding judgment. An agreement to participate in mediation will not be enforceable, in contrast to agreements to arbitrate disputes. There isn’t a lot of mediation law yet, but it could change in the future. In most cases, the principles of natural justice do not apply to mediation. The skill of the mediator comes in assisting both sides to come to an understanding regarding how a conflict should be resolved. Mediation will not succeed if there is no desire to settle. Sometimes the parties will come to the realization that at least some of the difficulties between them can be settled, leaving the court with fewer or shorter matters to address. There are no absolute laws. Different mediators operate in various ways. The mediator usually attends meetings where all parties involved convene in person. The mediator outlines the process that will be followed. The parties shall determine if they desire the presence of their counsel. Then, each party briefly summarizes the facts of their case and outlines the relief they want. There can be a time limit set. The mediator will then visit the parties in their separate rooms, most likely more than once, to discuss the case and try to identify any potential points of agreement or major barriers to resolution. Except when expressly authorized or requested to do so, the mediator will not reveal what has been discussed to the other party. The mediator will communicate opinions, advice, and, ideally, offers. In order to ensure that the parties are focused on resolving the dispute, the parties may be given a deadline for the completion. In comparison to the alternatives, arbitration might be quite inexpensive. Modest fees must be paid to cover the mediator’s services and the cost of the facilities if the mediation is administered by a court or a professional

本书版权归Arcler所有

156

Comprehensive Guide to Business Risk Management

mediation group. The Central London County Court provides excellent service at very fair prices (Lupson, 2002). The only additional expenses are the cost of the parties’ lawyers and the cost to be put on executive time for the parties themselves because the procedure is anticipated to last less than a day and won’t typically include the engagement of advocates or expert witnesses. It is customary for the parties to stipulate upfront that regardless of the outcome, each will cover half of the mediation fees. The main goal of the Leggatt suggestions was to give tribunals a more organized framework. There would be first-tier tribunals inside that framework, such as those for immigration, health, and education. Corresponding appellate tribunals would exist for these. However, some contend that because of how time-consuming employment tribunals have grown, they should have their own framework. They pertain to the employment tribunal system task force recommendations. Similarly, due to concerns about disability discrimination, education tribunals’ roles and workload are rising. There is fear that a single tribunal system would be too burdensome and would result in a dilution of expertise, even if the Leggatt plans would eliminate the notion that tribunals are not independent from their sponsor government departments. This is a specialty field that has to be pursued independently if needed. Of course, the issue of late payments is not unique to the UK. The majority of EU Member States, for instance, experience payment delays. Generally speaking, all business debts are subject to the laws of the EU member states. Along with the presence of a legislative right to sue, the existence of the legal frameworks required for a creditor to effectively enforce such a right is obviously important for business. The expense of seeking the interest is a major deterrent for firms from exercising their entitlement to it, as was before mentioned. It is obvious that the less likely interest will be claimed and the less effective legislation will be in changing the payment culture, the more expensive and time-consuming the legal process. As an illustration, even if the principal debt is paid, interest can still be automatically levied in Sweden and pursued through the courts if it is not paid. There is a summary court process for uncontested claims. The claim is sent to court

本书版权归Arcler所有

Corporate Governance and Risk Management

157

for litigation if it is contested. The debtor receives notice of this and has eight days to pay or raise an objection or defense; otherwise, a summons will be issued. If a claim for interest is accepted, the debtor is required to pay interest as well as costs associated with pursuing the claim. However, with continuity planning, all of these measures which may include corporate decision-making, security, health, and safety, resilience in production lines, etc., are most effective when they are all a part of a relatively seamless risk and impact understanding and management process. Even the difficulties faced by continuity planners and risk managers are comparable. Both risk management and business continuity management are commercial issues that also deal with the unique difficulties of acceptability and urgency. Every discipline is changing on its own. They would benefit much by cooperating more closely and each offering helpful support to the other. After an occurrence, such a spill or an industrial accident, legal responsibility issues frequently flow into public relations challenges. Regardless of the real environmental impact, a spill that makes front page news will undoubtedly result in more serious repercussions for a firm. Naturally, when they feel that the problem was not handled appropriately, an aggrieved party or someone who believes they are damaged, is more inclined to file a lawsuit. Changing such a view requires a strong public relations plan. It is insufficient to merely respond to an EHS issue (Brown, 2014). The crisis needs to be handled. A firm is more likely to come under intense scrutiny if it is not ready to deal with the public and if senior management is not responding in a way that reassures the public that the company has things under control. Government enforcement, such as criminal investigations and prosecution, as well as third-party lawsuits, such as citizen suits, are some of the ways that government scrutiny can take place. Some businesses have spent a significant amount of money working with competent public relations agencies and attorneys to build EHS crisis management plans (Figure 6.5).

本书版权归Arcler所有

158

Comprehensive Guide to Business Risk Management

Figure 6.5. EHS crisis management. Source: https://blog.lnsresearch.com/hs-fs/hub/136847/file-1378873204-jpg/ images/lns_ehsdiagram.jpg?width=375&height=403&name=lns_ehsdiagram.jpg.

However, it is typical for an organization to simply accept the plan and store it, certain that it would be available when needed. Everyone involved in handling an EHS crisis, from the second shift process operator to the CEO, needs to be aware of both the plan’s contents and, more crucially, their specific position within it. It takes considerable consideration, planning, testing, practice, and updating to create the type of organization needed to handle an EHS crisis (Irani et al., 2002).

本书版权归Arcler所有

Corporate Governance and Risk Management

159

6.11. INFORMATION Information is affected by outdated data, such as contact or health information, which can result in significant delays and either an over or underreporting of data to agencies and the general public. Due to outdated data, even sophisticated organizations with well-thought-out crisis management policies can face substantial liabilities. A new process chemical’s material safety data sheet, which OSHA and the EPA both require to be kept, might not be included in the plan, which could result in an incomplete report to the EPA during a process release and a sizable fine. A release that spreads to an adjacent neighborhood could have considerably more terrible repercussions due to the outdated knowledge. Additionally, EHS managers are frequently given control over completely new facilities and divisions in this era of frequent company mergers and takeovers. EHS mishaps are more prone to occur during these times of transition because EHS may be temporarily disregarded due to staff changes and other factors. Ironically, most EHS managers can’t concentrate on integrating crisis management strategies because they are just too busy integrating daily EHS functions. Unfortunately, this can cause significant issues in the wake of EHS accidents. Finally, there are numerous new laws, regulations, and policies at the federal, state, and municipal levels that may be relevant in an EHS emergency. Most businesses keep track of new EHS regulations and implement them into operations, but many neglect to update their crisis management systems and strategies to reflect these new regulations. Despite the fact that many businesses have in-house EHS attorneys with specialized knowledge, many are already overburdened with daily regulatory issues, briefing management on important issues, managing litigation, and examining EHS issues in deals. Despite their best efforts, it is simply not possible for these people to consistently participate in EHS crisis management planning (Carrithers, DeHart, & Geaneas, 1998). Furthermore, a lot of in-house attorneys travel extensively. Incorporating an experienced outside attorney into the team has major benefits because they are likely to have seen numerous strategies created by various clients. The competence of a lawyer is required both before and during a crisis due to the numerous legal obligations and issues involved. Additionally, the attorney can help the corporation prepare comments for the media and government agencies, even though they won’t actively take part in information distribution during a crisis. Additionally, the attorney can help if the inquiries turn into criminal investigations. Additionally, a lawyer can start creating a record that can be used in the future, assist in internal investigations of fundamental causes,

本书版权归Arcler所有

160

Comprehensive Guide to Business Risk Management

and possibly safeguard those investigations through privilege. A lawyer who is well-liked by the responding agencies can also be very helpful in reassuring them that the corporation has the situation under control. In addition to supporting business operations in the face of security breaches, security risk assessment also involves the prevention of terrorism through the assessment, analysis, and application of operational strategies to protect property, personnel, and information from the infiltration of terrorist activities that aim to weaken the economy by undermining individual businesses. For enterprises of all sizes, security measures are becoming more and more crucial to the process of due diligence. The security of citizens’ goods and services in a globalized business environment is still a concern for governments. Most modern companies engage in some type of commerce that could influence international trade. This can include a variety of things, such as frequently employing foreign nationals and having staff that is familiar with the complex immigration requirements, as well as holdings in foreign investments, such as pension plan offerings or the intricate corporate structures of multinational corporations. All industries need continuity of operations since it identifies the key human players who will be required to maintain the operation of the core business processes in the event of an emergency. Business owners are now getting advice that might help them ensure that their profit margin is not damaged or is very slightly affected during a chaotic moment.

本书版权归Arcler所有

7

CHAPTER

SUPPLY CHAIN RISK MANAGEMENT

CONTENTS

本书版权归Arcler所有

7.1. Introduction .................................................................................... 162 7.2. Supply Chains................................................................................. 163 7.3. Integration ...................................................................................... 166 7.4. Risk Management ........................................................................... 166 7.5. Outsourcing.................................................................................... 168 7.6. Production ...................................................................................... 173 7.7. Strategies ........................................................................................ 174 7.8. Variables ......................................................................................... 177 7.9. Scorecard ....................................................................................... 180

162

Comprehensive Guide to Business Risk Management

7.1. INTRODUCTION Moving items along a supply chain has been a part of military organizations’ history, and this is still the case as evidenced by the deployment of American personnel to Iraq and Afghanistan. But not all businesses involved in supply chains are military. Lean manufacturing practices used by Toyota, maketo-order operations used by Dell, and ground-breaking retail practices used by Walmart rely on supply chains that are connected by computer systems between various source businesses (Manuj & Mentzer, 2008). As consumers, supply chains offer a lot of advantages to all of us. The numerous potentials for efficiency that global connection offers producers of goods and services must be taken advantage of. These chances, however, come with dangers and are not free. Some supply chains are very straightforward; for example, bananas harvested in Costa Rica might be sent right to the Cayman Islandsbased plantation owner. A farmers’ market in Nevada can receive beans that were picked in California. However, the majority of products need to be processed extensively, particularly foods and medicines, partly for preservation and partly for safety reasons. Standard Oil has a lengthy supply chain that connects refineries and oil wells all over the world. Even more intricate supply chains were used by steel producers, starting with various types of mines, and continuing through various processing facilities, blast furnaces, open steel production ovens, rolling mills, and steel yards, which in turn supplied a wide range of manufacturers (Figure 7.1).

Figure 7.1. Supply chain risk management. Source: https://www.researchgate.net/profile/Ceyhun-Ozgur-2/publication/339366297/figure/fig2/AS:860417945522176@1582151032610/SupplyChain-Risk-Management-Framework_W640.jpg.

本书版权归Arcler所有

Supply Chain Risk Management

163

7.2. SUPPLY CHAINS Different people will define supply chains in a variety of ways, although proximity and exclusive connections may be important. Supply chains do not include in-plant mobility. You might believe that the presence of several owners is significant. However, as companies like Standard Oil, U.S. Steel, and Alcoa have had enormous vertical worldwide supply chains, a supply chain not characterized by numerous owners (Ellram, 1991). On a personal level, you could theoretically take herbs from your own garden to treat a headache. A supply chain would not be involved in that. The majority of us prefer the dependability and security of buying aspirin from a recognized retailer. A convoluted supply chain is involved with packaged aspirin. As time goes on, it gets harder and harder to come up with ideas that don’t include supply networks. Fewer people today are growing up on farms; instead, the majority of people live in cities, where food supply systems are essential. Supply chains are appealing because they provide access to a system’s most economical sources. Many manufacturers, merchants, and other business organizations now have more chances than ever before to become more effective. The cost of transportation and the additional risk brought on by globalization have always been the trade-offs. People who lived along the Baltic Sea built one of the more intriguing supply chains nearly 1,000 years ago. However, robbers, notably Vikings, frequently interfered with the profitable business. The Hanseatic League was established to defend traders against pirates and offer safe havens for traders in their trading posts. A precursor to supply chain risk management was this. The camel caravans that traveled the Silk Road (Figure 7.2), which connected Europe and China, were extremely perilous. Traveling by water was once one of the ways to dodge bandits, and shipping is still the main route to move goods along supply lines. However, simply crossing a body of water will not protect you from crime because piracy is almost as old as the industry it preys upon. Most pirates have historically operated on the thin line between authorized legality and capital offense. Instead, they would exchange their large excess of money and silver for anything they desired from the rest of Europe, supplying the market for wool and food production in England, France, and Germany. However, piracy is still a major problem today. In the last 10 years, the number of pirate raids has quadrupled. Hotspots of piracy now are, of course, off the coast of Somalia; nevertheless, northern Indonesia has always had a problem, and the Caribbean has a significant drug supply chain industry. The fight against piracy is receiving increased focus from the world’s warships, particularly in the region

本书版权归Arcler所有

164

Comprehensive Guide to Business Risk Management

surrounding the Straits of Hormuz, which is crucial to the petroleum supply chain. Germany’s supply lines for Volkswagen, Porsche, and BMW were troubled in January 2011 by soaring demand. Volkswagen was forced to cease production due to a lack of engines and other parts. This was brought on by rising demand in China and the United States rather than a natural calamity, a war, or any other unfavorable reason. Supply must be maintained for manufacturing and contemporary consumer retailing operations. We as customers can benefit greatly from supply chains. Shipping over supply chains has enabled competition to result in better products at reduced costs. Producers can acquire the greatest resources and process them at the lowest cost by outsourcing.

Figure 7.2. Silk road. Source: https://upload.wikimedia.org/wikipedia/commons/thumb/b/bf/SeidenstrasseGMT.JPG/1200px-SeidenstrasseGMT.JPG.

Almost every activity has a number of unanticipated side effects. For a Spanish refiner, the least expensive option might be to purchase crude oil from Libya. However, that low cost also carries a little danger of political unrest. Government confiscation might be less likely in Nigeria than in Libya. On the other hand, Nigeria can have increased local crime issues that consume the anticipated savings. Therefore, Venezuela may be a source of crude oil for the refiner. The issue of political instability then reappears. As a result, the refiner might go back to Libya only to discover that war has broken out, negating all of that source’s cost advantages. Supply chains look for ties that will last. There are several transient disturbances in real life. Political disruptions have been discussed, but nature has a much greater capacity for

本书版权归Arcler所有

Supply Chain Risk Management

165

spectacular disruption than politics. There are many risks associated with supply chains, which can be divided into internal and external problems like market prices, rivals’ actions, manufacturing yield and costs, supplier quality, and political issues. Supply chain companies must be concerned with hazards coming from all angles. Opportunities in any corporation depend on how well that organization is able to manage risks. The majority of natural risks are managed either by insurance, which has its own costs, or through diversification and redundancy. The organization must decide while taking into account all trade-offs, just like with any other business choice. Historically, this has involved the costs and benefits elements. Society is increasingly heading toward complicated decision-making contexts involving consideration of both ecological and social justice considerations. There are more opportunities to control risk sources when dealing with external risks. Political systems in the past have been impacted by particular supply chains. There are other petroleum companies that come to mind, as well as arms companies like Alfred Nobel’s. While most supply chain participants can’t be counted on to be in control of political hazards like wars and regulations, they may influence the conditions that contribute to labor unrest. Organizations in the supply chain are projected to have an even stronger impact on economic variables. The advantage of monopolies or cartels is their capacity to affect pricing, even though it is not anticipated that they will be able to regulate exchange rates. Business organizations are also in charge of creating product portfolios in dynamic marketplaces with product life cycles and technologies that give competitive advantage. The dangers result from the skills of competitors in an unending race. The supply chain organization and its members are more directly responsible for internal risk management. Organizations in the business world are in charge of managing their structural, production, and financial capacities. In addition to carrying out their social obligations, they are in charge of programs that ensure appropriate workplace safety, which has been shown to be cost-effective for enterprises. It is necessary to coordinate actions within supply chains with vendors and, to a lesser extent, with customers. Information technology offers practical instruments for managing the interchange of supply chain information. The duty of supply chain core organizations to manage risks associated with the trade-off between greater participation made possible by Internet connections and the dependability provided by long-term relationships with a smaller group of suppliers who have demonstrated their reliability is another crucial factor.

本书版权归Arcler所有

166

Comprehensive Guide to Business Risk Management

7.3. INTEGRATION Vertical integration with contemporary cross-organizational supply chains was the traditional method of commercial organization (Spekman & Davis, 2004). Of course, this also resulted in them accepting the risk that went along with it, but at the time, the prevalent belief was that the more they managed their operations, the more they could control the hazards. As a result, enormous monopolies developed vertical supply chains that linked mines, processing, transportation, and various types of production to various levels of marketing. Facility sitting was a factor in supply chain considerations. The location of minerals determined where mines would be built, although refining and other processing plants might be situated anywhere. In order to balance costs, manufacturing is typically traded off against logistics costs for moving raw materials to processing facilities or finished goods to customers. The way business is done today is very different. Supply chain members have replaced the vertically integrated company partnerships of the 19th and early 20th centuries with cooperative agreements. Thus, supplier choice becomes crucial in addition to facility location. Being more competitive is the main goal, and as a result, services associated with the production of the products are prioritized. Additionally, there is a focus on bringing specialists together, with a dynamic integration of frequently separate companies cooperating to provide goods and services. The distinction between goods and services is fading, making the previous division of labor obsolete. Commoditization of goods and services now takes into account factors like quality, delivery efficiency, dependability, and risk in addition to price.

7.4. RISK MANAGEMENT Risk management in supply chains has been prompted by global rivalry, technological advancement, and the ongoing hunt for competitive advantage. This is due to the addition of additional forms of risks to those present in conventional vertically integrated firms as a result of the integration of various organizations into the supply chain. These days, supply chains are frequently intricate networks with hundreds of thousands of players. Both the strategic level and the tactical level have made use of the expression. In this way, risk management can go beyond simple asset preservation or risk avoidance and instead concentrate on finding better ways and means of achieving organizational objectives. The coordination and collaboration of processes and activities across functions within a network of enterprises are of relevance to supply chain risk management. Supply chains allow

本书版权归Arcler所有

Supply Chain Risk Management

167

manufacturing outsourcing to benefit from comparative advantages around the world and expand the range of products. Inherent in this more open, dynamic system are numerous risks. A process is a way to complete necessary tasks. Risk is an ill-defined concept that calls for creative thinking about what could go wrong. Taking that concept, a step further, risk management creates strategies for handling contingent hazards in the event that they materialize. As with every company decision, the advantages of risk mitigation must be evaluated against the costs of protection. Operational risks and disruptions are two examples of hazards in supply chains (Kleindorfer & Saad, 2005). Inherent uncertainties for supply chain components including customer demand, supply, and cost are included in operational hazards. Disasters such as meltdowns at nuclear power plants, wars, and hurricanes provide a danger of disruption, as can economic crises. Operational risks are the main focus of most quantitative studies and methodologies. Disruptions are significantly harder to model since they are more spectacular, less predictable, and unpredictable. Planning for risk management and responding to disruptions are typically qualitative. By lowering inventory holdings, which act as a form of insurance against supply disruption, manufacturing increases efficiency. Smart systems are frequently blamed in the media for slow production. There were supply problems even though safety inventories were bigger. Lean safety stock risks are likely more than covered by the savings from lower inventory costs. Various strategies can be used to mitigate supply chain risks. Typically, purchasing is given the duty of maintaining supply continuity and cost management. At the expense of greater inventory holding costs, buffers in the form of inventories exist to help reduce risk. High transaction costs, protracted purchase fulfillment cycle times, and pricey urgent orders are the results of traditional practice, which relies on excess inventory, many suppliers, expediting, and frequent supplier changes. More visibility in supply chain operations is made possible by newer risk management strategies, which incorporate tactics like supply chain alliances, e-procurement, just-in-time delivery, greater coordination, and others. Although there may be greater costs for the items and more security concerns, supply chain risks are decreased. Supply chain risk involves both strategic and tactical components. Strategically, a network of supply chain actors can help to improve the control of supply risks through initiatives like locating backup sources of supplies during emergencies. Demand can be moderated to some extent through tactics like rollovers and product pricing. Strategically, more product variety can guard against product hazards. Systems that increase information visibility among supply chain

本书版权归Arcler所有

168

Comprehensive Guide to Business Risk Management

participants can also help people better manage risks. Choosing a supplier and allocating orders are examples of tactical options. Other tactical choices include product promotion, information sharing, vendor-managed inventory (VMI) systems, and cooperative planning, forecasting, and replenishment.

7.5. OUTSOURCING The outsourcing (Figure 7.3) of non-core services offers cost benefits to supply chain core firms. Supply chain networks are impacted by a number of things (Cho & Chan, 2015). Along with options for network design and interactions, choices must be made about which sources to use, how to distribute orders, and what contractual arrangements are necessary. An efficient supply chain network must be configured, have products assigned to facilities, customers assigned to the appropriate facilities, and production and shipping volumes and schedules planned for each facility. In 2003, an electrical grid failure in the northeast of the United States left 50 million people without power for around 30 minutes, extending from Ohio, Pennsylvania, and New Jersey up through Ontario, Canada. Passenger rail transportation, international air travel, and financial markets were all disrupted, however essential services were kept running by the 20% of the electrical system that was still operational. Ohio power lines being struck by trees caused the outage, it was said (Coleman, 2019). Other catastrophes, such as hurricanes, earthquakes, terrorism, and political instability, will significantly disrupt supply systems.

Figure 7.3. Outsourcing. Source: https://cdn.wallstreetmojo.com/wp-content/uploads/2021/10/Steps-ToOutsourcing.jpg.

本书版权归Arcler所有

Supply Chain Risk Management

169

Demands, supplier yields, lead times, and cost uncertainty are operational risks in order allocation in the supply chain. As a result, not only do certain suppliers need to be chosen, but regular purchases from them also need to have quantities set. While supply chains offer their members a number of beneficial advantages, they can also lead to coordination issues. Coordination of information systems can mitigate some of the negative effects, but profit sharing is still a concern. A few of the risks that producers face includes shifts in demand due to a variety of factors. Despite having one of the most regular demand patterns in the world, the food business still experiences fluctuations in the demand for particular products. Recent concerns about the safety of food, particularly spinach, cherry tomatoes, and many other grocery items, have had a significant impact on this demand. The global concern over mad cow disease persists, particularly in South Korea and Japan. Variety is a good way to control product risk and can be utilized to gain market share and cater to different market segments. The fundamental concept is to diversify products to cater to the unique requirements of each market group. Even though it is anticipated that this will improve profits and market share, it will also result in higher manufacturing and inventory costs. Dell’s make-to-order method is one solution to address the possible inefficiencies in product variety. Until an order is received, this method avoids wasting time or money assembling a product. Dell has an extremely adaptable production structure that enables them to produce on demand, which has proven to be a very profitable core competency. Additionally, they don’t squander money on inventory, but they do cause inventory issues for their suppliers who must deliver items immediately. In the retail sector, Walmart has also been quite effective in this regard. Today’s prosperous retail businesses prioritize providing excellent customer service. Retail companies can offer better services that are used throughout supply chains. To manage supply networks, many different control schemes have developed (Guo, Zhang, & Gao, 2020). The iconic bullwhip phenomenon was caused by the conventionally disorganized supply chains of the 1980s, which lacked information sharing and independent inventory management systems. The bullwhip phenomenon results from an overestimation of demand brought on by the irregularity of orders from supply chain components further down the line. Increasing information sharing throughout the supply chain was a logical first step to take in order to reduce the inefficiencies brought on by the bullwhip effect (Chen, Liao, & Kuo, 2013). The advantages of better forecasting and production planning

本书版权归Arcler所有

170

Comprehensive Guide to Business Risk Management

have been proposed as solutions in a short-season environment. Systems for sharing and coordinating information that are more comprehensive have also been suggested. Information sharing, which includes action plans to enable forecast alignment for long-term and capacity planning, is the first sort of cooperation among supply chain participants to reduce bullwhip risk. By increasing visibility, this planning makes demand more predictable. Faster information sharing across businesses has not, however, been without its challenges. Slow item-level replenishment and slow order placement are issues. An order could be placed in this complicated setting even after a product has been sold. Additionally, big shipments are frequently used for the delivery of tiny things, which might cause issues. Short lead times and strict service-level criteria put a strain on the supplier’s ability to react quickly. Most of the advantages of a well-managed inventory system are also eliminated by preventing such stock-outs through bigger stocks. In VMI (Figure 7.4), the supplier is in charge of overseeing a retailer’s inventory. This is a common sight in supermarkets (Beheshti, Clelland, & Harrington, 2020). Up until it passes the checkout counter, businesses like Pepsi, Coke, and well-known potato chip manufacturers are the owners of the item. Thus, the supermarket acts as a middleman between the producer and the customer. The producer has more control over product placement through VMI, and they typically sign agreements that limit competition. We can refer to this as channel coordination. The supplier manages the stock at the shop based on sophisticated information obtained through electronic data exchange (EDI) or the Internet. VMI has been proved analytically to perform better than conventional supply chain systems. VMI, which outperforms conventional local inventory management, maximizes the supply chain’s overall revenues. Consolidating shipments can help VMI become more efficient. Additionally, it enables retailers to increase the range of goods they provide in a specific retail location, enhancing brand profitability for both retailers and vendors. Many businesses have started using VMI. However, VMI has occasionally been given up. Insufficient visibility across the entire supply chain is one potential problem. When producers provide significant quantities of often renewed products under somewhat consistent sales conditions, VMI has been found to operate well. These conditions may result from advertising. Additionally, it has been discovered that VMI performs better when customers are less likely to buy alternatives in the event of stock shortages.

本书版权归Arcler所有

Supply Chain Risk Management

171

Figure 7.4. Vendor-managed inventory. Source: https://www.refrigeratedfrozenfood.com/ext/resources/Technology-Showcase/Technology-Showcase3/PathGuide-VMI-Lifecycle-feature. jpg?1558621068.

The bullwhip effect (Figure 7.5), however, which affects standard retail inventory control, causes excessive stocks when demand volatility is strong. However, VMI can perform worse than conventional retailer-managed inventory when replacement is desirable. Continuous replenishment (CR) is an automatic replenishment program where a supplier replenishes a retailer’s inventory based on the retailer’s stock level information and actual product usage data. Larger shops in the US and the UK have adopted CR since it was first tested by Walmart in 1995 (Shi, Katehakis, & Melamed, 2013). Suppliers can base inventory decisions on sales projections rather than fluctuations in inventory levels. By requiring supply chain participants to exchange more data and information, as well as to adopt standard methods and performance metrics, CR improved VMI. This encouraged group decision-making, responsibility, and performance-based incentives. Inventory turnover and customer service levels have both been said to have improved under CR. However, CR still has the potential to have gaps because it may not always represent stocks across the whole supply chain. The main aspect of CR that is missing the most is manufacturer forecasts of upcoming

本书版权归Arcler所有

172

Comprehensive Guide to Business Risk Management

retail events. Manufacturers appear to be receiving excess inventory from retailers and distributors. While CR enhanced VMI, additional advantages were also accessible.

Figure 7.5. Bullwhip effect. Source: https://media-exp1.licdn.com/dms/image/C4E12AQH6nG3mSIPJ0g/ article-cover_image-shrink_600_2000/0/1600748417337?e=1658361600&v= beta&t=MNQYSsHsws_tipon3BEtvmqK5KjknslYSTJruYGgbZQ.

To delay the point of product differentiation, postponement relies on design principles including standardization, commonality, and modular design. Based on overall demand, a more generic product is created, with customization applied to specific goods later in the production cycle. This makes it possible to respond to unique product demand in a more flexible manner. This approach, which has also been used by Xilinx, HewlettPackard, and Benetton, was demonstrated by Nokia’s response to the Philips fire in 2000. Postponement increases product flexibility and a company’s capacity to manage suppliers. To benefit from safety stock for important products without incurring the cost of having large stocks for all things, strategic stock is used. Examples include Toyota, which stocked cars at important distribution points to guarantee a plentiful supply in specific areas which did the same with appliances. This enables improved customer service standards without incurring exorbitant inventory holding expenses. The Centre for Disease Control employs similar tactics for purchasing medical supplies. Increasing product availability through strategic stocks

本书版权归Arcler所有

Supply Chain Risk Management

173

enables speedier response. Through a variety of vendors, the flexible supply base strategy reduces the risks associated with exclusive sourcing. HewlettPackard produced inkjet printers at facilities in Singapore and Washington State, using the cheaper Singapore facility for base volume and the more expensive Washington facility for unpredictable demand. By enhancing supply flexibility, it has made it possible for some volume slack to be used to deal with supply disruptions. The make-and-buy approach is conceptually similar to the flexible supply base strategy; the difference is that it also considers external production as a potential source of supply. This was Hewlett-approach Packard’s while manufacturing DeskJet printers, which were mostly outsourced to a Malaysian manufacturer with some production taking place in Singapore. This idea is famously used in fashion apparel by Zara. The advantages are identical to those of a flexible supply base.

7.6. PRODUCTION Even if production cannot be transferred, economic supply incentives can be applied. Due to uncertain demand and government pricing pressure, the supply of a certain type of flu vaccination on the U.S. market was curtailed. A bacterial contamination in one of these companies’ production lines caused them to be discontinued in October 2005, which resulted in an anticipated shortage of 48 million flu injections and subsequent rationing to high-risk populations. Economic supply incentives could encourage more involvement in this market, preventing shortages in the future. A similar situation is InterCon Japan, which has a monopoly relationship with one major supplier. Intercon Japan provided Nagoya Steel with financial incentives, including minimum order quantities, technical guidance, and market demand data, to help them create a new steel method for producing cable connections (Tang & Tomlin, 2008). By maintaining price pressure on its original supplier, Intercon Japan was able to expand product availability and promptly modify order quantities. An approach that ensures delivery is flexible transportation. There are many methods to do it, including using multimodal transportation. Seven-Eleven Japan urged its logistics partner to diversify by establishing a network of ships, helicopters, motorbikes, bicycles, and trucks. This made it possible for Seven-Eleven Japan to send rice balls to Kobe earthquake victims quickly in 1995 (Chopra, 2017). Transport using many carriers guarantees a constant flow of commodities. When faced with regional political upheavals, alliances of cargo planes have been able to swap carriers rapidly and also enable less expensive delivery.

本书版权归Arcler所有

174

Comprehensive Guide to Business Risk Management

The third transportation tactic is the employment of various routes, which enables momentary bottlenecks to be avoided.

7.7. STRATEGIES Strategies for managing revenue include dynamic pricing and promotions. Revenue management gives the company more control over product demand, allowing it to influence the products that customers choose. An approach based on anticipating consumer product demand based on display position is called dynamic assortment planning. By regularly manipulating product positioning, supermarkets are able to exert more control over consumer demand. The gradual leakage of new items without official announcements is known as silent product rollover. Instead of requesting products that have been discontinued or run out of supply, this encourages customers to choose things that are still in stock. Swatch, which only creates products once, and Zara, which quietly introduces new fashion lines, are two examples of this method in action. All items can be substituted for one another, which makes it easier to deal with demand fluctuations and supply or demand disruptions. It is helpful for firms to start by determining their level of risk tolerance. No company is immune to danger. They shouldn’t cover every danger with insurance either. Organizations are designed to take on risks in situations where they have the capacity to do so. They are unable to handle all risks, therefore top management must decide which ones they expect to encounter and which ones they are prepared to take on. All hazards must be taken into account throughout the risk identification process. Within their sphere of authority, each manager should be in charge of continuing risk identification and management. A risk matrix can be created once the risks have been recognized. The method of risk management is how those hazards that have been recognized are controlled. The distribution of suitable responsibilities according to roles determines how effective this procedure is. A high-level group within the organization that keeps an eye on important new markets and products can monitor it. The enterprise risk management structure must work as intended, thus a systematic internal audit as part of the risk review process is frequently contracted out to outside suppliers. In order to balance risk and return, supply chain management requires numerous decisions. Making decisions about sources to use, products to provide clients, and appropriate delivery modes are all part of supply chain management. Additionally, choices must be made on the kind of information technology to buy, whether hiring a consultant is wise, which vendor’s software will be

本书版权归Arcler所有

Supply Chain Risk Management

175

acquired from, and which kind of software will be used. Before describing the straightforward multi-attribute rating technique for multi-criteria selection decisions, I will first go over some fundamentals of creating hierarchies of criteria. An initially vague problem is transformed into a set of precise elements, relations, and operations by structuring. Value serves as the objective in the most basic hierarchy, with available options branching out from this value node. When there are more branches coming from a single node than a predetermined number, hierarchies typically incorporate additional layers of objectives. According to cognitive psychology, people struggle to assimilate too many different branches. Identification of the overarching fundamental objective comes next. Combining particular essential goals, such as lowering costs, reducing harmful health effects, and reducing harmful environmental effects, can serve as the overall goal. Regarding essential goals, means objectives should be mutually exclusive and exhaustive as a whole. Decision-makers shouldn’t accept the options that are presented to them. The traditional approach to solving an issue is to come up with potential solutions before concentrating on goals. This approach frequently assumes that decision-makers are forced to make only one of several available options. It is proposed that a more successful strategy would be for decision makers to use objectives to generate options based on what they would like to accomplish and why objectives are significant. Numerous other factors have been noted as having potential significance in supplier management. Along with risk and profit, fundamental operational criteria also include delivery performance, quality, and warranty performance. Reserve capacity, supplier process competency, and labor relations history are examples of process factors. Hazardous waste management, the ability to reduce pollution, and the control of hazardous emissions are examples of green factors. Segmenting suppliers can be used as a starting point for choosing a supplier for a specific item as well as a tactical technique to help suppliers boost their output. As we’ve seen, supply chains offer a lot of potential dangers. To model those hazards, one must take probability into account, which necessitates the use of Monte Carlo simulation (Figure 7.6), an established analytical method (Deleris & Erhun, 2005). Simulation models are collections of presumptions about the connections between model constituents. Simulations can be process or time-oriented. Utilizing probabilistic inputs for components like demands, interarrival periods, or service times allows for the inclusion of uncertainty. These probabilistic inputs require probability

本书版权归Arcler所有

176

Comprehensive Guide to Business Risk Management

distributions with specific parameters to be used as descriptions. The normal distribution, the exponential distribution, the log-normal distribution, and various other distributions can all be used as probability distributions. A simulation run is a sample of the infinite population of outcomes that a given model might produce. The quantity of trials is decided after a simulation model is constructed. To verify simulation models and create simulation trials, statistical methods are used. Spreadsheet programs like Excel can be used to implement a variety of financial simulation models. Spreadsheet models’ simulation capabilities can be greatly increased by using a variety of commercial add-on packages that can be installed to Excel, such as Frontline Solver, or Crystal Ball. These add-ons feature the ability to correlate variables, quickly choose from standard distributions, aggregate, and display output, and other helpful tasks. They also make it very simple to reproduce simulation runs.

Figure 7.6. Monte Carlo simulation. Source: https://kanbanize.com/wp-content/uploads/website-images/kanbanresources/monte-carlo-when-explained.png.

Although supply chain networks bring significant economic advantages, there are related risks as well. These risks can be caused by a variety of things, such as industrial mishaps, geopolitical unrest, natural disasters, and market failure. Based on historical statistics, some of these dangers can be

本书版权归Arcler所有

Supply Chain Risk Management

177

explained in terms of probability distributions. Others call for a subjective evaluation from experts who can be located. A good method for modeling outcomes from inputs with probabilistically stated probabilities is Monte Carlo simulation. Analysis of the trade-offs between costs and support levels is necessary for planning. Each of these risks had unique requirements for logistical support as well as vulnerabilities. Mission severity, which reflects the level of enemy activity and the physical characteristics of the terrain, and magnitude are important factors. The mission intensity closely relates to the amount of logistical support required. Numerous tools have been developed in risk management to assess the likelihood of loss. The process of identifying, evaluating, and prioritizing risks, followed by a coordinated and cost-effective resource application to reduce the likelihood and impact of unfavorable events, is known as risk management. This is a thorough understanding of risk management that addresses all potential threats to a company. It is a fact that one must assume some risk in order to expect payment or profit. The secret to effective risk management is to pick the risks that you can control and find a means to decrease, eliminate, or insure. When faced with a problem that can be solved by a linear function according to a set of linear constraints, LP offers the optimal, or best possible solution. These and other significant operations management issues can be modeled using linear programming to find more effective business practices. Even while LP has many advantages, it has a somewhat high cost because it can only be used to simulate specific categories of choice problems. Usually, this entails putting scarce resources to alternative purposes. The choice issue must be written in linear functions, which has the disadvantage that since the optimal answer is sought, even little changes in the assumed coefficient values might have a significant impact on the final solution. Models for linear programming comprise variables and functions in terms of these variables, as well as functional constraints. To create an LP model of It is typically easy to focus on the decision to make in a decision problem. Things that the decision-maker can control commonly used controls the proper decision-making parameters. Typically, that will profit. The variables are those decision-own maker’s problem components.

7.8. VARIABLES Variables are the elements that can be changed to enhance the objective function. Usually, they are factors that the decision-maker can influence, like production levels. They may be the sources chosen or the designated transit

本书版权归Arcler所有

178

Comprehensive Guide to Business Risk Management

routes in supply chain scenarios. A mathematical statement that measures something in terms of the variables is called a function. An illustration of a function is profit. Risk is another illustration. Planners must make sure that tank farm stockpiles don’t fall too low, endangering the output of the paper mill. The comparatively cheap inventory keeping cost of slurry helps with this. However, a lot of tank farm storage space is needed for this. Due to its high density, slurry can be transported on ships with greater volume capacity. This makes things more difficult because ships need to be at least 60% full to prevent harmful cargo splashing in bad weather. Demand and supply uncertainty is a significant risk issue (Wang & Jie, 2020). This necessitates routine plan changes. Ships may be delayed by adverse weather or diverted by spot market activity on the supply side. Demands are unknown principally due to the variety of supported paper products and the resulting shift in the product mix of slurry. The system was credited with savings of around $7 million annually, which are anticipated to rise with corporate expansion. It also boosted predictability and flexibility throughout the supply chain. Additionally, the DSS allowed the company to avoid making new capacity investments and lower overall oil usage by more than 10%. The system also allowed for quick preplanning to handle ship delays, equipment failures, and other interruptions. Four entities and a number of data items make up the information flow in disaster management. The entities consist of a group of human planners and responders who are assisted by three models of mathematical programming. The readiness phase used a stochastic programming model to handle four inputs like disaster scenarios, transportation conditions, demand projections, and warehouse parameters and produced recommended inventory levels by supply item as well as suggested warehouse facilities. The human planning and reacting team received this information and revised the stochastic programming model in light of hospital priorities. A mixed integer programming model was used to produce transportation plans using the output from the updated stochastic programming model (Haug, 1985). The reaction phase mixed integer programming model used supply, demand, and transportation conditions data along with additional priorities from the human team to create transportation plans. This collection of metrics was put up as a way to connect intangible assets to shareholder value production. Scorecards, which put a focus on strategic objectives and metrics, have been used successfully in many corporations and public institutions. The financial viewpoint can be used to track the performance of particular outsourced suppliers in terms of their financial and market share metrics. This would

本书版权归Arcler所有

Supply Chain Risk Management

179

necessitate contracts granting the core supply chain vendor access to the internal data of the outsourcing provider, which could be troublesome. The outsourced vendor should handle internal operations, and if they hesitate, you should go back to the outsourcing market to find a successor. The performance of the outsourcing provider can be tracked in terms of service delivery from the viewpoint of the client. It is possible to undertake joint initiatives to improve processes and increase lines. The primary supply chain organization can also keep track of how much of their volume is allocated to each external vendor. To reduce the danger of the outsourcing vendor failing, it would be wise to keep the volume ratio to each vendor within the permitted upper limits. You might once more go back to the market to identify substitute supplies in that eventuality. Potential infiltration is also present when measuring the outsourcing company’s internal business activities. The problem is the same as it is from a financial standpoint. The core supply chain organization may occasionally be able to measure specific technological and industrial facets of the outsourced vendor through the development of close contractual connections. In general, it appears better to let the seller handle these issues. Innovation and learning make up the last aspect on the balanced scorecard. From the perspective of the primary supply chain organization, these variables seem appropriate to measure. All participants in the extended supply chain will benefit from collaborative efforts to engage with outsourced vendors. The main notion is that the organization can monitor these metrics over time to obtain a thorough picture of all four organizational performance views. To track the effectiveness of the enterprise in strategic decision analysis, different types of scorecards such as company-configured scorecards or strategic scorecards have been suggested to integrate into the business decision support system or expert system. Taking risks is essential to conducting business, even though they must be handled. Profit, by definition, necessitates taking some risk. At Mobil, Chrysler, the U.S. Army, and countless other corporations, scorecards have been successfully used in conjunction with risk management. A wide range of elements with the potential to have an impact on an organization’s operations, procedures, and resources make up enterprise risk. Economic change, changes in the financial markets, and risks in the political, legal, technological, and demographic contexts can all have an impact on external factors. While most of these are out of a particular organization’s control, they can be prepared for and protected from using tried-and-true methods. Among other internal hazards, these include production disruption, fraud, system failure, and human mistake.

本书版权归Arcler所有

180

Comprehensive Guide to Business Risk Management

Systems are frequently believed to be in place to identify and manage risk, yet for a variety of reasons, erroneous data is produced. Other applications of the balanced scorecard as instruments for measuring performance from a bigger, more strategic viewpoint have also been shown. Internal auditing in accounting and governance of mental health both use balanced scorecards. In supply chains for shipping, ports are clearly important. The management of ports can be crucial in facilitating processes that affect businesses and governments that depend on customs duties and need to promote economic activity. Cargo movers are businesses that have the tools and infrastructure necessary to carry out the physical labor involved in imports and exports. For trade activity to function, knowledge management is crucial. EBITDA gauges profitability, which is crucial for businesses in the port industry to keep an eye on (Alcalde, Lopes Fávero, & Takamatsu, 2013). Asset profitability is measured by ROA. These financial indicators offer a way to spot any system flaws. Traffic expansion is one of port clients’ strategic goals. Indicating profit or a loss before taxes, GVA calculates the difference between a company’s inputs and outputs. An indicator that measures cargo transported in by volume is mean terminal productivity. Trucks transporting and/or receiving cargo are delayed on average by gate attention. The outcome of exploitation gauges a company’s annual operations. The daily approval rate of electronic documents focuses on the ratio of approved to total documents as well as the number of documents that are approved in a single day. Exploitation was considered as having a negative impact on average gate attention and mean terminal productivity, whereas a larger percentage of authorized electronic papers was seen as a contributing reason to an increase in average gate attention. Mean terminal productivity was thought to have a favorable impact on both traffic flow and GVA. The average gate attention rate was considered to be helpful in raising GVA. Improved traffic movement was thought to have a good effect on ROA, whereas GVA impact was thought to have a role in boosting EBITDA (Banerjee & Gupta, 2017).

7.9. SCORECARD The balanced scorecard was used to evaluate overall performance in a petroleum supply chain. Traditionally, the emphasis has been on financial indicators, but a firm’s sustainability does not solely depend on its ability to be profitable (Martinsons, Davison, & Tse, 1999). Financial metrics are not directly tied to operational effectiveness or strategic performance in any

本书版权归Arcler所有

Supply Chain Risk Management

181

way. The structure for balanced scorecards was modified to fit a petroleum supply chain. Features in petroleum supply systems necessitate a specialized study. It is well knowledge that crude oil prices fluctuate, necessitating flexibility on the part of those involved in the petroleum supply chain. The preservation of crude oil quality is crucial. Similar multi-criteria analysis has been suggested by others to improve supply chain balanced scorecards. By enabling a single number for entire organizational performance, as in the construction example, this version of the balanced scorecard was meant to give a more comprehensive application. Here, comparing organizational performance with that of rival organizations from each aspect was a specific goal. A quoted price with an exchange rate distribution, a probability of product failure, a probability of company failure, and a probability of political failure were all taken into account in that scenario.

本书版权归Arcler所有

本书版权归Arcler所有

8

CHAPTER

SUSTAINABLE BUSINESS AND RISK MANAGEMENT

CONTENTS

本书版权归Arcler所有

8.1. Introduction .................................................................................... 184 8.2. Risk ................................................................................................ 185 8.3. Goals .............................................................................................. 186 8.4. Managers ........................................................................................ 189 8.5. Factors ............................................................................................ 191 8.6. Assessment ..................................................................................... 192 8.7. Activities ......................................................................................... 197 8.8. Processes ........................................................................................ 199

184

Comprehensive Guide to Business Risk Management

8.1. INTRODUCTION An entirely new set of business regulations that have a significant impact on the long-term sustainability of organizations has been imposed by the turbulent and uncertain economic and political climate. In this situation, firms have begun concentrating on cost-cutting and risk-management measures to gain a competitive edge (Brillinger, Els, Schäfer, & Bender, 2020). Only companies with a strong infrastructure, a healthy workflow, and effective procedures that are interconnected throughout the organization can guarantee sustainable business performance. The interaction between organizational processes must therefore be examined for risks, and if processes are contracted out to a third-party provider, risks must also be evaluated between the organization and the outsourced processes. Perils that pose a threat to the organization are added to the risk handling strategy after being detected, assessed, and analyzed, and resources are assigned to take preventive measures. Failure Mode Effects Analysis is one of the most effective risk assessment techniques now in use, mostly in the engineering and medical sectors. By creating a process for regulating risks and evaluating if threats are impending, this strategy greatly lowers the expenses associated with handling risks (Figure 8.1).

Figure 8.1. Sustainable business and risk management. Source: https://sustainableenviro.com/media/sites/2/2018/10/Managing-FoodSystem-Sustainability-Risk-1080x551.jpg.

本书版权归Arcler所有

Sustainable Business and Risk Management

185

8.2. RISK Risk appetite, risk tolerance, and the organizations’ response to risky situations were all assessed in order to prepare for conversations about risk assessment in SMEs and major corporations. Based on data gathered during interviews with managers and specialists with experience in risk assessmentrelated fields across various business sectors, the comparative analysis between the two types of organizations and the relationship between risk assessment and the organizational context were conducted. Results from interviews with managers and CEOs were used to accomplish goals relating to risk identification and determining the function of performing risk assessment at the interaction between business processes in organizations and between the organization and outsourced business processes. Based on feedback from managers who have adopted or are testing the proposed risk assessment model, follow-up surveys were used to validate the model and assess its effects. In today’s fiercely competitive business environment, managing a business requires new guidelines (Paxson, 1992). Even though the operational level is where the majority of the risks relating to business sustainability are created, managers must still keep an eye on and maintain control over all business operations in order to successfully implement new strategies that guarantee the organizations’ competitive advantage or, in some cases, even business survival. An increasing number of firms create strategies employing the process method to balance performance metrics amid financial crises. Business processes are groups of interconnected, interacting tasks that convert resources or inputs into outputs. Each process is planned as a component of a workflow that is monitored and regulated in order to add value to the organization. To accomplish business goals and support the organization’s mission and vision, business processes connect people, expertise, and technology. Research on techniques for developing, implementing, carrying out, and monitoring process activities has been done in-depth. To ensure that information is accessible throughout the organization, organizations must update and maintain standard operating procedures as well as other documents pertaining to applying processes in accordance with the established approach. Documentation and control procedures frequently relate to requests from clients or other interested parties or to legal requirements. In order to ensure business sustainability, measuring the critical performance indicators and developing strategies around the same variables are no longer sufficient. As a result, organizations have begun concentrating on managing processes and changing objectives in accordance with process results. Depending on how closely they are integrated into the

本书版权归Arcler所有

186

Comprehensive Guide to Business Risk Management

process of creating customer value or how the organization is structured, business processes may contain either core or supporting activities. Every process gathers and changes inputs to produce results that add value in accordance with corporate goals. Across the organization, interactions between processes happen despite structural departmental barriers. The goals of the marketing and sales operations are to meet customer needs while making a profit when selling goods and services. Pricing, quantity, and timeline are all factors that must be taken into account, as well as planning costs, production time, market launch time, and productivity. Sales activities entail preparing and providing goods and services directly to the customer. Market share, turnover, client satisfaction, number of business partnerships, number of repeat customers, number of new clients, number of clients placing a single order, marketing campaign effectiveness, and marketing risk levels are among the business performance indicators related to marketing. Performance indicators for sales activities include risk levels, mounting, and service expenses, storage costs, non-conformities charges, and delayed deliveries. Clients, creditors, competitors, and shareholders are the key external environments with which an organization interacts. Within the company, processes carried out by senior management, the contract management team, and the quality assurance team all interact with marketing and sales processes (Piercy, 2010). Risks in marketing and sales are typically associated with not meeting customer needs and requests, delaying production, giving customers incomplete presentations of products or services, or having a poor external communication system. These risks can result in client loss, fines, lower turnover, lower sales volumes, and even legal action.

8.3. GOALS The primary goals of the contract management team are to create performing contracts while meeting the needs of the clients and adhering to laws and regulations. The important performance indicators concern total contracted value, offering process performance, and process risk levels. A contracting team and a legal team are typically included in the contract management department to guarantee that all contracts are compliant with the law. The department uses checklists, the Pareto analysis, risk assessment, and risk management as approaches for achieving business objectives. The primary process interactions are with business procedures that senior management, the marketing, and financial teams are responsible for executing. Risks associated with contracting might be related to undetected or unquantifiable

本书版权归Arcler所有

Sustainable Business and Risk Management

187

requirements that result in higher expenses, disgruntled clients, or even lost business. Consequences of breaching contracts, such as higher prices, delayed delivery, or unhappy clients, can be taken into consideration as significant risks (Johnson & Sohi, 2016). Turnover, profit, and payroll headcount, return on equity, and risk levels are crucial performance metrics related to financial processes. Other management techniques, with the exception of financial risk management, are based on the financial indicators that are computed and examined. All organizational activities, including those carried out by senior management, contracting, purchasing, and manufacturing processes, are impacted by and directly interact with financial processes. The procurement process, which ensures procuring goods and services from the outside environment, entails sub-processes like assessing, choosing, and overseeing suppliers; validating the obtained goods and services; and managing outsourced services. Reducing sourcing costs and procurement time, ensuring that stockpiles correspond to needs, and forging relationships with suppliers are the processes’ goals. Cause-andeffect analysis (Figure 8.2), Pareto analysis (Figure 8.3), check lists, and team analysis are the primary management techniques.

Figure 8.2. Cause-and-effect analysis. Source: https://www.isixsigma.com/wp-content/uploads/images/stories/migrated/graphics/394a.gif.

本书版权归Arcler所有

188

Comprehensive Guide to Business Risk Management

Figure 8.3. Pareto analysis. Source: https://www.cec.health.nsw.gov.au/__data/assets/image/0005/341285/ Pareto-1.png.

Risks could arise if only one supplier is considered and chosen, which could lead to higher costs, delayed delivery, and unhappy customers. Another significant risk that contributes to lower sales and delayed deliveries is delayed procurement. Other procurement risks include failing to specify acceptance standards for goods and services and working with unqualified suppliers, which can result in higher production costs, defective goods, late delivery, and unhappy customers. The greatest risks are those associated with flaws and errors that customers report that could result in complaints. Another production-related risk that negatively affects sales is delayed deliveries. Other hazards include work accidents that can result in losing authorizations, declining sales, and losing market share, as well as manufacturing infrastructure failures that cost money to fix, cause delays in deliveries, and pollute the environment. Client complaints and reduced delivery capacity may result from operating with non-compliant or outdated materials and equipment, employing erroneous product specifications, and not allocating enough time for verification methods.

本书版权归Arcler所有

Sustainable Business and Risk Management

189

The risks that have been discovered can be related to creating noncompliance, including selling non-compliant items to customers and turning them into flaws that result in higher expenses, delayed delivery, and complaints. Other hazards include slow control procedures, delayed procurement, and client loss as a result of ineffective controls. Products can be provided with flaws due to unqualified vendors and mistakes in defining compliance standards for goods and services. Organizational workflows can be recognized horizontally as procedures linked between departments as well as vertically as they move from one organizational level to another (Mendling & Hafner, 2005). Process owners and managers continuously detect, analyze, and send feedback regarding all process interactions in order to optimize workflows. The objectives of the organization determine how organizational business processes interact with one another. This feedback mechanism ensures that reports are sent from the operational level to the strategic level, where managers make decisions and create strategies based on the information they have received. Then, process owners and department managers put operational plans into place, watch over, examine, and report on performance indicators linked to the process’s outcomes. As a result, the process manager is the owner of all process interactions and is responsible for ensuring their effectiveness while evaluating and managing risks that may arise at this level. Sharing findings with other process managers and offering comments is another crucial task for process managers. When employing the process approach, information about detected and evaluated risks at each process interaction should also be communicated because there may be major hazards that endanger the success of the business.

8.4. MANAGERS Managers can now pursue profitability through higher revenue or profit margins and boost corporate value by extending their businesses internationally. Management plans are created with the target markets’ business environments in mind while entering international markets. Countries and organizations are now interconnected. Organizations have expanded their operations globally in one of two ways: by exploring new markets or by outsourcing their operations. To cut manufacturing and service expenses and boost income by focusing on new global market segments, corporations must investigate and comprehend international business environments as well as the key distinctions between their own country and the nations where they intend to outsource procedures. Although they have

本书版权归Arcler所有

190

Comprehensive Guide to Business Risk Management

extremely different economies, cultures, and working conditions, advanced regions like the United States and Europe can be vital markets and provide significant outsourcing prospects, as can newly growing nations like China and Africa. Businesses have been moving manufacturing and outsourcing services to low-wage nations, but knowledge-intensive business services, such as highly specialized production and services or research and development (R&D), have not been outsourced. Managers must first define the organization’s mission, objectives, strategies, and tactics in order to secure the organization’s mid- and long-term sustainability and development beyond trade borders. The organization’s purpose must reflect the management direction and vision of the organization and must be tailored to the local market of the foreign country (Lee & Faff, 2009). Managers have been compelled to re-evaluate plans and include goals that guarantee business sustainability due to changes in the global business environment. Department managers typically prepare tactics, which are related to how strategies are carried out. When creating management strategies, opportunities, and threats are taken into account in addition to strengths and weaknesses. This model considers the threat of new competitors, the threat of substitutes, the bargaining power of customers, the bargaining power of suppliers, and industry rivalry. Finding new manufacturers or service and support providers is typically involved in relocating procedures, which must take into account both internal and external variables. Each procedure that governs interactions with the new business partners while taking into account language, culture, shared goals and objectives, trust, human rights, expectations, and risks must be assigned responsibility and managed through communication. In order to construct the contract, senior management manages the connection with the outsourcing company, conducts discussions, and establishes norms and expectations. Employee resistance to change and conflicts of interest must be dealt with by talking with the staff and outlining the dangers, newly allocated jobs, and protocols as well as how this change will affect them. In order to meet the specified performance indicator values, the client company establishes its own objectives, goals, strategies, structures, and protocols, while the outsourced supplier tailors its activities to the regional business environment. The major reasons why third-party providers change goals and tactics and reduce the influence of client businesses are failure to align expectations and failure to consider how different business settings differ from one another. Reshoring and back sourcing have gained popularity in recent years. New rules brought

本书版权归Arcler所有

Sustainable Business and Risk Management

191

about by political and economic dynamics have had an impact on outsourced solutions and shown that outsourcing decisions were unsatisfactory.

8.5. FACTORS The key factors driving back sourcing decisions are service quality, rising wages and transportation expenses, as well as flexibility. Managers must first examine the causes of the outsourcing’s unsatisfactory results before reshoring. There are two main reasons why managers have had to re-evaluate their outsourcing decisions: poor communication and poor control. These restrictions may make it impossible to manage business process interactionrelated hazards. Risk assessment continuously examines all influencing factors to predict and anticipate potential changes both inside and outside the organization. The determination of business goals and strategy often involves conducting a risk assessment. To maintain sustainable performance and boost profitability, quality assurance, and customer happiness, organizations must recognize, assess, and manage the top impacting risks. Organizations must develop new strategies for adjusting to the new obstacles in order to meet corporate objectives in the current economic and political environment, which has changed all business processes. In order to address new business possibilities and prevent threats from materializing, it is necessary to conduct a proactive risk assessment of the uncertainties associated with the changes in the business environment. There has been a developing basic consensus that systematic risk management is necessary to address these difficulties. The most frequent new risks are high risks with low probability of occurrence, which can result in global supply chain disruptions, market segment losses, unsatisfactory outcomes of outsourced or offshored company activities, and even insolvency or bankruptcy. Although there are various operational risk assessment techniques accessible, many academicians and experts concur that these tools and approaches have not been synthesized into a comprehensive management system. As reactionary responses to risks that have already manifested as unfavorable events, organizations adopt firefighting strategies; nevertheless, these techniques are incredibly ineffective and have significant drawbacks in terms of money, labor, and time. In order to accomplish company goals and maintain sustainable performance, risk assessment must be carried out proactively as a collection of integrated operations with the common objective of monitoring, regulating, and managing risks. Sustainability is intricate and multifaceted, encompassing a wide range of issues such as stakeholder

本书版权归Arcler所有

192

Comprehensive Guide to Business Risk Management

satisfaction, habitat conservation, energy use, and financial outcomes. In respect to the expectations of stakeholders, sustainable performance demonstrates corporate conformance, compliance, certification, and reporting in accordance with set standards. Only when risks are managed by the organizations and significant threats are avoided can sustainable performance be guaranteed. On the other hand, risks can also result in gains and be utilized as worthwhile business chances that significantly improve the likelihood of long-term success for firms. The three most significant business prospects are improving operational effectiveness, assessing risks, and raising organizations’ performance metrics. Therefore, businesses may assure sustainable performance by carrying out a thorough risk assessment relating to their business processes and putting in place controls for the risks that have been identified. By examining potential courses of action, risk assessment is a process that depends on interactions with all business processes and aids businesses in setting priorities and making informed decisions. In order to get dependable, consistent, and comparable results, the process necessitates a well-structured, systematic, and accurate approach. This strategy makes a significant contribution to assuring sustained performance. The key elements that guarantee the effectiveness of risk assessment are leadership through objectives, participative management, teamwork, and staff involvement in reaching corporate objectives, as well as transparency and effective communication. To underline the value of generating and preserving value inside the firm as well as committing to attaining risk assessment-related business objectives, standardized risk assessment guidelines have been described in the specialized literature as well as by numerous companies. Organizations must take into account its mission statement, corporate vision, and organizational context in order to produce and preserve value.

8.6. ASSESSMENT Identifying, assessing, and analyzing risks inside an organization is the goal of risk assessment, which is a collection of coordinated tasks (O’Donnell & Schultz, 2005). By providing information about risk profiles, including risk source and impact on key performance measures, these activities help people better comprehend risk. Managers may establish sound company plans and make informed decisions with the aid of risk assessment. As a result, risk assessment helps firms achieve their long-term goals and improve their overall business performance. To produce consistent, comparable, and

本书版权归Arcler所有

Sustainable Business and Risk Management

193

trustworthy results that are long-lasting, the process needs a methodical and structured strategy. Individuals responsible for standardizing and assuring process efficiency through the evaluation of outcomes and the development of standards, guidelines, and procedures take part in each phase of the risk assessment process. Business management includes not just dealing with the repercussions of not meeting goals, but also figuring out what led to the risk materializing in the first place. This can be done reactively by taking into account past risks that have already had an impact. The management team must take a proactive stance and assess potential risks in order to avert risk materialization. Resources must be set aside for risk identification, analysis, and estimation before deciding to undertake risk assessment. Risk assessment is important for accomplishing corporate goals and should be taken into account at every stage of the decision-making process. While risk management and assessment are crucial for an organization’s long-term success, companies must constantly innovate and update their procedures to deal with the ambiguities and shifts in the business environment. Experts have been looking into new ways to reduce the expenses associated with handling risks while also increasing the process’ accuracy and efficiency over the past several years in an effort to avert the negative effects of risk materialization. When determining risk levels, the FMEA method offers considerable benefits for risk management and control, as well as a significant cost reduction. This is crucial for achieving sustainable company performance because it prevents resources from being wasted controlling risks whose materialization conditions may never materialize. Instead, they can be employed to produce solutions that provide value for the organization. Examining potential benefits from risk management is another development in the field of risk assessment. An unclear scenario may result in both negative and positive outcomes. The FMEA method is generally used in engineering and medical, and a risk assessment strategy based on opportunities is not utilized as a standard in companies, thus there are many opportunities connected to innovation in the risk assessment sector. By identifying the circumstances that resulted in the materialization of prior risks, as well as by inferring these circumstances based on the judgment and expertise of specialists with risk assessment, it is possible to manage the negative effects of risk materialization. Business performance indicators are impacted by risk materialization, allowing businesses to identify the circumstances that indicate a significant departure from expected values. Risks can therefore be controlled by keeping an eye on the values of these indicators, and a significant portion of the risks need not be included in the

本书版权归Arcler所有

194

Comprehensive Guide to Business Risk Management

risk handling plan. If business risks are not managed and risk assessment findings are not put to use, sustainable business performance cannot be guaranteed. By using risks as business opportunities, the risk assessment process is made more effective and adds value for the organization, which has a significant positive impact on sustainability and business performance. The organization’s attitude toward risky circumstances, interest in assessing and managing risks, and risk tolerance, which varies primarily by organization size, all influence risk-taking. When making strategic decisions based on the best information available, managers can get assistance from the risk assessment process. Organizations must decide between an aggressive strategy that entails taking risks in pursuit of new business prospects and a defensive risk strategy that is focused on avoiding or managing risks. For performance to be sustainable, risk assessment needs to be innovated, improved, and used to address new opportunities brought about by risk materialization. If the risks that have been identified are examined and new business prospects can be realized, organizations also have the choice of spending resources to force risk materialization. This approach can enhance the outcomes of risk assessments and make them even more valuable as management tools. Numerous experts have discussed risk assessment methods, but the process always involves choosing risk criteria and identifying risks before doing risk analysis and evaluation to produce the risk profile. The risk profile must take into account both the potential for negative and positive effects of risk materialization in order to uncover new business prospects. The organization is at danger from unacceptable or very high risks, but as these risks might also present possibilities, they can also be seen as desirable for corporate growth. In order to measure the impact of taking risks and utilizing an offensive risk assessment method, it is important to consider the influence on the business performance indicators. The stability of the organization depends on managing the tension between an offensive and defensive risk strategy. A risk assessment focused on sustaining corporate performance maps both potential positive and negative outcomes of risk materialization and strikes a balance between defensive and offensive risk management tactics. Making the most of both the favorable and unfavorable consequences of risk materialization is essential to a strategy based on making strategic decisions while taking into account threats and opportunities. Risks have a distinct stake or cost for large corporations, therefore organizations like the majority of large companies that only create defensive strategies to assure

本书版权归Arcler所有

Sustainable Business and Risk Management

195

self-protection will likely lose a lot of commercial chances. Organizations can become unstable when they take chances to seize an opportunity and fail, and the massive corporations’ lack of flexibility can postpone the return to the initial condition, resulting in significant losses that cannot be recovered. Entrepreneurs must make decisions about taking risks in order to assure the survival of their businesses and the expansion of their organizations. Organizations have begun spending additional resources to predict both adverse and advantageous outcomes that occur from risk handling when deciding between a defensive or aggressive approach when addressing risks. Risk acceptance criteria are continuously examined, and the outcomes have always varied from one business to another (Marhavilas & Koulouriotis, 2021). Organizations have been driven by changes in the economic and political climate to restructure goals, reduce expenses, develop new ways to protect resources and assets, as well as to reconsider how they respond to dangers. Managers were compelled to reevaluate performance indicators and decision-making procedures due to the increased dangers that the new challenges have brought with them. These risks now pose a threat to the organizations’ continued existence. Numerous companies have gone through various regimes and have consistently changed in order to adapt. By establishing the legal framework required for entrepreneurs to begin building businesses, democracy has immediately contributed to an increase in the number of small and medium-sized businesses. Trade and commerce have been facilitated by globalization, creating new opportunities for both huge corporations and small and medium-sized businesses. Despite growth and great accomplishments, bureaucracy, corruption, and the frequent changes in politics and the legal environment have always been problems for the Romanian entrepreneurs. Most major businesses have already included risk assessment; senior managers and employees are heavily involved in all procedures connected to risk assessment, including risk identification and analysis, risk monitoring, and risk management. Comparatively speaking, big businesses have started or concluded standard operating procedures and have also started standardizing across divisions and regions. When designing risk strategies and business growth plans, major firms are more focused on using the results of risk assessments. This is crucial in order to make the most of all the resources spent for risk assessment and to avoid any potential bad outcomes should a risk materialize. Risk assessment is particularly sensitive to changes in the organization and the business environment, whether it is done manually or as part of an enterprise resource planning (ERP) program.

本书版权归Arcler所有

196

Comprehensive Guide to Business Risk Management

The quantity of resources allocated for the process can be influenced significantly by stakeholders’ and senior management’s opinions on the value of risk assessment. The research was done to highlight the significance of the relationship between risk assessment and the organizational context. Managers and experts from various industries were interviewed, and survey data was also collected via email-delivered questionnaires. Any business process must unquestionably have the support of all stakeholders, align with the organization’s strategy, and vision, and add value to the business. The synergy between risk assessment and the organizational context has an impact on risk assessment effectiveness and business performance. Due to the unpredictability of the world economy, risk assessment has developed into a crucial instrument for adjusting to ongoing changes in the corporate environment. Since risk assessment has the capacity to alter organizational hierarchies of accountability and responsibility, it necessitates a specific approach to managing people and activities. Senior management makes decisions on the budget in accordance with the organization’s strategy and vision, so firms that are focused on the future can allocate more resources for risk assessment development, such as investments in technology and human resources. A successful risk assessment protects the organization’s safety and stability, and maintaining a safe environment lowers staff stress levels because employees have job security and don’t worry about missed pay checks or the organization’s survival. Additionally, managers can use the outcomes of risk assessments as strategic chances to produce positive business results. An organization that seizes new opportunities, innovates, and continuously evolves fosters a culture of brave, open-minded, and goaloriented individuals. Business expertise, forecasting skills, and database research are necessary for risk identification, analysis, and strategy-oriented risk handling; these requirements can only be met by effective employees; therefore, a proper and regular staff evaluation method is essential for ensuring the process has the right people in place. Any business process requires teamwork, openness, and communication since the organization reports and analyzes information relevant to process results, and because final choices typically need a leader’s approval. Building relationships with co-workers and upholding open lines of communication are essential for the risk assessment procedure. In order to properly process data and establish risk levels, personnel must collaborate in order to detect uncertainties, generate estimates about the likelihood that potential hazards will materialize, and assess their potential consequences. Access to senior managers can be facilitated by visibility and

本书版权归Arcler所有

Sustainable Business and Risk Management

197

positive relationships with other team members. Since a large amount of data must be continuously acquired, chosen, and processed in order to create the risk analysis, the degree of automation can also have an impact on risk assessment. Most respondents suggested using specialized ERP software and assembling a dedicated team; nevertheless, risk assessment software is particularly effective since it is quicker at analyzing historical hazards and determining causes and effects, giving managers and specialists more time for strategic planning (Henderson, 1992). In order to detect uncertainties, risk assessment analyzes data pertaining to the company. As a result, the organizational structure needs to be adjusted to make it easier for people to communicate, access data, provide data for risk assessment, and receive the results of risk assessment. Any business process must be able to adapt to change. Risk assessment must be updated and upgraded frequently in order to produce correct results; new developments must be taken into account frequently; therefore, organizational slack has a significant impact on this complicated and dynamic process. Additionally, risk assessment allows more time to prepare for potential unforeseen unfavorable outcomes by assessing risk levels. The organization’s structure is also impacted by risk assessment because it necessitates access controls and effective communication amongst all organizational functions. Regarding creditors, the ability of the company to operate is crucial when asking for a bank credit line or an extended payment period from a supplier. Client satisfaction and long-term partnerships depend on effective risk monitoring and control because clients, particularly partners and supporters who occasionally base their entire activity on the goods or services provided by the organization, have a significant impact on risk assessment and want to ensure that production lines, outsourced services, or other services are not even stopped.

8.7. ACTIVITIES By deciding the shareholders’ strategic activities and affecting the organization’s market strategy, which has an impact particularly on competition, risk assessment influences external stakeholders. Since a company’s reputation for economic stability and growth attracts new customers, investors, and qualified job seekers, risk assessment is closely connected to the company’s image. One benefit of effective collaborations is benchmarking, where information about risk assessments may be shared with corporate partners in order to compare outcomes and streamline the

本书版权归Arcler所有

198

Comprehensive Guide to Business Risk Management

process. Indicators of local demographics, such as the proportion of the working population, education level, age, and interests, have an impact on operations, human resources, and overall business profitability. Changes in the local demographic have an impact on the caliber of the risk assessment team (Gilbert & Han, 2005). The income levels of an organization’s consumers have a direct impact on sales and revenue; economic instability can expose an organization to a new set of dangers, necessitating routine supply and demand evaluations. Organizational culture also affects risk assessment, particularly when it comes to implementation: for a successful process start-up, accepting changes and working as a team are essential. When it comes to risk assessment, towns with strong local economies and reputable, safe enterprises will draw more people looking for stable employment. A safe workplace also reduces stress and inspires employees, which results in fewer mistakes and better performance. Risk assessment affects the sociocultural aspects of the organization by promoting teamwork among employees, bringing people together, and fortifying bonds. It is reliant on effective departmental communication. The ability to process a large quantity of data based on algorithms that determine risk levels and continuously update the risk registry database has led to the adoption of risk assessment software packages by many businesses in recent years. When these kinds of tools are combined with the company’s ERP system, which allows for the automatic retrieval and selection of data relevant to each organizational business function, they can be extremely effective. A reliable communication system also speeds up processing and makes it easier to acquire data. The majority of those surveyed believe that risk assessment has given software development organizations additional prospects. Getting additional funding for technical advancement is a benefit of risk assessment implementation. Any organization’s infrastructure is built on procedures that outline the tasks, activities, roles, and regulations that must be followed inside the business. The importance of process design and business process management, which are key components in maintaining corporate sustainability, has been recognized by managers (Salzmann, Ionescu-Somers, & Steger, 2005). In order to learn more about business processes and examine them from a sustainability point of view, interviews with managers and process experts from various firms were conducted. For each organizational function, the weakest and strongest points in the design of sustainable processes, as well as the associated hazards, are investigated. Additionally, interviewees cover the crucial elements that guard against process halts or failures and share data about organizational profile, core, and

本书版权归Arcler所有

Sustainable Business and Risk Management

199

support processes, process description, formality level, staff involvement, communication, risk evaluation of how business processes interact, control mechanisms, and continuous improvement techniques. Each of the process factors that have an effect on sustainability was examined in order to gauge the process’ level of sustainability.

8.8. PROCESSES Processes should be codified to improve knowledge and understanding across the organization in order to be sustainable. A flowchart can be used to represent business processes as a collection of actions connected by decision points. The process matrix, which incorporates a series of actions and regulations based on process data, is another method of representing the formality of business processes. In recent years, running a firm has faced new hurdles. To reach the desired values of the performance metrics, new approaches and procedures must be developed as a result of the financial crisis. Since business processes are the foundation of every company and have a direct impact on business performance, controlling risks at the operational management level is frequently essential to an organization’s survival. In the current business environment, risk management and process improvement are crucial. A growing number of managers employ the process approach as a tactic to reduce risks associated with interactions between business processes. The primary unacceptable risk that can result from management activities or after-sales processes interacting with one another is decreased sales of support services and spare parts. Ineffective business strategies, improper resource allocation, erroneous budget estimates for warranty-related expenses, inaccurate offers of spare parts or services, a failure to monitor faulty items, and a failure to analyze redundant faults are the main culprits. Risks associated with management team operations and monitoring activities are acceptable and relate to additional unanticipated costs during the warranty period, but risks must be monitored and prevented from being brought on by gathering data from unrelated sources and failing to keep track of clients’ needs. Choosing which business processes to outsource in order to boost revenue and profit margin was one of the biggest issues process managers faced in previous years. Recently, experts in the field, academics, and managers came to the conclusion that not all actions about offshore or outsourcing were profitable for the companies, and as a result, backshoring, and reshoring became a new business trend. Recent studies have

本书版权归Arcler所有

200

Comprehensive Guide to Business Risk Management

revealed that thorough study is required before making a decision, despite the fact that managers have raced to review and reverse decisions linked to outsourcing and offshoring. It’s probable that some corporate operations would need to be outsourced, but organizations would gain more if they didn’t change their minds about other activities. In order to reduce expenses, boost sales, and improve profits, managers have begun outsourcing certain tasks to outside companies. When looking for new outsourcing options or growing sales markets, businesses choose newly developing nations. While management has moved manufacturing and support services to independent contractors or completely owned branches or subsidiaries in low-wage nations, knowledge-intensive business services are typically preserved within the corporation. Managers have committed resources for corporate governance in order to monitor and regulate process outputs and assure the viability of the firm. Corporate governance requires firms to recognize and address any problems that arise during interactions with each of the outsourced processes, including lowered service quality or the creation of subpar goods, client dissatisfaction, increased production costs, or wage increases. Organizations must continually identify, evaluate, and analyze risks at the interaction with each of the outsourced business processes because changes in the foreign country’s economic and political environment can potentially pose a threat to guaranteeing corporate sustainability. Finding effective controls for international companies and third-party goods and services as well as understanding the disparities between commercial and social elements that affect sustainable performance were significant problems for the organizations. Managers have learned through professional experience that not all business decisions regarding the use of third-party suppliers in contracting procedures resulted in added value for the businesses. Numerous offshored or outsourced procedures with quality problems result in additional expenses that materially reduce corporate profitability or even cause the organization to lose money. The key drivers behind businesses beginning to internalize business activities were rising transportation expenses, taxes, and labor, a lack of adaptability in terms of meeting client requirements, and a lack of expertise. The process outcomes offered by the third-party organization were not value-adding, which resulted in the highest determined risk levels. Ineffective and obsolete processes, as well as losing complete control over the process, are unacceptable risks that must be taken into account in the risk management plan. Risk levels are higher when an organization interacts

本书版权归Arcler所有

Sustainable Business and Risk Management

201

with off-site procedures carried out by a third-party provider since there is a larger likelihood that control of the process will be lost and service quality will suffer. Losing control of the process and a decline in service quality are the two risks that are most likely to occur when processes are carried out overseas. These high risks are related to expensive labor and transportation expenses, losing complete process control, declining service quality, and antiquated and inefficient procedures. The most unfavorable effects of risk materialization include decreasing income, profit, and productivity, a lack of new clients or client loss, and the termination of contracts with thirdparty providers. The main benefits of outsourcing business processes are typically cheaper labor costs and operating expenses; regrettably, sometimes the price of resolving quality-related problems might lead firms to decide to back source. While risks relating to interactions between organizational business processes are typically bearable or undesirable, the procedures of outsourcing and back sourcing involve additional risks that may have an immediate detrimental impact on the organization. Therefore, firms must assess the risks associated with all back sourcing and outsourcing procedures and base their decisions on a thorough risk analysis. Instead of monitoring these risks and acting only when certain criteria are met that potentially result in risk materialization, resources are then used and measures are performed to prevent them. There is no formula that decides when to take steps to manage significant business risks and lower risk handling expenses. To find out if detection makes risk assessment more effective and if it lowers risk management costs with a direct impact on the business performance measures, interviews with experienced managers and process experts were conducted. The current market conditions include dropping pricing and rising quality of goods and services; this naturally creates a highly competitive company environment with occasionally smaller profit margins. Any business enterprise makes finding the ideal cost-quality ratio a top concern. However, doing so carries additional risks, primarily because there aren’t any backup plans or finances to fall back on if something goes wrong. In order to remain competitive, businesses have started to have a larger risk tolerance and take on more risks. The outcomes of risk assessments are closely related to risk appetite and corporate growth, making them a crucial tool for enterprises. The FMEA approach can enhance monitoring and regulating processes and systems by guaranteeing the correctness of the control mechanisms. As a third attribute in risk assessment, detection ensures a more accurate and exact evaluation, which

本书版权归Arcler所有

202

Comprehensive Guide to Business Risk Management

directly affects how frequently hazards manifest and how much it will cost to manage those risks. Detection assesses the conditions that determine risk materialization. By continuously monitoring the organization’s performance indicators, detection can determine whether specific conditions are met that can result in risk materialization. Probability of appearance and consequence are typically estimated by process owners based on their experience and other subjective data. If risk management expenses were lower, opportunities were discovered more frequently, and seizing these chances enhanced business outcomes, organizations would be more willing to take on risk. Utilizing the FMEA method, organizations can identify which risks are worth handling in order to prevent negative effects of materialized risks or to force risk materialization in order to take advantage of an opportunity. When detection is used, this risk loses appeal to managers seeking for new business prospects. Monitoring performance metrics impacted by common hazards is necessary to determine whether risk levels are rising and whether new opportunities are opening up. These indicators are impacted by the dangers of ineffective marketing campaigns, a bad company reputation, customers losing interest in the company’s goods and services, and non-performing contracts.

本书版权归Arcler所有

BIBLIOGRAPHY

1.

2.

3.

4.

5.

6.

7.

本书版权归Arcler所有

Quinn, James Brian., (1999). Strategic Outsourcing: Leveraging Knowledge Capabilities – ProQuest. Retrieved from: https://www. proquest.com/openview/5916eb65b5da1b52d6f39ae95f401f13/1?pqorigsite=gscholar&cbl=26142 (accessed on 07 September 2022). Adams, C., Bourne, M., & Neely, A., (2004). Measuring and improving the capital planning process. Measuring Business Excellence, 8(2), 23– 30. https://doi.org/10.1108/13683040410539409. Adil, M., (2008). Risk-based regulatory system and its effective use in health and social care. Journal of the Royal Society for the Promotion of Health, 128(4), 196–201. https://doi.org/10.1177/1466424008092234. Alcalde, A., Lopes, F. L. P., & Takamatsu, R. T., (2013). EBITDA1 margin in Brazilian companies variance decomposition and hierarchical effects. Accounting and Administration, 58(2), 197–220. https://doi. org/10.1016/S0186-1042(13)71215-4. Allan, N., & Davis, J., (2006). Strategic risks—Thinking about them differently. Proceedings of the Institution of Civil Engineers – Civil Engineering, 159(6), 10–14. https://doi.org/10.1680/ cien.2006.159.6.10. Allen, F., & Santomero, A. M., (2001). What do financial intermediaries do? Journal of Banking & Finance, 25(2), 271–294. https://doi. org/10.1016/S0378-4266(99)00129-6. Andersen, J., & Choong, H., (1997). The development of an industry standard supply-based environmental practices questionnaire.

204

8.

9.

10.

11.

12.

13.

14.

15.

16.

本书版权归Arcler所有

Comprehensive Guide to Business Risk Management

Proceedings of the 1997 IEEE International Symposium on Electronics and the Environment. ISEE-1997 (pp. 276–281). https://doi. org/10.1109/ISEE.1997.605340. Annamalah, S., Raman, M., Marthandan, G., & Logeswaran, A. K., (2018). Implementation of enterprise risk management (ERM) framework in enhancing business performances in oil and gas sector. Economies, 6(1), 4. https://doi.org/10.3390/economies6010004. Anthony (Tony) Cox, Jr, L., (2008). What’s wrong with risk matrices? Risk Analysis, 28(2), 497–512. https://doi.org/10.1111/j.15396924.2008.01030.x. Aquino, K., & Douglas, S., (2003). Identity threat and antisocial behavior in organizations: The moderating effects of individual differences, aggressive modeling, and hierarchical status. Organizational Behavior and Human Decision Processes, 90(1), 195–208. https://doi. org/10.1016/S0749-5978(02)00517-4. Baker, T., & Griffith, S. J., (2007). Predicting corporate governance risk: Evidence from the directors’ &(and) officers’ liability insurance market. University of Chicago Law Review, 74, 487. Retrieved from: https://heinonline.org/HOL/Page?handle=hein.journals/ uclr74&id=497&div=&collection= (accessed on 07 September 2022). Banerjee, R., & Gupta, K., (2017). The effects of environmental sustainability and R&D on corporate risk-taking: International evidence. Energy Economics, 65, 1–15. https://doi.org/10.1016/j. eneco.2017.04.016. Baranoff, E., & Sager, T., (2003). The relations among organizational and distribution forms and capital and asset risk structures in the life insurance industry. Journal of Risk and Insurance, 70(3), 375–400. https://doi.org/10.1111/1539-6975.t01-1-00057. Bargeron, L. L., Lehn, K. M., & Zutter, C. J., (2010). Sarbanes-Oxley and corporate risk-taking. Journal of Accounting and Economics, 49(1), 34–52. https://doi.org/10.1016/j.jacceco.2009.05.001. Beheshti, H. M., Clelland, I. J., & Harrington, K. V., (2020). Competitive advantage with vendor managed inventory. Journal of Promotion Management, 26(6), 836–854. https://doi.org/10.1080/104 96491.2020.1794507. Bertinetti, G. S., Cavezzali, E., & Gardenal, G., (2013). The Effect of the Enterprise Risk Management Implementation on the Firm Value of

Bibliography

17.

18.

19.

20.

21.

22.

23.

24.

25.

26.

本书版权归Arcler所有

205

European Companies [SSRN Scholarly Paper]. Rochester, NY. https:// doi.org/10.2139/ssrn.2326195. Bezzina, F., Grima, S., & Mamo, J., (2014). Risk management practices adopted by financial firms in Malta. Managerial Finance, 40(6), 587– 612. https://doi.org/10.1108/MF-08-2013-0209. Billing, C., McCann, P., Ortega-Argilés, R., & Sevinc, D., (2021). UK analysts’ and policy-makers’ perspectives on Brexit: Challenges, priorities, and opportunities for subnational areas. Regional Studies, 55(9), 1571–1582. https://doi.org/10.1080/00343404.2020.1826039. Bin, O., Crawford, T. W., Kruse, J. B., & Landry, C. E., (2008). Views capes and flood hazard: Coastal housing market response to amenities and risk. Land Economics, 84(3), 434–448. https://doi.org/10.3368/ le.84.3.434. Black, F., & Cox, J. C., (1976). Valuing corporate securities: Some effects of bond indenture provisions. The Journal of Finance, 31(2), 351–367. https://doi.org/10.1111/j.1540-6261.1976.tb01891.x. Black, J., & Baldwin, R., (2010). Really responsive risk-based regulation. Law & Policy, 32(2), 181–213. https://doi.org/10.1111/ j.1467-9930.2010.00318.x. Blume, M. E., Lim, F., & Mackinlay, A. C., (1998). The declining credit quality of U.S. corporate debt: Myth or reality? The Journal of Finance, 53(4), 1389–1413. https://doi.org/10.1111/0022-1082.00057. Bode, C., Hübner, D., & Wagner, S. M., (2014). Managing financially distressed suppliers: An exploratory study. Journal of Supply Chain Management, 50(4), 24–43. https://doi.org/10.1111/jscm.12036. Bojanić, T., Nerandžić, B., Stevanov, B., & Gračanin, D., (2022). Fundamentals of integrated risk management model in business processes. In: Lalic, B., Gracanin, D., Tasic, N., & Simeunović, N., (eds.), Proceedings on 18th International Conference on Industrial Systems – IS’20 (pp. 310–317). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-030-97947-8_41. Borgelt, K., & Falk, I., (2007). The leadership/management conundrum: Innovation or risk management? Leadership & Organization Development Journal, 28(2), 122–136. https://doi. org/10.1108/01437730710726822. Boyabatli, O., & Toktay, L. B., (2004). Operational Hedging: A Review with Discussion (pp. 1–23). Research Collection Lee Kong

206

27.

28.

29.

30.

31.

32.

33.

34.

35.

本书版权归Arcler所有

Comprehensive Guide to Business Risk Management

Chian School of Business. Retrieved from: https://ink.library.smu.edu. sg/lkcsb_research/3758 (accessed on 07 September 2022). Bozkus, K. S., & Caliyurt, K., (2018). Cyber security assurance process from the internal audit perspective. Managerial Auditing Journal, 33(4), 360–376. https://doi.org/10.1108/MAJ-02-2018-1804. Brillinger, A. S., Els, C., Schäfer, B., & Bender, B., (2020). Business model risk and uncertainty factors: Toward building and maintaining profitable and sustainable business models. Business Horizons, 63(1), 121–130. https://doi.org/10.1016/j.bushor.2019.09.009. Brown, C. A., (2014). Risk Management System: Practical Development and Implementation. Presented at the ASSE Professional Development Conference and Exposition. Retrieved from: https://onepetro.org/ ASSPPDCE/proceedings/ASSE14/All-ASSE14/ASSE-14-686/78121 (accessed on 07 September 2022). Bründl, M., Romang, H. E., Bischof, N., & Rheinberger, C. M., (2009). The risk concept and its application in natural hazard risk management in Switzerland. Natural Hazards and Earth System Sciences, 9(3), 801–813. https://doi.org/10.5194/nhess-9-801-2009. Bucheli, M., & Salvaj, E., (2018). Political connections, the liability of foreignness, and legitimacy: A business historical analysis of multinationals’ strategies in Chile. Global Strategy Journal, 8(3), 399– 420. https://doi.org/10.1002/gsj.1195. Burkov, V., Burkova, I., Barkhi, R., & Berlinov, M., (2018). Qualitative risk assessments in project management in construction industry. MATEC Web of Conferences, 251, 06027. https://doi.org/10.1051/ matecconf/201825106027. Calantone, R., Garcia, R., & Dröge, C., (2003). The effects of environmental turbulence on new product development strategy planning. Journal of Product Innovation Management, 20(2), 90–103. https://doi.org/10.1111/1540-5885.2002003. Cannadine, D., (1984). The present and the past in the English industrial revolution 1880–1980. Past & Present, 103(1), 131–172. https://doi. org/10.1093/past/103.1.131. Carrithers, J. R., DeHart, R. E., & Geaneas, P. Z., (1998). Crisis Management Systems for Emergency Scenarios in International Operations. Presented at the SPE International Conference on Health, Safety, and Environment in Oil and Gas Exploration and Production. https://doi.org/10.2118/46742-MS.

Bibliography

207

36. Chapman, C., & Ward, S., (2004). Why risk efficiency is a key aspect of best practice projects. International Journal of Project Management, 22(8), 619–632. https://doi.org/10.1016/j.ijproman.2004.05.001. 37. Chen, T. K., Liao, H. H., & Kuo, H. J., (2013). Internal liquidity risk, financial bullwhip effects, and corporate bond yield spreads: Supply chain perspectives. Journal of Banking & Finance, 37(7), 2434–2456. https://doi.org/10.1016/j.jbankfin.2013.02.011. 38. Chen, X., Liu, C., & Li, S., (2019). The role of supply chain finance in improving the competitive advantage of online retailing enterprises. Electronic Commerce Research and Applications, 33, 100821. https:// doi.org/10.1016/j.elerap.2018.100821. 39. Child, J., & Tsai, T., (2005). The dynamic between firms’ environmental strategies and institutional constraints in emerging economies: Evidence from China and Taiwan. Journal of Management Studies, 42(1), 95–125. https://doi.org/10.1111/j.1467-6486.2005.00490.x. 40. Cho, V., & Chan, A., (2015). An integrative framework of comparing SaaS adoption for core and non-core business operations: An empirical study on Hong Kong industries. Information Systems Frontiers, 17(3), 629–644. https://doi.org/10.1007/s10796-013-9450-9. 41. Chopra, S., (2017). Seven-eleven Japan Co. Kellogg School of Management Cases, 1–14. https://doi.org/10.1108/case. kellogg.2016.000298. 42. Christopher, M., & Peck, H., (1997). Managing logistics in fashion markets. The International Journal of Logistics Management, 8(2), 63–74. https://doi.org/10.1108/09574099710805673. 43. Clarkson, P. M., Li, Y., Pinnuck, M., & Richardson, G. D., (2015). The valuation relevance of greenhouse gas emissions under the European Union carbon emissions trading scheme. European Accounting Review, 24(3), 551–580. https://doi.org/10.1080/09638180.2014.927782. 44. Code of Business Conduct and Ethics, (n.d.). Retrieved from: https:// www.sec.gov/Archives/edgar/data/1297401/000119312511045757/ dex14.htm (accessed on 07 September 2022). 45. Coffee, J. C. J., (2001). The rise of dispersed ownership: The roles of law and the state in the separation of ownership and control. Yale Law Journal, 111, 1. Retrieved from: https://heinonline.org/ HOL/Page?handle=hein.journals/ylr111&id=19&div=&collection= (accessed on 07 September 2022).

本书版权归Arcler所有

208

Comprehensive Guide to Business Risk Management

46. Coleman, G., & Verbruggen, R., (1998). A quality software process for rapid application development. Software Quality Journal, 7(2), 107– 122. https://doi.org/10.1023/A:1008856624790. 47. Coleman, J. W., (2019). Pipelines & power-lines: Building the energy transport future. Ohio State Law Journal, 80, 263. Retrieved from: https://heinonline.org/HOL/Page?handle=hein.journals/ ohslj80&id=275&div=&collection= (accessed on 07 September 2022). 48. Coleman, R., (2011). Operational risk. In: Wiley Encyclopedia of Operations Research and Management Science. John Wiley & Sons, Ltd. https://doi.org/10.1002/9780470400531.eorms0591. 49. D’Aubeterre, F., Singh, R., & Iyer, L., (2008). Secure activity resource coordination: Empirical evidence of enhanced security awareness in designing secure business processes. European Journal of Information Systems, 17(5), 528–542. https://doi.org/10.1057/ejis.2008.42. 50. Damanpour, F., & Damanpour, J. A., (2001). E‐business e‐commerce evolution: Perspective and strategy. Managerial Finance, 27(7), 16– 33. https://doi.org/10.1108/03074350110767268. 51. Das, T. K., & Teng, B. S., (2001). A risk perception model of alliance structuring. Journal of International Management, 7(1), 1–29. https:// doi.org/10.1016/S1075-4253(00)00037-5. 52. Daud, W. N. W. D., Yazid, A. S., & Hussin, H. M. R., (2010). The effect of chief risk officer (CRO) on enterprise risk management (ERM) practices: Evidence from Malaysia. International Business & Economics Research Journal (IBER), 9(11). https://doi.org/10.19030/ iber.v9i11.30. 53. Deleris, L. A., & Erhun, F., (2005). Risk management in supply networks using Monte-Carlo simulation. Proceedings of the Winter Simulation Conference, 2005, 7. https://doi.org/10.1109/WSC.2005.1574434. 54. Dionne, G., (2013). Risk management: History, definition, and critique. Risk Management and Insurance Review, 16(2), 147–166. https://doi. org/10.1111/rmir.12016. 55. Dreher, A., & Vaubel, R., (2009). Foreign exchange intervention and the political business cycle: A panel data analysis. Journal of International Money and Finance, 28(5), 755–775. https://doi.org/10.1016/j. jimonfin.2008.12.007. 56. Dullaway, D. W., & Needleman, P. D., (2004). Realistic liabilities and risk capital margins for with-profits business. A discussion paper.

本书版权归Arcler所有

Bibliography

57.

58.

59.

60.

61.

62.

63.

64.

本书版权归Arcler所有

209

British Actuarial Journal, 10(2), 185–222. https://doi.org/10.1017/ S1357321700002804. Dvorsky, J., Belas, J., Gavurova, B., & Brabenec, T., (2021). Business risk management in the context of small and medium-sized enterprises. Economic Research (Ekonomska Istraživanja), 34(1), 1690–1708. https://doi.org/10.1080/1331677X.2020.1844588. EBSCOhost | 33768853 | The Criminal Prosecution of Banks Under the US Bank Secrecy Act of 1970, (n.d.). Retrieved from: https://web.s.ebscohost.com/abstract?direct=true&profil e=ehost&scope=site&authtype =crawler&jrnl=17531780&AN =33768853&h =DArjJ5zlwtIlNz8c3Si9 SV4JHWyVl9G1ujo EKc0ey21gbIOOYBP21 FarBBm9xhr9FeugLGRUx0ZBKEocyRsbV Q%3d%3d&crl= c&resultNs= Admin Web Auth&result Local=ErrCrl NotAuth&crlhashurl=login.aspx%3fdirect%3dtrue%26profile%3deho st%26scope%3dsite%26authtype%3dcrawler%26jrnl%3d17531780% 26AN%3d33768853 (accessed on 07 September 2022). Elahi, E., (2013). Risk management: The next source of competitive advantage. Foresight, 15(2), 117–131. https://doi. org/10.1108/14636681311321121. Ellram, L. M., (1991). Supply‐chain management: The industrial organization perspective. International Journal of Physical Distribution & Logistics Management, 21(1), 13–22. https://doi. org/10.1108/09600039110137082. Fidrmuc, J., & Korhonen, I., (2010). The impact of the global financial crisis on business cycles in Asian emerging economies. Journal of Asian Economics, 21(3), 293–303. https://doi.org/10.1016/j. asieco.2009.07.007. Frederiksen, T., (2018). Corporate social responsibility, risk, and development in the mining industry. Resources Policy, 59, 495–505. https://doi.org/10.1016/j.resourpol.2018.09.004. Gallagher, C. T., & Chapman, L. E., (2010). Classification, location, and legitimacy of web-based suppliers of Viagra to the UK. International Journal of Pharmacy Practice, 18(6), 341–345. https://doi.org/10.1111/ j.2042-7174.2010.00061.x. Gatzert, N., & Wesker, H., (2012). A comparative assessment of Basel II/ III and solvency II. The Geneva Papers on Risk and Insurance – Issues and Practice, 37(3), 539–570. https://doi.org/10.1057/gpp.2012.3.

210

Comprehensive Guide to Business Risk Management

65. George, B., Button, M., & Whatford, N., (2003). The impact of September 11th on the UK business community. Crime Prevention and Community Safety, 5(2), 49–59. https://doi.org/10.1057/palgrave. cpcs.8140146. 66. Geyfman, V., & Yeager, T. J., (2009). On the riskiness of universal banking: Evidence from banks in the investment banking business pre- and post-GLBA. Journal of Money, Credit, and Banking, 41(8), 1649–1669. https://doi.org/10.1111/j.1538-4616.2009.00266.x. 67. Ghasemzadeh, F., & Archer, N. P., (2000). Project portfolio selection through decision support. Decision Support Systems, 29(1), 73–88. https://doi.org/10.1016/S0167-9236(00)00065-8. 68. Gilbert, A. L., & Han, H., (2005). Understanding mobile data services adoption: Demography, attitudes or needs? Technological Forecasting and Social Change, 72(3), 327–337. https://doi.org/10.1016/j. techfore.2004.08.007. 69. Gilmore, A., Carson, D., & O’Donnell, A., (2004). Small business owner‐ managers and their attitude to risk. Marketing Intelligence & Planning, 22(3), 349–360. https://doi.org/10.1108/02634500410536920. 70. Greuning, H. V., & Brajovic-Bratanovic, S., (2022). Analyzing Banking Risk: A Framework for Assessing Corporate Governance and Risk Management – Fourth Edition (English). Retrieved from: https://policycommons.net/artifacts/2232409/analyzing-bankingrisk/2990081/ (accessed on 07 September 2022). 71. Guidara, A., Lai, V. S., Soumaré, I., & Tchana, F. T., (2013). Banks’ capital buffer, risk, and performance in the Canadian banking system: Impact of business cycles and regulatory changes. Journal of Banking & Finance, 37(9), 3373–3387. https://doi.org/10.1016/j. jbankfin.2013.05.012. 72. Gummesson, E., (2005). Qualitative research in marketing: Road‐map for a wilderness of complexity and unpredictability. European Journal of Marketing, 39(3, 4), 309–327. https://doi. org/10.1108/03090560510581791. 73. Gunningham, N. A., Thornton, D., & Kagan, R. A., (2005). Motivating management: Corporate compliance in environmental protection. Law & Policy, 27(2), 289–316. https://doi.org/10.1111/j.14679930.2005.00201.x.

本书版权归Arcler所有

Bibliography

211

74. Guo, S., Zhang, W., & Gao, X., (2020). Business risk evaluation of electricity retail company in China using a hybrid MCDM method. Sustainability, 12(5), 2040. https://doi.org/10.3390/su12052040. 75. Gurl, E., (2017). Swot Analysis: A Theoretical Review. https://doi. org/10.17719/jisr.2017.1832. 76. Hallikas, J., Virolainen, V. M., & Tuominen, M., (2002). Risk analysis and assessment in network environments: A dyadic case study. International Journal of Production Economics, 78(1), 45–55. https:// doi.org/10.1016/S0925-5273(01)00098-6. 77. Han, Z., & Nigg, J., (2011). The influences of business and decision makers’ characteristics on disaster preparedness—A study on the 1989 Loma Prieta earthquake. International Journal of Disaster Risk Science, 2(4), 22–31. https://doi.org/10.1007/s13753-011-0017-4. 78. Hanel, P., (2006). Intellectual property rights business management practices: A survey of the literature. Technovation, 26(8), 895–931. https://doi.org/10.1016/j.technovation.2005.12.001. 79. Hanna, R. C., Lemon, K. N., & Smith, G. E., (2019). Is transparency a good thing? How online price transparency and variability can benefit firms and influence consumer decision making. Business Horizons, 62(2), 227–236. https://doi.org/10.1016/j.bushor.2018.11.006. 80. Hassel, H., (2010). Risk and Vulnerability Analysis in Society’s Proactive Emergency Management: Developing Methods and Improving Practices. Doctoral thesis (compilation), Lund University. 81. Haug, P., (1985). A multiple-period, mixed-integer-programming model for multinational facility location. Journal of Management, 11(3), 83–96. https://doi.org/10.1177/014920638501100307. 82. Hawtin, M., (2003). The practicalities and benefits of applying revenue management to grocery retailing, and the need for effective business rule management. Journal of Revenue and Pricing Management, 2(1), 61–68. https://doi.org/10.1057/palgrave.rpm.5170049. 83. Henderson, J. A. J., (1983). Product liability and the passage of time: The imprisonment of corporate rationality. New York University Law Review, 58, 765. Retrieved from: https://heinonline.org/HOL/ Page?handle=hein.journals/nylr58&id=785&div=&collection= (accessed on 07 September 2022). 84. Henderson, J. C., (1992). Aligning business and information technology domains: Strategic planning in hospitals. Hospital & Health

本书版权归Arcler所有

212

85.

86.

87.

88.

89.

90.

91.

92.

本书版权归Arcler所有

Comprehensive Guide to Business Risk Management

Services Administration, 37(1), 71–88. Retrieved from: https://go.gale. com/ps/i.do?p=AONE&sw=w&issn=87503735&v=2.1&it=r&id=G ALE%7CA11892656&sid=googleScholar&linkaccess=abs (accessed on 07 September 2022). Henderson, T., Kotz, D., & Abyzov, I., (2004). The changing usage of a mature campus-wide wireless network. Proceedings of the 10th Annual International Conference on Mobile Computing and Networking, 187– 201. New York, NY, USA: Association for Computing Machinery. https://doi.org/10.1145/1023720.1023739. Hessami, A. G., (1999). Risk management: A systems paradigm. Systems Engineering, 2(3), 156–167. https://doi.org/10.1002/ (SICI)1520-6858(1999)2:33.0.CO;2-H. Hofer, V., Leitner, J., Lewitschnig, H., & Nowak, T., (2017). Determination of tolerance limits for the reliability of semiconductor devices using longitudinal data. Quality and Reliability Engineering International, 33(8), 2673–2683. https://doi.org/10.1002/qre.2226. Houston, R. W., Peters, M. F., & Pratt, J. H., (1999). The audit risk model, business risk and audit‐planning decisions. The Accounting Review, 74(3), 281–298. https://doi.org/10.2308/accr.1999.74.3.281. Hsu, L., Fournier, S., & Srinivasan, S., (2016). Brand architecture strategy and firm value: How leveraging, separating, and distancing the corporate brand affects risk and returns. Journal of the Academy of Marketing Science, 44(2), 261–280. https://doi.org/10.1007/s11747014-0422-5. Irani, V., Fonseca, R., Espinosa, B., Cantarino, A., Botelho, T., & Slocum, D., (2002). Building a World-Class EHS Management System after Environmental Crisis. Presented at the SPE International conference on health, safety, and environment in oil and gas exploration and production. https://doi.org/10.2118/73903-MS. Johnson, J. S., & Sohi, R. S., (2016). Understanding and resolving major contractual breaches in buyer–seller relationships: A grounded theory approach. Journal of the Academy of Marketing Science, 44(2), 185–205. https://doi.org/10.1007/s11747-015-0427-8. Jones‐Parry, D., & James, S., (1998). Banking litigation strategies after Woolf. Journal of Financial Regulation and Compliance, 6(3), 211–218. https://doi.org/10.1108/eb024970.

Bibliography

213

93. Kirchsteiger, C., (1999). On the use of probabilistic and deterministic methods in risk analysis. Journal of Loss Prevention in the Process Industries, 12(5), 399–419. https://doi.org/10.1016/S09504230(99)00012-1. 94. Kleindorfer, P. R., & Saad, G. H., (2005). Managing disruption risks in supply chains. Production and Operations Management, 14(1), 53–68. https://doi.org/10.1111/j.1937-5956.2005.tb00009.x. 95. Knechel, W. R., (2007). The business risk audit: Origins, obstacles, and opportunities. Accounting, Organizations, and Society, 32(4), 383–408. https://doi.org/10.1016/j.aos.2006.09.005. 96. Lannoo, K., & Valiante, D., (2012). Europe’s New Post-Trade Infrastructure Rules. ECMI Policy Brief No. 20, [Policy Paper]. Retrieved from: http://aei.pitt.edu/37320/1/ECMI_PB_No_20_PostTrade_Market_Infrastructure.pdf (accessed on 07 September 2022). 97. Lavastre, O., Gunasekaran, A., & Spalanzani, A., (2012). Supply chain risk management in French companies. Decision Support Systems, 52(4), 828–838. https://doi.org/10.1016/j.dss.2011.11.017. 98. Lee, D. D., & Faff, R. W., (2009). Corporate sustainability performance and idiosyncratic risk: A global perspective. Financial Review, 44(2), 213–237. https://doi.org/10.1111/j.1540-6288.2009.00216.x. 99. Lenz, R., (2016). Peer-to-peer lending: Opportunities and risks. European Journal of Risk Regulation, 7(4), 688–700. https://doi. org/10.1017/S1867299X00010126. 100. Linsmeier, T. J., Thornton, D. B., Venkatachalam, M., & Welker, M., (2002). The effect of mandated market risk disclosures on trading volume sensitivity to interest rate, exchange rate, and commodity price movements. The Accounting Review, 77(2), 343–377. https://doi. org/10.2308/accr.2002.77.2.343. 101. Luo, Y., & Tung, R. L., (2007). International expansion of emerging market enterprises: A springboard perspective. Journal of International Business Studies, 38(4), 481–498. https://doi.org/10.1057/palgrave. jibs.8400275. 102. Lupson, I., (2002). An underwriter is entitled to a fair presentation of the risk. Australian Product Liability Reporter, 13(3), 22–24. https:// doi.org/10.3316/agis_archive.20023849. 103. Macher, J. T., Mowery, D. C., & Simcoe, T. S., (2002). E-business and disintegration of the semiconductor industry value chain. Industry and

本书版权归Arcler所有

214

104.

105.

106.

107.

108.

109.

110.

111.

112.

本书版权归Arcler所有

Comprehensive Guide to Business Risk Management

Innovation, 9(3), 155–181. https://doi.org/10.1080/136627102200003 4444. Macmillan, I. C., Siegel, R., & Narasimha, P. N. S., (1985). Criteria used by venture capitalists to evaluate new venture proposals. Journal of Business Venturing, 1(1), 119–128. https://doi.org/10.1016/08839026(85)90011-4. Mainelli, M., (2004). Ethical volatility: How CSR ratings and returns might be changing the world of risk. Balance Sheet, 12(1). https://doi. org/10.1108/bs.2004.26512aab.003. Manuj, I., & Mentzer, J. T., (2008). Global supply chain risk management. Journal of Business Logistics, 29(1), 133–155. https:// doi.org/10.1002/j.2158-1592.2008.tb00072.x. Manworren, N., Letwat, J., & Daily, O., (2016). Why you should care about the Target data breach. Business Horizons, 59(3), 257–266. https://doi.org/10.1016/j.bushor.2016.01.002. Marhavilas, P. K., & Koulouriotis, D. E., (2021). Risk-acceptance criteria in occupational health and safety risk-assessment—The stateof-the-art through a systematic literature review. Safety, 7(4), 77. https://doi.org/10.3390/safety7040077. Martinsons, M., Davison, R., & Tse, D., (1999). The balanced scorecard: A foundation for the strategic management of information systems. Decision Support Systems, 25(1), 71–88. https://doi.org/10.1016/ S0167-9236(98)00086-4. Medina, J., Muller, N., & Roytelman, I., (2010). Demand response and distribution grid operations: Opportunities and challenges. IEEE Transactions on Smart Grid, 1(2), 193–198. https://doi.org/10.1109/ TSG.2010.2050156. Mendling, J., & Hafner, M., (2005). From inter-organizational workflows to process execution: Generating BPEL from WS-CDL. In: Meersman, R., Tari, Z., & Herrero, P., (eds.), On the Move to Meaningful Internet Systems 2005: OTM 2005 Workshops (pp. 506–515). Berlin, Heidelberg: Springer. https://doi.org/10.1007/11575863_70. Miller, K. D., & Waller, H. G., (2003). Scenarios, real options, and integrated risk management. Long Range Planning, 36(1), 93–107. https://doi.org/10.1016/S0024-6301(02)00205-4.

Bibliography

215

113. Miller, K. D., (1992). A framework for integrated risk management in international business. Journal of International Business Studies, 23(2), 311–331. https://doi.org/10.1057/palgrave.jibs.8490270. 114. Mishra, S., Raut, R. D., Narkhede, B. E., Gardas, B. B., & Priyadarshinee, P., (2018). To investigate the critical risk criteria of business continuity management by using analytical hierarchy process. International Journal of Management Concepts and Philosophy, 11(1), 94–115. https://doi.org/10.1504/IJMCP.2018.090415. 115. Morris, P. W., (1989). Initiating major projects: The unperceived role of project management. International Journal of Project Management, 7(3), 180–185. https://doi.org/10.1016/0263-7863(89)90037-9. 116. Nel, C. B. H., & Jooste, J. L., (2016). A technologically-driven asset management approach to managing physical assets—A literature review and research agenda for “smart” asset management. South African Journal of Industrial Engineering, 27(4), 50–65. https://doi. org/10.7166/27-4-1478. 117. Nocco, B. W., & Stulz, R. M., (2006). Enterprise risk management: Theory and practice. Journal of Applied Corporate Finance, 18(4), 8–20. https://doi.org/10.1111/j.1745-6622.2006.00106.x. 118. Novak, M., (1997). Business as calling. The American Enterprise, 8(4), 59–61. Retrieved from: https://go.gale.com/ps/i.do?p=AONE& sw=w&issn=10473572&v=2.1&it=r&id=GALE%7CA19754358&si d=googleScholar&linkaccess=abs (accessed on 07 September 2022). 119. Nyoman, P. I., & Geraldin, L. H., (2009). House of risk: A model for proactive supply chain risk management. Business Process Management Journal, 15(6), 953–967. https://doi.org/10.1108/14637150911003801. 120. O’Donnell, E., & Schultz, J. J. Jr., (2005). The halo effect in business risk audits: Can strategic risk assessment bias auditor judgment about accounting details? The Accounting Review, 80(3), 921–939. https:// doi.org/10.2308/accr.2005.80.3.921. 121. Oehmen, J., Seering, W., Bassler, D., & Ben-Daya, M., (2011). A comparison of the integration of risk management principles in product development approaches. Josef Oehmen. Retrieved from: https:// dspace.mit.edu/handle/1721.1/78665 (accessed on 07 September 2022). 122. Panisello, P. J., & Quantick, P. C., (2001). Technical barriers to hazard analysis critical control point (HACCP). Food Control, 12(3), 165– 173. https://doi.org/10.1016/S0956-7135(00)00035-9.

本书版权归Arcler所有

216

Comprehensive Guide to Business Risk Management

123. Paxson, M. C., (1992). Follow-up mail surveys. Industrial Marketing Management, 21(3), 195–201. https://doi.org/10.1016/00198501(92)90016-M. 124. Piercy, N. F., (2010). Evolution of strategic sales organizations in business‐ to‐business marketing. Journal of Business & Industrial Marketing, 25(5), 349–359. https://doi.org/10.1108/08858621011058115. 125. Pitt, H. L., (2005). The changing standards by which directors will be judged. St. John’s Law Review, 79, 1. Retrieved from: h t t p s : / / h e i n o n l i n e . o rg / H O L / P a g e ? h a n d l e = h e i n . j o u r n a l s / stjohn79&id=11&div=&collection= (accessed on 07 September 2022). 126. Posner, R. A., (1972). The behavior of administrative agencies. The Journal of Legal Studies, 1(2), 305–347. https://doi.org/10.1086/467487. 127. Potkany, M., Stasiak-Betlejewska, R., Kovac, R., & Gejdos, M., (2016). Outsourcing in conditions of SMEs: The potential for cost savings. Polish Journal of Management Studies, (Vol. 13, No. 1), 145–156. https://doi.org/10.17512/pjms.2016.13.1.14. 128. POWER, M., (2004). The risk management of everything. The Journal of Risk Finance, 5(3), 58–65. https://doi.org/10.1108/eb023001. 129. Raz, T., & Hillson, D., (2005). A comparative review of risk management standards. Risk Management, 7(4), 53–66. https://doi. org/10.1057/palgrave.rm.8240227. 130. Reed, A., (1970). Planemakers fight to hold world markets. Industrial Management, 70(1), 46–105. https://doi.org/10.1108/eb056013. 131. Rehman, A. U., & Anwar, M., (2019). Mediating role of enterprise risk management practices between business strategy and SME performance. Small Enterprise Research, 26(2), 207–227. https://doi. org/10.1080/13215906.2019.1624385. 132. Risman, A., Salim, U., Sumiati, S., & Indrawati, N. K., (2017). Commodity Prices, Exchange Rates, and Investment on Firm’s Value Mediated by Business Risk: A Case from Indonesian Stock Exchange. Retrieved from: https://www.um.edu.mt/library/oar/ handle/123456789/29952 (accessed on 07 September 2022). 133. Robinson, J. G., (2012). Common and conflicting interests in the engagements between conservation organizations and corporations. Conservation Biology, 26(6), 967–977. https://doi.org/10.1111/j.15231739.2012.01914.x.

本书版权归Arcler所有

Bibliography

217

134. Salter, M. B., (2008). When the exception becomes the rule: Borders, sovereignty, and citizenship. Citizenship Studies, 12(4), 365–380. https://doi.org/10.1080/13621020802184234. 135. Salzmann, O., Ionescu-Somers, A., & Steger, U., (2005). The business case for corporate sustainability: Literature review and research options. European Management Journal, 23(1), 27–36. https://doi. org/10.1016/j.emj.2004.12.007. 136. Schanfield, A., & Miller, M., (2005). A sustainable approach to ERM: As best practices begin to emerge, one company uses a phased plan to create a fully functioning, integrated enterprise risk management system. Internal Auditor, 62(2), 79–83. Retrieved from: https://go.gale. com/ps/i.do?p=AONE&sw=w&issn=00205745&v=2.1&it=r&id=GA LE%7CA131780246&sid=googleScholar&linkaccess=abs (accessed on 07 September 2022). 137. Scholten, K., Sharkey, S. P., & Fynes, B., (2019). Building routines for non-routine events: Supply chain resilience learning mechanisms and their antecedents. Supply Chain Management: An International Journal, 24(3), 430–442. https://doi.org/10.1108/SCM-05-2018-0186. 138. Schwartz, H., & Davis, S. M., (1981). Matching corporate culture and business strategy. Organizational Dynamics, 10(1), 30–48. https://doi. org/10.1016/0090-2616(81)90010-3. 139. Schweer, D., & Sahl, J. C., (2017). The digital transformation of industry – the benefit for Germany. In: Abolhassan, F., (ed.), The Drivers of Digital Transformation: Why There’s No Way Around the Cloud (pp. 23–31). Cham: Springer International Publishing. https:// doi.org/10.1007/978-3-319-31824-0_3. 140. Sharma, A., & Kansal, D. V., (n.d.). Mobile Banking as Technology Adoption and Challenges: A Case of M-Banking in India, 1(1),1-10. 141. Sheffi, Y., (2001). Supply chain management under the threat of international terrorism. The International Journal of Logistics Management, 12(2), 1–11. https://doi. org/10.1108/09574090110806262. 142. Shelden, R. G., & Brown, W. B., (2000). The crime control industry and the management of the surplus population. Critical Criminology, 9(1), 39–62. https://doi.org/10.1007/BF02461037. 143. Shenhar, A. J., Dvir, D., Levy, O., & Maltz, A. C., (2001). Project success: A multidimensional strategic concept. Long Range Planning, 34(6), 699–725. https://doi.org/10.1016/S0024-6301(01)00097-8.

本书版权归Arcler所有

218

Comprehensive Guide to Business Risk Management

144. Shi, J., Katehakis, M. N., & Melamed, B., (2013). Martingale methods for pricing inventory penalties under continuous replenishment and compound renewal demands. Annals of Operations Research, 208(1), 593–612. https://doi.org/10.1007/s10479-012-1130-5. 145. Simkins, B., & Ramirez, S. A., (2007). Enterprise-wide risk management and corporate governance. Loyola University Chicago Law Journal, 39, 571. Retrieved from: https://heinonline.org/HOL/ Page?handle=hein.journals/luclj39&id=591&div=&collection= (accessed on 07 September 2022). 146. Sison, A. J., (2000). Integrated risk management and global business ethics. Business Ethics: A European Review, 9(4), 288–295. https://doi. org/10.1111/1467-8608.00203. 147. Soltanizadeh, S., Abdul, R. S. Z., Mottaghi, G. N., & Wan, I. W. K., (2016). Business strategy, enterprise risk management and organizational performance. Management Research Review, 39(9), 1016–1033. https://doi.org/10.1108/MRR-05-2015-0107. 148. Spekman, R. E., & Davis, E. W., (2004). Risky business: Expanding the discussion on risk and the extended enterprise. International Journal of Physical Distribution & Logistics Management, 34(5), 414–433. https://doi.org/10.1108/09600030410545454. 149. Steele, J., (2010). The LMAA in the 21st-century: Securing the future for London maritime arbitration. Arbitration: The International Journal of Arbitration, Mediation, and Dispute Management, 76(3). Retrieved from: https://kluwerlawonline.com/journalarticle/Arbitration:+The+In ternational+Journal+of+Arbitration,+Mediation+and+Dispute+Mana gement/76.3/AMDM2010054 (accessed on 07 September 2022). 150. Stroh, P. J., (2005). Enterprise Risk Management at United Health Group (pp. 26–35). Strategic Finance. Retrieved from: https:// go.gale.com/ps/i.do?p=AONE&sw=w&issn=1524833X&v=2.1&it= r&id=GALE%7CA133858716&sid=googleScholar&linkaccess=abs (accessed on 07 September 2022). 151. Swani, K., Milne, G. R., Brown, B. P., Assaf, A. G., & Donthu, N., (2017). What messages to post? Evaluating the popularity of social media communications in business versus consumer markets. Industrial Marketing Management, 62, 77–87. https://doi.org/10.1016/j. indmarman.2016.07.006.

本书版权归Arcler所有

Bibliography

219

152. Tang, C., & Tomlin, B., (2008). The power of flexibility for mitigating supply chain risks. International Journal of Production Economics, 116(1), 12–27. https://doi.org/10.1016/j.ijpe.2008.07.008. 153. Tanlapco, E., Lawarree, J., & Liu, C. C., (2002). Hedging with futures contracts in a deregulated electricity industry. IEEE Transactions on Power Systems, 17(3), 577–582. https://doi.org/10.1109/ TPWRS.2002.800897. 154. Taskinsoy, J., (2013). Basel III: Road to Resilient Banking, Impact on Turkey’s Financial Sector [SSRN Scholarly Paper]. Rochester, NY. Retrieved from: https://papers.ssrn.com/abstract=3274876 (accessed on 07 September 2022). 155. Trakman, L. E., (2002). Confidentiality in international commercial arbitration. Arbitration International, 18(1), 1–18. https://doi. org/10.1023/A:1014277907158. 156. Ullah, S., Mufti, N. A., Qaiser, S. M., Hussain, A., Lodhi, R. N., & Asad, R., (2022). Identification of factors affecting risk appetite of organizations in selection of mega construction projects. Buildings, 12(1), 2. https://doi.org/10.3390/buildings12010002. 157. Van, D. M. A. P., (2002). Project management and business development: Integrating strategy, structure, processes, and projects. International Journal of Project Management, 20(5), 401–411. https:// doi.org/10.1016/S0263-7863(01)00012-6. 158. Van, K. H., & Hogenbirk, A., (2005). Multimedia, entertainment, and business software copyright piracy: A cross-national study. Journal of Media Economics, 18(2), 109–129. https://doi.org/10.1207/ s15327736me1802_3. 159. Van, R. G. G., (2014).The curious case of the post-9-11 boost in government job satisfaction. The American Review of Public Administration, 44(1), 59–74. https://doi.org/10.1177/0275074012461560. 160. Verdon, D., & McGraw, G., (2004). Risk analysis in software design. IEEE Security & Privacy, 2(4), 79–84. https://doi.org/10.1109/ MSP.2004.55. 161. Viterbo, A., (2019). The European union in the transnational financial regulatory arena: The case of the Basel committee on banking supervision. Journal of International Economic Law, 22(2), 205–228. https://doi.org/10.1093/jiel/jgz013.

本书版权归Arcler所有

220

Comprehensive Guide to Business Risk Management

162. Von, A. A., (2008). Cost‐oriented failure mode and effects analysis. International Journal of Quality & Reliability Management, 25(5), 466–476. https://doi.org/10.1108/02656710810873871. 163. Walters, B. A., Peters, S., & Dess, G. G., (1994). Strategic alliances and joint ventures: Making them work. Business Horizons, 37(4), 5–11. Retrieved from: https://go.gale.com/ps/i.do?p=AONE&sw=w&issn= 00076813&v=2.1&it=r&id=GALE%7CA15636442&sid=googleScho lar&linkaccess=abs (accessed on 07 September 2022). 164. Wang, M., & Jie, F., (2020). Managing supply chain uncertainty and risk in the pharmaceutical industry. Health Services Management Research, 33(3), 156–164. https://doi.org/10.1177/0951484819845305. 165. Weber, O., (2012). Environmental credit risk management in banks and financial service institutions. Business Strategy and the Environment, 21(4), 248–263. https://doi.org/10.1002/bse.737. 166. Wilson, S., (2006). Law, morality, and regulation: Victorian experiences of financial crime. The British Journal of Criminology, 46(6), 1073– 1090. https://doi.org/10.1093/bjc/azl067. 167. Woo, C. Y., (1987). Path analysis of the relationship between market share, business-level conduct, and risk. Strategic Management Journal, 8(2), 149–168. https://doi.org/10.1002/smj.4250080206. 168. Woods, M., (2009). A contingency theory perspective on the risk management control system within Birmingham City Council. Management Accounting Research, 20(1), 69–81. https://doi. org/10.1016/j.mar.2008.10.003. 169. Wu, D. D., & Olson, D. L., (2009a). Enterprise risk management: Small business scorecard analysis. Production Planning & Control, 20(4), 362–369. https://doi.org/10.1080/09537280902843706. 170. Wu, D. D., & Olson, D. L., (2009b). Introduction to the special section on “optimizing risk management: Methods and tools.” Human and Ecological Risk Assessment: An International Journal, 15(2), 220– 226. https://doi.org/10.1080/10807030902760967. 171. Yeung, R. M. W., & Morris, J., (2001). Food safety risk: Consumer perception and purchase behaviors. British Food Journal, 103(3), 170– 187. https://doi.org/10.1108/00070700110386728. 172. Young, P. C., & Tomski, M., (2002). An introduction to risk management. Physical Medicine and Rehabilitation Clinics, 13(2), 225–246. https:// doi.org/10.1016/S1047-9651(01)00005-5.

本书版权归Arcler所有

Bibliography

221

173. Zaridis, A. D., & Mousiolis, D. T., (2014). Entrepreneurship and SME’s organizational structure. Elements of a successful business. Procedia – Social and Behavioral Sciences, 148, 463–467. https://doi. org/10.1016/j.sbspro.2014.07.066. 174. Zeng, J., An, M., & Smith, N. J., (2007). Application of a fuzzy based decision-making methodology to construction project risk assessment. International Journal of Project Management, 25(6), 589–600. https:// doi.org/10.1016/j.ijproman.2007.02.006. 175. Zumello, C., (2011). The “everything card” and consumer credit in the United States in the 1960s. Business History Review, 85(3), 551–575. https://doi.org/10.1017/S0007680511000808.

本书版权归Arcler所有

本书版权归Arcler所有

INDEX

A Audit committee 32 B bankruptcy 90 Bank Secrecy Act of 1970 (BSA) 146 Business hazards 65 Business organizations 165 Business performance indicators 193 business risk 63, 64, 65 business strategy 5 C capital gains taxes 143 Cause-and-effect analysis 187 change management 90 civil judicial system 150 civil procedure rules (CPR) 150 client satisfaction 186 commercial conflict 96 competitive advantage 165, 166 computer hardware 99 computer software systems 94

本书版权归Arcler所有

computer systems 162 contract management team 186 control hazards 34 cooperative planning 168 corporate finance transaction 141 corporate governance 136, 148, 149, 152 corporate information 66 corporate risk management 63 counterparty risk 96 credit risk 63, 65, 77, 79, 84 customer demand 167 D Disruptions 167 distribution strategy 121 drought 10 E earthquakes 65 electronic data exchange (EDI) 170 enterprise resource planning (ERP) 66 enterprise resource planning (ERP) program 195

224

Comprehensive Guide to Business Risk Management

Enterprise Risk Management 113 enterprise-wide risk management (ERM) 47 e-procurement 167 F failure modes and effects analysis (FMEA) 124 financial crisis 114, 115, 117 Financial data 142 financial risk management 3 foreign exchange 63, 65, 75, 79 G globalization 90 governance, risk, and compliance (GRC) program 121 greenhouse gas (GHG) emissions 10 H habitat conservation 192 Hazard risk management 39 hazard risks 33, 34, 48, 55 hazards 2, 3, 11, 12, 13, 26, 28 historical analysis 67, 68 human resources plan 121 human rights 190 I information sharing 168, 169 inheritance taxes 143 insurable risks 34, 38, 43 insurance policy 45 intellectual property rights (IPRs) 145 Internal risk messaging 123

本书版权归Arcler所有

J just-in-time delivery 167 L liability claims 65 license 144 litigation risk 146 M market discipline 115 marketing strategy 121 Market risk 63, 84 Market share 186 Medium-term hazards 42 N natural disaster 90 non-governmental (NGOs) 147

organizations

O Operating leverage 71 operational risk 63, 73, 74, 77, 79, 82, 83, 84 operational risk management (ORM) 34 Opportunity risks 34, 35, 36, 44 Organizational workflows 189 outward risk messaging 123 P Pareto analysis 186, 188 payroll headcount 187 pharmaceutical business 100 Piracy 117, 118 political hazards 165 Political systems 165 poor management 64

Index

Price risk 68, 69 primary risks 120, 123 Probability 38 Product liability 146 product promotion 168 product strategy 121 project management 95, 104, 107 Prolonged trends 114 Public discomfort 97 pure risks 33 Q quality risk 68 Quantity risk 68, 69 R RAMP (Risk Analysis and Management of Projects) 92 rapid application development (RAD) 94 rare occasions 114 replenishment 168, 170, 171 reputation 68, 69, 70 research and development (R&D) 5 Risk 31, 32, 33, 35, 37, 38, 41, 43, 46, 47, 48, 52, 54, 55, 56, 57, 58 Risk acceptance 3 risk agenda 8 risk analysis 100, 101, 103, 111 Risk appetite 3 risk assessment 184, 185, 186, 191, 192, 193, 194, 195, 196, 197, 198, 201 risk capability 37 risk complexity 116 risk environment 3, 5, 6

本书版权归Arcler所有

225

risk management 2, 3, 5, 6, 10, 11, 12, 14, 16, 17, 18, 19, 24, 25, 27 risk management plan 5, 6, 10 risk materialization 193, 194, 201, 202 risk matrix 36, 37 Risk messaging 123 risk mitigation 32 risk prioritization 6 risk recording 12 risk registers 33, 55 risk retention 3 risk return analysis 146 risk-return ratio 90, 103 risk-reward equation 146 risk-seeking tactic 92 risk-taking behavior 92 risk tolerance 185, 194, 201 Risk transfer 3 S Sarbanes-Oxley (SOX) 120 service taxes 143 Short-term hazards 43 small and medium-sized enterprises (SMEs) 147 stakeholder satisfaction 192 Strategic planning 44 supervisory scrutiny 115 supply chain alliances 167 supply chain management 66 Supply chain networks 168 Supply chain risk 162, 167 Sustainability 184, 191 T taxonomy-based risk identification 5

226

Comprehensive Guide to Business Risk Management

team analysis 187 telecommunications 64, 76 terrorist attacks 115 thunderstorm activity 95 U uninterrupted power supplies (UPS) 107

本书版权归Arcler所有

V vendor-managed inventory (VMI) 73, 168 vendor-managed inventory (VMI) systems 168

本书版权归Arcler所有