Managing Risk : A New Framework

The crux of the article is to present a new categorization of risk that will allow executives to tell which risk can be managed through a rule based model and which require alternative approaches. Basically there are three kinds of risks namely

1. Preventable Risks2. Strategy Risks3. External Risks

The article mentions about these risks and also the ways each should be handled so that the organization can come out of it in a more prepared way.

1. Preventive Risks : These are the internal risk that originate from within the organization. Few examples of Preventive Risks are unauthorized practices, breakdown of operational processes, bribing etc. It is quite clear that these risks can be managed by having rule based compliance approach on which there are several literatures available.Control Model : To avoid these risks, there should be an integrated and compliance model. The mission statement should clearly indicate values, belief, rules and boundary systems along with standard operating procedures.

2. Strategy Risks : A risk which a company voluntarily takes to have a high return in the future is called a Strategy Risk. It is inherently not undesirable which means that companies do take strategy risk in order to have a high return in the future. Few examples are Credit risk that a bank takes when it lends to the customers, acquisition of companies to have mutual benefit etc. these risks can not be handled through rule based models. Rather, a risk management system is needed to reduce the probability of default.Control Model : There are basically three distinct approaches to manage strategy risks

a. Independent Experts : For a firm which deals with technological innovation, a risk review board can be set up whose role will be to challenge the design of the engineers , risk-assessment and risk mitigation decisions. The evaluation should take place periodically throughout the product development cycle.

b. Facilitators : Many organizations operate in stable technological environment with relatively predictable customer demand. Here the risk comes from unrelated operational choices. To mitigate these risks, firms should employ a small risk management group which will interact with the managers and let the decision maker know about the different risks that the firm is undertaking.

c. Embedded Experts : The risks that the financial services industry face is due to the volatility of the asset market. An investment bank’s risk can change drastically with a single deal and so there should be a team with embedded experts which will continuously monitor the risk profile of the business by working in tandem with the line managers.

3. External Risks : The risks which occur due to the events outside the organizational control such as macroeconomic factors, natural disaster etc are known as external risk. As these factors are not in the control of the organization, their management must focus on the mitigation of their impact.Control Model : External risks can not be reduced by any of the measures stated above. As the factors are external, companies should focus on identifying them , assessing their potential impact and figuring out the best possible way to mitigate them. In plain and simple words, managers should do an adverse scenario planning so that the impact is less on the organization.