Split response
Risk response should not treat various risks as independent entities. A more optimal approach is Focus on management objectives, conduct an overall and systematic analysis of risks and take countermeasures.
We once provided consulting services for the construction/implementation of risk management structure for a company (hereinafter referred to as "Company A"). Company A wanted to build and implement a risk management structure based on its operating characteristics. Implement an enterprise risk management framework to assess, identify and respond to risks facing the company, thereby enhancing the company's ability to respond to the rapid changes in today's dynamic environment.
During the risk identification stage of the project, management believed that "raw material supply" was one of the major risks it faced. Due to the increasingly fierce competition in the industry, the management discovered that competitors appeared in the raw material supply locations negotiated in the industry every year. The supply of important raw materials was scrambled by competitors in an orderly manner, and the outflow of raw materials was serious. This type of risk event is defined by management as a problem that needs to be solved urgently under the risk of "raw material supply". However, with further analysis, we found that although the "outflow of raw materials" was mainly caused by fierce competition among peer companies and cross-border competition for raw material supply locations, on the other hand, the raw material supply locations should have been controlled by the local government. According to relevant policies, clear divisions have been made between various enterprises in the same industry. However, when some competitors, driven by interests, compete for parts of the supply of raw materials that do not originally belong to them, it is difficult to fundamentally solve the problem by relying on the strength of the enterprise itself. This problem requires the intervention of government departments to stop or even prevent this situation from happening. This involves a question, how to coordinate and solve the "raw material outflow" problem of Company A through the local government? At this time, the public relations department that deals with government departments will come in handy.
Reviewing the past of the enterpriseAmong the identified risks, "public relations risk" is also very important. However, in the preliminary analysis, the two were separated and conducted separately. The "raw material outflow" incident cannot be solved by the purchasing department, the department in charge of "raw material risk" alone. Only through full communication with the public relations department and even corporate executives, cooperation and coordination, and the introduction of the intervention of relevant government departments can this problem be fundamentally solved. Here, we see that "raw material risks" and "public relations risks" are related in certain areas and must be analyzed comprehensively. The risk analysis method of "treating the head when it hurts and treating the foot when it hurts" is not advisable. Only by fully considering the connections between various risks and analyzing and responding to them can comprehensive risk management be different from various previous risk management models. at.
Only the business level
Risk management cannot only focus on risks at the business level. Effective risk management can Play an active role in strategic decision-making.
Some companies pay great attention to business-level risks when carrying out risk management work, and achieve risk control through organizational structure, system construction and other means of internal control improvement and improvement. response. This is actually a bit of "overkill". More importantly, effective comprehensive risk management can play a positive role at the strategic decision-making level. For example, business prices and market demand in the shipping industry fluctuate greatly. Many shipping companies tend to focus on and strengthen process requirements, such as requiring daily price reporting and strengthening quotation approval. However, can these measures solve the inherent risks of price and demand fluctuations? It may be able to ensure that they can obtain the most timely relevant information in a timely manner, and also It can ensure that the company's quotations have been effectively approved, but these timely market information and effective price approval may not be able to withstand the consequences of wrong route layout decisions. Only by combining risk management with the company's strategic goals and decomposing company-level risks from top to bottom can specific internal control requirements be put forward at the business operation level.
We all know that risk seminars are often used as a method of risk identification. We have also used risk seminars many times when providing risk management consulting services to our clients. Give an example of a risk workshop. A company (hereinafter referred to as "Company B") held a risk seminar to identify risks. All personnel above the department manager level were required to participate. The risk seminar lasted for 8 hours and was still full of excitement. Each department raised so-called "risks" based on the difficulties they encountered in their daily work. For example, the financial department emphasized exchange rate fluctuations, the production department emphasized production safety and improper worker operations, the sales department emphasized that it is difficult to respond to customer complaints, etc., and the results All "risks" are recorded, a workshop, mentioned more than a hundred risks in total. In the further discussions among company executives after the meeting, there was not a single item that concerned them.
In fact, if corporate executives can be asked to analyze corporate risks based on established strategic development goals, they may be able to identify the "big risks" faced by the company in a more targeted manner. On this basis, the risk seminar platform is introduced to give personnel in each department the opportunity to express their own opinions and conduct in-depth discussions and even debates on "big risks" from multiple dimensions. This will not only improve the company's performance to a certain extent The cultural awareness of risk management can better refine "big risks" from top to bottom and form systematic "small risks" to ensure that the risk response plan formulated later is both targeted and will not deviate from corporate executives. The most important risk areas of concern.
Stop at the risk management department
Risk monitoring cannot only stop at the risk management department, functional departments also Able to undertake certain risk management functions, the risk management department should also communicate the assessment and analysis results to the responsible departments to ensure that risks are reasonably dealt with.
Many times we will quote the story of the "Three Brothers Bian and Que" to explain the role of risk management in corporate management. King Wei* asked the famous doctor Bian Que: "You have three brothers who are all good at medicine. Which one is the best?" Bian Que replied: "The eldest brother is the best, the second brother is the second, and I am the best. Bad." King Wen asked again: "Then why are you the most famous?" Bian Que replied: "My elder brother treats diseases before they occur. Since most people don't know that he can eradicate the cause of the disease in advance, he His reputation cannot be spread, and only people in our family know about it. My second brother treats diseases when they first occur. Most people think that he can only treat minor illnesses, so he is only a small child in our village. I am famous. But I, Bian Que, treat diseases when they are serious. Most people see me inserting needles in the meridians to let blood, applying medicine to the skin and other major operations, so they think that my medical skills are the most brilliant. , so it is famous all over the country." The moral of this story is profound. As the saying goes, control after the event is not as good as control during the event, and control during the event is not as good as control beforehand.
We have seen that in the early stages of risk management in many companies, various functional departments usually separate risk management-related work from daily business work, thinking that risk management The work is the work of the risk management department or the project team, and their task is to complete the additional work assigned. Clearly, in this mindset, risk management is just an extra “administrative task.” This is actually the biggest misunderstanding of risk management work, and it brings about conscious or unconscious resistance to risk management work by people at all levels. In fact, risk management is by no means aAs an additional work, risk management, as an important part of enterprise management, should be a long-term, systematic and integral part integrated into various enterprise constructions. The risk management department's more tasks in the comprehensive risk management process are coordination, monitoring and reporting. Risk assessment, analysis and effective risk response all require the participation of functional departments in order to make risk management work practical. Only by creatively integrating comprehensive risk management work into the daily work of functional departments can it be possible to eliminate the resistance of various functional departments and continue to implement comprehensive risk management.
Static processing
Risk management is not static. Risks change at any time. Enterprises need to Observe relevant changing trends and assess corresponding risks in a timely manner.
We often encounter customers who have such requirements, "I hope to complete the risk management project within a few months, and then improve the company's management level and change the company's Managing the Face” is an almost impossible task.
The so-called "comprehensive risk management" means that enterprises focus on the overall business objectives and cultivate the basic process of risk management in all aspects of enterprise management and operation processes. A good risk management culture establishes and improves a comprehensive risk management system, including risk management strategies, risk management organizational function systems, risk management information systems and internal control systems, so as to provide reasonable guarantee processes and methods for achieving the overall goal of risk management. Risk management is by no means accomplished overnight, but a dynamic and systematic project. It is impossible for any company to completely transform the enterprise risk management culture and improve the management level in a few months. This is a "change" that takes several years to complete; and it requires constant risk management and management. Re-identify and evaluate.
There is a company (hereinafter referred to as "Company C") that provides services to a certain domestic airport. Its business scale has changed greatly two years ago. : From providing services only to the original airport to also providing services to other airports, due to changes in the company's business scope and scale, the company's employee size has greatly improved, from a team of dozens to hundreds. This change in Company C has reshuffled the company's risk distribution. Competitor risks, financial risks, and human resources risks that were once rated as low in "risk level" suddenly rose to high risks in the new assessment, and a new risk , the company's strategic risks have also been included in risk assessment considerations. If the company only implements risk management based on previous risk assessment results, it is obvious that the risk response measures will not be able to keep up with the development of the enterprise, and may even restrict the expansion of the enterprise. The enterprise is notAs an organic entity that continues to grow, the risks it faces are not static. It is believed that changes in internal and external factors will lead to changes in corporate risks. Changes in business scale, business scope, laws, regulations, rules and regulations, etc. will lead to changes in risk categories, risk distribution, and risk ratings. In contrast, risk identification, risk assessment and effective risks will need to be updated. This is why we see many companies conducting annual risk seminars, updating risk lists and response plans, etc.
The above list is just a misunderstanding of many enterprise management’s understanding and operation of risk management work that we found in our past work. In many cases, these misunderstandings often lead to difficulty in advancing risk management work or ineffective results. Therefore, enterprises should clarify the correct understanding of risk management, establish a risk management organizational system, formulate effective risk management strategies/methods, conduct regular risk management supervision/inspections, cultivate a risk management culture, and make risk management a normal part of enterprise management. Work is integrated into the daily work process to support corporate governance, sustain business growth, and enhance the company's ability to respond to the rapid changes in today's dynamic environment.
No comments yet. Say something...