Académique Documents
Professionnel Documents
Culture Documents
Organisations must
move away from the
traditional culture of risk
avoidance to risk opti-
misation by positively
leveraging on oppor-
tunities to create value
and to achieve organi-
sational objectives. Best
practice organisations in
risk management have
moved into opportu-
nity recognition where
risk management has
become opportunity
management. It is not
necessarily the path
with the least risk but
the path with the best
return or outcomes that
matter most.
R
isk management can become The new risk standard ISO 31000:2009 strategy execution. As uncertainty in the
a very strong competitive – Risk Management - Principles and external environment increases, organi-
advantage if organisations Guidelines defines risk as the “effect of sations are under tremendous pressure
are able to identify risks uncertainty on objectives”. It allows for to effectively manage the risks associated
and opportunities earlier or the inclusion of opportunities as well as with strategy execution. Risk can only be
better than others, and when they are threats within the risk management proc- defined in relation to strategies and objec-
better positioned to manage foreseeable ess, since an opportunity is simply the tives. Smart organisations know that both
opportunities and unpredictable threats/ uncertainty with a positive effect on an risk-taking and risk-avoidance go hand-in-
events. We need to encourage everyone objective. In fact, the management of risk hand when it comes to risk management
to think positively about risk in terms of should enable organisations to improve – after all, the better you can avoid down-
competitive advantage. Table 1 side risks, the more you will be
Risk management can be able to pursue upside risks or
more relevant and engaging opportunities.
for all decision makers within Good risk management
organisations when they delib- starts with a clear understand-
erately address both opportu- ing of your strategy, since each
nities (upside risk) and threats of the choices an organisation
(downside risk). This enables makes (e.g. to enter a new
the business to take the risks market, launch a new product,
it wants to take and then man- or form a strategic alliance)
age those risks effectively comes with a set of possible
within its overall risk appetite events that could lead to differ-
and risk tolerance. ent outcomes, either positively
For example, if an oil com- or negatively. The key is to
pany is extremely cautious (or understand what events could
risk averse) about investing in take place and actively antici-
new oilfields, it may avoid cost- pate their magnitude and prob-
ly mistakes or downside risk ability in advance of execution.
in the form of dry wells. But Few organisations have
the upside risks or opportuni- mastered the challenge of
ties of not exploiting profitable integrating risk management
wells is that other less risk with strategy management,
averse competitors may invest planning or budgeting and
in these oil wells instead. ensuring that risk-taking and
on the identification of opportunities and risk-avoiding is part of one integrated
THE NATURE OF RISK threats. It is also important to identify management system. We need to inte-
the risks associated with not pursuing an grate risk, strategy and performance
OO Risk is unavoidable. If we recognise
opportunity. management into an integrated manage-
that risky changes can be beneficial and
There is no risk so great that it must ment framework and process.
choose not to sit idle while the risky
be eliminated at all costs. The issue is
world evolves around us, how can we
not whether or not bad risks should FRAMEWORK FOR
begin to develop a framework for manag-
sometimes be reduced, but whether the EXPLOITING OPPORTUNITIES
ing risk responsibly?
benefits of reducing bad risk outweigh
The first important thing to realise OO The Framework for managing both
the cost of doing so. Risk management
about risk is that it can represent either threats and opportunities is shown in Table
thus must consider not just the benefits
a threat or an opportunity. People still 1.
of reducing risk — if risk is indeed a
see risk as a consequence rather than Our key focus is in executing our
thing to be reduced — but also the
an opportunity to improve. As a result, strategy and achieving our SMART (spe-
cost.
organisations fail to recognise opportuni- cific, measurable, achievable, realistic
ties to achieve their strategic, project or and timed) objectives. This is placed at
EXECUTING YOUR STRATEGY
business objectives, and this affects ongo- the centre of our framework. And this is
ing organisational commitment, credibil- OO Risk management has become what matters most.
ity, trust and value. essential for successful and sustainable We then use the generally accept-
RISK MANAGEMENT
PROCESS
OOThis is where we can integrate the risk
management process and activities into
the strategic planning process by extend-
ing the outputs of the SWOT Analysis to
further identify the uncertainties to the
achievement of objectives (risks).
The risk management activities can be
designed to: (1) mitigate and/or minimise
threats, as well as (2) to actively exploit
and maximise opportunities. The aim of
managing both types of uncertainties or
risk in a single risk management proc-
ess is to actively optimise the achieve-
ment of objectives. Since opportunities
and threats involve uncertainties which It may also be useful to state explicitly that the organisa-
have the potential to affect objectives, both
can be handled by the same risk manage-
tion’s risk management plan or approach is intended to
ment process, although some modifica- deal with both opportunities and threats, since as discussed
tions may be required to deal effectively
and adequately with opportunities.
above, this is not common practice and may therefore require
It may also be useful to state explic- emphasising to ensure that everyone in the organisation
itly that the organisation’s risk manage-
ment plan or approach is intended to
knows what is expected.
deal with both opportunities and threats,
since as discussed above, this is not com-
mon practice and may therefore require threats. Unfortunately, we usually tend tiveness and efficiency are subsequently
emphasising to ensure that everyone in to focus on negative issues when using taken into account when analysing the
the organisation knows what is expected. these methods. risk identified within the four SWOT
As a result, there is a natural resist- quadrants. This is a holistic and com-
RISK IDENTIFICATION ance or reluctance to broaden the tech- prehensive approach in identifying and
nique to include upside risks (or opportu- managing business risk.
OO There are other techniques for risk nities). But through the active use of the Controls are effective when business
identification apart from SWOT analysis, Framework that incorporates the SWOT processes and the control environment
such as brainstorming and workshops, Analysis, we are able to manage opportu- are operating in a manner that provides
checklists and prompt lists, question- nities better. reasonable assurance that the organisa-
naires and interviews. These commonly- tion’s objectives will be achieved. An
used risk identification techniques could, RISK ANALYSIS example of a control effectiveness rating
in theory, be employed equally effec- is illustrated in Table 2.
tively to identify opportunities as well as OO Existing controls and their effec-
Identified risks are assessed qualita-