It'S crazy out there” is probably the simplest of the phrases to describe the existing business environment. Nowadays for various reasons businesses all around the world face enormous challenges ceaselessly. One of the most widely used management acronyms to explain the extremely difficult current condition is VUCA, which refers to Volatility, Uncertainty, Complexity and Ambiguity.
According to a recent report published in the Journal of Financial and Quantitative Analysis, more than 50 percent of companies will not survive to age 16, with the highest corporate mortality occurring in the fourth year! The Boston Consulting Group (BCG) in their report titled “Die Another Day: What leaders Can Do About the Shrinking Life Expectancy of Corporations” published in 2015 portrayed an alarming picture of the mortality of the enterprises. After having a detail and in-depth analysis on 35,000 corporations publicly listed in the US, they found that presently almost one-tenth of all public companies fail each year, a fourfold increase since 1965. The “five-year exit risk” for public companies traded in the US now stands at 32 percent, which was only 5 percent 50 years ago.
Undoubtedly, in today's world there are more risks enterprises have to deal with for their survival. It's a long list that includes constant regulatory changes, technology shift in an unprecedented supersonic speed, fierce competition, rising pressure on environmental factors, volatile climatic condition, ethical challenges and sometimes even the unseen hackers! This scary situation naturally begs the question - what is the way out for the businesses? Management gurus and successful companies came up with the answer popularly known as “ERM” – an acronym for Enterprise Risk Management.
ERM is a business process led by senior leadership through which enterprises:
o Identify all potential risks;
o Assess the impact of risks to the operations and overall objectives;
o Develop and practise response of mitigation plans;
o Monitor the identified risks, holding the risk owner accountable, and consistently scanning for emerging risks
The process starts with identifying the potential risks associated with the business. Once the relevant risks are identified, the next step is to assess the impact of the risks. There are certain categories of risks which are very common in nature, for example, competitors reducing the price of their products or services. While there are other risks which can be categorised as rare, like natural calamities such as earthquake. Risks are also classified based on the severity or damage they do to the businesses. A 2X2 matrix is used to categorise the risks:
After assessing the risks, the next step would be to devise the ways and means to address those. An effective tool known as ATRR (short form of Avoid, Transfer, Reduce and Retain) is used to manage the risks. For the risks falling in the quadrant labelled as “1” in the figure above can be retained, meaning these are low category risks and organisations can live with those. Risks falling in the box labelled as “2” can be avoided if certain measures are taken. The risks placed in the box denoted as “3” can be transferred to others. The quadrant labelled as “4” refers to the risks which can be reduced if organisations take some precautions.
To explain the ATRR technique further, let's consider some real-life situations. There are certain risks which can be avoided, say a company is penalised by the local authority if the necessary licences like trade, tax and VAT licence are not renewed on time. This risk can easily be avoided by renewing those documents timely. There are certain risks which are unforeseen and beyond enterprises' control like earthquakes. In such case businesses can have insurance coverage to transfer the risks to the insurance company. Sometimes a company faces the risk of losing talents. This type of risk can be reduced by having employee-friendly policies like better compensation, clear career growth plan for the talents, and conducive working environments. There are certain risks which businesses have to accept and face as and when they occur. An example can be unethical practices of employees. If an enterprise follows the rules and regulations strictly and has a healthy culture of ethics, it does not have to worry too much about this category of infrequent risk.
There are instances when despite having a risk management practice in place, enterprises suffered badly. GM, one of the world's largest and reputed auto makers, had to pay more than $2.6 billion as penalties and settlements to federal law suits over defective ignition switches in its vehicles. This defect could cause engines to stall and prevent airbags from deploying in crashes. Consequently, the faulty devices cost 124 lives and 275 injuries. Eventually, GM had to recall 3.1 million vehicles from the market!
Internal documents clearly showed that the company had known since November 2009 that the faulty ignition switches were prone to turning off, preventing the air bags from working. Red flags were raised over and over, however, no action was taken. By the time the company reacted in 2014, it was already too late!
This was a clear case of not paying enough attention to the risk management processes. The concerned functions seemed to have completely undermined or ignored the potential risk.
Enterprises should be mindful so that risk management doesn't become a “ticking the box” type of exercise. It requires a holistic approach and must be embedded into organisations' overall strategy. Risk management becomes effective and pays off if everyone in the organisation is actively engaged and at the same time, all the policies as well as processes are completely aligned.
The writer is the chairman and managing director of BASF Bangladesh. The views expressed here are personal.