A man and a woman work in the same department. They begin dating, and one gets promoted to be the other's supervisor. What does the company do?
Some say it should be addressed on a case by case basis. Others say the company should ban fraternisation. Some say the company should consider a detailed policy on personal relationships in the office while trying to promote a workplace that is open and friendly and anticipate situations that could destroy that environment. The question is how much risk does the affair contribute to the risk of various lines of business.
On a serious note, one can name the more high profile risks such as the BP Gulf of Mexico Deepwater Horizon oil spill which is still the subject of risk case studies.
Just to name a few business risks, recently there has been Cricket South Africa scandal which has led to the suspension of CEO, Gerald Majola and has paralysed the sport and even income from sponsorships. There has also been the alleged shenanigans at Auction Alliance whose founder has stepped down from his post pending an independent investigation into allegations of a money-making racket.
Property mogul, Wendy Machanik and her chief financial officer at Wendy Machanik Property Holdings, also its chief financial officer, Bruce Bernstein have been facing charges that include conspiracy to commit fraud, failing to keep accounting records and failing to reflect over 100 transfers between the trust account and business account.
How about political risks, including the suspension of former Police Commissioner Jackie Selebi and his eventual incarceration, including the suspension of his current successor, Bheki Cele?
Blame for recent corporate risks and scandals here and abroad have tarred directors, political as well as corporate executives. Critics and detractors say if only directors and political leaders were doing their job, such corporate and or organisation risks would have been avoided or at least mitigated.
The point is, no organisation whether corporate, governmental or non-governmental, is immune. Bad things can and do happen to good companies or organisations. So the key for CEOs, the board of directors and employees of companies and even political leaders is how can companies anticipate and react to real and hidden risks?
Can one establish a useful framework to anticipate risk? The point is it really pays to think about what might go wrong. Every employee and executive must ask what are risks to the effective running of their organisation or company? They must ask: are we doing enough to avoid them and can we spot them if they're creeping up on us?
Putting risk management as an attitude of individual employees of an organisation implies that they are aware of, and live by the knowledge that risks influence their daily corporate life, activities, operations and the management of their organisation.
The only way to have successful risk management is to have the process driven from the top of within a friendly and supportive culture, considering risk analysis, an upfront project planning activity; and risk control, an on-going project-management activity.
Indeed, risk analysis consists of risk assessment and risk reduction. Risk assessment is determining what could cause the project to fail, estimating how likely it is to happen and what would be the consequence of it happening. Then after those questions are answered, the process includes determining what could be done to mitigate the risk or what a contingency would be if the risk occurred.
Good risk management programmes are no more an option, but rather the right way of doing and managing business to have a better competitive advantage from one's competitors.
Here are some practical objectives of risk management: meeting budgets and goals; producing quality goods and services; eradicating errors and omissions; frauds and shortfalls; doing things right the first time and doing the right things always; avoiding surprises; fulfilling corporate governance and complying with legal and regulatory pronouncements and requirements.
Risk control consists of risk tracking and risk reporting. Risk tracking is monitoring the risks on the list, as well as looking for new risks. Risk reporting is just that--reporting on the results of the risk tracking to ensure the results are well-communicated.
Here are some guidelines one can use to approach risk management steps: establish a warning system to recognise threatening trends that take years to emerge; assess the degree of exposure to the business and empower managers to act early and decisively. In other words, identify risk. Understand where and how risks arise in the operation of the organization as well as in the economic environment in which it functions.
Also radically refocus performance reporting and analysis on key relationships and linkages; rebalance measures in terms of leading and lagging, internal and external information.
It means one must measure risk and take the care and time to quantify how much of each type of risk the company faces. In both the identification and measurement steps, care must be taken to understand how the risks relate to each other and how those relations affect the measurement.
Also, to minimise risks, recapture intuition as a factor in decision-making, fostering dialogue, debate and discovery to develop meaningful scenarios, create practical action plans and identify the first signs of flawed decision-making.
It is also important to develop strategy that will look at the nature and size of each risk and decide whether to take some action, do nothing, or, in some cases, take more risk.
It is crucial that everyone must identify tools to be used during crises. The correct tool must be selected from a tool kit. Tools are necessary and helpful to the management of risk.
Lastly, what is really critical is well-defined elements of managing risks. They include board involvement, management oversight; policies and limits, measurement and monitoring, internal controls and cultural reinforcement.
Working with senior management, the board must identify and have a working knowledge of the major areas where risk occurs. After all, ignorance is no excuse. Both the board and senior management must have and use adequate information to have a sense of dimension and to monitor the activities as they occur.
When all is said and done, it will be time to execute the risk strategy. Carefully implement the strategy using the tool selected. Monitor the strategy and regularly compare the performance of the strategy to the risk itself to make certain that the combined result is acceptable.
There is one key to success, or to failure. It is culture. There must be a culture that values the management of risk from the board, CEO and down to the ordinary employees. If there is lack of seriousness or if only lip service is paid, no management of risk process will ever work.
In the end, we live in a more volatile, risky world. Risk can never be eliminated, but it's up to the management and employees to see that it's managed.
Every business or organisation must plan for risks. No one knows for sure when there will be a pandemic, but an all-hazards approach can bode well for any emergency.
Risk management should never be seen or regarded as a function for itself, nor is it an end in itself; but rather a means to an end.