Concept of Risk in Business

Discuss About The Managing Supply Chain Risk And Vulnerability.

In Latin language, as stated by Luhmann in 1993, the word risk has been derived from the word “riscum”, which means the challenges faced by the sailors on desert (Nichita, 2015). In Arabian language, as stated by Althaus in 2005, the word is derived from the word “risq”, which means everything that God gave you, in order to take advantages (Nichita, 2015). Thus from the above definitions it can be concluded that risk is a situation where exists some possibility of danger. The concept of risk is all pervasive and can be assigned to any activity with unknown consequences. Risk can be measured at individual, business and financial levels (Jeynes, 2012). An organisation operates within a framework of different kinds of risks characterised at macro, mezzo and micro levels. At macro levels, there are risk of geographical crises, collapsing of financial markets, natural disasters, economic downturns and many more. At mezzo level, there can be shift in the market supplies, changes in consumer tastes and preferences, or introduction of the scarcity or complementary goods. At micro level, risk pertains to events like labour safety, changes in policies or regulations by the government, failure or impairment of equipment and may more. The report gives an insight of various types of risk, the procedure for risk management and the role of risk management in procurement management.

Business risk can be broadly classified into two types, depending upon the environment of an organisation. These are endogenous risk and exogenous risk (Tho, 2012). Endogenous risk refers to the risk generated from the shocks that are part of the business system. Exogenous risk is in contrast with that. Exogenous risk refers to risk arising out of shocks that arrive from outside the system. While the endogenous risks are controllable to certain extent for the management, exogenous risks are easy to anticipate by evaluation of different industrial factors. A business entity operating internationally is typically exposed to various types of risk. These can be listed as country risk, political, operational, technological, environmental and strategic risks. These are described in the following segment.

2.1 Country Risk: It refers to the risk associated with investing in the business in a foreign country (Toksoz, 2014). The risk is a collection of political risk, exchange rate risk, economic risk, sovereign risk, transfer risk and payment risk. Country risk a critical concept in today’s global economy as the entities are functioning across the borders. As a result, various changes in the country of operation of an entity can lend bundle of shockwaves to the business.

Project Risk Management Strategy and Its Different Stages

2.2 Political Risk: Political risk refers to the potential negative impacts of political actions on the firm’s functioning and the value (Sottilotta, 2016). Political actions have a direct impact on the business income and eventually the sentiments of the stakeholders. Political actions refers to the decisions in relation to the societal organisation of an economy, i.e. decisions in respect of formulation and enforcement of laws, industry specific regulations, taxation system and may more.

2.3 Operational Risk: According to the Basel Committee, operational risk is defined as the risk of loss or gain to a business unit arising out of insufficient operational elements i.e. people, processes, systems or the external events (Tattam, 2017). 

 2.4 Technological Risk: Technology risk deals with the availability, reliability, safety, confidentiality, integrity, and overall maintainability of the technological equipment and processes and the related effects on the processes and results (Anderson and Felici, 2012). The risk also deals with the obsolescence of the technologies possessed by the entity over time.

2.5 Environmental Risk: It refers to the potential threats to the surrounding environment because of the business operation, eventually resulting into financial liability (Pritchard, 2014). Enterprises must operate in a manner that addresses issues of sustainability and aims towards reduction of the potential hazards by use of chemicals, effluents and unhealthy processes.

2.6 Strategic Risk: This refers to the potential loss arising out of the failure of the management policies and strategies (Collins and Ruefli, 2012).

Risk Management is the process by which the various risks governing an organisation are identified, quantified and analysed, accepted and managed by either mitigating them or controlling them (Kendrick, 2015). There are many benefits to risk management. The key benefit from the risk management exercise is that it enhances the effectiveness and efficiency of the operations and aids in the strategic decision making. Adequate risk analysis also avoids expenses on account of sudden circumstances arising out of risky situations. Effective risk management also provides credible information of the feasibility of the projects. And if the projects are not feasible, the same should be aborted, avoided or at least modified at initial stages itself. The different stages of risk management have been described in the following segment.

3.1 Identification of risk: The very first stage of risk management involves the identification of the potential threats that can affect the successful delivery of the project. Identification of the risk is a critical activity as a whole (Hillson, 2016). It is the collection of various activities such as defining the objectives of the projects, gathering the related information, application of risk identification tools and techniques, documentation of the gathered data along with the process and finally assessing the effectiveness of the project in light of the availability of the budget and the objectives of the organisation.

3.2 Quantification and analysis of risk: (METHODS FOR QUANTIFICATION AND ANALYSIS OF RISK) It refers to the process through which the collected data is gathered in such a way so as to produce useful information in order to respond to the risks. Risks are quantified with the help of various statistical tools or through use of intuition. There are two kinds of methods for the analysis of the risk. These are Qualitative methods and Quantitative methods.

3.2.1 Qualitative methods: This analysis method is used to make the decisions with regards to the business projects where proprietors analyse the risk according to their experience and judgements, followed by intuition (Heldman, 2010).  The method is beneficial only in the cases, where the level of business risk is comparatively low and the requirement of the time and resources in order to make the analysis is low. The use of these methods also becomes relevant in the situations where the numerical data provides inadequate information for the analysis. These methods comprise of various techniques such as use of interview results, questionnaires, brainstorming, consultation with experts and consideration of the judgements made by the specialists.

3.2.2 Quantitative Methods: These methods are useful in the scenarios where a specific number or value has to be assigned to the level of the risk such as high, medium or low and is relevant especially where the level of risk is high. In order to assess the level of risk quantitatively various techniques have been prescribed, for example Monte Carlo Simulation method, Network analysis, Cost Volume Profit analysis, Ratio analysis, Investment Appraisal methods and many more (Ostrom and Wilhelmsen, 2012). The Monte Carlo Method represents the real situations through use of mathematical tool of probability and by assigning random values to the variables of the model in different scenarios such that different results are obtained (Thomopoulos, 2012). The method is repeated over a sufficient number of times such that the sample of the result is sufficient enough to represent the real situations. The results obtained are further analysed with the help of various statistical tools such as calculation of mean, standard deviation, minimum and maximum values and variances, so as to determine the level of risk.  The network analysis makes use of the techniques of PERT and CPM, so as to analyse the gestation period i.e. the period of commencement of the project and the time from which the benefits will be yielded, accordingly risks are assessed. In cost volume profit analysis is done to determine the operating attributes of the project. This method deals with the assessment of the breakeven point i.e. the least risky point or the no profit- no loss level in the project, such point is later on expressed as the percentage terms for the project. In ratio analysis, as the name suggests, various ratios are computed and compared with that of the other available options. The project depicting the better ratios are selected. The better the ratios, the least the risks involved. Various investment appraisal techniques such as net present value method, payback period method, computation of internal rate of return, profitability index method and accounting rate of returns are computed in order to evaluate the viability of the projects for the entity.

3.3 Treatment of risk: Risk Treatment is the procedure by which measures are selected and implemented to modify the existing risks in the businesses. The treatment of the risk may include following actions such as avoidance, optimization, transfer or retaining of risk. Treatment of risk involves the following activities:

3.3.1 Identification of Options: After the identification and the evaluation of the risks, the next step is to identify the appropriate course of action to be selected for the management of such risks, evaluation of the results obtained and implementation of the actions.

• Starting a new activity.
• Continuing an already existing activity that is yielding positive results.
• Deciding to stop or cancelling a project.
• Sharing of the risk with other parties by entering into arrangements like insurance, partnerships and joint ventures.
• Deciding to postpone or divert the project.
• Retaining the residual risk.

The basic aim of efficient treatment of the risk is that cost of managing a risk must be in line with the benefits obtained or expected. All the direct and indirect costs and benefits whether tangible or intangible must be considered and should be measured in financial terms or other terms. One option or the combination of more than one options can be considered to manage the risk. For example a project manager can decide to continue with the projects seeing the benefits to be reaped but he can enter into the insurance contract at the same time to mitigate the risk to keep the overall risks at an acceptably low level. In the event of budget constraints, a proper order of priority must be set up as to what actions must be undertaken first.

A plan must be devised on the lines of the decided action by the management. The plan should be a detailed one comprising of all the necessary information about:

• Proposed actions, priority list of actions and time for the same.
• Resources required.
• Roles and responsibilities of the parties involved.
• Reporting and controlling parameters.

With regards to the risk management process, initial approval must be combined with the throughout support of all the stakeholders specially that of the top management.  The action plan must be in line with important practices of the organisation and the related processes, so that the risk management process becomes relevant, effective and efficient. Some of the important business processes that need to be in line with the action plan are audit, asset and environmental management, internal control practices, human resources and investment management.

3.4 Identification and Acceptance of residual risk: Residual risks are defined as the risks that exist even after the identification of the risk management options and implementation of the action plans. Certain types of risk are unavoidable in the business situations and therefore, such types of risk are accepted along with the cost of managing them. Residual risks may be different for different entities and the nature of the projects, and inherent limitations of the industry in which the business is operating. Also the cost of avoiding such risks is very high. The level and the extent to which risks are accepted, is a critical management decision and an important parameter in the risk management process. It is important that the top level management of the entity and all the key managerial persons are aware about the nature and extent of the residual risk.  The management of the risk depends on the degree of the acceptance of the residual risks or the risks that cannot be avoided by the entity. The higher the level of the acceptance of the residual risks, the less is the requirement of managing such risks and vice versa.   

The document of risk management must clearly and comprehensively set out the objectives of risk management process and a statement of commitment to risk management. The content of risk management policy of an enterprise includes aim and rationale for managing risk, linkage of the vision of the entity and the risk management policy, the nature, timing, type and extent of the risks and opportunities encountered by the entity, details of the in house capacities and strengths to deal with such risks and opportunities, processes undertaken to manage the risk, persons accountable for each such processes, extent of expert judgements and suggestions sought, nature of the residual risks and how the management is dealing with the same, review policy for the risks and a declaration or the statement of commitment to the policy by directors and the organization’s executive. The publishing and communicating such a statement is essential for the stakeholders to be informed about the internal and external environment of the enterprises and also demonstrates the commitment of the top level management towards the risk faced by the organisation on project basis or as a whole. Also it clearly defines the accountabilities and responsibilities at individual level.

The board of directors of an entity are responsible for defining, implementing, documenting and approving the policy for managing the various risks related to a project. It is an important responsibility for clear definition of the risk and resources needed. Also it’s the responsibility to provide the necessary finance and resources for Risk Management. The resources include personnel, necessary processes, information systems, finance and other resources.

In the 1990s, the concept of the purchase evolved to be called as procurement management. It refers to the systematic process of deciding what to purchase, how to purchase and when to purchase (Baily, et. al, 2008). The process also deals with the quality and time considerations, cost comparison, vendor selections and negotiations (Wu and Blackhurst, 2009). The importance of the managing the risks in the procurement management can be assessed by the fact that supply chain failure had been included in the top ten list for the most pressing risk around the world by the global survey of Aon in the year 2009. In the words of Hendricks and Singhal, ignoring the disruptions arising out of the supply chain can have serious and economic consequences, leading to lower stock returns, volatile share prices, and lower sales growth. In additions to these, the recovery from such losses takes years (Russill, 2012). The necessity of risk management in the procurement process is also highlighted by the following.

• Continuous nature of contracts and major amount of cash flows involved.
• Unbalanced cash flows with higher initial investments and long gestation period till realisation of benefits.
• Involvement of various participants.
• Inherent risk of political changes, environmental and economic issues, making the procedure complex.

The risk management process can be applied at various stages of project procurement usefully. The various stages of the same have been described as follows.

4.1 Setting out the objectives and the requirements of the project procurement: This involves the assessment of the in house skills and resources and accordingly requirements are set for the project procurement and the policy is formulated. The stage involves the risk of setting inconsistent strategies of the project procurement with that of the organisation overall mission and objectives. And hence top level managers must evaluate the requirements properly. In addition to this, detailed plan setting out the accountability and responsibilities of the managers concerned must be prepared.

4.2 Evaluation of capital outlay: Evaluations must be done for the capital expenditure for various processes such as acquisition of equipment or infrastructure or software. There is a risk of inadequate definition of budget requirements, the same should be carefully analysed.

4.3 Analysis of options: Various options must be analysed in the light of the available budget and the requirement stated out I the procurement plan. There exists risk of some options being left out. And hence detailed research about the market and industrial conditions is must. For example there can exist a number of alternatives of technology for a same up gradation requirement.

4.4 Obtaining legal approvals if any: While beginning any project, related legal approvals must be obtained, after a detailed study of the applicable laws and regulations and the accounting framework in which an entity must report. These are essential to avoid the legal, economic and political risks.

4.5 Preparation of procurement documents: A detailed set of the procurement documents’ must be prepared and requested from the other parties as well, in order to avoid the risk of inconsistent interests and clashes in the later on stages of the project.

4.6 Inviting and assessing tenders: Tenders must be invited to select the most suitable option in terms of cost and benefits offered in the industry.

4.7 Evaluation and selection of the tenders: The tenders must be carefully evaluated, for there is always a risk of improper vendor selection. Cost comparisons of the various suppliers available in the market is one such example of strategy to mitigate the risk of wrong selection (Tang and Musa, 2011). Comparisons can also be done with competitor’s data to ensure the most beneficial bid selection.

4.8 Negotiation and signing of the contract: The terms of the contract must be clearly specified to each party involved to avoid confusions in the future. Regular review of the priorities of negotiation aids in effective allocation of the projects.

4.9 Implementation of the projects:  At every stage of procurement management it is essential that processes are reviewed to be in line with that of the overall mission and objectives of the organisation and the requirements of the stakeholders. This ensures the business from the risk of inefficient implementation of the projects.

4.10 Review and Documentation: The post implementation review is as essential as reviews at various stages. The conclusions must be documented for references in future.

References

Anderson, S. and Felici, M. (2012) Emerging technological risk. Underpinning the Risk of Technology Innovation. London: Springer.

Baily, P., Farmer, D., Crocker, B., Jessop, D. and Jones, D. (2008) Procurement principles and management. London: Pearson Education.

Collins, J. M., and Ruefli, T. W. (2012) Strategic risk: a state-defined approach. Massachusetts: Kruwer Academic publishers.

Heldman, K. (2010) Project manager’s spotlight on risk management. San Francisco: John Wiley & Sons.

Hillson, D. (2016) Managing risk in projects. Oxon: Routledge.

Jeynes, J. (2012) Risk management: 10 principles. Oxon: Routledge.

Kendrick, T. (2015) Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project. 3^rd ed. New York: American Management Association.

Nichita, M. (2015) An Overview on State of Knowledge of Risk and Risk Management in Economics Fields. SEA: Practical Application of Science. [online] Available from: https://seaopenresearch.eu/Journals/articles/SPAS_7_60.pdf [Accessed 21/06/18].

Ostrom, L. T., and Wilhelmsen, C. A. (2012) Risk assessment: tools, techniques, and their applications. New Jersey: John Wiley & Sons, Inc.

Pritchard, P. (2014) Environmental risk management. Oxon: Routledge.

Russill, M. R. (2012) A short guide to procurement risk. Oxon: Routledge.

Sottilotta, C. E. (2016) Rethinking Political Risk: Concepts, Theories, Challenges. Oxon: Routledge.

Tang, O., and Musa, S. N. (2011) Identifying risk issues and research advancements in supply chain risk management. International journal of production economics, 133(1), pp. 25-34.

Tattam, D. (2017) A short guide to operational risk. Oxon: Routledge.

Tho, I. (2012) Managing the Risks of IT Outsourcing. Oxon: Routledge.

Thomopoulos, N. T. (2012) Essentials of Monte Carlo simulation: Statistical methods for building simulation models. London: Springer Science & Business Media.

Toksoz, M. (2014) Guide to Country Risk: How to identify, manage and mitigate the risks of doing business across borders. London: Profile Books Ltd.

Wu, T., and Blackhurst, J. V. (Eds.) (2009) Managing supply chain risk and vulnerability: tools and methods for supply chain decision makers. London: Springer Science & Business Media.