Finance

Risk management is one of the most important tasks that are involved in an organization. Financial institutions always have been involved in the task of calculating risk and managing it to handle loans and investments. However, risk management is now increasingly important for non financial companies as well that have to do with a range of uncertainties in the various projects they undertake. As such this process may become the defining factor impacting the success of failure of a particular project which may see anything go wrong ranging from sudden deterioration in the economic climate of the country to late deliveries by suppliers. Understanding the dynamics involved in the risk management process and determining the steps involved requires understanding the concept of risk.

Risk is basically the probability of an adverse event occurring which may hamper the profitability or the returns from a project. This probability can never be a hundred percent because then it crosses the boundary of the concept of risk and becomes an issue for the organization. There are also probabilities attached to certain favorable outcomes which may actually benefit the project in question a great deal. Thus effective risk management for projects results in the chances of favorable outcomes being maximized while the probability of adverse circumstances is minimized. The process basically involves five broad steps.

The first step is having a mechanism to identify the risks involved in a project. This stage basically sets the foundation by specifying the risks that are to be encountered so that active steps can then be taken to ensure they dont derail the project. This can involve working in close coordination with different departments, involving personnel from the business and the information technology divisions and utilizing the exercise to generate the collective accumulation of ideas regarding the risks present. The standard risks that are faced by the project being undertaken if any can also be of tremendous help during this stage. Appropriate demarcation needs to be made of the different types of relevant risks involved as well. For example, generic risks are those facing all the projects that the organization may initiate while specific risks vary from case to case.

Risks also have two inherent portions that need to be dealt with separately. The first is the underlying reason for the occurrence of an adverse event which may be problems from the supplier or construction contractor etc. The second is the impact of this occurrence which may hit the financial forecast of the project or cause the time scale required for completion to be extended by some period. These can be identified via problem analysis, source analysis and any number of techniques for charting which actually allow the construction of a matrix based on the individual groups of resources that are subject to uncertainty. Once this identification of relevant risks and their appropriate characterization is complete, the next step in the process can be started.

Qualitative analysis of the identified risks has to be carried out in the next stage. This is a process that is basically aimed at determining the possible result of the risks listed before on the objectives of the project underway. Using this analysis, potential risks can be taken in context with the assets directly linked to them. It also has a tendency of pointing out that protection measures that have been utilized as well as those that can potentially be useful in mitigating the risks. The objective of this exercise is to reach of point of risk protection that is suitable as well as creating awareness among the members of the organization directly linked with the project.

The next step is quantitative risk analysis. The objective here is to assign a value to the potential impact of an adverse occurrence in terms of financial losses or asset prices as well as the probabilities of these events occurring. This effort is greatly subjective but is able to represent the data regarding the identified risks in a format that is user friendly and easy to comprehend such as percentage figures and probabilities. The process is frequently carried out by utilizing a two dimensional scale that forms of matrix of the relevant probability and impact. A risk with a low probability but a high impact on the scale may require greater scrutiny as it could potentially act to derail the project. On the other hand, a risk with a low impact but a greater probability of occurrence may be almost certain, but it is more of a routine thing which may not be of sufficient import to the managers involved in the project.

Quantitative analysis can be of tremendous use to an organization as the numerical data can be played around with to arrive at a direct impact on the financials of the company of any adverse possibilities. Hence, this process requires certain step by step procedures which may wary across organizations. One is to take the risk factors identified in the first step and evaluate the historical response of the organization towards them. This is complimented by calculating an estimation of the annual occurrence of the events under question which then leads to the expected losses associated with the occurrence. Cost benefit analysis and other techniques are then brought into play to analyst the impact on the expected cash flows associated with the project, accompanied by an IRR calculation for the projected figures. These steps often allow the management to arrive at a single figure or exposure factor associated with the risks to the project being undertaken.

One tricky bit involved is allocating a reliable value to the assets and liabilities involved in the project under contingency situations. This often involves mechanisms such as the income method which calculates values based on discounted figures of the potential income to be raised from use of the assets till a specific date in the future. The useful life and the discount factor are inherently subjective in this regard. Another is the cost approach which assigns value based on the purchase price of the assets, adjusted for use. This again has drawbacks as asset values change and in todays world of emphasis on fair value, it may not be the most appropriate figure to use. Fair value itself may require a complex model to be developed if an active market for the asset does not exist, bringing in further subjectivity to the calculations. Thus quantitative analysis is a fairly tricky but potentially very useful tool for analyzing the impact and the probabilities of risks.

The next step is planning a response to the various risks identified and establishing possible ways to deal with them. This often depends upon the nature of the risk and where it stands in the matrix constructed in the previous step. The objective here is to deal with the adverse occurrences in the best manner possible, bringing the costs of the effort to a minimum. Appropriate responses can be classified into four broad types. One is to avoid the risk so that it does not figure into the project at all. This could be by altering the range of suppliers that the organization aims to use, avoiding the one that carries uncertainty or altering the way a particular activity was proposed to be carried out. This has the advantage of completely taking the risk out of consideration but also has the disadvantage of possible increase in cost for the organization which may originally have chosen the supplier because of lower cost of better quality. A tradeoff may be involved in this case.

Another response could be to make someone else responsible for the risk so that the impact is reduced significantly. This is basically a mechanism to spread out the risk so that the extent of the possible losses can be minimized. One possible way to do this is via insurance. The premiums involved will have to be paid by the organization but it will save the project from unsustainable financial losses. Another is a renegotiation of the contract terms with suppliers for example such that costs can be reduced for late arrivals or bad quality so as to limit the losses in the project from that side. This may involve legal counseling however to negotiate the appropriate contract and its clauses, thus raising the costs of the project.

Another step is to reduce the risk involved. This could be via a reduction in the possible impact or actions aimed at bringing down the probability of occurrence. This is a tough step to take as the organization will already of adopted any risk reducing measures if they exited. Identifying new ones may take a bit of ingenuity. For example, the rising costs of a manufacturer may be reduced to some extent by making use of outsourcing as other companies may be more competitive in terms of managing risks involved with particular resources. This carries with it the drawback of exposing the company to dependence on third parties as well as a possible seepage of new technology in industries such as consumer electronics or computer hardware.

Finally, the organization can choose to accept the risks related to the project and not take any counter measures to control them. This may be a prudent strategy for small businesses for which the costs of insurance and other steps would far outweigh the possible reduction in probability or impact accompanying them. Another reason could be the overriding quantity of generic risks the organization as a whole may be exposed to such as war or other calamities, living in a volatile region. This prompts managers to go along with the risks and accept the contingent losses related to a project because the costs of avoidance are too high or viable alternatives just do not exist.

The final step in the risk management process for projects is that of monitoring and control. This involves bringing into place relevant procedures for the handling of risks as they occur during the routine stages of the project and ensuring that they are properly applied. There is also a need to react to the relevant risks as they occur. The whole process flows well when a regular review of the risks is performed on an ongoing basis to do away with outdated risks and to take into account new ones that may have emerged on the horizon. However if this part of the process is not followed correctly, all the foundation laid previously may be effected.

There are certain limitations to the five steps that were identified and analyzed above. Success in quelling risks lies in effective identification of the risks in the first stage. However, prioritization is also important at this stage as a plethora of risks nay be identified, not all of which may be critical for the project under consideration. IT is important to concentrate on the ones which could have the most impact on the results of the project, otherwise wastage of resources and rising costs related to risk management may be inevitable.