Corporate Risk Management

“If you can’t manage risk, you can’t control it. And if you can’t control it you can’t manage it. That means you are just gambling and hoping to get lucky.”

J. Hooten

The recent global meltdown perhaps epitomizes this best. The consequences of this is what is staring at us in the face.

Now, what exactly is Risk Management?

In simple words risk management implies mitigating the risk involved in various functions and strategies adopted by business organizations to perform effectively and efficiently with available resources.

Organizations which do not fully understand the risk of implementing their strategies are likely to decline. The increasing pace of change, customer demands and market globalization, all put risk management high on the agenda for forward thinking companies.

In the present scenario it appears that both regulators and compliance departments have to rethink existing risk management models. Risk management can no more be a drag on strategy but also be an integral part of a strategic discussion where decision makers look at the risk and return collectively. Itis an active participant in all key business decisions.

Now is the right time to take a fresh look at the risk management capabilities of financial institutions to move away from the position of vulnerability.

There was no one mistake or one bad investment that led to the recent catastrophe, but a series of interlocking actions. The major issue for most firms was that they had spread themselves out too thin into high risk investments like subprime debt and credit swaps.

Over the time businesses were focused on increasing revenue, investments in infrastructure and the process to measure and monitor risk exposure was not given priority. New product approvals were furnished without sufficient understanding. There was a lack of technological systems required to evaluate them, making it difficult to capture all risks.

The problem goes deeper into commercial banks, home owners and investors. Money became so cheap that banks loaned money to home buyers without proper collateral, counting on the fact that property values would increase which did not happen and the collateral became insufficient to cover the amount of flows creating massive losses..

This entire fiasco represents a failed system of risk management. The credit crisis put forth the issue of risk management at the fore. The big question before us now is:

How to improve the risk management effectiveness?

An effective risk management process in organizations should be a step by step process starting with developing an understanding i.e. the objective of the process in the question. Following it should be the process of risk management to evaluate what can go wrong at each step of the process. And thereby identify and access controls for overcoming significant risk.

Another question at hand is: How can things be done differently?

There should be a common definition of risk which addresses both value preservation and value creation and should be used consistently throughout the organization. Risk management in organizations should participate in business and strategies discussion to understand the objective and perspective of the organizations.

There should be periodic analysis of results. It is important to recognize that risks cannot be aggregated across the enterprise if data and analysis of different types of risks and from different business are incompatible. A firm should be able to monitor risk associated with all its transactions. There should be appropriate product testing along with good investment in technology.

Firms should perform there own credit risk analysis to reduce dependency on other parties for risk determination. Risk analysis alone are not enough. Standard risk management reports should be provided to appropriate managers so that there is consistency in risk exposure analysis.

All companies should strike to be “ Risk Intelligent “ organizations that are most effective and efficient in managing risks of their present and their future assets definitely outperform others.

Witnessing the global meltdown, organizations have finally woken up to the importance of effective risk management with a pinch of salt. It has to be a focused effort and not a passing one. Support is required from all levels of organization and each should share responsibility for it. How seriously risk management is taken at the top determines how seriously it is taken throughout the organization.
Nitish Kapoor

[Image source:]