Whether undertaking a specific project or initiative, such as entering a new market or simply managing day-to-day operations, organizations have to be prepared for the possibility that things will not go as expected.
Practitioners use risk management processes to help them anticipate problems and implement solutions. This is part of a continuous process of assessment, prioritization, and feedback. At any point in this process, the objectives of the organization or circumstances of the external environment may change, requiring an organization to be flexible in its approach to emerging risks.
Without a careful analysis of specific risks and a plan to mitigate them, organizations may suffer loss. Once involved in an international trade venture, organizations must protect their operations and their profitability through continual risk analysis and planning.
The biggest risk with any business venture is that the organization has no appreciation of risk or how it can affect them.
Risk management is vital to any organization. When developing a strategy to manage risk, it is best to develop one that can fall into one or more of the following categories.
1. Risk Avoidance
Organizations have the option to refrain from activities that carry unacceptable risks. For example, while looking to set up a subsidiary in a foreign location, an organization has been offered a site that was used by a chemical manufacturer. Since it does not know what environmental damage is associated with the site and it does not want to assume liability for clean-up, it may choose to pass up on the site, even if no other suitable property is available. On the other hand, a practitioner cannot use avoidance in all cases. Ceasing all business travel because of the risk of hijacking means essentially giving up on an opportunity to profit by doing business worldwide.
2. Risk Reduction
Risk can be addressed by finding methods to reduce either the severity of the loss or the likelihood of the loss occurring.
One way organizations respond to the risk of theft is by installing security systems. The challenge is to ensure that there is a correlation between the potential of losses from theft (what can be stolen and what is its value or impact?) and the cost and effectiveness of the security system (does it eliminate all risk of theft or only some?).
Another way of reducing risk is by adopting certain practices. For example, software development used to be extremely risky since it was only delivered in the final phase of development. Today, software is developed and delivered incrementally so that performance can be tested before moving to the next phase.
Finally, organizations can reduce risk by outsourcing functions to those who are more skilled or to those who can demonstrate an ability to manage or reduce risks. The best example are international traders, who outsource much of their logistics to specialists. These specialists know the risks involved in international shipping and have the expertise required to reduce or eliminate many of those risks.
3. Risk Transfer
Risk transfer means getting another party to accept the risk, such as having a syndicate like Lloyd’s of London provide insurance for the venture. This is what happens when organizations take out any form of insurance: the insurer assumes the risk and the responsibility for restitution should losses occur.
Risks can also be transferred through contracts, as often happens in construction projects where the builder assumes any risks associated with faulty construction. Hedging strategies, futures contracts, and derivatives are other forms of transferring financial risks to others. Risks can also be pooled, and a group may decide to spread risk among its members and if any one of them suffers a loss, they all contribute to restitution.
4. Risk Retention
Organizations can choose to accept certain risks and any losses that may subsequently arise.
This is a viable approach to small risks where the cost of mitigation or insurance would be greater over time than the total losses sustained. All risks that are not avoided or transferred are retained by default. This includes risks that are so large or catastrophic that they either cannot be insured against or where the premiums would be prohibitive.
War is an example of an uninsurable catastrophe, since most property and other commercial risks are not insured against war. This is why the terrorist uprising against British rule in Southeast Asia between 1948–1960 was called the Malayan Emergency; had it been called a war; the rubber plantation owners and tin mining industries wouldn’t have received any compensation from insurers for losses arising from the violence.