Managing business risk in China and creating a strong business risk management program is increasingly important in ensuring the success of an entity. Performing an annual business risk analysis is one effective tool used by companies in their risk management program to manage their business risk.
During the performance of a business risk analysis, it’s important for management to use various sources to compile the more significant risks faced by the Company. The management involved in this process would typically consist of the Company’s leaders, and can include internal and external legal counsel, the finance department, operational management and others. A business analysis risk assessment – assessing, combining and grouping the risks as identified in this process, as well as determining the Company’s responses to those risks, is usually based upon management’s perception of which risks are more significant to the Company in the current environment.
A management team should conduct this business risk analysis with input from the Chief Executive Officer, Chief Financial and Operating Officers, the Chief Legal Officer, Senior Operating management as well as finance, information technology, system and internal control specialists. Careful consideration should be given to risk management ownership and accountability, with different kinds of risks (technology, security, continuity, regulatory, financial etc.), defined. Risk tolerance profiles, root cause analyses and risk brainstorming sessions, quantitative and/or qualitative risk measurements are all useful in the process.
A Company’s general overall risk management process should consist of a variety of activities, such as the following:
- Bi-weekly meetings held with senior management to discuss various topics such as
- The appropriateness of the organizational structure in light of the companies objectives, strategies and future plans
- Key business and IT initiatives including consideration of the linkage between business initiatives and IT initiatives.
- Review of key IT projects underway/planned (project status communicated by the tech VP)
- Regulatory requirements
- The appropriateness of communication flow within the organization (upstream, downstream and across business activities)
- That organization charts clearly define control responsibilities for executives and their managers, levels and lines of reporting are designed as appropriate
- The Information Technology department is sufficient for the company needs
- General levels of staffing are sufficient, managers and supervisors have sufficient time to carry out their responsibilities effectively
- Review of the HR director’s monthly report on compliance with established HR policies and procedures
- Legal and other reserves (quarterly) as required
- Operations review (weekly) – includes review of financial templates and variance analysis (including actual results and explanations for actual versus forecast)
Frequent meetings with the CEO and different departments’ employees every quarter together with their VPs, to promote the Company’s culture and history are important in the risk management process. A Company’s Business Values should be an in-depth topic on an annual basis. Additionally, frequent meetings with the CEO and department heads are useful to discuss strategy and mitigate risks.
A disclosure committee, together with external and internal counsel can review quarterly and annually the Company’s disclosed risks in any filed reports discussing can also help ensure that the Company’s risk disclosures are up-to-date and complete.
- If the Company retains in-house legal counsel, periodic meetings with business-line heads to ensure the legal department is kept current on changing business and environment factors can be an important part of a Company’s risk mitigation.
- Having an active audit committee which reviews the Company’s annual and/or quarterly filings if applicable, assists with the identification of external risks and helping ensure adequate disclosure in the company’s periodic reports.
- Risks to the Company can be categorized into four general areas of risk; Market Overview (external), the external market in which the company operates, Strategy (Internal), Value Creating Activities – activities that strengthen financial performance, and Financial Performance – risk information and financial measures used to assist with managing the Company. These categories are generally defined as follows:
Market Overview (External)
In general, Market Overview is as set of the risks in the competitive, regulatory and macro-economic environments. The competitive environment consists of the opportunities and threats that encompass a company’s industry and other factors, such as the appeal of the company’s products and services in current markets and likely changes in the future. The regulatory environment, such as the nature of, and changes to laws and regulations, income tax and customs rates and regulations, can have an enormous impact on business activity, as well as the degree of supervision and control exercised by external regulators. Also to be considered is the macro-economic environment and the macro-economic factors that impact performance such availability and cost of capital, shifts in demographics, trends, and the like.
Internal Strategy includes management’s key goals and objectives, targets, and milestones, and the actions required to meet strategic aims, as well as strategic and organizational alignment and the communication of that organizational alignment internally and externally. Internal Strategy includes the consideration of resource plans and needs, expansion plans and reliance on certain services lines. Important in this area is how the Company’s corporate governance influences the Company through supervision, oversight, and the accountability of the board of directors and management.
Value Creating Activities
Value Creating Activities are activities which facilitate the increase of customers buying the Company’s goods or services or influence positively customers’ future buying behavior. Additionally important are activities which help with key employee retention and enhancement of the innovation process, including full utilization of technology resources, creating new business models and making value from the intangible assets of the business. Other value creating activities involve the enhancement and strengthening of a Company’s brand, its supply chain and the infrastructure that supports it.
Financial Performance consists of the risks related to results of operations and financial condition, such as assets on the balance sheet, trends in working capital and the ability to fund both short and long-term growth opportunities. Economic and segment performance needs to be understood, as well as the Company’s risk profile and its risk in order to establish the appropriate cost of capital and required returns. Furthermore, Financial Performance should include assessing risks over management’s attitude toward the selection of its accounting policies.
Management’s Response or Risk Strategy as a Result of the Business Risk Management Analysis
Generally, management’s approach to each risk identified is to adopt one of four strategies; transfer the risk, manage it, avoid the risk or accept it. The Company should identify those risks; assess the likelihood of occurrence and possible outcomes and determine management’s specific responses to those risks. It’s vital for the Company to document its analysis, categorization of risks and responses selected, as well as monitoring the activities and results of the risk assessment program. This ensures the Business Risk Analysis and risk assessment program is measured for effectiveness and altered as necessary. The formalization of a risk assessment program, with the use of an annual Business Risk Analysis process is important and can help a Company.
This article is provided by LehmanBrown.
The views expressed in this article do not necessarily reflect the views of the EU SME Centre.