Business Risks Explored: Practical Insights for Resilience

Written by the AuditCue Content Team.

The COVID-19 pandemic serves as a prime example of external risks faced by companies, causing disruptions in supply chains, declines in demand, and government-mandated closures. However, some companies were able to adapt and innovate in response to the pandemic. For instance, technology companies like Zoom and Microsoft quickly adjusted their offerings to meet the increased demand for remote work and online communication.

Understanding and Managing Business Risks

Risks are an inherent part of doing business, and companies must be equipped to identify, assess, and respond to them effectively. Risks can broadly fall into three categories, each requiring a different approach to risk management.

Category 1: Preventable Risks

Preventable risks are internal risks that arise within the company and are controllable. Examples include risks from employees and managers' unauthorized or unethical actions, or risks from breakdowns in operational processes. While it may be impractical or costly to completely eliminate these risks, companies should adopt a zero-tolerance policy for defects or errors that could cause severe damage. Preventable risks are best managed through active prevention measures.

Example: The Wells Fargo account fraud scandal, where employees created unauthorized bank and credit card accounts to meet sales goals.

A notable example of preventable risk is the Wells Fargo account fraud scandal, where employees created unauthorized bank and credit card accounts to meet sales goals. This unethical behavior resulted in substantial financial penalties and reputational damage for the company. The scandal underscores the importance of ethical practices and robust internal controls in preventing similar risks.

Category 2: Strategy Risks

Strategy risks are risks that a company voluntarily accepts in pursuit of its strategic objectives. Unlike preventable risks, strategy risks are not inherently undesirable, as they are often necessary for generating superior returns from the company's strategy. Strategy risks cannot be managed through rules-based control models. Instead, companies need a risk management system designed to reduce the probability of the assumed risk materializing.

Example: Netflix's decision to heavily invest in original content production, aiming to attract and retain subscribers with unique shows and movies.

A prime example of strategy risk is Netflix's decision to heavily invest in original content production. This strategic move involved significant investment and risk, aiming to attract and retain subscribers with unique shows and movies. Despite the challenges, Netflix's effective management of this strategic risk allowed it to dominate the streaming market and achieve substantial returns on its investments.

Category 3: External Risks

External risks are risks arising from events outside the company and beyond its influence. These risks can include natural disasters, political upheavals, or macroeconomic events. External risks cannot be prevented from occurring, so the focus must be on identification and mitigation of their impact.

Example: The impact of the COVID-19 pandemic on businesses, causing disruptions in supply chains, declines in demand, and government-mandated closures.

It is not enough to conduct risk assessment only for looking back at events gone by, but also account for events/threats/opportunities coming up in the future. A forward looking risk assessment should be a regular exercise for companies looking to strengthen their risk programs.

Forward looking Risk Assessment

For a comprehensive approach to forward-looking risk assessment, it's imperative to recognize the oversight role of boards and the responsibility of senior management in regularly reviewing and assessing organizational risks, underscoring the significance of engaging external experts in risk identification.

Various techniques for forward-looking risk assessments exist, including:

PESTLE Analysis: This method aids in identifying external risks by considering Political, Economic, Social, Technological, Legal, and Environmental factors.

SWOT Analysis: SWOT Analysis helps understand internal strengths and weaknesses alongside external opportunities and threats.

Horizon Scanning: This technique enables organizations to anticipate immediate risks.

Scenario Analysis: Scenario Analysis evaluates potential sources of significant operational risk.

These frameworks are only meant to provide a way of organising thoughts and ideas for a common goal. It is important to consider hidden biases, and utilise stress testing techniques for a better assessment of business risks.

A forward-looking risk assessment is crucial for ensuring business and commercial sustainability, requiring the addressing of competency and cultural issues for effective risk management.

Sources: Wikipedia, Netflix, National Library of Medicine

About the Author

The AuditCue content team prioritises addressing organizations' pain points and vulnerabilities by providing informative content tailored to those areas. If you have suggestions for topics you'd like us to cover, please don't hesitate to reach out to [email protected].