What Is Risk Management and Risk Management Software?

Article by: SmartSheet

  • Risk Management in a Corporate Setting: Risk management is the ongoing process undertaken by a company to identify, evaluate, and treat potential exposure to loss, and to monitor risk factors to reduce the effects of damages or loss. Risks can be financial, reputational, competitive, legal, and regulatory.

  • Enterprise Risk Management (ERM): Enterprise risk management is an evolving field in the corporate world, with the goal of reducing risks and reducing fraud that can negatively impact an organization. Typically, ERM involves a framework that identifies risks and opportunities relevant to an organization, and measures these with the relative likelihood of it happening and the impact if it does. ERM has been evolving rapidly in the 21st century, as stakeholders want to understand the risks facing their organizations.

  • Factors Included in ERM: Typically, ERM factors include planning, strategy, and internal control. ERM also involves adhering to the  Sarbanes–Oxley Act, which was enacted on the federal U.S. level in response to the Enron scandal to help ensure transparency and cooperation of publicly traded companies. These factors are evolving with the rapidly changing global business environment.

  • Risk Management and Compliance: As a result of mergers that create bigger organizations and the aftermath of the recession of 2008, regulators, governmental bodies, and debt rating agencies are increasing their scrutiny on the risk management processes of companies.

  • Risk Management Software: Sometimes known as compliance management software, risk management software helps companies identify risks associated with their assets, and displays them via a dashboard. Such software can measure and monitor virtually any kind of risk posed to an enterprise, including IT risks and data breaches.

KEY RISKS SMALL BUSINESSES AND ENTERPRISES FACE

No venture in a free-market system is entirely risk free, and not every factor critical to a business’s success is under it’s control. Therefore, it’s imperative to be as aware as possible of all potential risks that a company or organization might face. These can include:

  • Financial Risks: If a division is not going to hit its sales marks for a quarter, that poses a financial risk for the entire company. Being able to discover and monitor such a risk can help a company course correct and get back on track.
  • Interest Rate Risks: Mortgage and financial institutions can face severe business consequences due to rising or falling interest rates. These companies need to plan for any possible changes to interest rates.

  • Legal Liabilities: A company may be at risk if it is the subject of litigation. Companies need to maintain adherence to all laws relevant to it on the city, county, state, and federal levels (and internationally, if applicable). Organizations also need to be aware of potential legal risks like perceived discrimination.

  • Cyber Risks: Hacking, cyber attacks, phishing, and ransomware attacks have been on the rise around the world, and no company is immune. It’s critical for companies to install security updates as soon as they are released, and take any other measures needed to protect business- and customer-critical data.

  • Uncertainty in Financial Markets: Political upheaval, elections, and global volatility can all take a toll on a company’s stock price and financial stability.

  • Governance and Regulatory Compliance: As regulations evolve over time, corporations must ensure they are evolving as well. Certain industries require detailed compliance (for example, healthcare companies must meet HIPAA compliance) which, if not followed to the letter, could result in dire penalties and consequences.

  • Natural Disasters, Accidents, and Wars. Disasters like hurricanes or terrorist attacks can pose risks to any business--from a fleet company that temporarily cannot deploy its trucks to a financial institution whose stock plummets along with world markets.

Risk Assessment Matrix for Enterprise Business Owners

Enterprise business owners can use this risk assessment matrix to list out the thresholds for measuring risk in various categories on an ongoing basis. Under “Cost,” for example, the dollar amount will vary, but a “5” would be a significant portion or even majority of a time period’s forecasted income and “1” would be a small amount. Using this matrix, an enterprise business owner can sketch out and keep track of where the biggest risks may lie, and then update it weekly or biweekly as the project progresses. Everything listed in the top two lines are usually business-critical and this matrix helps keep the most urgent issues front and center.

Issues might include IT security, global and national compliance issues if applicable, delivery of vendor shipments or contributions, launching a new product line, political unrest, and more.

Risk Assessment Matrix for Small Business Owners

Small business owners can use this risk-assessment matrix to list out the thresholds for measuring risk in various categories on an ongoing basis. Like the matrix above, the dollar amount under “Cost” will vary for example, but a “5” would be a significant portion or even majority of the time period’s forecasted income, while “1” would be a small amount. Using this matrix, a small business owner can sketch out where the biggest risks may lie, and then update this weekly or biweekly. Everything listed in the top two lines are usually business-critical and this matrix helps keep the most urgent issues front and center.

Issues might include IT security, compliance issues if applicable, delivery of vendor shipments or contributions, launching a new product line, and more.

KEY RISKS FACED BY THE FINANCIAL SECTOR

From small member-owned credit unions to global investment banking institutions, the financial sector faces unique risks that could affect the holdings and net worth of their customers. Some countries require that some institutions (typically banks) belong to a network of companies that insure deposits up to a certain amount. Financial sector risks include:

  •  Investment Risks: No investment is guaranteed, of course, but an investment company must weigh and measure risks on behalf of their clients in a fiduciary role. Even with the best of intentions and research, however, some investments that seemed smart, even conservative, may end up virtually valueless. Enron is a classic example of an investment risk.
  • Security: Financial institutions must embrace security at every level, from securing its depositors’ accounts to executing secure transactions. Phishing is on the rise, as is ransomware, and customers may accidentally click on a malicious email, compromising (even temporarily) their accounts. Updating security systems is crucial, as is educating customers on the importance of checking emails before clicking, changing their passwords often, etc.

  • Breaks in Business Continuity: A financial institution can’t always predict the business landscape, so it must be able to pivot when businesses have breaks, merge, close, and more.

The Basel II Accord of 2006 stipulates that financial services are required to use risk management software. The international regulation requires that banks have enough cash reserves to cover the financial cost of problems in the business, including fraud and IT.

The main integrated financial trading systems, such as Misys Summit, Calypso, and Murex, have risk management and compliance at the heart of their businesses. Misys is a London-based financial conglomerate that began serving the insurance industry and now is a leading all-up financial services company. San Francisco-based Calypso Technologies provides solutions to financial trading companies around the world. Murex, based in Paris, provides software IT products and solutions to the financial sector. These companies and their solutions service hundreds of other financial companies, so it’s business-critical that they align to strict regulatory statutes, and that the companies they work with align and integrate with them accordingly.

Mark Opila is CEO of Patrina Corp., a data and records management and compliance company based in New York. The company provides solutions to the financial sector in critical compliance areas.

Click HERE to continue reading