Risk management is the process of identification, analysis and acceptance or mitigation of uncertainty in investment decisions. Essentially, risk management occurs when an investor or fund manager analyzes and attempts to quantify the potential for losses in an investment and then takes the appropriate action (or inaction) given his investment objectives and risk tolerance.  There are three main types of business risks for analysts to identify: strategic risk, operational risk, and compliance risk, and five procedures to manage risks. This article will briefly introduce when each type of business risk occurs and how to fulfill a five-step risk management.
Strategic risk is the most important type of business risk in corporate finance. It arises when a business does not operate according to the business model or plan. A company’s strategy becomes less effective over time and it struggles to reach its defined goal. For example, when a company introduces new product to the market, the existing customers of the previous product may not accept it. The top management needs to understand that this is an issue of wrong targeting. The business needs to know which customer segment to aim at before it introduces new products. If new product doesn’t sell well, there’s always a greater business risk of running out of business.
Operational risk is another important type of business risk, but it has nothing to do with external circumstances; rather it’s all about internal failures. This risk arises from within the corporation—when the day-to-day operations of a company fail to perform. For example, if a business process fails or machinery stops working, the business won’t be able to produce any goods/products. As a result, the business won’t be able to sell the products and make money. An additional operational risk arises anytime a company’s reputation is ruined, either by one of the previous business risks or by something else, that runs the risk of losing customers based on a lack of brand loyalty.
The third type of business risk is compliance risk. To be able to run a business, a business needs to follow certain guidelines or legislation. If a business is unable to follow such norms or regulations, the compliance risk arises and it is difficult for that business to exist for long. For example, the wine industry must adhere to the three-tier system of distribution, where a wholesaler is required to sell wine to a retailer, who in turn sells it to consumers. If wineries directly sell their products to retail stores, they are violating the relevant wine regulation law. The best way to avoid such risks is to check the legal and environmental practices first before forming a business entity. Otherwise, later on, business will face the unprecedented challenge and unnecessary law-suits.
It’s more important to ascertain risks than simply categorize them, and one of the most commonly used measurement is through standard deviation. Analysts look at the average return of an investment and the average standard deviation over a specific period of time, then use both to construct a bell shape curve (assume the return of an investment is normally distributed). When applying the bell curve model, any given return should fall within one standard deviation of the mean about 67% of the time and within two standard deviations about 95% of the time. Thus, an S&P 500 investor could expect the return to be 10.7% plus or minus the standard deviation of 13.5% about 67% of the time.
After measuring risks, analysts begin managing risks following a standard five-step procedures. The five steps shown below are always combined to deliver a simple and effective risk management process.
Step 1: Identify the Risk. In this first step, analysts start to uncover, recognize and describe risks that might affect their projects or their outcomes.
Step 2: Analyze the risk. Once risks are identified, analysts determine the likelihood and consequence of each risk. They summarize the nature and characteristics of those risks and their potentials to affect project goals and objectives.
Step 3: Evaluate the Risk. Then, analysts evaluate each risk based on its likelihood and consequence, i.e. risk magnitude, to conclude whether it’s acceptable or is serious enough to warrant treatment.
Step 4: Treat the Risk (Risk Response Planning). During this step, analysts assess all the risks that are beyond acceptance and set out a plan to modify them to achieve acceptable risk levels, from the most serious one to the least.
Step 5: Monitor and Review the risk.
- Kenton, Will; “Risk Management”; Investopedia; May.15th, 2019; https://www.investopedia.com/terms/r/riskmanagement.asp#the-good-the-bad-and-the-necessary
Full Disclosure: Nothing on this site should ever be considered to be paid/official advice, professional research or an invitation to buy or sell any securities. The information contained is simply research, personal opinion, understanding and thoughts of the author.