The Purpose Of Risk Governance And Management Within An Organization, And Its Role In Building Resilience

Discussion

Risk management is one of the most important aspects of an organization in today’s world. Due to improper market analysis, many products as well as services offered by the different companies have been seen to be complete failures. Improper accessing of resources and unsuccessful risk management plans in unforeseen situations results in tremendous economic losses for the organizations.

The following report will highlight the different aspects risk management and will discuss in details the traditional risk management as well as enterprise risk management and will explain in details the difference between the two methodologies. By the end of the report, the reader will have a clear idea of the process of risk management in the large enterprises in today’s world and how a disaster can be recovered using effective techniques.

Risk governance can be used to refer the different conventions for framing the rules as well as processes that are used in order to implement the risk prevention tools and frameworks. There are different kinds of risks that exist in the organizational operations such as risks related to human workforce, data security, unforeseen situations such as system crashes as well as natural disasters, financial risks in the market, product recalls and failures in the market etc (Horita et al. 2015). The guidelines that are used in order to prevent or mitigate these risks in the organizations are defined using a procedure known as risk governance (Haimes 2015). Risk governance not only helps in controlling or mitigating these risks but also helps the management to come up with strategic tools to take calculated risks for the overall benefit of the organizations (Hammoudeh, Santos and Hassan 2013). Risk governance can be both normative as well as positive, because it helps in the analysis of risk management, and aims to avoid and/or reduce effect of the human as well as economic losses caused by the different sources of threats for the organizations.

There are two broad categories of risk management, which are traditional risk management or TRM as well as enterprise risk management or ERM. Traditional risk management manages the different kinds of risks that it face by placing adequate responsibilities on the top management and depending upon them to mitigate the risks with their own authority and areas of responsibility (Glendon and Clarke 2015). For instance, the Chief Technology Officer or CTO id the one who solely handles the risks associated to information technology or the treasurer who deals with monetary or financial risks.

Traditional Risk Management vs. Enterprise Risk Management

Due to the issues and drawbacks of the traditional risk management methodology the more advanced enterprise risk management came into existence. The enterprise risk management aims to develop a more holistic approach of risk management that focusses on the risks on a priority basis wherein the most significant risks are first addressed to ensure that the concerned department achieves its objectives without having to worry about the risk consequences (Cole et al. 2013). This approach helps in the creation of a top-down enterprise view for all the available risks that has the capability to affect the entire business outcomes as a whole(Chance and Brooks 2015). The major differences between the two approaches are explained below in the tabular format:

Traditional Risk Management	Enterprise Risk Management
It is much more segmented as well as departmentalized according to the different departments within the organization.	Enterprise risk management is a much more holistic approach.
Each department has its own dedicated risk manager that deals with its own risks.	It ideally starts from the top management or the leadership teams comprising of the board of directors or presidents within an organization.
In this approach, the concerned department has little or no idea of the overall risks faced by the organization from different aspects.	It provides a much broader prospect covering all the possible risks of an organization (e.g. financial risks, product failures, employee unrest etc.).
Primary focus is all about dealing with the department specific risk within the organization (tactical).	The primary focus is about lowering the risk consequences, increasing organizational sustainability as well as providing cost savings across the different data centres or branches of a given organization (strategic).
Uncertainties and risks associated to physical as well as financial loses are covered under this approach of risk management.	The entire asset portfolio is accessed by this approach that include intangible assets such as proprietary systems, customers, suppliers, innovative processes as well as employees
Risk mitigation solutions are ideally based on individual expertise of the risk professionals as well as their decision-making skills.	Strategy setting across the entire organization often decided by the top management is an integral component of the enterprise risk management approach.

General motors in the year 2014 had faced a major financial crisis due to improper market analysis. However, using the traditional risk management approaches they had not paid much heed to the crisis as once stated by Mustafa Mohatarem, chief economist at the General motors “There is a tendency to underestimate the risk. It is relatively easy to say, ‘Well, it’s a low probability risk, let’s go on’”. Therefore the company had failed miserable to allocate the right responsibilities to the right people at the right times at the time of the financial crisis.

General Motors ended up with a massive strategic failure that seemed to erupt form a relatively “low probability” event, as evaluated using TRM. Roughly, 3.1 million vehicles had to be recalled with the company having to pay a hefty fine of $300 million to the government. The Justice Department of the United States had also started a criminal case against the company to investigate if it purposely withheld information about the defective vehicles form the customers (Acharya, Schaefer and Zhang 2015). None of these risks was capable of being pre evaluated using TRM and served as a biggest example of TRM failure for other firms to learn from.

Figure 1: Risk management system in General Motors (Acharya, Schaefer and Zhang 2015).

Organizational resilience can be defines as the capability of the organizations to withstand the different kinds of changes in the work culture as well as the business environment and ensuring that the normal operations still continue normally (Adeusi et al. 2014). It is the ability of the organization to withstand the difficult times by adopting innovative alternative solutions at crisis times without having to permanently implement them in business operations, in order to help the organizations achieve their business goals.

Key Limitation of TRM using the Case Study of General Motors

Organizational resilience has a direct relation with risk governance. Risk governance helps in determining the tools and frameworks in order to determine the different risk mitigation techniques (Cardona 2013). However if there are no basic data policies or organizational policies such as strict human resource policies, efficient disaster recovery mechanism, data backup policies etc., there will be no use of even having a risk governance strategy in such organizations (Lam 2014). During periods of financial crisis, the changes come about quietly swiftly in the market and the working operations in the organizations changes. At the very same time advances are seen in the technologies and tools used in risk management as well as internal changes in business operations that make the organizations resilient (Teller 2013). Complex nature of the risks help the organizations come up with newer challenges as well as opportunities to grow. The corporate as well as the financial landscape of the organizations changes with these risks and are directly dependant on the capability of the organizations to handle such risks.

It is extremely important for the organizations to consider the goals that they aim for irrespective of their ability of handling the risk, which are directly/indirectly related to their goal achievement. The top management should always understand the importance of the uninterrupted interaction with the customers as well as the shareholders of the company and ensure that the risks that they plan to mitigate do not affect the organizations relationship with its customers or shareholders (Mair and Burke 2013).

• The viability as well as sustainability of the different enterprises is always under a process of changing and being tested (Bessis 2015). Therefore, most of the organizations are beginning to realise that the traditional enterprise models of risk management are not effective enough and sufficient to protect the organizations from unforeseen situations.
• The companies should be able to absorb the different events that makes change a necessary process in order to compete with the latest technologies and state of art methodologies in order to attain competitive advantage in the market.

Some of the most commonly used methods by the organizations in order to build reliance within the organizations are briefly stated below in the following pointers:

• Unforeseen situations and crises should not be seen as insurmountable issues.
• Leaders should take steps to move towards the organizational goals.
• Actions should be decisive in nature (Chan 2015) (Bowers and Khorakian 2014).Employees as well as other risk should always be in a process of self-development as and they should be flexible in adopting the changes.
• A well-structured perspective should be maintained for each of the changes as well as risk management strategies.
• The employees should maintain a positive optimistic work attitude.

The strategies used in traditional risk management as well as enterprise risk management are explained below:

• Clarify the roles of department being affected by the particular risk.
• Understand the specific department’s risk profile.
• Define the appetite of the department’s risk.
• Formulate a plan to mitigate the particular risk after discussion with the department head/dedicated risk manager for the department.
• Reinforce clear accountability to the risk manager for the risk.
• Verification of the strategy and risk mitigation within the concerned department.
• Assess the culture of the risk.

A four-step strategy to mitigate organizational risks using the enterprise risk management technique is explained below:

• Mapping the strategy: The strategy should be aligned to the financial aspects, needs of the customers, associated processes as well as the process of growth and development of the entire organization.
• Usage of strategy maps to identify the risks: Using a particular roadmap to the implementation of the risk mitigation strategy within the organization to ensure that it effectively removes the overall organizational threats.
• Access the risk: The identified risks from the different departments and entities within the organization should be integrated to come up with a risk to the overall organization and it should then be accessed and evaluated using data analysis techniques.
• Risk based management system: A proper management of the risks post their evaluation through market analysis should be carried out using effective information systems to mitigate or prevent risks in the future (McNeil, Frey and Embrechts 2015). This should be aimed towards the overall benefit of the organizations.

The risk management experts in the different organizations in today’s world use multiple aspects for evaluation of the risks and come up with business models that can make the organizations resilient to future changes or organizational disasters. Some of the areas fundamental areas that they concentrate on are explained below:

• The leaders have a clear sense of urgency to anticipate the change well. They believe that a little sense of panic among the employees is a positive thing to make the organization resilient.
• They are quite ambitious and visionary in terms of implementing the change and ensuring it works.
• They actively participate in the change implementation process and research on the strategies followed by other organizations to ensure that they are at par with the other organizations in terms of risk management and ensuring a resilient work culture (Mechler 2016). The leaders are proactive in shouldering responsibilities in the process of framing the different organizational strategies to ensure that the common goals are achieved and a resilient work culture is sustained even after the change implementation, in the future.
• The leaders do not waste much time on processes that are not feasible or the outcomes that cannot be measured. Instead, they focus on possibilities that are more closely related to the practical scenarios faced by the organizations.

With the advent of information technology as well as mobile devices risk management is getting more and more advanced. In recent studies, it has been found that about 30 percent of the banks within Europe and 25 percent in the other parts of the world have individually already invested about 25 percent of their annual budget in the field of digital risk management to ensure a risk free future (Olson and Wu 2015). Increased market competition as well as competitive advantages that exists within the different organizations has led the organizations to come up with  aggressive technologies and business models and other services such as customer offerings, automation of tools as well as processes and improved risk models for the future. The banking industry across the world is in a constant process of research in risk management as well as hiring more number of risk professionals in the future to ensure safe and secure business operations and optimum customer satisfaction (Pritchard and PMP 2014). Through digitalization in risk management, the different industries can expect better business analysis as well as generation of revenue (Teller and Kock 2013). Economic as well as financial risks will be much under control.

Organizational Resilience and Its Relation with Risk Governance

Conclusions:

Therefore, it can be concluded from the above report that in spite of the enormous success that the different organizations attain in the different industries all across the world, it is vitally important for the management to have an efficient back up plan for any kind of unforeseen situations within the work operations. It is extremely important that the companies have a properly defined risk management strategy to ensure that crises are well handled by the risk experts and there is no disruption in the normal operations of the organizations. It should be ensured that there are proper data storage as well as back up plans in the organizations to ensure that there is no loss of data in case of unforeseen situations such as natural disasters or system failures. This can help the organizations to delve deep into the issues that they face in terms of risk management. Market analysis should be properly carried out to ensure that data that is collected form the different sources such as customer feedbacks as well as companies are effectively used in order to come up with proper risk mitigation techniques in the future. It is also important that future research is also carried out in the field of risk management to help the organizations come up with more advanced forms of enterprise risk management that should be able to cover up for all the issues and drawbacks faced in the traditional approaches.

References:

Acharya, V.V., Schaefer, S. and Zhang, Y., 2015. Liquidity risk and correlation risk: A clinical study of the General Motors and Ford Downgrade of May 2005. The Quarterly Journal of Finance, 5(02), p.1550006.

Adeusi, S.O., Akeke, N.I., Adebisi, O.S. and Oladunjoye, O., 2014. Risk management and financial performance of banks in Nigeria. Risk Management, 6(31).

Bessis, J., 2015. Risk management in banking. John Wiley & Sons.

Bowers, J. and Khorakian, A., 2014. Integrating risk management in the innovation project. European Journal of innovation management, 17(1), pp.25-40.

Cardona, O.D., 2013. The need for rethinking the concepts of vulnerability and risk from a holistic perspective: a necessary review and criticism for effective risk management. In Mapping vulnerability (pp. 56-70). Routledge.

Chan, N.W., 2015. Impacts of disasters and disaster risk management in Malaysia: The case of floods. In Resilience and Recovery in Asian Disasters (pp. 239-265). Springer, Tokyo.

Chance, D.M. and Brooks, R., 2015. Introduction to derivatives and risk management. Cengage Learning.

Cole, S., Giné, X., Tobacman, J., Topalova, P., Townsend, R. and Vickery, J., 2013. Barriers to household risk management: Evidence from India. American Economic Journal: Applied Economics, 5(1), pp.104-35.

Glendon, A.I. and Clarke, S., 2015. Human safety and risk management: A psychological perspective. Crc Press.

Haimes, Y.Y., 2015. Risk modeling, assessment, and management. John Wiley & Sons.

Hammoudeh, S., Santos, P.A. and Al-Hassan, A., 2013. Downside risk management and VaR-based optimal portfolios for precious metals, oil and stocks. The North American Journal of Economics and Finance, 25, pp.318-334.

Horita, F.E., de Albuquerque, J.P., Degrossi, L.C., Mendiondo, E.M. and Ueyama, J., 2015. Development of a spatial decision support system for flood risk management in Brazil that combines volunteered geographic information with wireless sensor networks. Computers & Geosciences, 80, pp.84-94.

Lam, J., 2014. Enterprise risk management: from incentives to controls. John Wiley & Sons.

Mair, G. and Burke, L., 2013. Redemption, rehabilitation and risk management: A history of probation. Willan.

McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative Risk Management: Concepts, Techniques and Tools-revised edition. Princeton university press.

Mechler, R., 2016. Reviewing estimates of the economic efficiency of disaster risk management: opportunities and limitations of using risk-based cost–benefit analysis. Natural Hazards, 81(3), pp.2121-2147.

Olson, D.L. and Wu, D.D., 2015. Enterprise risk management(Vol. 3). World Scientific Publishing Company.

Pritchard, C.L. and PMP, P.R., 2014. Risk management: concepts and guidance. Auerbach Publications.

Teller, J. and Kock, A., 2013. An empirical investigation on how portfolio risk management influences project portfolio success. International Journal of Project Management, 31(6), pp.817-829.

Teller, J., 2013. Portfolio risk management and its contribution to project portfolio success: An investigation of organization, process, and culture. Project Management Journal, 44(2), pp.36-51.