Making money by better managing business risks

Originally published by Alex Sidorenko in Times of Malta:

As we continue to adapt to a highly volatile environment and increasing regulatory pressures, businesses should be more proactive about risk management. There are three reasons why organisations may want to invest in risk management activities:

1. Reduce compliance costs

There are certain risks that have to be managed because it’s the law: the rewards for good management of such risks are usually limited but the downside for failing to manage them is significant. Examples include compliance risks like fraud, money laundering, safety, environmental, security risks and others.

Furthermore, the consequences for ignoring such risks may include reputational damage, leading to loss of revenue, heavy fines, business interruption for extended periods of time, increased regulatory scrutiny or increased future compliance costs.

As regulators are putting a lot of pressure on companies to comply, executives are looking for new ways to improve performance and meet the ever-increasing regulatory demands. Better, more proactive risk management could be the answer. However, many organisations are still choosing to ignore risks instead of managing them.

Noble prize winners in economics Daniel Kahneman and Vernon Smith, as well as others, have conducted a lot of research explaining how executives make decisions under uncertainty and why many choose to ignore compliance risks that have limited upside and significate downside.

Scientists have identified over 200 cognitive biases that influence people’s attitude to risk. Cognitive biases are psychological tendencies that cause the human brain to draw incorrect conclusions. The notion of cognitive biases was introduced by Amos Tversky and Daniel Kahneman in 1972 and grew out of their experience of people’s innumeracy or inability to reason intuitively with the greater orders of magnitude.

They and their colleagues demonstrated several replicable ways in which human judgments and decisions differ from rational choice theory. Some of the cognitive biases that influence management attitude towards compliance risks include normalcy bias (the refusal to plan for, or react to, a disaster which has never happened before) and pseudo-certainty effect (the tendency to make risk-averse choices if the expected outcome is positive, but make risk-seeking choices to avoid negative outcomes).

In the end, while it makes economic sense to manage compliance risks well (improved operational performance, improved reputation, better relationship with regulators and hence reduced compliance costs), this alone is not sufficient to motivate most companies to adopt proper risk management.

2. Improved  decision making

Another benefit from risk management comes with improved business decision-making. Timely risk analysis helps neutralise many cognitive biases associated with decision- making under uncertainty and significantly improves the quality of the overall decision-making process. Decisions that can be improved through risk management include budgeting decisions, investment decisions, purchasing decisions and literally any other significant decisions that are associated with high uncertainty.

Risk management is not just about tools and techniques; it is about changing the corporate culture and the mindset of management and employees to think about risks and be proactive about managing them. While the benefits of improved decision making are significant and can save companies millions in the medium to long term, it is a challenge. Below are some practical ideas to improve risk culture within the organisation:

Develop high-level risk management policy:  It is generally considered a good idea to document organisation’s attitude and commitment to risk management in a high-level document, such as for example a risk management policy. This should describe the general attitude of the company towards risks, risk management principles, roles and responsibilities, risk management infrastructure as well as resources and processes dedicated to risk management. Section 4.3.2 of the ISO31000:2009 also provides guidance on risk management policy.

  • Integrate risk appetites for different risk types into existing board level documents; don’t create separate risk appetite statements.
  • Regularly include risk items on board or management meeting agenda
  • Include risk management roles and responsibilities into existing job descriptions, policies and procedures, committee charters – not into risk management framework documents
  • Update existing policies and procedures to include aspects of risk management
  • Review and update remuneration policies
  • Provide risk awareness training regularly
  • Use risk management games

Risk management is ultimately about creating a culture that facilitates risk discussion when performing business activities or making any strategic, investment or project decision. It’s a mind shift and it make take a lot of courage for executives to admit that decision quality needs improvement. Luckily there is another, more pragmatic reason to do risk management: it can immediately save a lot of money on insurance, financing and supplies.

Join the free webinar on integrating risk management into strategic decision making:

3. Saving money on insurance, supplies and cost of financing

Risk management is positively viewed by company stakeholders. This is why most stock exchanges around the world encourage listed companies to outline risk management activities in annual reports and on corporate websites. And while proactive risk management will improve company investment attractiveness in the medium-term, it can provide significant cost savings almost immediately:

  • Insurance: Most insurance companies will reduce insurance premiums or offer better insurance policy terms to organisations that can demonstrate proactive and effective risk management. This amounts to real annual savings. Effective risk management will also improve timely risk identification and response and will help prevent incidents.
  • Banks and investors: Risk management not only makes companies more attractive for banks and investors, it can significantly reduce the cost of financing. Many banks offer better loan terms to companies that demonstrate proactive and effective risk management, representing real savings on loan servicing, interest rates and so on. Having risk management in place will also help pass the annual bank audit and improve the overall relationship with the bank.
  • Suppliers: Many large suppliers insure accounts receivables.Organisations can save up to two to four per cent by sharing information about risk management and evidence of timely risk analysis with their suppliers. This will also help to improve the relationship with the key suppliers and help identify any supply chain risks.
  • Clients: Many clients, especially large international companies require basic levels of risk management in order to participate in tenders. Having robust risk management in place will help companies compete in more high-margin projects.

Risk management is not only good for long-term corporate sustainability and improving corporate culture in the organisation; it can also be a real cost saving tool for your company.

RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.