Any business activity carries with it varying degrees of uncertainty that can pose threats of varying severity, particularly if left unmanaged. We call these threats Risks.
El risk It is inherent to any activity, business or not. They appear at any point in the lifecycle of the activity being performed. It is in itself, part of the activity itself. Thus, an activity will not be well defined to the extent that, in its definition, the risks that they can stalk her.
In a company, any business, administration or support area carries out activities in such a way that risks they are part of the same areas.
And within these uncertainties, which ones can be considered risks?
Basically they are those uncertainties that:
- Are directly or indirectly related to the activities of the company or organization
- They must be relevant in terms of the magnitude of the problem that they can generate
- They are complex to manage. They usually appear together
- Produce inefficiencies and ineffectiveness in carrying out the affected activity or activities
- They can generate an economic loss or lost profits.
By their nature, Risks can be classified into:
Systemic or Context Risks
These are risks that are based on situations generated outside the scope of the company or business. Its impact is generic, and affects a certain activity or all the activities of the companies in a market or a group of them, or even the world market. They are presented in:
- Economic crisis
- Political-social tensions in the activity market
- Lack of Legal Security
- Health Crisis
- Natural disasters
- Regional or global impact accidents
- Geopolitical tensions
- Poor State Administration
- Deficiencies of operation in systemic organizations or companies
- Etc
Non-Systemic Risk
These are risks that are generated within the scope of the company's activities, and may only affect the company itself, or others related to it; but not to all markets. They are normally classified by their nature:
- Economic/Financial Risks
- Investment/Diversification
- Financing
- Solvency/Liquidity
- Infrastructure and Services Costs
- Collections/Payments
- Credit
- Dependence on Asset Markets
- Legal/Fiscal/Regulatory Risks
- Compliance with Rules and Regulations
- Defense/Demand
- Management and Follow-up of Matters
- Operational Risk
- Execution of Decision Processes and Procedures, Production, Marketing, Distribution, Administration, Control and Communication and Management
- Organizational Structure and Operation
- Internal and external fraud
- Material Asset Damage
- Supply and Distribution Logistics
- Purchasing and Supplier Management
- Environmental Management Risks
- Civil Liability Risks
- Other Non-Prudential
- Technological Risk
- Direction/Organization/Management of the Service and Technological Assets
- Production/Execution/Communication
- Cybersecurity (Access and Execution)
- Development/Acquisition and Maintenance of Assets and Services
- Talent and People Risk
- Catchment
- Formation and Evolution
- Assignment
- Retention
- About people
- Management of Labor Relations and Personal Collaborations
- Business Risk
- Offer
- Market Perception (Reputational)
- Communication
- Marketing
- Law
- Client Access
- Distribution
- Management of third party partners in the Business
- Decision Support Models
- Strategic Risk
- Institutional Relations
- Strategic Decisions in the areas of Market, Economic, Production, Operation and Management and Compliance of the Company.
Risk management
The management of risks It is based in any case, on two main pillars:
- Prevention.- to avoid as much as possible that the risk materialize
- Mitigation.- to minimize the negative impacts that the risk materialized
And on the other hand, Prevention is achieved with:
- El Control, to know the probability, moment and intensity of the materialization
- La Anticipation, to act and avoid possible damage or limit its scope
While Mitigation uses measures aimed at reducing the impact or intensity of the damage.
These three elements require:
- True, complete, coherent and consistent information about the threat situation at all times, punctual disposition of all the estates involved in risk management, including the Management Committee.
- Knowledge of the way in which each risk produces its impacts, to allow managers to interpret and assess the potential damage to which the Company is exposed.
- Planned measures of avoidance or mitigation that prevent potential damage from being irreparable
- Real Capacity for Implementation of the Measures expected
Risks never come alone. The existence of a threat in one activity generally creates other threats in related activities. The solution is normally complex, so the initial risk avoidance must be pursued.
El Control and Anticipation It is carried out on the activity where the risk originates.
La Mitigation It is carried out on all the activities that may be affected by the materialization of the risk, even if it has not been generated in any of them.
Does your organization contemplate all possible risks? Is there a risk management policy?