A risk is uncertain event that has potential to cause harm or being an opportunity to the business. Management means to plan, control and make decisions.
Why risk management? Risk management is to ensure that you anticipate potential events that could cause profits or a loss to the business, and to prevent unexpected bad events that could threaten success.
The whole objective is to ensure that the business is a going concern. You don’t want to come to work and find the company has been closed because it has a lot of accumulated debts. It has not been paying staff salaries, not paying taxes or because all the company information has been stolen or the computers have all crushed. This means that you have to identify those events which could cause the business to get to its knees and the process of doing so is risk management.
How do companies then mitigate risks?
Many companies will say; what are those assets we have which if they got a bad event would cause the business to collapse. Say our computers and printer are critical assets. What would happen to the business if they are stolen? May be the business could collapse. So what do we do? Instead we have to find a way to prevent this from happening for example by getting insurance so that in case they are stolen insurance can pay us money and restore them.
In this case our business continues as a going concern. Therefore risk management objective is ensuring that the business does not close by anticipating potential bad events and ensuring that they don’t occur and where they occur. The impact is properly mitigated or reduced as much as possible through effective measures like insurance/ risk transfer, risk acceptance or managing the risk/ daily back-ups to ensure that the computer data is not lost.
For example the bombing of the Twin Towers in New York by terrorists whereby many companies’ servers and systems were destroyed. In Uganda where a local bank had its server in the basement which was the most secure place since nothing had ever happened. However, there was a season when it rained too much that water began flooding in the basement, entered the server and the whole system went off. What helped the bank were the regular back-ups of data off site in another location outside the main building. Because when the entire system went off, it took almost two days to recover up the back-ups. Hadn’t the bank backed up, it would be catastrophic. The question would have been; “how would you know a given customer’s balance, how much had been deposited or withdrawn?” It would be a big challenge.
Business managers therefore have to anticipate key events which would cause business problems. They ensure that there are appropriate measures to prevent them from happening. Once this is done properly, that is risk management. The major objective of risk management is to ensure that the business is a going concern, profitable and business disruptions are mitigated as much as possible so that success is assured.