Poor risk management has been fingered as one of the principal reasons for the current state of the nation’s financial institutions, particularly the banks.
The five banks whose MDs have been relieved of their posts have also been accused of taking poor leadership decisions that resulted in huge risk exposures that threatened shareholder interest and depositorâ€™s funds.
The question is what exactly is Risk Management and how can a poor risk management system lead to poor business performance? Risk Management is a system of processes that a company uses to identify, assess, quantify and control risks that could impair the achievement of defined business objectives. Effective risk management practices support an organization to achieve the following:
Asset protection- Protect the business from avoidable adverse events or occurrences as well as recognizing potential opportunities that conform to the companyâ€™s management policy.
Proper risk management strategies shield companies from risks arising from blind pursuit of untested market opportunities. By deviating from using traditionally stable collateral and security against loans, many banks succumbed to the temptation of using share certificates as collateral for funding increased activity in the stock market. The attraction of the quick profits from a stimulated stock market growth provided a very weak foundation for managers to jettison their fundamentals and plunge deep into trading in shares on the assumption that the upward price movement will never stop.
Compliance- Ensures compliance with internal company management policies and external regulations by government agencies such as Central bank of Nigeria, Department of Petroleum Resources, etc
Build trust- by communicating the existence of strong values inculcated into regular principles and practice of effective risk assessment and management, customer and consumer confidence is boosted. People would rather do business with institutions they can trust.
Enhance sustainable profitability- Experienced managers are always cautious when emerging market trends in their industry generate huge returns on investment for almost any player. This is because the road to wealth and profits is never flat, common or popular.
Effective risk management practices allow business managers to shield their operations from diverting to practices that expose them to high risks that are outside their control range. Although these might mean lower profits in the short run, the performance is more sustainable. As the positive momentum is sustained, geometric growth is likely to result from compounding effects over the years.
Cost savings- Good risk management systems save companies huge sums of money, time and resources. Timely risk assessments identify potential risks that if undetected may lead to very high mitigation costs if detected at an advanced stage of business or project implementation. A major satisfaction we get from the corporations we support is the significant cost savings that result from developing and implementing effective risk assessment and management systems.
Unfortunately, many corporate executives see risk management as an irritant that only serves to assuage regulatory agencies instead appreciating the extremely valuable benefits to the organization.
Manipulation difficulties- Where a risk management system is clearly written and communicated to all employees and directors, it makes it difficult for any individual to manipulate or violate the codes. Usually, in risk management systems, only the highest level executives are authorized to waive risk acceptance guidelines for high risk activities but such waivers must be duly endorsed in writing.
It is for this reason that senior executives are made liable for the negative consequences of any action taken on high risk investments, projects, credits or operations. Disrespect for the policies in a risk management system is as bad as a non-existent risk management process, if not worse.
Basic elements of a risk management system
Risk management is a definite, written and communicated process for identifying and managing risks. Consequently, it must have the five basic elements of a standard management system.
Objective- The primary purpose of establishing the system should be clearly defined. This objective can be classified into four broad areas namely: Financial risk, environmental risks, risks to people (staff, public) and public reputation risks.
To define this objective as clearly as possible, A risk acceptance criteria (RAC) must be stated for all areas of risk exposure. These definitions are usually represented on a risk matrix together with easy to use working definitions for parameters used in generating risk estimates. Weâ€™ll discuss the Process of establishing a corporationâ€™s risk acceptance criteria in the future articles.
How- Policies and Procedures define the roadmap for achieving stated objectives. They identify standards, tools and techniques to be used in conducting risk analysis, risk estimation and guidelines for determining adequacy of preventive and mitigative safeguards or management controls
Who- Accountable and Responsible Resources. These identify the people, job positions and experience required to implement the requirements as stated in the Policy and Procedure Manuals. The leadership of companies usually have the responsibility of driving development and compliance.
Verification and measurement- There must be provision for periodic auditing of performance, verifying compliance, and identifying potential improvement opportunities. This process is of prime importance. Assessment teams and staff members should be encouraged to give candid feedbacks that would enhance the process. The challenge here is that employees who see their manager or supervisor as having little or no regard to risk management policies are more likely to impair the quality of audit and/or compliance.