More and more companies do not regard risk management as a chore but use it for corporate management. But how does it actually work?

Risk management was a black box for many entrepreneurs for a long time. After all, you want to focus on opportunities and ignore impending risks. For some time now, however, there has been a clear change in thinking on the part of the company. This is shown by a study by Funk Risk Consulting from 2016, according to which awareness of the importance of risk management has increased steadily over the past few years. The importance of professional risk management services has now reached the consciousness of many responsible persons. More and more companies are putting the topic on their agenda. This also applies in particular to medium-sized companies.

Risk management to be a corporate culture

There are different motives for the newly sparked interest in handling one’s own risks: The increasingly stricter regulations with which companies are confronted play a role. For example, the new edition of the widespread quality management standard ISO 9001 since 2015 has also included a catalog of requirements for risk management in corporate culture.

At the same time, the business environment is becoming more unpredictable for many. Political risks related to issues, such as the current developments play a role here. Added to this are dangers such as cyber-attacks, fragile supply chains, hidden quality risks, or sudden loss of reputation – the list of risks that can have a direct or indirect impact on the success of a company today is long.

Merriam Holloway, a member of the SCurve management, says: “More and more companies have risk management with a high degree of maturity. In these companies, risk management creates a benefit and is not a mere formalism.” “Even if there is awareness, not all organizations have established a contemporary risk management system, there are weaknesses in operational execution and anchoring it in the corporate culture,” Holloway says.” Companies should not rely on a mix of intuitive risk assessment and optimism, according to Holloway.

“It doesn’t always have to be the ‘big risks’. Even a fire in a small supplier plant may seem manageable. A precise analysis could also reveal that the plant is responsible for supplying 70 percent of its own product range. Then the scenario of the fire very quickly develops into an existence-threatening crisis,” explains Holloway.

Examine the effects of cyber threats and the supply chain in the workshop

He, therefore, recommends that entrepreneurs take the time to analyze the risks. In the beginning, a two-day workshop with experts from Funk Risk Consulting is often sufficient, who use a stress test to examine the effects on business success, for example for the topic of the supply chain or for cyber threats. “We sit down with core management for a day and define scenarios that pose a substantial threat to the company. If important suppliers or production resources fall away, the liquidity development can be simulated over several months. If the results indicate a certain significance for business success, it is time to define accompanying risk management measures for specific dangers and to introduce them in the company,” explains Holloway. Such risk management consequently offers an entrepreneurial added value. Experience has shown that preparing the company for specific risk scenarios is cheaper than reactive processing during an acute crisis situation. Inefficient decisions are often made under pressure.