Wednesday, 24 August 2011

Strategic Risk management: Risk Reporting and Treatment (2)

In an earlier article, Tempering the Pursuit of Profits, I discussed about how profit and non-profit seeking organisations can manipulate the way they make profits. One central component in that piece was matching risk and reward. Organisations face a choice of taking higher risk ventures with higher reward and then effectively and efficiently manage those risks or taking a lower risk venture with low return. Taking on high risk activities involves a strategic risk management approach. In the last article on risk management, I discussed how taking risk involves an extensive risk management from assessment to evaluation. In this article I am looking risk reporting and communication as well as risk treatment.  

Risk Reporting and Communication
For internal reporting purposes different levels within the organisation need different information from the risk management process. For example while the board of directors would like to know about the most significant risks facing the organisation, business units within the organisation would be aware of risks which fall into their area of responsibility, and individuals would understand their accountability for individual risks.

External reporting enables a company to report to its stakeholders on a regular basis setting out its risk management policies and the effectiveness in achieving its objectives. Good corporate governance requires companies adopt a methodical approach to risk management.

Risk Treatment
The process of selecting and implementing measures to modify the risk is called risk treatment. This process includes risk control/mitigation and extends to risk avoidance, risk transfer, risk financing, etc. A system of treatment should have a threshold of efficient and effective operation of the organisation; effective internal controls; and compliance with laws and regulation.

Making a detailed risk analysis assists the effective and efficient operation of the organisation by identifying those risks which require attention by management. Risk control actions are prioritised in terms of their potential benefit to the organisation. Effectiveness of internal controls is the extent to which the risk will either be eliminated or reduced by the proposed control measure by a cost/benefit analysis. Compliance with laws and regulations is not an option. Understanding the applicable laws and implementing a system of controls to achieve compliance is a must.

Further reading:

Saturday, 13 August 2011

Strategic Risk management: Risk Assessment – Analysis and Evaluation (1)

Risk and Risk Management:

Risk can be defined as the combination of probability of an event and its consequences (ISO/IEC Guide 73). There are opportunities for benefit (upside) and threats to succeed (downside) in all types of undertaking which are the results of potential for events and consequences. Risk management is increasingly being considered from both positive and negative perspectives. In this first part of the article, we are going to look at the general background of risk, risk assessment which includes risk analysis and evaluation.

The central part of any organisation’s strategic management is risk management. It is the process of methodically addressing the risks attached to their activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities. Identification and treatment of these risks is the result of a good risk management. The goal is to add value (sustainable) to all activities the organisation undertakes. Risk management should also be a continuous and developing exercise running through the organisation’s strategy to the implementation of that strategy. It must also be embedded and integrated into the culture of the organisation through an effective policy and/or programme led by the most senior management. The risks facing an organisation and its operations can be categorised into factors both external and internal to the organisation.

Another method of classification is to reflect broad business functions, groupings risks relating to production, information technology, finance and so on. However, directors also have to ensure that there is effective management of both the few risks that are fundamental to the organisation’s continued existence and prosperity, and the many risks that impact on day-to-day activities, and have a shorter time frame compared with longer-term strategic risks. These two types of risk can be categorised as strategic and operational respectively.

Risk Assessment – Analysis and Evaluation

The risk management process itself starts with the organisation’s strategic objectives, and continues with risk assessment, analysis and evaluation. Risk reporting, decision, risk treatment, residual risk reporting, monitoring. Risk assessment is the overall process of risk analysis and risk evaluation (ISO/IEC Guide 73). Analysing risk starts with risk identification. This requires an intimate knowledge of the organisation, the market in which it operates, the legal, social, political and cultural environments in which it exist plus a sound understanding of its strategic and operational goals including factors critical to its success and the threats and opportunities related to the achievement of these goals.

Within risk identification is risk description which aim to display the identified risks in a structured format. The design of well structure would ensure a comprehensive risk identification, description and assessment. This includes consideration of the consequences and probabilities of each risk; and prioritising and categorising them according to business activity. Estimating risk can be quantitative, semi-quantitative or qualitative in terms of probability of occurrence and possible consequences. Risk is analysed using a range of techniques which are specific to upside or downside risk. The end results are a risk profile that gives a significant rating to each risk and provides a tool for prioritising risk treatment effort. A comparison of the estimated risk against the risk criteria which the organisation has established is risk evaluation. This criterion may include associated costs and benefits, legal requirements, socio-economic and environmental factors, concerns of stakeholders, etc. Risk evaluation is therefore used to make decisions about the significance of risks to the organisation and whether each specific risk should be accepted or treated.

Wednesday, 10 August 2011

Strategic Make or Buy Decisions (1)

Outsourcing or ‘contracting out’ traditional known as ‘make or buy’ decisions refers to the process of procuring a good or service from a third party, rather than generating such offering internally, in accordance with terms which are legally enforceable, or contractual. Outsourcing is a decision to move internal functions to an external supplier. Traditional make or buy decisions were confined to manufacturing operation. Toady such decisions are extended to the service industries. This articles reviews outsourcing as a strategic exercise, potential benefits and problems, and considers a new management skill, supply chain management. In another article I will be looking at how the finance function can be contracted out, a case study of outsourcing the finance department and review of internal outsourcing.
Strategic Decision
Outsourcing has been part of revolution of strategic thinking; the aim is develop a competitive organisation, where investment and management attention is to focus on narrower set of activities, mainly core capabilities to obtain competitive advantages. An organisation using a cost leadership strategy will adopt cost reduction decisions including a consideration to outsource. Others follow a differentiation or focus strategy will be aiming to improving core competencies to create value for their customers.

Cost Reduction
In a fiercely competitive business environment, organisations strive to deliver greater value at reduced cost. Pressure to reduce indirect or overhead costs necessitates contracting out some functions. The cost of the finance function is one such cost. Outsourcing aspects of the finance function may, therefore secure cost savings.

Focus on Core Competencies to Add Value
In assigning responsibility for activities to third parties, organisations are afforded the opportunity to focus on core competencies integral to the creation or addition to value. Where a core activity has high profit margin, the internal provision of financial services to support this operation erodes this profit unnecessarily if a similar service can be purchased for fewer resources from an external source.

Potential Benefits and Problems
An organisation’s core capabilities form a chain of activities that managers integrate to create a distinct type of value for its customers, thereby achieving competitive advantage. The organisation has to question performance for each activity in the value creation system. What level of performance is good or better than any organisation in the commercial world?  Could improvement be achieved through outsourcing or some other form of external supply?

Outsourcing improvements are strategic in nature: in terms of cost, quality, flexibility, reduced overheads, costs becoming variable, access to economies of scale and to advanced technologies; increased leverage of core knowledge and skill; improved focus on development of core abilities and a more compact organisation.

However outsourcing failures are not uncommon. Failure to achieve anticipated cost savings often occurs. A large proportion of outsourcing clients only break even, or sometimes find costs increase. These may arise due to low vendor estimates, misunderstanding of the contract, and the costs of establishing and monitoring supply. Similarly, outsourcing can results in reduced quality, especially, where service levels are poorly specified and monitored. More seriously, outsourcing has been accused of helping create the ‘hollow corporation’. This is the cumulative effect of outsourcing decisions which were not made to provide leverage for a firm’s skills and knowledge, but to incrementally undermine those core capabilities on which the organisation relies for its competitive ability.
Outsourcing requires skills to identify, evaluate, and compare the relevant costs of using an external or internal source of supply. As outsourcing decisions has become of increasing strategic importance, so the skills required of managers had to develop to ensure they are fully able to contribute to the development and implementation of an organisation’s outsourcing strategy. These include assessing strategic decisions in preparation for evaluating available strategic choices, followed by implementation, change management and supply chain management.

The outsourcing decision has, in many instances, become more strategic requiring recognition of other strategic factors and their longer-term development, in particular supply market conditions and effective management of the supply chain. In addition, managers need to constantly bear in mind that outsourcing decisions must be consistent with achieving increased strategic effectiveness, particularly by helping to develop the organisation’s particular form of competitive advantage.
Supply Chain Management
The development of a new management skill is the results of external supply. Managers need to develop skills in identifying potential suppliers and evaluating their reliability. Contracts will need to be specified and negotiated to deliver standards of performance which the buying organisation may not have explicitly recognised before. Change management is required to address changes in employment required by outsourcing, and to deal with the possible loss of motivation experienced by in-house staff. In addition managers have to learn how to work with supply organisations and its different culture, and to effectively monitor supplier performance.

Making Outsourcing Decisions
Each industry and business is, in some respect, unique. Consequently, the factors that should be considered when making an outsourcing decision will differ between each organisation and its specific context. Standard analytical tools are useful when considering the context of outsourcing decisions, while the value model helps maintain an overview of the sourcing decisions being made by an organisation. Organisations often develop a comprehensive analysis of variable and overhead cost including all of the activities associated with the operation of the activity, its supporting assets and its development. Others include opportunity costs associated with those resources that would be made available through outsourcing, such as an alternative revenue stream that could be established by in-house staff, or alternative use of office space.

In principle, cost analysis should also be extended to include the cost of potential supplier. To avoid the familiar disappointing cost performance of outsourced activities, any claim for lower cost of supply must be confirmed by identifying such cost drivers as economies of scale, superior learning leading to cost reduction, and labour agreements that provide a lower cost base.

Many industries face conditions that include increasing competitive pressure, the need to achieve developments more rapidly, and variable demand and the consequent threat of periodic excess or insufficient in-house capacity.
A closer examination of the outsourcing option is called for each of these factors. The manager, through developing cost comparisons, has always had a key role to play when making outsourcing decisions. The outsourcing decision has, in many instances, become more strategic requiring recognition of other strategic factors and their longer-term development, in particular supply market conditions and the effective management of the supply chain. In addition, the manager needs to constantly bear in mind that outsourcing decisions must be consistent with achieving increased strategic effectiveness, in particular by helping to develop the organisation’s particular form of competitive advantage.

Making outsourcing decisions and managing supply relationships requires wide-ranging expertise. This requires a team approach in which all members – including the manager – seek to develop a full understanding of what can often be a complex strategic decision.