Risk Management

Risk is defined as the uncertainty that affects the goals, missions, and plans of the organization and causes deviation, conflict or failure in goals. The risk management process is the process by which risks are identified, evaluated and analyzed and measures taken to reduce its negative impacts. According to the Comprehensive Risk Management Approach, the Risk Management Committee of Paydan Company is formed and is based on Risk Breakdown Structure, in five areas: 1- Strategic Risks, 2- Financial Risks, 3- Operational and Executive Risks, 4- Economic Risks and Social, Credit, Political, Legal, Legal and Contractual Risks Identify, evaluate, plan response and control and oversee. By designating 20 sub-chapters for the five aforementioned areas, the committee sets out risk response planning for all of the company’s activities so as to minimize the negative impact on end-user performance if they occur.

Define the organizational risk management process

All organizations are faced with uncertainty, and the key challenge for managers is to calculate how much acceptance of uncertainty is acceptable for value creation for other stakeholders and stakeholders, and the appropriate strategy to respond to each uncertainty. What is the business space. The organizational risk management process will help managers identify and evaluate the risks arising from uncertainty and match it with value creation for stakeholders. The organizational risk management process is one of the core processes of the organization that will be owned by the board of directors and managed by all employees, especially managers in different layers of the organization. This process is usually done at the strategic analysis stage of the organization and the key to its success is its alignment with business strategies. An important factor in enabling the maximum benefits of organizational risk management is the creation of a risk-taking attitude in the organizational culture, so that analyzing and dealing with the uncertainties of the business environment, as one of the continuous and constant approaches to accountants. Come on. Uncertainty about the business environment can have both positive and negative consequences for the organization, and the art of business leadership is to make the most of the positive consequences of the business environment (opportunities) and appropriate exposure to its negative consequences, so take the risk. Uncertainties can also have positive and negative effects for the organization. Organizational risk management analysis, therefore, is very similar to environmental and internal strategic analytics, which has, of course, largely covered the weaknesses of this type of analysis and hence the attention of business executives and management researchers to attract.

Defining Organizational Risk: The risk is the probability that an event will occur due to the uncertainties of the business environment and affect the organization’s access to its strategies. In some sources, the negative aspects of events are named as risk and the positive aspects are called Opportunities.

Aspects of Organizational Risk Management: Business management scholars have considered three dimensions of organizational risk management, the first dimension being the areas for which risk management applies, including: Strategic, Operations , Reporting and Compliance. Organizational risk management at different stages and different layers of the organization’s management covers these dimensions.

The second dimension, shown in the vertical axis, is the process of streamlining the organizational risk management process, including internal preparation, targeting, event identification, risk assessment, exposure assessment, control activities, information and monitoring .

The third dimension of the organizational risk management process, as shown in the diagram above, is the organizational units in which risk management will take place. As is well known, organizational risk management is applied from the first layer of the parent organization to the last layer of the organizational units of various business centers. The organizational risk management is performed separately in these layers and its results are integrated into a process called Risk Portfolio Management.

Steps of the organizational risk management process

1- Preparing the interior for risk management:

This activity aims to build readiness and acceptance to streamline the risk management process in the organization. This activity increases the level of awareness of the employees in the risk management in the organization to serve as a solid basis for deploying the following processes. At this stage, the philosophy of risk management in the organization and the need for managers’ risk orientation are explained by senior management and their professional and ethical requirements are formulated. At this stage, risk management training is established and with proper organization, authority and accountability are identified.

Risk targeting:

The organizational risk management process is intertwined with the strategic management process in the organization. Since the uncertainty areas of the business environment of organizations are very wide, risk analysis of all these areas is neither possible nor useful, so risk management is usually done in areas that are strategic in the analysis of the organization. In other words, risk management is at one stage used as a way of identifying opportunities and threats to the organization as one of the strategic management processes and at another stage of the strategic management process, as a tool for achieving An organization’s confidence in achieving its strategies is used. Since risk management is based on event analysis, risk identification and impact assessment and is somehow based on scenario analysis, it can provide greater depth for strategic and internal environmental and organizational analytics. Increase their accuracy.

Another concept that emerges from the confluence of organizational risk management and strategic management processes is the concept of risk tolerance. Each of the organization’s quantified strategic goals is within acceptable range, and if the results of the midterm objectives monitoring measure the results within the tolerance range, the organization’s managers must take appropriate action to achieve the relevant goal, Ensure that this exposure is planned and implemented in the organizational risk management process.

3- Identifying risk events:

In the term of corporate risk management, events are events that originate from the environment and the internal environment of the organization and affect the achievement of strategic goals. These effects will be positive in some cases and negative in others. At this point, the risk analyst management reviews and collects environmental and internal uncertainties, no matter how likely they are to occur or how they will affect them. These events range from visible to very ambiguous situations and identify these events by focusing on the strategic goals of the organization. Event identification helps organizational risk analysis to be scenario-driven, and the dynamics of the analysis resulting from this attribute leads to greater accuracy of the strategic review of the organization, as each event can affect different approaches and achieve the organization. To influence its strategy. Areas where events can originate include macroeconomic, natural and environmental, social, political and technological. In the advanced case, the organization can use forward-looking models for risk analysis of events.

4. Risk assessment:

Risk assessment allows the organization to analyze the extent and severity of each of the contingent impacts of business environment uncertainty on its strategies. In most methods, risk assessment is based on two components of probability (like hood, probability) and severity (impact, severity) and usually on the basis of a combination of quantitative and qualitative methods. At this stage, the different scenarios of the positive or negative impact of the events are examined and the outcome of the risk assessment is compared with the tolerances intended for the strategic purposes. Various methods and patterns such as Benchmarking, Probabilistic Models, Non-Probabilistic Models, Failure Mode and Impact Analysis (FMEA), etc. have been developed in the risk assessment phase. Can be used.

5. Exposure Method:

The most important link in the organizational risk management chain is proper risk analysis. The ways in which an organization should ensure that the harmful effects of risk aversion are mitigated or eliminated or opportunities arise from the uncertainties of the business environment. Risk exposure methods are generally classified into four categories: avoidance, mitigation, transfer and acceptance.

5.1 Avoidance: Avoidance of activities that cause the event and the risks of the relevant scenario or the abandonment of the strategic objectives that come from taking a particular risk. This exposure can be related to the organization as a whole, product line or geographic area.

5.2 Reduction Exposure: Decisions taken to reduce the likelihood of occurrence or severity of the risk of an event occurring with a particular scenario.

5.3 Exposure to Transfer: Measures that reduce the likelihood of occurrence or severity of risk resulting from the transfer of a share of risk to another organization or individual, such as insuring the organization against a specific event.

Risk Acceptance: No action is taken to ensure that the organization is impacted by the risk with the probability and severity of the impact.

Naturally, the way to deal with the strategic risks (opportunities) is to accept them and expose the organization to scenarios through which the goals of the organization may be studied. But in the case of negative risks, it is usually the risk range of the organization based on the severity and probability of each risk and cost analysis.