Any business is a possibility to obtain profit which, otherwise, can be lost. In this article, we’ll consider the origin of risks and effective methods of addressing them.
There are different types of risks: reputational, financial, credit, compliance-related. The larger and more complicated a business becomes, the harder it’s to manage it and the higher is the price of risks occurrence as well as related consequences. Here is a simple example: large buildings and constructions require more thorough planning and technical supervision. Their construction also requires a higher quality of construction materials at critical places, as well as more competent professionals who will build this object. The same approach is also valid for financial processes.
Without observation of rules and regulations the level of risks increases
Destruction of the supporting constructions of the 26 floors multistory building, road train smashing the oncoming traffic at high speed, the bankruptcy of the international bank caused by the violation of requirements to the verification of the collateral property by employees – all these, as a rule, are dire consequences of negligence of rules or deliberate fraudulent actions of the staff members. Of course, the concrete or brake fluid can be of low quality or stolen and partially diluted. Management reports about current financial indicators can be forged, while the collateral property can be visually attractive but not have the claimed value in reality.
At the same time, the decline of production indicators, diluting of expensive materials by cheaper alternatives, provision of big loans secured by risk assets happens because of the fraudulent actions of employees who decided to benefit from the absence of supervision or gain profit by embezzling material assets or neglecting their working duties.
The legislation sets strict requirements for the regulation and supervision of processes by companies’ management in a sphere where the price of mistake can be a human life. At the same time, in the financial sphere where it’s impossible to differentiate a fraudulent transaction from a normal one from the first sight, the protection of employees from unfair actions is the direct responsibility of business owners and hired managers.
Regulations and rules will help to hold cheaters accountable
As a funny Murphy law says, all things which can go wrong will one day go wrong. Another, less attractive phrasing of this urges that the loaded rifle will fire one day. The main aim of the business owner and a hired manager is to prevent it by all available means.
A lot of business managers and owners ask: “Why to standardize processes which perfectly function without any regulations and excessive formalities? Why add useless paperwork? I fully trust my employees, so why should I give them instructions and continuously reiterate that theft and fraud lead to losses?”
The answer to these questions is the same as in case of provision of instructions to builders before they go to the construction site or drivers before they hit the road. When a person is instructed to act in accordance with the rules, he/she must observe them. If a person violates the rules despite knowing and understanding them, it’s his/her fault, and not the one of an employer, who could have neglected the obligation to provide instructions or standardize operations.
National legislation doesn’t set strict requirements for all peculiarities of financial and commercial operations of companies. At the same time, they enable the owner to put in place corresponding regulations through the adoption of executive documents, which stipulate rules, restrictions, and procedures which standardize the behavior, as well as rights and obligations of employees.
Though, it’s a completely different situation when the rules weren’t explained to the employee. He might have not known about them and thus was unaware that he/she couldn’t act in a certain way. Regardless of how strange it may sound to entrepreneurs, such circumstances are very often considered as an argument in favor of innocence or partial guiltiness of an employee connected with a particular incident. Furthermore, it’s probable that an employer will bear responsibility for skipping a proper indoctrination of employees.
In the financial sphere, guilty employees bear responsibility only within the framework of rules, regulations, and norms which were explained to them. It’s also worth taking into the account, that even exemplary adherence to functional instructions, as well as actions undertaken within official mandate can lead to the conclusion of agreements unfavorable for the employer. That’s why the prevention of fraud and financial misconduct is a laborious and far more complicated process than the provision of simple instructions to employees and drivers.
Among all, it’s worth mentioning that the Ukrainian legislation which duly regulates business-processes and reasonably applies internal control measures has sufficient reasons to bring criminal and material actions against corporate cheaters for different violations.
International practice of risks’ regulation and assessment
Developed countries with contemporary financial infrastructure were more subjected to waves of economic crises. Their regulatory authorities introduced additional requirements, as well as business rules and responsibility for entities offering their stocks at stock exchanges as well as officials responsible for management of financial reports. Increased control over the adequacy of internal audit measures as well as enterprise risk management systems, among which the threat of fraud was identified as key, became one of the main innovations.
Sarbanes Oxley Act (SOX) is one of the most famous among such documents. Section 404 of this paper among other provisions related to the independent assessment of the internal audit, also obliges the company’s management to have the risk management system. Furthermore, packages of laws strengthening the financial control measures as well as money laundering were adopted. The list of people who can be held accountable under criminal charges for financial crimes, such as fraud, bribery, money laundering, was also widened.
Such measures resulted in improvement of the risk management culture among business owners and managers, the emergence of independent professionals specializing in risks management as well as the creation of the methodological base for the prevention of fraud. Set of procedures and measures aimed at decrease and control of threats and minimization of potential consequences also went to the next level.
How the risk grows and transforms?
If not limited and treated with preventive measures, the risk is similar to a gas which can occupy all space free from barriers. In such a case, the probability of risk occurrence, as well as the volume of its cumulative negative financial impact will steadily increase. Thus, companies’ owners and management constantly need to assess and identify new sources and initiators of risks. Furthermore, it’s necessary to periodically conduct preventive control of adherence to rules and regulations aimed at risks’ minimization. This process is called risk management.
What is risk management in a nutshell?
Risk and incident management process consists of different measures which give business owners and top management a good possibility to prioritize risks posing threat to business.
At the early stage of risks and incidents management, it’s important to conduct their overview. The closest comparison for this process is a human ability to see and identify the environment: we walk down the street or drive in a car, and when the road turns or we meet an obstacle we make a turn, overcome it or make other actions in order to omit collision.
Then a risk should be assessed as not every stone on the way should be bypassed, some of them can be driven through without any consequences. At the same time, it’s disadvantageous when the risk management is based only on the inspections as well as data-based methods of assessment, such as, for example, statistics or benchmarking. It’s equal to the situation when you see a tiger on the street: it won’t obligatory eat you, as it can be just a mockup or a masked animator entertaining children.
Except for the risks overview, it’s also desirable to understand and research the nature of risks, as the tiger can be in fact real, and you will have to run for life, while the small stone on the road can be a piece of glass which can easily puncture the wheel.
We mentioned risks which don’t require particular competence for their assessment. Though, more difficult situations happen in life. You can meet an unknown breed of snake. Is it worth fearing that it’s venomous? You can be bitten by an unidentified insect. Is it worth rushing is the search for the antidote? You sniffed a flower and as a result got a sore throat: is it worth approaching a doctor?
Thus, in order to achieve a comprehensive understanding of threats, as well as find an adequate response to them it’s worth relying on experts in risks which you want to control with the help of risk management. Competent professionals can show directions, assess, and explain the nature of risks, systematize your risk management skills and demonstrate all advantages of the systematic approach. It’s similar to driving courses or training in the gym.
Risks are as real for a small shop as for an international bank. In both cases, risk can lead to the business loss if it will evolve into an incident which will destroy the company. Thus, a risk management system is a must-have for any company, whether it’s a growing or large business. Big companies must understand that without risk assessment and management, it’s impossible to minimize their negative impact while developing companies should scrutinize the environment where they grow.
By rephrasing a saying we can pose the main question: why to gain own negative experience which is, as a rule, expensive, if today’s market of consulting services can offer solutions relevant for your particular business?