A modern enterprise faces a variety of risks every day. These include production disruptions, transport accidents, delays of suppliers, loans, debt obligations, labor conflicts, etc. The risks of such situations pose a threat to business, may lead to a loss of profit, interfere with the implementation of plans, and also threaten the very existence of the company.
To maintain stability in business, a well-constructed risk management system (RMS) is required. The main goal that companies pursue when creating a risk management system is to increase operational efficiency, reduce losses and maximize income.
Risk management begins with identifying and assessing possible threats. Then a search for alternatives is carried out, that is, less risky activity options with the possibility of obtaining the same income are considered. In this case, it is necessary to compare the costs of implementing a less risky transaction and the amount of risk that can be reduced1. After risks have been identified and assessed, management chooses a risk management method: the company accepts this risk, trying to minimize its consequences, or avoids it. The decision to accept or avoid certain risks largely depends on the strategy being implemented and the so-called attitude towards risk.
Today, there are proven risk management algorithms and automated systems that make it possible to identify and assess risks and simulate situations to minimize them. Consulting companies offer their risk management services, capable of identifying and assessing business threats for enterprises of any size and type of activity. But only relatively large companies with capital can have risk managers on staff, use the services of specialized companies and automated risk management information systems. Small and medium-sized businesses, given limited funds, do not always pay attention to risk management. Naturally, as a result of this they suffer losses, and sometimes a seemingly successful enterprise ceases to exist.
Enterprise risk classifications
To effectively manage risks, managers need to clearly understand what risks they are dealing with, that is, they need to
typology. There are a large number of different manifestations of risks. Due to tradition, the same risk can be referred to by different terms. It is very difficult to distinguish between individual types of risk2 and classify them according to various criteria: magnitude, sources, costs (costs) associated with risk, exposure to risk, vulnerability (sensitivity to risk), interaction with other risks, etc.3.
Thus, depending on the source of risk, external risk factors are distinguished (political, socio-economic, environmental, scientific and technical) and internal (in the production, reproductive activities of the enterprise, in the sphere of circulation, enterprise management). Depending on the specifics of each group of factors, they can be divided into subgroups. Thus, risk factors for production activities include risk factors for the main production activities (stoppage of equipment or interruption of the technological cycle of an enterprise due to the fault of non-core departments, breakdown of main equipment, violation of technological discipline by personnel, factors specific to a given production, etc.); auxiliary activities (accident of auxiliary production equipment, extension of equipment repair times compared to standard ones, interruption of power supply and fuel supplies, etc.); supporting activities (accident or overflow of warehouse capacity, malfunction in the information processing system and leakage of confidential information, insufficient patent protection for the company’s products and manufacturing technology, etc.)4. This classification seems convenient for an entrepreneur, since it makes it possible, without special knowledge in the field of risk management, to divide existing risks into separate groups. On the other hand, such a classification may complicate the selection of risk management tools.
In 1996, Coopers & Lybrand developed a risk typology for financial institutions. The main threats in business are market, credit, operational risks, liquidity risks and event risks.
Market risk refers to the possibility of losses resulting from fluctuations in interest rates, exchange rates, stock prices and commodity contracts. Varieties of market risk are, in particular, currency and interest rate risks5.
Credit risk, or counterparty risk, is the possibility of losses resulting from the inability of counterparties (borrowers) to fulfill obligations to pay interest and principal in accordance with the terms and conditions of the loan agreement. Credit risk includes the risk of default and the risk of losses from changes in the credit spread6.
Operational risk is possible losses due to technical errors, intentional and unintentional actions of personnel, emergency situations, equipment failures, unauthorized access to information
systems, etc. Operational risks often include losses caused by the inadequacy of the methods and models used for risk assessment and management. Operational risks are also called daily “earnings”, thereby noting their nature: every day in the process of creating value, an enterprise faces this group of risks.
Liquidity risk is divided into market liquidity risk and balance sheet liquidity risk. Market liquidity risk – an opportunity arises when it is impossible to buy or sell an asset in the required quantity in a short period of time at the average market price. Balance sheet liquidity risk arises when there is a shortage of cash or other highly liquid assets to fulfill obligations to counterparties.
The risk of a (business) event represents possible losses due to force majeure, changes in legislation, actions of government agencies, etc. Event risks usually include legal, accounting and tax risks, the risk of actions of regulatory authorities, etc.
Among event risks, we highlight reputational risks. They are associated with the possibility of loss of trust on the part of partners and consumers. Managing in a highly competitive environment is becoming increasingly important. There can be many sources of such risks: incorrect actions, statements by company management in the media; participation in poorly controlled alliances and partnerships, unethical methods of competition, labor conflicts, etc. Such risks require special management. To minimize them, company management must change management approaches, consider reputation management as the main task, and rethink the company’s priorities in relation to stakeholders7. Due to its uniqueness, this classification is applicable not only to financial institutions, but also to manufacturing enterprises.
Risk analysis and risk management methods
The goal of any commercial enterprise is to make a profit. Hence, it is a completely natural desire of management to develop the business according to the developed plan, reducing uncertainty and reducing possible risks. In general, the risk management process includes the following stages: risk analysis (identification and assessment), selection of methods to influence risk when comparing their effectiveness, decision-making, impact on risk, control of results.
The first stage is the most difficult and important. The task of a risk manager is to identify possible risks, assess the likelihood of their implementation and the scale of the consequences. Risk analysis can be carried out both qualitatively,
and quantitatively. In qualitative analysis, experts make assumptions using statements such as “likely” and “less likely,” “risky” and “too unprofitable.”
In quantitative risk analysis, specialists assess the likelihood of risks occurring and the scale of consequences.
One of the most common risk analysis methods is Monte Carlo simulation. The uncertain input parameters of a model are represented as a range of possible values, known as a probability distribution. Variables can have different probabilities of different consequences occurring8. A characteristic feature of the Monte Carlo method is the use of random numbers (numerical values of some random variable). There are several automated risk management information systems (RISMS) that implement algorithms using the specified method (Risk Professional for Project, Dekker TRAKKER, Open Plan)9. Such systems provide a realistic forecast for the future, allowing the development of the necessary management decisions, but only large enterprises can afford them.
Basic methods of risk management: risk avoidance, risk acceptance, diversification, limitation, provision, hedging, transfer (outsourcing), risk insurance.
Risk avoidance. There are major risks in the company’s work practices, which may simply be impossible to reduce. This is the risk of bankruptcy, the risk of being accused of causing damage, the risk of premature death of employees, etc. Even if they can be partially reduced, this practically does not reduce the danger of the consequences of their implementation. The essence of this method is not to perform operations associated with significant risks for the organization.
Taking risks. The use of this approach involves finding a compromise between the expected benefit (level of profitability) from a certain operation and the risk associated with it (the amount of potential losses). Management measures in this case come down to comparing all the pros and cons of the transaction and ensuring the amount of equity capital that will protect the organization from default in the event of losses due to risks and which the owners are willing to lose in order to preserve their business10. For an enterprise, this is self-insurance, i.e. creation of funds and/or reserves in case of an unfavorable outcome of events.
Diversification can help reduce possible losses when taking risks – distributing capital investments between different types of activities, the results of which are not directly related. An enterprise, incurring losses in one type of activity, can make a profit from another type. Diversification allows you to increase the enterprise’s resistance to changes in the business environment.
Risk limitation, as a rule, accompanies risk taking and implies the implementation of comprehensive administrative measures to delineate powers (areas of competence) between individual officials, structural divisions of the organization and management bodies. The idea is to formalize the right of individuals to take risks up to a set amount, within a set time frame, and for specified purposes. In the banking environment, such restrictions are usually called limits.
Ensuring risk. The essence of this approach is that the person managing the risk receives a priority and unconditional right to compensate for potential losses at the expense of a predetermined source – collateral. Types of security can be divided into the following categories: 1) guarantees (sureties) of third parties, 2) pledge of valuables, 3) pledge of tangible property, 4) pledge of claims11.
Hedging is a way of protecting against possible losses by entering into an offsetting transaction (transferring the risk of price changes from one party to another). It requires the diversion of additional resources (for example, paying an option premium or making a margin), and completely eliminates the possibility of obtaining any profit or loss on a given position by opening an opposite or compensating one.
Risk transfer (outsourcing). Responsibility for the occurrence of adverse events lies with a third party. The transfer of responsibility is usually carried out on the basis of a contract.
Insurance involves a reduction in participation, and sometimes a complete refusal of the company itself to cover losses by shifting the risk to the insurance company for a certain fee (insurance premium).
It is necessary to identify risks in a timely manner, analyze them and promptly take appropriate measures. For each group of risks considered, acceptable management methods have been developed (Table 1).
Table 1. Enterprise risks and acceptable methods of managing them
Risk Risk management method
Market Limitation, hedging, insurance, diversification, risk aversion
Credit Restriction, Collateral, Insurance, Outsourcing, Diversification, Hedging, Risk Aversion
Operational Acceptance, outsourcing, insurance
Liquidity risk Risk aversion
Event risk Hedging, insurance, risk taking, risk aversion
Risk management for small and medium-sized businesses
The approach presented in the article is focused on small and medium-sized businesses and is based on the following assumptions:
1. Limited funds of the enterprise. As a rule, small business entities do not have large reserves that allow them to attract qualified specialists to risk management, use the services of consulting companies, or use expensive software that automates risk management processes. Limited funds force us to look for simple and affordable methods, and sometimes to completely ignore the risks. The entrepreneur knows the amount of money he is willing to spend on risk management12.
2. Small number of objects. Small and medium-sized enterprises are characterized by the presence of a small number of movable and immovable property owned (leased). However, each of these objects is important for the normal functioning of the enterprise.
3. Limited range of risks. The entrepreneur knows the main threats to his business and the consequences of their implementation, which he can quantify. Thus, when insuring an object, a representative of the insurance company assesses the maximum amount of damage if the risk materializes, fixing the so-called insured amount.
A methodological approach to risk management assumes the following:
1. Risk analysis (identification and assessment of damage from their implementation).
2. Ranking of risks in terms of their significance for the safety of the business.
3. Selection of risk management methods and assessment of associated costs.
4. Selection of risks accepted for management and methods for minimizing them, taking into account the given limitations of funds.
Let’s consider the presented actions in detail.
At the first stage, the entrepreneur identifies all possible threats to the business and determines the damage from their implementation. The analysis of risk factors is carried out on the basis of taking into account the relationships between both external and internal factors, and the actions of people. Risk accompanies any business activity, but in the production sector it is most likely. This is due to the fact that production activities, in addition to external risk factors, are influenced by internal factors associated with production and social processes13. However, for small and medium-sized businesses the number of risks is limited.
At the second stage, the manager ranks the identified risks according to their significance for the safety of the business. Among the identified threats
highlight risks that may interfere with the implementation of the enterprise’s plans or lead to a decrease in profits. However, there are risks that threaten the very existence of the enterprise. Such risks may arise, for example, as a result of a catastrophe, fire, environmental disaster, etc. Pre-event financing is required and it is advisable to use insurance and/or self-insurance as a management method.
Risks can be ranked according to their degree of significance using a scoring system. Thus, risks that are of paramount importance for the safety and normal functioning of the enterprise should be assigned 10 points, and risks that entail a slight decrease in profit – 1 point. Here the entrepreneur acts as an expert.
At the third stage, acceptable risk management methods are selected (see Table 1) and the costs of risk management are assessed (Table 2).
For example, there is a risk of loss/damage to property due to fire, natural disasters, flooding, etc. This is an event risk, and the entrepreneur chooses insurance and self-insurance (risk acceptance) as acceptable management methods. An insurance company agent helps an entrepreneur to estimate the cost of insurance, who determines the insured amount (maximum damage if the risk materializes) and the amount of the insurance premium (the cost of risk management using the insurance method). In order to accept the risk, the entrepreneur must have a reserve fund, the size of which will obviously be equal to the insurance amount fixed by the agent. Of course, the decision to leave the risk on your collateral or to insure it is made by the head of the enterprise, having assessed the advantages and disadvantages of each method. Thus, insurance allows you to attract insurance capital to compensate for losses of an enterprise, reduce uncertainty in financial planning and use the experience of insurance consultants to assess and manage risks14. From the point of view of saving money, self-insurance seems to be a more attractive method, since if a risk event does not occur, the funds of the reserve fund remain at the disposal of the enterprise. However, the enterprise incurs two types of losses: firstly, associated with expected losses in the event of risks being realized; secondly, related to the diversion of financial resources in order to form a reserve fund15. We can say that the presence of a large reserve fund will, on the one hand, guarantee the stable functioning of the enterprise, and on the other hand, will limit the enterprise in investing funds, which will negatively affect profits.
At the fourth stage, the manager arranges the amounts necessary to manage each risk in ascending order and, taking into account the given cash limitations, selects the most significant risks for the enterprise with the cheapest management methods.
Table 2. Analysis of enterprise risks and methods of managing them
Risk Damage from implementation Acceptable management method Cost of management
Risk j Damage 1 Method11 Cost11
Method 1t Cost, 1t
Risk l Damage. Methodya Cost., l1
Method. Price.. /
Method. Price. im
Risk p Damage n Methodp1 Cost, p1
Method^. Price . P1
Method ^pt Cost pt
Thus, the entrepreneur receives a list of the most serious risks for his business and methods for managing them, taking into account the specified restrictions.
So, risk management issues for small and medium-sized businesses are of particular importance. This is due to the importance of the safety of each object for the normal functioning of the enterprise and the limited funds available to business entities. The development of small and medium-sized businesses directly depends on the manager’s ability to competently assess possible risks, choose optimal methods for managing them, and find effective forms to prevent or reduce the consequences of risks.
The presented methodological approach will help managers of small and medium-sized enterprises take into account the risks that are most important for maintaining the business, making a balanced decision on how to manage them.
1 Shapovalov V. How to manage risks // Financial Director. 2003. No. 9. http:// www.cfin.ru/finanalysis/risk/risk_mnagement.shtml.
Shapovalov V Kak upravljat’ riskami // Finansovyj direktor. 2003. No. 9.
2 Barton T, Shenkir U., Walker P. Risk management. Practice of leading companies. M.: Williams, 2008.
Barton T., Shenkir U., WalkerP Risk-management. Praktika vedushhih kompanij. M.: Vil’jams, 2008.
3 Chernova G.V., Kudryavtsev A.A. Management of risks. M.: Prospekt, 2009.
Chernova GV, Kudrjavcev AA Upravlenie riskami. M.: Prospekt, 2009.
4 Management’s attitude to risk management. Website of the consulting company Kriss Group. http://www.krissgroup.ru/news/articles/article_02.php Attention to menedzhmenta k upravleniju riskami. Oficial’nyj sajt konsaltingovoj kompanii Kriss Group.
5 Kosarev A.S., Palmova N.Yu. Setting up interest rate risk management processes at non-financial sector enterprises in conditions of instability of financial markets // Financial Risk Management. 2010. No. 1 (21). Kosarev A.S., Pal’mova N.Ju. Postanovka processov upravlenija procentnymi riskami na predprijatijah nefinansovogo sektora v uslovijah nestabil’nosti finansovyh rynkov // Upravlenie finansovymi riskami. 2010. No. 1 (21).
6 Beresneva O.V. Possibility of using the Basel Committee methodology to assess the credit risk of companies in the non-financial sector // Risk Management. 2009. No. 3.
Beresneva OV Vozmozhnost’ ispol’zovanija metodiki Bazel’skogo komiteta dlja ocenki kreditnogo riska kompanij nefinansovogo sektora // Upravlenie riskami. 2009. No. 3.
7 Kozlova N.P. Managing the company’s reputational risks // Izvestia of the State Pedagogical University named after. V.G. Belinsky. 2011. No. 24.
Kozlova NP Upravlenie reputacionnymi riskami kompanii // Izvestija PGPU im. VG Belinskogo. 2011. No. 24.
8 Risk analysis. Official website of the Palisade company. http://www.palisade.com/risk/ru/risk_analysis.asp
Analyze riskov. Official’nyj sajt kompanii Palisade.
9 Dubovik M., Pesotskaya E. Is it possible to automate the risk management process? http://www.iteam.ru/publications/project/section_38/article_573/
Dubovik M., Pesockaja E. Mozhno li avtomatizirovat’ process upravlenija riskami?
10 Goncharov D.S. An integrated approach to risk management for Russian companies. M.: Vershina, 2008.
GoncharovD.S. Kompleksnyj podhod k upravleniju riskami dlja rossijskih kompanij. M.: Vershina, 2008.
11 Filina F.N. Ideology of risk management.