The risk management has become increasingly more important to the survival of businesses. As much as the subject refers to times of crisis, risks are present in several daily situations and, if not addressed, they can generate major problems for the organization.
Therefore, it is essential to identify them and keep them under observation and control, using tools and methodologies that help to prevent further damage and minimize their impacts.
In this article, we’ll bring you everything you need to know to effectively manage risk in your company. Therefore, we will start by explaining some concepts, the importance and benefits of taking care of this issue. Then, we’ll see how to apply it, which tools to use are best, and the role of managers and HR throughout this process. Check out!
What is risk management?
It is a set of measures that a company takes to avoid or minimize losses and take advantage of opportunities . In this sense, risk management is part of strategic business management , which is always attentive to internal and external signals that can interfere positively or negatively in the business.
What are risks?
Risks are events that have a cause and generate consequences. Despite giving the idea of something negative, there are risks that do not generate losses, but rather the loss of an opportunity for gains.
In this sense, every risk is composed of three central elements:
- event: the fact that happens;
- consequence: the facts that are generated from the event;
- cause: the facts that allowed the event or consequences to happen.
Now, look at some examples that help explain these elements better.
Imagine that your factory has a single supplier for the main raw material of your product and he has a problem, which will cause delivery to be delayed by a few days. Following the elements, we have:
- event: delay in delivery of raw material;
- consequence: the entire production line is stopped, causing damage to the business;
- Cause: Not enough materials are available in stock for the lead time.
In this example, we see a predictable risk, which could be circumvented in different ways, from maintaining a minimum volume of stock, to listing possible substitute suppliers to be called upon to avoid stopping the production line.
The person responsible for billing the services provided to customers becomes ill and takes a 15-day leave. Nobody else on the team knows how to do the work and there is no documentation that shows what procedures are to be carried out. Here, we would have these elements:
- event: removal of a professional;
- consequence: delay in billing the services provided and, consequently, in receipt;
- Cause: lack of documentation of processes and creation of POPs.
In this second example, we see that predictive actions could minimize the impacts of the employee’s absence, since another person on the team could carry out the procedures following previously elaborated instructions, even if it took longer and did not perform them with the same level of quality.
A company in the food sector is undergoing a process of digitizing its documents and, among the shelved files, there are old recipes from the founders. In this case, we would have the elements:
- event: discovery of new recipes;
- consequence: opportunity to offer new products to the market;
- cause: document scanning.
Finally, we have an example of a risk that is related to an opportunity. If the company had not started digitization, which in itself is a risk management process, it would not have found the revenues, which would risk them being lost over time.
How important is risk management?
Knowing and knowing how to deal with risks is essential for the efficient management of a company. By adopting risk management in an organized and standardized manner, the company obtains several benefits, among which we will highlight the most relevant below.
Avoids and minimizes losses
The main objective of risk management is to allow the company to carry out a predictive analysis of all processes and situations that occur or may eventually occur. With this, it manages to avoid most of the negative consequences and minimize the impacts of what cannot be avoided.
Ensures internal and external compliance
Risk management is one of the main allies of a company ‘s crisis management and compliance. In this sense, their analyzes allow processes to be reviewed with greater caution and attention, in order to ensure that all procedures are following predetermined standards.
In this way, it avoids the misalignment of internal processes, the breaking of important rules for the business and, consequently, the emergence of problems. In addition, risk control contributes to compliance with external rules and legislation, preventing the company from being fined or suffering other types of sanctions.
Increases team productivity and agility
Another interesting benefit of risk management is that it increases the teams’ productivity by eliminating possible barriers and bottlenecks in the processes or even when it shows a point of improvement that generates more opportunities for gains. Therefore, the sectors act in a more agile and effective way.
Ensures the safety of employees
Finally, it is important to highlight the role of risk management in the area of work safety, which routinely deals with accident prevention, among other responsibilities.
Here, risk management works directly to preserve the health and safety of employees, by identifying points of attention and taking the necessary measures to protect people and the company’s assets.
How to manage risk?
Risk management is a process that must be faced in a cyclical way, that is, it is a continuous work. Therefore, we list the main steps that need to be followed to have a more effective management of business risks. Follow up!
The first step is to prepare the environment for the process. This includes defining a person responsible for monitoring, training and qualifying everyone who will be involved, as well as mapping the processes carried out in the organization’s routine.
Then, it is necessary to analyze each of the processes very carefully in search of their risks. In this phase, it is essential to have the help of specific tools and methodologies, which facilitate the collection and identification of data, for example, with the use of People Analytics , which analyzes information about employees.
Here, the ideal is that all risks are raised, of each process, of all sectors. Depending on the size of the company, this can be quite laborious, so the tip is to carry out a general survey and create a prioritization order according to the measurement of each risk. Thus, the positive effects will be noticed in a shorter period.
Measurement is the step that helps to understand the size of the impact that each risk tends to cause, if not properly addressed. For that, it is necessary to use methods that help to visualize the situation in a more comprehensive way, considering the possible interactions with other processes, areas and people.
In this sense, the measurement step is essential for understanding the problem and, mainly, its severity. Often, a risk that seems small can have far more serious consequences than it appears, so treating it preemptively can avoid a lot of headaches.
Finally, after surveying, identifying and measuring the risks, it is necessary to establish what actions should be taken to contain them. Therefore, there are preventive actions, which help to avoid the consequences of a risk, and corrective actions, when the consequences cannot be avoided, but it is possible to minimize the damage.
Simply put, if there is a hole in the roof of the warehouse and the risk is that the materials that are there will be damaged by rain, a preventive action would be to repair the roof or take the materials to a safe place. But if it rains before then, a corrective action would be to check the state of each material and recover those that are able to.
What tools contribute to risk management?
Throughout the article, we mention the use of tools and methodologies to manage risk more efficiently. So we decided to talk about some of the most used in the following topics.
What if is a very simple tool to be understood and executed. Literally, its Portuguese translation is “what if?” and it focuses on predicting scenarios based on questions starting with that sentence. In practice, for each type of situation, the responsible person must think of different related possibilities that can directly interfere in a business process.
In this sense, imagine that the company decides to change the operator of the health plan that serves employees. See some of the questions that can help predict relevant situations to avoid and minimize risks:
- What if the new operator does not have the same coverage of procedures?
- What if you have an employee undergoing treatment who is not covered by the new plan?
- What if the co-payment amounts are much higher?
- What if employees don’t like the new operator?
The acronym PFMEA stands for Process Failure Mode and Effects Analysis or Analysis of Failure Mode in Processes and their Effects. It is a methodology that helps to identify and categorize risks based on their effects. For this, it uses a matrix where failures found in products and processes receive grades from 0 to 10 regarding the following characteristics:
- seriousness of the problem;
- probability of occurrence;
- probability of detection of the problem.
Thus, the assigned values are multiplied with each other to obtain the RPN (Risk Priority Number or Risk Priority Number), in which the higher the number, the more urgent the need for intervention.
Preliminary risk analysis
Preliminary risk analysis is a very simple tool to use, ideal for those who have few processes or apparent risks. It consists of a list of identified risks with their possible causes. Each risk is assigned a score from 1 to 3, according to the perception of severity. Thus, those who receive higher grades should be prioritized over those with lower grades.
The GUT matrix (Severity, Urgency and Trend) is another very interesting risk prioritization tool. Its great advantage is that it is very simple to assemble and considers three relevant aspects in any type of risk, in order to make the prioritization list more precise and effective.
Here, a table is set up where the first column brings the list of risks and in the following ones the level of severity, urgency and tendency to get worse if not resolved, all ranging from 1 to 5. In the last column, it is calculated the product of the numbers assigned to each aspect, in order to establish a more tangible data on the priority in the treatment of each risk.
How important is the ISO 31000 standard?
The ISO (International Standard Organization) is a worldwide organization that certifies the quality of processes in companies around the world. Its most famous standard is 9001, relating to business management processes, but there is a specific standard for risk management processes: ISO 31000.
In this context, following established standards and being ISO certified is something that guarantees the market that your company is acting in a manner consistent with the most accepted and respected standards, which has a great weight for the market and for customers.
What is the role of managers and HR in risk management?
In order to have an efficient management, the company needs to have a strategic HR and a body of managers prepared to deal with any type of challenge. Here, people management plays a fundamental role in risk management by taking care of the health, integrity and productivity of professionals.
On the other hand, managers deal with their team and processes on a day-to-day basis and are able to more readily identify any deviation or emergence of a new risk.
As we have seen, risk management is very important, not only to improve company processes or to avoid big losses, it also helps the business to develop sustainably and stand out in the market. So, don’t wait any longer and start implementing risk mitigation actions as soon as possible!