The environment in which the companies operate and the processes within them entail risks in perennial evolution, such as to compromise the accomplishment of the objectives set at a strategic level, the achievement of company profitability and the creation of shareholder value.
The goal of Risk Management is to act in such a manner as to safeguard the company's resources, its economic and financial solidity. The objective is the pursuit of value maximization, the basic tenet of the endeavour of a business enterprise.
By means of its identification, assessment and treatment, the implementation of a Risk Management Process has the task of making the related profile viable for the economic feasibility of the company.
However, it is only through collaboration, communication and integration between the various company functions that it can be possible to inculcate a true culture of risk at all levels of the organization. It is based on the awareness of the importance that individual behaviour plays compared to the exposure of risks, and to the goal of attaining common corporate purposes.
The Risk Management process has undergone a rapid evolution over the last years. It has witnessed the development, the definition and the formalisation of the main activities embodied in it.
The formalisation of the process, its contents and the definition of the role of the players involved has led to the creation of some benchmarks. Here below are those most common:
The Risk Management Process basically aims at the Creation and Protection of Corporate Value.
The Creation and Protection of Value:
• It is integrated in the sphere of all the organisation processes
Risk management is not an independent sphere, separate from the organisation’s main activities and processes. It falls under the responsibilities of management, and is an integral part of all company processes, including strategic planning and all processes of project and change management
• It is structured, global and dynamic
A systematic, timely, structured and dynamic approach to risk management contributes towards efficiency as well as consistent, comparable and reliable results, also in relation to the company's evolutionary context
•It is customised
Risk management must be fully in line with both the internal and external context, and reflect the risk profile of each enterprise
• It is inclusive
The appropriate and timely involvement of all the stakeholders and particularly of the decision makers, at all levels of the organization, ensures that risk management remains alive and updated. Such action also allows the stakeholders to be duly represented and heard on their points of view whilst defining the risk benchmarks
• It is based on the best available information
Incoming elements to the risk management process are based on information sources such as historical data, experience, feedback from stakeholders, observations, forecasts and expert opinion. However, decision makers must inform themselves and take into account any limitations of data, the analysis models used or any divergence of opinion among specialists.
• It considers human and cultural factors
In the context of risk management, elements such as skills, perceptions and expectations of people outside and inside of the organization, that can facilitate or hinder the accomplishment of objectives, must be factored in
• It is dynamic
Risk management must continuously respond to change. Faced with the circumstances of external and internal events and a change in the reference context, the risk identification, assessment and treatment stages must be reiterated
• It strives for continuous enhancement
Businesses must devise and implement strategies in order to optimise their plans of risk management
The implementation of a proper Risk Management Process cannot be detached from a concrete and tangible involvement of the top management, whose task is necessarily to encourage the development of an adequate environment for the process to bloom. Therefore, not only is the framework design important, but so is the company's willingness to favour the development of an adequate risk awareness, at all company levels.
Strictly speaking, the Risk Management Process unfolds in several individually distinct stages: