Most commercial organisations are in business to produce a profit, which provides a return on moneys invested by shareholders, services debt, and provides funds for continuing and/or growing the business in subsequent years. Even “not for profit” organisations operate under a basic mandate to continue to provide an ongoing service in their specific area of operation and not to expose individuals and others to physical or financial risks..

During the course of their day to day activities, all businesses are exposed to varying degrees of risk. These exposures will vary greatly for reach business in terms of scope and severity. The process of risk management is to assist the organisation to balance their risk exposures against business opportunities to achieve corporate plans and objectives.

A total analysis of the risk facing any business is enormous, ranging from such things as incorrect marketing or customer segment decisions, poor financing arrangements, employee disputes and the effects of a major fire or catastrophe.

Some risk exposures can be considered to be fundamental to the overall strategic planning and management control of the business, and are generally under the control of the board and senior executives. Performance and ongoing viability of the business can be adversely affected by poor decision making or planning relating to a wide range of these risks.

Other risks can more readily be managed (or partly managed) at an operational level to eliminate or reduce the threat to the business. A final category of risks may be those over which the management and employees of the business have little control, or capability of reducing to any significant degree.

Using the process of Risk Management encapsulated in AS/NZS 4360, an organization can create a framework to assist in the identification and analysis of the risks specific to its particular business activities.

The following examples of risks for each generic source are intended to be illustrative rather than an exhaustive list. They will vary in relevance depending upon the particular business activities of an organisation.

a) Commercial and legal relationships
b) Economic Circumstances
c) Human behavior
d) Natural events
e) Political circumstances
f) Technology and technical issues
g) Management activities and controls
h) Individual activities

a) Commercial and Legal Relationships

• Contractual, assumed or implied obligations to/from customers. Suppliers, subcontractors, lessees/lessors, competitors or government institutions:
• Legislative compliance (Occupational Heath and Safety, Trade Practices, Sale of Goods, Environmental, Hazard Control, Equal Opportunity, Corporate Governance Provision of Credit, etc):
• moral and legal obligations for death, injury or sickness to directors and employees;
• third party injury or damage to third party property;
• provision of advice to third parties and/or reliance on design work;
• defamation libel or slander;
• quality/reliability of the products, services and/or advice provided to customers;
• recall of defective products and/or packaging;

b) Economic Circumstances

• sources of funds, and the ongoing liquidity and cash management of the business;
• fluctuations in value, security and guarantee of investments;
• foreign exchange fluctuations and the effect on cost of goods, credit facilities etc;
• earnings volatility;
• introduction of new competitors and/or products;
• the effects of inflation on the business;
• interest rate fluctuations;
• financial collapse of a major supplier or customer;
• hostile takeover;
• failed or delayed projects.

c) Human Behavior

• Social threats such as burglary, theft, malicious damage, assault or kidnap;
• Acts of arson, sabotage or terrorism;
• Errors in processing or advice;
• Accidental contamination or spillage;
• Defection of key staff to competitors;
• Changes in the social or economic environment that adversely effect the business;
• Changes to community expectations, consumer tastes or buying behavior.

d) Natural Events

• Storms lightning, hurricane, cyclone, flood, tidal wave or surge;
• Bush fire;
• Earthquake, volcanic activity’
• Changes in temperature or climates;
• Diseases, vermin;

e) Political Circumstances

• Changes in legislation, government policy or political parties;
• Changes in trade policy, barriers or tariffs;
• Threat of confiscation/expropriation of assests located in volatile political environments;
• Political unrest, nationalization, war or civil disturbances.

f) Technology and Technical Issues

• Obsolescence and rapid changed in technology effecting production techniques and management information systems (e.g Year 2000 compliance);
• Unpredictable failure of safety devices, power or communication systems;
• Security of systems from internal and external sources (virus and system hackers);
• Effect of eCommerce strategies and market trends on the business;

g) Management Activities and Controls

• Decisions on core products or services to be provided to customers;
• Decisions on the most profitable customer segments and markets to be pursued;
• Application and co-ordination of labour to best service customer needs, produce adequate returns, and motivate individuals;
• Selection of buildings, equipment and other resources to maximize productivity and return on investment;
• Maintenance and efficient operation of facilities and equipment (including motor vehicles);
• Security of product formulas. Patents, intellectual property or competitive advantage mechanisms;
• Threat of substitute products entering the market;
• Employee recruitment, training, retention and dismissal procedures;
• Industrial action and dispute resolution;
• Delays in supply of raw materials or component parts’
• Interruption to power supply
• Loss of business to competitors;
• Adequacy of insurance protection;
• Ethics and probity;

h) Individual activities

• Harassment;
• Discrimination;
• Insider trading;
• Rogue trading;
• Fraud, embezzlement/misappropriation of funds, property or information.
  

Risk Management Defined | Why Risk Management? | Risk Management Tools | Risk Identification and Evaluation
Evaluation and Quantificaion | Avoiding, Reducing and Controlling Risk Exposures