Companies assume certain risks when undertaking their business activities in order to achieve their corporate objectives. Risks are events causing deviations from a target or value if they occur. This can be a positive deviation – in other words an opportunity – but also a negative impact – or a threat. Risks are nevertheless generally associated with having a negative impact. Three types of risk are distinguished between in terms of dangers:

• Strategic risks are the danger that a business model does not succeed on the market.
• Financial risks are financial losses due to a change in market prices, such as exchange rates, shares or raw materials, etc.
• Operational risks are the danger of losses and other damages resulting from inadequate or failed internal processes, and caused by persons or systems, or external events. A machine fire, for example, results in a two-week interruption to operations and causes lasting damage.
  

Transparency is absolutely vital for successful risk management

It is the constant task of risk management to transparently highlight the most significant risks. These are potential events, actions and developments that can prevent a company from achieving its target and implementing its corporate strategy, thus threatening its very existence. These risks have to be constantly identified, evaluated, managed, monitored and assessed. They are evaluated by linking the probability of occurrence and the extent of an event’s damage (e.g. “What does the damage cost?” or “What reputational damages can be anticipated?”).

Strategy, culture and management – three means of effective risk management

Effective risk management is supported by the company management and embedded in the organization and its leadership. The risk strategy and risk culture are derived from the corporate strategy. The risk and corporate strategy should be aligned with one another. This means, for example, identifying which departments are relevant for achieving corporate objectives and ensuring that they can also function in risk scenarios. The risk culture describes a company’s general risk awareness, risk appetite and risk management.  Risk management – which is derived from the risk strategy and risk culture – includes risk-avoidance measures. Risks can be avoided, for example, by withdrawing from an area of business, or also prevented technically or organizationally, such as by applying the dual-control principle or by passing them onto an insurance company, or the company can assume the risks itself, which means accepting them.

Another trait of successful risk management is the involvement of all employees. To ensure that risk management is put into practice, it is crucial that all employees show awareness in their day-to-day activities and respond accordingly if anomalies occur. Examples of this are employees wearing their safety equipment, personal usernames and passwords for PCs or the use of badges for access control.

Source and further information

A range of further information about risk management, such as “How to introduce a risk management system?”, can be found on the federal government’s The link will open in a new window SME website.