Risk management is the process of evaluation and quantification of business risks in order to take the necessary measures to control or reduce them. Risk management in organizations includes the methods and processes used to manage risks and seize opportunities related to the achievement of their objectives. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall. Risk management expands the process to include not just risks associated with accidental losses, but also financial, strategic, operational, and all other risks that a business might be exposed to. Different organizations face different kinds of risks according to their core business, culture and external environment. Therefore, there is no one-size-fits-all approach of handling risks within an organization. However, one can argue that, for risk management to thrive in any organization, risk awareness must be embedded in the wider culture of the enterprise through easily understood behaviors. Risk management is most successful when it is explicitly linked to operational performance. The complete hierarchy from top to bottom of the managerial pyramid should be completely aligned on risk to ensure that there is a consistency of approach. They should understand instinctively that good performance includes good risk management.
At Tesco, a global grocery and general merchandise retailer headquartered in Cheshunt, United Kingdom, customer satisfaction is the main objective and measure of operational performance. Of course, achieving such objective is not a walk in the park. As a simple business – buying and distributing goods, marketing and managing cash – Tesco’s principal risks revolve around the robustness of these processes. Any failure in the supply chain, for example, damages the business in the eyes of customers and hence the main business objective becomes in peril. So any risks to its smooth operation must be identified and managed. Tesco uses valuable measures in order to overcome such risks. The most effective measure would be embedding risk management in day-to-day operations, but is rarely discussed as such. A relatively flat structure also helps. Although Tesco employs almost 470,000 people, it only has five levels of management. Tesco has a standard governance hierarchy – a top-level board of directors controlling strategy, supported by more operationally focused subsidiary boards and functional committees. There is no distinction between the UK and overseas businesses, which ensures strong consistency of processes for strategy and risk management. The complete hierarchy is well aware about key strategic objectives for five core areas – customers, community, operations, people and finance. The goals are consistent with the group’s rolling five-year plan and are further divided into KPIs that connect strategy with day-to-day operations. Such measures have the greatest effects towards managing the major risks Tesco faces. The invisibility of risk management into a clear and easily articulated objective instead of being a series of systems and controls that might be perceived as counter-cultural, bureaucratic measures prevents the drain of resources. It also encourages workers to be more involved rather than skeptical about accountability. Therefore, the actual processes behind either exploiting or mitigating risks are quickly devolved to people who are much closer to those risks. The relatively flat structure is also of great asset. Since the hierarchy levels are set to minimal, senior management is closer to risks. That insures the quick identification of areas where objectives are not being met so they can be addressed.
Another good example of risk management is the one employed by the Department for Culture Media and Sport (DCMS) of the government of the United Kingdom. The...
Please join StudyMode to read the full document