Risk Management: A Definitive Guide

By Indeed Editorial Team

Updated March 31, 2021 | Published February 4, 2020

Updated March 31, 2021

Published February 4, 2020

The Indeed Editorial Team comprises a diverse and talented team of writers, researchers and subject matter experts equipped with Indeed's data and insights to deliver useful tips to help guide your career journey.

Risk management is an essential part of business planning, and it also has uses in individual decision-making. There is a good chance that you have made a risk assessment today and several times in the past week. Many of the decisions we make involve risks, but as the risks become more complicated and the stakes rise, the risk management plan may require more steps and considerations.

In this article, we will explore what risk management is, why it is important and what some risk management strategies are, as well as some examples of how people might use these strategies in realistic situations.

What is risk management?

Risk management is the process in which a business, financial manager or individual identifies, evaluates and prioritizes risks and then formulates a plan to minimize the impact of those risks. Businesses use various resources, including financial resources, to monitor risks, minimize them and control the probability of certain risks coming to fruition.

In everyday life, finances and business, a risk is defined as the possibility for the loss of something of value. The loss is uncontrollable, and some risks are inherent to businesses and in financial dealings. Some causes of risks include accidents, threats that can lead to project failure, natural disasters, legal liabilities, uncertainties in financial markets and competitor sabotage. Risk management strategies take these causes into account to minimize the damage to the entities employing these strategies.

Risk management strategies should employ the following steps, as applicable:

  1. Establish the parameters of risk assessment and risk management protocol.

  2. Identify the risk.

  3. Determine the odds of the risk coming to fruition as well as the consequences.

  4. Evaluate the risk and prioritize it among other risks.

  5. Determine the type of strategy you will use to meet that risk.

  6. Continue to monitor the current risk and track any new risks while evaluating the risk assessment process.

  7. Communicate with teammates, shareholders or any other involved parties.

Additionally, organizations like the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO) have developed standards for managing risks. According to the ISO, business risk management strategies should follow these principles:

  • An organization's risk management process should create value for that organization.

  • The risk management process should be integral to the organization's other processes.

  • The organization must address uncertainty and assumptions during risk management.

  • The risk management process should be systemic and structured.

  • Risk management should be based on the best information available.

  • An organization should tailor its risk management process according to its unique structure and situations.

  • The risk management process should account for human factors.

  • The risk management process should be transparent and inclusive.

  • An organization's risk management process should be dynamic, iterative and adaptable.

  • The organization should continually improve and enhance its risk management process.

  • The organization should continually or periodically reassess its risk management process.

Related: How To Perform a Risk Analysis

Why is risk management important?

For businesses and investors, risk management allows them to prepare for the unexpected while avoiding maximum damage to profits, investments and their reputation. With a good management strategy, a company can stay in business, define its objectives and realize greater opportunities. Investors may be able to maintain positive returns after successful risk mitigation.

More importantly, risk management also has implications for society at large. Depending on the type of business you are involved in, the risks you face can impact the environment, employees, residents and everyday consumers. For example, if a business takes on too many liabilities and invests most of its capital in stock markets, this has implications for the business's long-term viability and its employees, especially if those investments do not yield high returns.

When a business takes on too much risk without a reliable risk management strategy, that will also impact the business's credit rating. This can then lead to fewer investors, increased layoffs and the sale of assets. Now, if that same business properly assesses its risks and only assumes risks that it can comfortably manage, it may be able to mitigate its losses, make some gains and save more jobs and assets.

Related: The Importance of Project Management

Strategies for risk management

Businesses and financial managers should formulate specific risk management plans to deal with their unique situations, but the types of strategies they employ can fall under one of five categories:

1. Risk avoidance

The simplest way for organizations and individuals to manage risks is to avoid them altogether. Although the occurrence of some risks is unavoidable, some risks only come with the choices organizations and individuals make.

2. Risk reduction

Also called risk mitigation, risk reduction involves finding ways to reduce the impact of risks, particularly when those risks are unavoidable. Organizations and individuals can reduce their risks by first prioritizing the types of known risks they face and preparing responses. Ultimately, you will need to determine whether inaction will lead to more losses than there would be if you had used resources to manage the situation.

3. Risk retention

Also called risk acceptance, risk retention occurs when organizations and individuals determine that they can accept a certain level of risk. Often, businesses may invest in certain projects if the expected profits are far greater than the assumed level of risk.

4. Risk sharing

When the risk is shared, it is distributed among multiple entities connected to a project or interest. In businesses, each involved participant owns a part of the risk, such as shareholders, multiple departments and third parties like vendors. As a result, all parties share in the losses or gains. In a small partnership, the owners share the risk. Alternatively, individuals buy insurance so that companies (and other customers) share the risk.

5. Risk transfer

Insurance companies also act as a conduit for risk transfer, in which a business pays a premium so that insurance companies will pay for damages and liabilities. In case of emergency, businesses can protect themselves financially, and insurance companies can pay for any settlements or repairs dealing with property.

Related: How To Use a Risk Assessment Matrix

Risk management examples

Some common examples of risk management can take the forms of the following scenarios:

Example 1: An individual avoids buying stock

If someone is considering buying stocks in a company because that company's shares have consistently increased in value for an extended period, there will likely be a time when those stock prices start falling. This is how the investor would assess the risk:

  • *What is the risk? There is a risk that those stocks can fall in value before newer investors plan to sell those stocks.*

  • *What is the probability that this stock price will fall? The investor may not have to calculate the exact probability, but they should weigh current factors, like eager sellers, company news, acquisitions and management changes. Factors like these can cause stock prices to fall. In this case, the company lost $20 million in value over the last month.*

  • *What are the consequences of falling stock prices? Any new investors run the risk of losing most of their investments if the stock prices were to fall.*

  • *How will you manage this risk? Considering the news about the company's value, the investor decides not to buy the stock, thus avoiding the risk altogether.*

Example 2: A company recalls defective products

There have been numerous reports of defects in the electrical systems of trucks sold by Silver Corp. So far, there have been 500 reports of electrical system failures, and most reports concern two truck models made in a three-month span. This is how Silver Corp. would go about managing its risk:

  • *What is the risk? At least 500 trucks have electrical problems. Of the trucks that have been examined, the problem can be traced to issues with the wires. The wires were all purchased in the same three-month span from a distributor.*

  • *What is the probability that there are more trucks with this problem? Out of the 24,000 trucks sold in one year, 800 of those trucks are from the two models, and problems arose from the trucks made over a three-month span. Based on this assessment, about 2,400 (10%) of the trucks may have this problem.*

  • *What are the possible consequences? Inaction may lead to electrical system failure or engine shutdown. This will increase Silver Corp.'s liabilities as consumers sue the company and fewer people buy the company's trucks. A recall will cost up to $10 million, but that is less than one-fifth of the cost to manufacture each of the 2,400 trucks that might be recalled, and doing the recall will establish more goodwill with customers.*

  • *How does this risk rank among other risks the company faces? Right now, this is a top priority.*

  • *How will you handle this risk? The CEO will conduct a recall, contact the National Highway Traffic Safety Administration and inform investors. Once recalled, Silver Corp. will replace the incorrect wires with the correct ones.*

Example 3: A company assumes a risk to complete a project

Dantech Software Co. is developing a new game console due to be released in a matter of months. One risk the company faces with the project involves a microchip.

  • *What is the risk? A microchip from a vendor might overheat if the console is in use for an extended period. Once overheating occurs, the entire system might fail.*

  • *What is the probability of system failure? Early tests indicate that system failure occurred in 3% of consoles.*

  • *What are the possible consequences? The company will give free repairs for any systems that fail within five years of the console's release. Each repair might cost $100 in time and labor, plus $25 for each chip that is replaced. This is about one-fifth of the expected revenues for each console sold.*

  • *How does this risk rank among other risks the company faces? Based on the expected severity of the problem, this is not the top risk. However, there is time to resolve the issue, especially as more consoles are manufactured to meet demand.*

  • *How do you plan to manage this risk? Dantech Software Co. will accept this risk, inform all shareholders and work with the vendor to resolve the problem with the microchip.*

Explore more articles