Thank you for Subscribing to Insurance Business Review Weekly Brief
Risk management is a set of activities that, if properly implemented and coordinated, allow controlling the organisation with regard to risks and opportunities, taking into account the organisation's area of operation.
In the medical area, for example, a certain risk that is not adequately and timely treated, can culminate in the loss of a life, on the other hand, in a classroom where a teacher is absent, the potential risk of loss of content can be easily treated with the replacement of the missed class or even with the re-planning of some classes in order to incorporate the workload of the class to be answered. Thus, adequate risk management must consider: the organisation's internal environment (and its complexity); setting goals; the identification, assessment and response to risks; the existing control activities, as well as information and communications, and the monitoring of activities and objectives (items that make up the analysis structure), which is fundamental for achieving the organisational strategic objectives. And why is it so important to have a guideline, here called a framework, for carrying out a risk assessment? Because risk is something inherent to any activity, but in some situations and in some markets, its exposure is greater than in others and, therefore, lacks analysis and a differentiated response and why not say, in some cases even avoided. "Adequate risk management must consider: the organisation's internal environment; setting goals; the identification, assessment and response to risks; the existing control activities, as well as information and communications, and the monitoring of activities and objectives" I witnessed a situation in which a company had expanded and modernised its factory in a country that, in addition to having great consumption potential, was also strategically located, as it would allow exporting to the entire continent. However, a political decision taken months before the start of a project to expand the plant, made the company understand that some of the previously identified risks would not be likely to be mitigated to an acceptable level and took the decision to close its plant, ending its presence in that country, even if this means compromising its strategic objectives, such as increased growth, sales and market share. With the examples above, it is clear the need for a risk assessment that considers the area of operation, the activities carried out, the regulatory context, the impact of a materialised risk, among many other significant factors for the business. And that's why a risk assessment structure, in addition to being important, must be considered to build a solution that fits the needs of each company. And how to do this in practice, since risk management must be tailored? First, identifying the long-term objectives and, in parallel, identifying the categories or group of risks with greater exposure, which can range from the operation, through regulatory, financial, commercial aspects, among others. Once the risk categories have been identified, the next step is to assess their exposure, measure impacts, define risk appetite and consider existing controls to mitigate the potential materialisation of risks that, at the limit, may compromise the achievement of objectives and even the business continuity. Risk follow-up/monitoring is also a key success factor, since organisations are dynamic and risk factors can change over time. Thus, we conclude that evaluating, identifying and dealing with risks is essential for achieving business objectives, as well as for its success.