Introduction
In every organization there comes a time that not so easy decisions have to be made. It is at this time that the responsible people in that organization have to consider their steps carefully. Risks and uncertainty form the basis of either failure or success of every business. some risks taking have seen some organizations soar to unimagined heights of success while others have made an otherwise well-running business crumple down and consequently close or run themselves in unrecoverable losses. Nonetheless, risky decisions have to be made otherwise there will not be a development in organizations (Kinney, 1983).
Discussion
Risk management is all about the processes or procedures that are used by an organization in managing the risks therein. These risks are mostly in relation to the objectives of the organization. In risk management, there is the identification of the risks that can occur hindering or negatively impacting the achievement of organizational objectives. In enterprise risk management one has to evaluate the magnitude of risks involved in the business. The responses of strategies used are clearly determined. Management leaders in organizations have to monitor the progress of enterprise risk management in the organization (Shapira, 1995).
This venture can also be described as carrying out internal controls in organizations. There are two important frameworks of Enterprise Risk Management. They include COSO and RIMS. In this process, an analysis has to be clearly carried out. This is in relation to the environments surrounding the business organization. They include both the internal and the external environments. Management in an organization carries out strategies that deal with risks that are analyzed. There are various things that can be done in this case, they include;
- Reduction: this is whereby an action is taken to help reduce the impact of the risk.
- Avoidance: in this case, an organization avoids activities that will create risks.
- Insure: there is the transference of a part of the risk to aid in its reduction.
- Accept: in this stage, an organization accepts that nothing can be done due to the costs involved.
Risky decisions in the majority of organizations are made by people in managerial positions. It is important to note at this juncture that there are very scanty studies done that show how managers make risky decisions. However, it has been established that risky decision-making has always been a challenge to managers due to a lack of sufficient information and specific objective data. Consequently, managers are more often forced to make a decision based on scanty information they are presented with and or mostly based on gut feeling (Libby, 1981).
12 managers of Swedish forest industry were interviewed and despite being provided with information and computer-based decision tools none of the decisions they made were formally made or considered, but decision making was a question of what appealed to the managers. The managers confessed that though they used excel to analysis some data, the results ended up being ignored and business feelings prevailed over the data analysis.
Many risk takers either on individual and or corporate levels depend on their feelings to make risky decision which is sometimes a waste of time and resource because there is always some data collection at whatever level which goes to waste when no one uses it. Depending on the type of organizations, some risky decisions are made bureaucratically while others are made as a result of consultation (Keeney, 1992).
There are companies that combine both the centralized and decentralized way of decision making but this is mainly determined by the seriousness of the risk at hand. Decision making at the top level management is normally fast but at a more risk situation since a lot of information that would have been collected on the ground level is neglected or ignored as opposed to the decentralized way where many people including very resourceful subordinates are involved in making decision and therefore the risk of losing is minimized or avoided.
It is however important to note here that some subordinates fear rising important points that might not be favorable to their seniors, as a result objective data is not presented and so by the end of it all risky decision are not avoided. Apart from the above some decision making policies there are other organizations that are guided by the set organizational core values put in place. These values guide decision makers on which risks they should take or which to avoid. In such companies there is freedom of making decision either on subordinate level or at the very top management level so long as the decision are within the stipulated rules and regulations (Shapira, 1995).
Risk as defined by managers who are mostly decision makers is basically a situation where though an outcome can be predicted, it can never clear. Depending on the type and size of an organization, risk is relative. There are some organizations which to them investment risk is more of a risk than technical risk. There are thus types of risks that affect certain types of organizations more than others. Other types of risks include financial, commercial, company acquisitions and mergers etc.
Who consider a type of a risk more than others though it could be predicated? Risks also are determined by the stage that a company is in; there are risks that at the start of business could be very risky but as organizations grow and develops those kinds of risks ceases to be risks. However it is important to note that companies and organizations will always be faced with different kinds of risks as the organizations enlarge and change because there will be always need for adjustments be they in change in technical facilities, new products developments, management change, new personnel etc (Payne and Johnson, 1993).
As a result, there will always be new risky situations arising that the management and subordinates will continuously have to deal with especially in this era of fast technological and professional advance.
It is interesting to note here that despite the risks involved, most managers still do not trust figures and data available but instead trust in their gut feelings and therefore most decisions that are made however important and risky are not based on any method of data analysis. One credit officer manager who sought anonymity said that he has most of the time ignored all the bank statements presented to him by loan seekers but instead used his feelings to give out loan. “ most of the loan seekers that I have trusted despite their papers not being right have paid off their loans better than the ones whose bank statements attracted me” said the credit officer” of Barclays bank in South Africa (Nottingham, 1997).
However much risk taking is indispensable and necessary at some point in any given organizations, there are situations where risks have to be avoided. Several options would need to be considered before any risky decisions are made. There are many ways of avoiding direct risks though this is dependent on the amount of accurate information available and also anticipated repercussions. Organizations can avoid getting into risky situations by analyzing data carefully, forecasting the possible occurrences and mobilizing experienced personnel who are better placed to deal with the situation in other ways or make more accurate decisions.
If envisaged consequences are more than an organization can bear, the wise thing would then to completely avoid the risk. However there are ways to go round it and this includes insuring the risks, ensuring the risk is shared by those involved in the deal, they could be suppliers of good and or services by taking advantage of warrantee for good bought, and probably an organization could buy sample goods or give sub-contracts to first experience the outcome (Bell and Raiffa, 1988).
Risk avoidance is obviously done to increase gain. It is universally agreed that no matter the level of risk, the situation is always like no risk, no gain. Risk is thus related to gain no matter how looks at it. The question therefore is always how much risk should one take? Should high returns influence someone to take high risks without considering the losses involved? Those become questions that organizations have to ask themselves before venturing into any risky business. It is upon the organizations to consider the amount of gain they need to make in a given time and therefore decide with risk to take.
Recommendations
The following is a plan that can be used in any organization to help in management of risks. It is based on Committee of Sponsoring Organizations of Treadway Commission recommendations.
Internal environment
The basis of the risks involved in any business is influenced by organizational tone. An organization has to review its philosophies. This is in relation to how they affect the risks therein. This includes a research on the integrity of employees and people in this Company.
Preventive Internal Controls
Objective Setting
In this case, an organization has to clearly evaluate its objectives. This really helps an organization to identify other activities that may hinder achievement of these objectives. The Management has to put in place distinct processes that will help in setting of organizational objectives. Objective setting by the management can be done in the following ways.
Strategic
This is whereby the management of an organization sets goals that are high level in nature and those that support its mission as a company.
Operations
The objectives set have to be very effective such that the resources in the Company are efficiently used.
Reporting
Research indicates that there has to be reliability in reporting the objectives to the entire organization.
Compliance
When the management in the company puts in place objectives, they should comply with regulations and laws therein.
Detective Internal Controls
Event identification
After an organization has set its objectives clearly, it has to carry out identification of both internal and the external events. These events should be those that will affect the achievement of set objectives. In this stage, a Company has to distinguish opportunities and risks therein. Then they have to be channeled or incorporated in objectives.
Risk assessment
The Company has to ensure that both the internal and external risks are analyzed. This Company has to consider the impacts that the risks would have on the Company. Therefore it has to carry out an inherent and residual risk assessment (DeLoach, 2000).
Corrective Internal Controls
Risk response
A Company should select the responses that it will have in relation to the risks. This can be done through avoiding activities that would encourage or influence the occurrence of risks. The other way in which a company can deal with risks is by accepting the whole situation. This is especially in risks that a company cannot afford to deal with. Reduction can be carried out by management in this company to ensure that the impact of the risk is not felt at large by the company.
Control activities
In this stage the Company can put in place policies and procedures that will help management in organization to deal with the risks. This will help the Company to have effective risk responses.
Communication and information
Human resource management has to identify relevant information in relation to the risks and capture it. This information has to be disseminated from management to employees to ensure that they carry out their responsibilities well. This information includes possible risks that can affect functioning of this Company. The management should ensure effective communication is carried out broadly. This can be done upwards, where employees give management information concerning the challenges that they encounter that might enhance risks to occur. It can also occur downwards, whereby it is from management to employees. Information can also be communicated across the organization (Brown, 1999).
Monitoring
A Company has to carry out monitoring in risk management. At this stage it is necessary for management to make the necessary modifications. This can easily be done through evaluation of management activities in the organization.
All these processes do not necessarily influence each other. Each stage can be carried out on its own.
Preventive solution
Preventive solution that can be used in a Company is to ensure that systems therein are updated. Organizational learning should be carried out which will help employees to avoid activities that will cause the risks to occur. Management should carry out evaluation of Company’s activities on a weakly basis and also carry out corrective measures (Andersen, 1998).
Conclusion
Uncertainty is certain since no one knows the future but accurate prediction can help organizations take or avoid risks accordingly. It is important for decision makers to thus adopt methodologies that will help them in decision making. Use of computer based tools will go a long way in making sure that they make more informed and analyzed decision. Use of gut feeling in decision making as traditionally has been the case has many loopholes that can be sealed by using data analyzing tools. However there are challenges that affect mostly the decision making party (Payne and Johnson, 1993).
One of them is lack of sufficient knowledge of how data analyzing tools work, since there is no formal education of decision making, decision makers find themselves in precarious situation every time they are faced with a decision making situation.
As a result, most of them naturally tend to make decision out of information available to them and since most of them to analyze the information, they therefore don’t trust the info and it becomes difficult for them to use the data for decision making. Again since data analyzing tools are yet to be fully developed and are thus are not vastly used, many managers may not be conversant with them and therefore they can use or at least trust them. There is thus need for development of data analyzing equipments that will help managers to identify between real data and imaginable data and that way they will be better informed to make better decision and subsequently take or avoid risks
References
Andersen, A. (1998): Operational Risk and Financial Institutions; London; Risk Books.
Bell, D. and Raiffa H. (1988): Decision making – Descriptive, normative and prescriptive interactions. Cambridge University Press.
Brown, G. (1999): Corporate Risk: Strategies and Management. London: Risk Books.
DeLoach, J. (2000): Enterprise-wide Risk Management: Strategies for Linking Risk and Opportunity; London; Financial Times.
Libby, R. (1981): Accounting and Human Information Processing- Theory and Applications: Prentice Hall, Engelwood Cliffs.
Keeney, R. (1992): On the foundations of prescriptive decision analysis: Academic Publisher, Boston.
Kinney, Jr. W. (1983): A Note on Compounding Probabilities in Auditing- Auditing: A Journal of Practice and Theory: Spring, Vol 2, (2).
Nottingham, L. (1997): A Conceptual Framework for Integrated Risk Management, Members’ Briefing Publication 212–97. Ottawa; Ontario; the Conference Board of Canada.
Payne, J., and Johnson, J. (1993): The adaptive decision maker: Cambridge University Press.
Shapira, Z. (1995): Risk taking: a managerial perspective, Russell Sage Foundation, New York.