Forbes India 15th Anniversary Special

Risk management, a strategic imperative

Creating a sound risk culture is key to business success

Published: Mar 23, 2017 05:45:38 AM IST
Updated: Mar 8, 2019 04:05:01 PM IST


Risk management, a strategic imperative
“What we anticipate seldom occurs; what we least expect generally happens”— Benjamin Disraeli’s words best capture the business reality of today. It is a deeply unsettling era—disruptions have become the order of the day and organisations, big and small, cannot afford to be complacent any more.

Risks have always been concomitant with business activities, but the VUCA environment of today has reshaped the threat landscape, making it all the more unpredictable. And securing tangible and intangible assets—an imperative for stability—is turning into a major challenge. Globalisation, proliferation of technology, and availability of humungous bytes of data are adding to this complexity.

A wide gamut of scenarios could pose a risk: it could be financial crises, environmental disasters, regulatory violations, and data theft, among others.

Reputational risk
Reputation is undoubtedly an organisation’s most valuable asset and any development that brings the company under the scanner is sure to dent its standing in the market. The Maggi fiasco is a case in point. The product was taken off the shelves after it was declared ‘harmful’, and this deeply damaged both Nestle’s brand image as well as profits. A poor handling of the issue by the company’s PR, coupled with customer backlash on social media, worsened the situation. Today, social media has created a more inclusive world where customers can openly voice their opinions, and in the process make or break a brand. To protect brand reputation in this volatile environment, companies need to devise exhaustive risk-mitigation strategies and plans for diligently handling such situations.
Corruption and corporate fraud can also erode brand value. Following the diesel emission scandal in 2015, Volkswagen was slapped a penalty of $18 bn in the US and $12.31 mn in South Korea. They also found it hard to restore their market reputation.

External risks
A company is susceptible to various forms of external risks, and one of them is climate change. It has gravely affected economies worldwide—in India, erratic monsoon has severely impacted agricultural output. According to the Global Risks Report 2016 by the World Economic Forum, failure of climate change mitigation and adaptation is the top risk in terms of impact. Assessing how climate change could possibly affect your business and drawing up a risk management plan will help create a sustainable future.
The most unpredictable yet, most damaging form of risk is terrorism. In January 2015, Charlie Hebdo, a French satirical weekly magazine, suffered one of the worst terrorist attacks that killed more than 17 people. It is time companies should consider the high probability of such situations and be mentally prepared to handle it.
Changing political equations at a global level or financial crises such as the one in 2008 could also threaten the foundation of businesses.
Cyber threats
There is an increasing dependence on IT and data to ensure growth and this is leading to a high incidence of cyber-security breach. Such attacks could strike at an organisation’s operational stability and dent brand image. These could also put at stake various stakeholders and a massive treasure trove of data—financial details, R&D records, customer information, and so on.

Cyber-attacks have been continuing to escalate in frequency, severity, and impact, the world over. According to SophosLabs, India is among the top five countries with the highest percentage of endpoints exposed to malware attacks and hence more prone to cyber attacks—it has a TER (threat exposure rate) of 16.9%, as of 2016. From a global perspective, according to Kaspersky’s KSN Report: PC Ransonware in 2014-2016, the number of users attacked with crypto-ransomware increased 5.5 times, from 131,111 in 2014-2015 to 718,536 in 2015-2016. In 2015, 72% of Indian companies faced cyber-attacks as revealed in KPMG’s Cybercrime survey report. Recently, a circular was issued by the Reserve Bank of India asking banks to launch cyber resilience initiatives on various fronts—people, processes, technology, and governance. This move was aimed at protecting their own data and infrastructure as well as ensuring the safety of customer information.

Prevention and detection methods have proved largely ineffective and many organisations are finding it hard to combat highly skilled and aggressive cybercriminals. Fighting cybercrimes should not be a one-off activity, but a continuous process.

Strategic imperative
While there is no escape from the reality of an impending risk, it is important to take diligent steps towards managing it. Risk management entails identifying potential dangers; assessing, analysing, and quantifying them; and implementing measures to thwart them or minimise their negative outcome. For instance, cyber frauds involve the use of highly sophisticated technology and are difficult to detect, most of the time. The best way out is to perceive cyber-security as a strategic issue, and factor it in the risk management process. The company’s assets should be classified and protection ensured depending on the risk involved. 

A risk-alert culture should be created and employees trained and mentored to embrace it. Risk management should be on every board’s priority agenda, and they should understand that risk and opportunity are two sides of the same coin. While operating in a hyper-connected world, you may be caught unawares despite adopting the right measures—an agile mindset is the best answer.

The Awards
Navigating a world fraught with vulnerabilities demands more than just a strategic plan. Building resilience demands a judicious mix of nimbleness and business intelligence.    

The India Risk’ ‘Management Awards , instituted by ICICI Lombard and CNBC-TV18, acknowledge those who pursue robust risk management practices. In its third year now, the awards recognise individuals, organisations, and teams that have made significant contributions to the understanding and practice of risk management. The awards, to be decided by an independent panel of experts, offer organisations a chance to showcase their best products, projects, and people.