Tactics and risk management strategy. Methodological issues of risk management

Tactics and risk management strategy. Methodological issues of risk management

  • Why is it especially important to systematically manage risks today?
  • Classification of risks for practical application
  • How to structure risk management work
  • Which of your managers is responsible for which risks?

The crisis brought questions to the agenda risk management strategies: this is something that should be considered by the top management of almost all companies planning to survive. Until autumn, risk management in a formalized form existed only in large Russian companies and financial institutions, and companies ranked lower in business success ratings (in terms of turnover or capital) generally considered risk management to be something like another foreign fashion, beautifully named, but completely useless. At the same time, there is no doubt that companies that continue to conduct operations and invest in their future in the current unfavorable environment have, albeit not formalized, albeit fragmented, but at the same time successful risk management. It’s just that managers call this activity not risk management, but labor protection, the implementation of quality standards, environmental management, personnel loyalty checks, economic, physical or information security, insurance, hedging, reservation and inventory formation, and so on.

At the same time, few of these “risk managers willy-nilly” imagine to what extent he has the right to take risks in his position, what is the company’s general level of sensitivity to losses and financial losses, and what is the threshold of loss beyond which the company will go bankrupt or change ownership. . I recommend that any firm today conduct a risk management assessment of its operations, even if the enterprise does not have the ability to keep a risk manager on staff. The following tips will help you organize your risk assessment work.

Every time we make a mistake, we must draw certain conclusions in order to turn it in favor. So, your colleague from St. Petersburg formulated personal rule, after spending 2 million rubles on a business that did not work. Thanks to his rule, he was able to start three new businesses over the next two years and discard a dozen ideas in time.

In the article you will find 4 more stories of your colleagues that will benefit the business.

Risk classification

Risks are classified by levels possible consequences in descending order of catastrophicity (vertical classification), as well as by the nature of their origin (horizontal classification).

The vertical classification of risks is directly related to the definition of those who are able to manage risks.

Vertical classification of risks
Type of risk Description
Supranational (global) climate change (eg. global warming), pandemic, epizootic (for example, bird flu), global financial crisis, etc. - that is, situations that no country, no company can influence. Risk managers (regulators) in this case (despite the fact that there is no global legislation) are state associations (UN, G20, etc.)
Country (sovereign) This is the level of risks of an individual state: man-made and transport disasters, military operations, brain drain, alcoholism, drug addiction, population aging, demographic problems, etc. At this level of the risk manager are the first persons of the state, the government, central bank etc.
Corporate This is the level at which risk management has historically emerged. This includes all the classic risks - defaults, investment risks, project, operational, etc. Risk managers are the owners and first persons of the enterprise (General Director and key top managers).
Personal This is the level at which each of us is a risk manager. And the risks are corresponding - the risks of the city in which we live; the way we travel to work; medical institutions where we are treated; the risk of losing a job, etc.

There are more than 20 risk classifications corporate level. I consider the following classification to be the most focused on the real sector, the simplest and most logical.

  1. Strategic risks hindering the achievement of the company's long-term goals. As a rule, they are associated with global projects that require large investments - the introduction of an ERP system, the construction of a new production facility, etc. If such a risk materializes, the company may be on the verge of default in a fairly short period of time.
  2. Financial risks are dangers associated with money: insufficient liquidity, fluctuations in exchange rates, stock indices, changes in interest rates, etc. The lists of these risks are similar for everyone: from large oil and gas companies to a grocery store located across the street from Your house.
  3. Operational risks associated with daily work: production process, technologies, IT, mistakes or disloyalty of personnel, transportation of goods, finished products, etc.
  4. Risks of dangers and threats. These are mainly external risks - floods, fires, explosions, hostile takeovers, lawsuits, etc.
  5. Legal risks associated with the compliance of your activities with legal norms, industry standards, labor protection norms, general and information security rules, environmental standards, etc.
  6. Emerging risks (re-emerging). This category includes, for example, genetically modified products, mobile communications (we are the first generation to use mobile communications, and it is not clear what will happen to our children and their children because of this), nanotechnology, etc.

In fact, you can classify risks in any way that is convenient and understandable to the owners and management of the company - even based on the organizational structure of your company (for example, sales department risks, financial management risks) or on the distribution of powers between managers (for example, shareholder risks, CFO risks) . The main thing is that in the end everyone clearly understands what kind of risks we are talking about. Classification is needed only for the convenience of grouping the identified risks and assigning those responsible - the so-called risk owners.

  • Risk management system: the essence of risk management in a nutshell

Glossary

Risk is the threat that any event or action will adversely affect the ability to achieve the desired business result, implement goals and (or) strategic plans (COSO ERM and AS/NZS 4360:2004 standards).

Risk is a random event that has two characteristics: the probability of the occurrence of the event and the damage (benefit) as the consequences of the occurrence of this event.

Risk management is the process of identifying critical risks, assessing their impact, developing and implementing a comprehensive risk management solution that combines strategy, personnel, processes and technology.

Risk management - in impact on the risk, leading to a change in the characteristics of the risk - a change in the likelihood and (or) a change in the consequences

Top 10 Risks

Ernst & Young's annual Business Risk Survey is based on a survey of company executives. Here are the risks they believe are most important today:

  1. Crisis in the lending market (+1).
  2. Non-compliance with legal requirements (-1).
  3. Deepening recession (a new type of risk).
  4. Radical greening (+5).
  5. Increased competition from non-traditional industry participants (+11).
  6. Cost reduction (+1).
  7. The struggle for talented specialists (+4).
  8. Making alliances and deals (-1).
  9. Obsolescence of business models (a new type of risk).
  10. Reputational risks (+12).

Risk management strategy

Identification of risks

At this stage, you can use classical methods, such as questionnaires and surveys of key employees and top managers of the company, meetings and brainstorming sessions to identify risks, risk benchmarking (adaptation of risks inherent in the industry for your company). The main thing is to identify what events of any nature can be catastrophic or dangerous for the company. As a result, you will be able to make a list of risks for your company.

Risk assessment and prioritization

The risks included in the preliminary register should be thematically grouped. Next, it is necessary to determine common risk assessment scales for two main parameters - damage and its probability in the period you are interested in. The time horizon is chosen, as a rule, in accordance with the budget cycle or the strategic planning cycle. A single scale is determined in a currency convenient for you (the one in which the company maintains management accounting and reporting or in which the largest number of contractual obligations are nominated). It is important that all risks, regardless of their type, be evaluated in the same units.

Prioritization of risks should be carried out by the same experts who formed the initial list of risks. It is carried out by voting (secret or open - it depends on the assessment of what degree of frankness you need). As a result, you will receive estimates of the possible damage from the risk and the likelihood of its occurrence.

  • Currency risk management: how to protect your business from rising dollar and euro rates

For example, in your production there is a risk of an explosion in the oxygen shop. The production director approximately (most likely with a very small error) imagines how much it costs to dismantle the rubble, build a new workshop, and purchase equipment. Suppose the risk is expertly estimated at one million US dollars. This millionth risk multiplied by a 10% probability is worth $100,000, and if the probability of an explosion is 50%, then the risk is $500,000. , which will be required for all activities preceding the launch of the workshop. It is also necessary to assess how long the company will be able to pay wages to idle employees, what penalties will be charged for outstanding loans, and how quickly the company will be able to repay them.

The result of this stage of work will be a corporate risk register. In it, the risks will be arranged in the form of a kind of hit parade - in descending order by a weighted assessment of damage. For a better perception of the resulting picture, you can build a two-dimensional risk map: on one coordinate axis the probability of a risk will be displayed, on the other - financial damage, and on the map itself risks will be given in the form of points (you will receive the coordinates of these points from the results of the assessment and prioritization) ( cm. rice.).

Without a proper risk assessment using common units of measure in prioritization, you can become hostage to the most charismatic, most persuasive, or most educated unit manager, the “risk owner,” who can eloquently and convincingly prove that his own risks (for example, worn-out main funds from the director of capital construction, “nonsense” and terrorists from the head of security, the inability to raise funds from the financial director) - all risks, risks and measures to manage them need to be financed first of all, in full and with the maximum possible budget.

Comparison of risks with the "sensitivity level" of the company

The resulting risk register needs to be compared with the "level of sensitivity" of your company to risks. This level is also determined by experts based on the possible size of the loss: which company can withstand and which cannot. Comparison will help to identify which risks on the time horizon you have chosen are small (in the classification of risk managers - “up to the level of tolerance”), which are significant (between tolerance and “pain threshold”), and which are catastrophic and can lead to the collapse of the business (above the "pain threshold"). Risk management depends on this: it is important to understand which of them should not be paid attention to, which ones should be dealt with by the company's management, and which ones are within the competence of business owners.

The first cycle of risk management, of course, will not reveal absolutely all the risks and threats that accompany the activities of your company. But each next cycle will give more and more reliable information. Understanding the main risks and setting priorities is definitely a help to managers and owners of companies in times of crisis that will inevitably end.

Doctor of Economics, Professor St. Petersburg branch of the Higher School of Economics

In their business activities, non-financial companies are exposed to various kinds of risks. At the same time, they seek to eliminate (exclude) risk factors that adversely affect their value.

In this study, risk elimination (Risk Response Planning) is understood as a set of strategies, methods and tools (methods) for minimizing the negative consequences of risks in a company.

In the process of eliminating risks, the company develops strategies (methods, tools) that reduce the negative impact of risks on its key economic indicators (KEP). At the same time, the company is looking for such management decisions that provide a certain compromise between achieving the KEP and the threat of potential losses (losses). The search for an acceptable risk allows assessing the impact of risks, concentrating and distributing resources, and developing an appropriate risk elimination program aimed at preventive and subsequent impact on the risk.

The main goal of eliminating risks in a company is to bring the identified and assessed risks to an acceptable level. The concept of acceptable risk replaces the approach to the definition of "absolute safety", which, as a rule, is used in various branches of engineering and technology. In accordance with the “absolute safety” approach, it is considered practically possible to exclude any possibility of a negative impact of risks for engineering, technical systems, hazardous industries, etc. In this case, the company focuses on the zero probability of risks. However, in practice, in the course of business activities, the company will not be able to completely eliminate potential risk factors that may lead to an undesirable scenario for the development of individual business processes - a deviation from the selected strategic business goals. Under these conditions, risk elimination is an important component of the company's integrated risk management system.

In a highly competitive marketplace, companies are forced to optimize their acceptable level of risk exposure. This allows it to consistently generate revenues that exceed the average market level (for example, by balancing risk elimination strategies that do not allow it to exceed a “critical mass” of risks).

Taking into account the noted provisions, the company develops the main procedures for eliminating risks (Fig. 1).

Fig.1 Enlarged block diagram of the main elimination process

risks in the company

Block 1. Determination of a company's risk tolerance is carried out in order to determine the propensity of managers, managers, shareholders and stakeholders to risks and their consequences.

Block 2. The choice of risk elimination strategies is made taking into account market conditions, the financial position of the company, the system of accepted contracting, the features of industrial and technical products, as well as the specifics of business activities, etc. Companies, as a rule, use (sometimes simultaneously) the following types of risk elimination strategies: a risk-free strategy, a risk-taking strategy, a preventive strategy and a follow-up strategy.

Block 3. Selection (determination) of risk elimination methods. To implement a particular risk elimination strategy, a wide range of methods (approaches) is used. The choice of one of them (for example, insurance or self-insurance) is based on a comparative assessment of their effectiveness and impact on the value of the company.

Block 4. Analysis and use of tools (mechanisms) for eliminating risks. At the stage of analysis of the instruments (methods) of elimination, the selected method is specified (bringing it to a clear algorithm), the performers and the necessary resources for the implementation of the relevant tools are determined (for example, the use of futures and options is justified for the hedging method).

Block 5. Planning the main process of eliminating risks involves the development of a set of control actions in the form of anti-risk measures and the necessary volumes and sources of funding for this.

Block 6. In the process of budgeting, the development of individual and consolidated budgets of the company (independent business units) is carried out, taking into account the approved limits.

Block 7. Evaluation of the effectiveness (effectiveness) of risk elimination is carried out in order to compare the achievement of the set goals (strategies) for eliminating risks with the costs of certain resources that support the integrated risk management system at a given level.

In the process of eliminating risks, the company develops a program of actions to optimize risk exposure: what needs to be insured, where self-insurance is possible, and how, based on a comparison of the benefits and costs of optimizing each type (class) of risk and taking into account the relationship between risks, a decision is made about their optimal level.

The main mechanism for achieving the goals of eliminating risks in the company are risk management strategies.

In accordance with the concept of integrated risk management, the following risk management strategies in the company are distinguished:

a risk-free strategy;

risk acceptance strategy;

· strategy of preventive influence on risk;

· strategy of the subsequent impact on risk.

Risk free strategy (risk avoidance) is effective tool avoiding the negative consequences of the company's business activities in the event that the likelihood of risk and the consequences of its impact have a significant impact on the company's assets.

Risk acceptance strategy applies when the company does not provide for any special actions in relation to a certain type (class) of risk. In this case, the company's management deliberately takes risks and develops the business until the losses from the consequences of the onset of risks lead to irreparable losses. Such a strategy also does not seem to be optimal due to the fact that the likely end result - negative profit - does not correlate with the main goal of the business. The main miscalculations in this case are the lack of a systematic analysis of the state of the market and its dynamics, risk factors, as well as a flexible response to changing conditions.

Strategy for preventive impact on risks is carried out in order to create conditions that exclude the appearance of causes and risk factors. In the process of implementing the strategy, measures are developed aimed at reducing the likelihood of losses (losses), as well as minimizing their consequences.

Risk follow-up strategy is developed in order to create conditions for reducing (minimizing) the impact of the consequences of the implementation of a risk event on the company's activities.

The choice of one or another risk elimination strategy is determined by the overall business strategy of the company. So, if a company focuses on conquering the market, then, as a rule, the second and third risk management strategies are used. If the company focuses on maintaining its current position in the market or on ensuring its financial stability, then the first and second strategies are most often the choice.

In their business activities, companies are exposed, as already noted, to systematic and specific risks. Moreover, specific risks in the general list (catalog) of risks of the company are about 70-80%. Under these conditions, companies seek to eliminate risk factors that affect their projected cash flows. In this regard, such cash flows will be much larger for companies that use elimination methods (tools). They will significantly reduce the cost of debt financing, since the risk of default depends on both specific risks and market risk. The share of debt that a company can use to finance its operations may increase due to a decrease in the impact of specific risks.

Eliminating risks primarily increases the value of relatively small companies, whose capital is concentrated in the hands of a small number of majority shareholders, as well as for companies with significant debt obligations and the current costs of a potential default.

In the process of eliminating risks, it is necessary to consider the potential costs and benefits of elimination (ie, those risks are eliminated when the benefits of elimination exceed the possible costs).

Eliminating risks in a company has both explicit and implicit costs, which vary depending on the eliminated risk and the method (tool) of elimination. It should be noted that some risk elimination procedures are integrated into standard investment and financial decisions that companies make under conditions of uncertainty. In this case, the degree of influence of the integrated risk on the company's business activities is determined by the assets in which the investment is made and the financing schemes used.

Part of the integrated risk can be eliminated by the investment decisions that the company makes. Investment decisions can affect not only company-specific risks (for example, type of process equipment), but also systematic risks. In this case, the company diversifies its business in many directions in order to reduce the volatility of income, which makes the company more stable.

Companies can influence integrated risk through their financial decisions. Under these conditions, companies seek to optimize financing schemes (for example, by borrowing and acquiring assets in a single monetary equivalent). Failure to meet this condition increases the risk of default and the cost of debt financing, which will ultimately increase the value of the company as a whole. Sometimes companies that believe that short-term rates are low compared to long-term rates may borrow short-term cash to finance long-term investments with a view to moving on to long-term debt.

Explicit costs are costs that can be determined specifically for the forecast period (for example, insurance coverage costs, options costs, etc.).

Implicit costs relate to costs that may or may not be incurred (for example, the use of forward or futures contracts). A company that buys a futures contract to lock in the price of its products may not face immediate payments, but it will have to forgo potential profits if product prices rise.

The greatest efficiency of the risk elimination system is provided in companies that have the following characteristics:

· high volatility of cash flows in the prospective period;

· the presence of high barriers to entry into the market (aerospace industry).

This is explained by the fact that risk elimination strategies are closely interrelated and determined by the company's business strategies (i.e. when making risky decisions, strategic goals prevail, not financial ones).

At the same time, reducing the level of risks leads to a decrease in the volatility of cash flows generated by the company, cost savings, and an increase in the value of the company.

List of sources used

1. Damodaran A. Strategic risk management. Principles and methods. Per. from English. - M.: I.D. Williams, 2010

2 Prakash Shimpi Integrating Corporate Risk Management. Texere, 2001

3. Shvets S.K. The system of integrated risk management in the company. - St. Petersburg: Ed. St. Petersburg State University, 2009


Collection of scientific articles
"Problems of interaction between business entities of the real sector of the Russian economy: financial, economic, socio-political, legal and humanitarian aspects",
St. Petersburg: , 2011

Over the past two years Russian business shrinks. Many small and even medium-sized companies are closing down. On the one hand, this is due to the aggravated systemic crisis of the ideology and policy of the state in relation to the institution of entrepreneurship. On the other hand, the external business environment has objectively become much more risky. This means only one thing - the time is coming when risk management in the activities of not only large, but also small companies should receive a serious systemic basis for achieving success in production, sales and development.

Overview of a comprehensive risk management system

Risk is an essential feature of entrepreneurial activity. In other words, entrepreneurship is directly related to the likelihood of certain threats, which is quite natural for this type of activity. In addition, the development of management activities, faced with growing conditions of uncertainty, has led to the isolation of a separate industry, called "risk management". It is worth noting that the modern concept of event flows in business, the phenomenon of tasks as the main means of management are closely related to the concept of risk.

Risk is a satellite aspect of responsibility. The responsibility of the executor of the task is considered as his ability to assess the likelihood of a favorable outcome of events, the right to accept the task for execution and complete it without referring to any problems. Under the problems here we consider the very undesirable consequences that arise as a result of the manifestation of risk. IN this definition Responsibility is the essential basis for managing enterprise tasks and associated risks.

The essential and integral nature of the task and threats must be able to transform into a modern expanded one. This is an area of ​​knowledge, tools and means that requires skills and abilities in the field of economics, finance, mathematical statistics, law and certain business sectors, for example, insurance. In modern theory and practice, various management models have been developed.

The key model is based on a systems approach that considers risk management as a set of interrelated elements and is complex. This management system is based on the overall strategy of the enterprise. The main goal of management is to ensure a balanced ratio of risk-return parameters in accordance with the approved strategy. Below is a model of an integrated risk management system in the form of a symbolic "house".

Scheme of interaction of elements of an integrated risk management system

The foundation of the system is its information base. The content part consists of management technology and its organization. The strategy and tactics of risk management are not formed immediately, but only after the identified threats have passed through the assessment and analysis procedure. The "building" is crowned by the purpose and strategy of enterprise management, focused on solving the following risk management tasks.

  1. Growth in capital intensity and business value.
  2. Maintenance and development of high production volumes, taking into account risk restrictions.
  3. Ensuring timely coverage of losses caused by threats using own funds.
  4. Maintaining the stability of the enterprise in relation to the main risk factors.
  5. Efficient allocation of company resources, taking into account perceived threats.

Development of risk management ideology

Risk management concepts are a dynamic enough environment to try out numerous assessment, analysis and regulation tools. Risk management methods are constantly evolving and improving. Even in the recent past, fragmented and episodic approaches to risk management have been used. They were based on the assumption that little could be done to predict and manage the level of threats and focused on mitigating or eliminating their effects. In other words, a passive approach to management was applied. Modern models are based on an active professional position that implements an integrated, continuous and expanded approach. The following is a diagram of the genesis of views on risk management over the past decades.

The scheme of changing approaches to risk management
Source: Economist Intelligence Unit, Managing Business Risks

The strategy for managing risk events is formed by the leaders of the enterprise. As a rule, all tasks solved by it are reduced to two main ones.

  1. Preserve the underlying capital (shareholder value) of the enterprise.
  2. Create additional capital (new shareholder value) for the company.

The ratio of these two positions determines the ideology of the attitude of the business leader to risk as such. Most businessmen have traditionally relied on risk management methods that underlie the static concept, considered classic. They remain relevant, because they provide, albeit not so significant, but sustainable development in the conditions of the required prevention and reduction of losses.

Over time, risk management as a doctrine began to change. In world practice, big capital has become more and more actively encouraging individual enterprises and businessmen to create a fundamentally new shareholder value. The practice began to expand when the states themselves began to take the risk of innovation. This is all the more relevant in the context of a slowdown in the global economy. Thus, an alternative, dynamic concept of control has arisen, which does not exclude at all, but only complements the static paradigm.

Two principal approaches to risk management tasks

Above is a diagram of the two principles and strategies of the described management doctrines. Management approaches differ in psychological attitudes. The variant of orientation towards development, charged with a certain optimism, must also be distinguished from the traditional Russian “maybe”. The emerging worldview of business people is based on a new position that assumes a reasonable level of probability of losses as a counterbalance to stagnation and a kind of index of initiative. The innovation is to manage both the process of identification, analysis, response, and the risks themselves. This holds the potential for new profits and business value.

Content of risk management technology

In any management paradigm, the concept of acceptable risk works, which has proven its effectiveness and works quite reliably. In this concept, three actions are consistently implemented: "identify", "evaluate" and "reduce", thanks to which the foundations of risk management are laid. Next, you are presented with a technology for managing risks in three large stages, which correspond to the three designated actions.

Technological model of risk management

Consider the stages of the sequence of management steps. You and I know that there is no risk without a decision to be made. When we set a goal, tasks, a decision is made. This means: identify, write, list the factors and conduct their primary analysis. This procedure is somewhat different from identification, which is applicable to any area of ​​activity: to a unit, process, project. Here we are talking about the risk for the company as a whole. In essence, this model is a risk management process. And the output of the first stage is the identified list of factors.

Before the second stage, the risk seems significant. After evaluating and analyzing the options, it appears to be less dangerous than the risk of an idea or design. This is due to our potential readiness for the emergence of a risk event and orientation in its significance. The first and second stages end with the output - “Analyzed and assessed risk level”. This level also seems to be quite significant and requires new actions.

At the third stage, the reduction of danger and threats is achieved. The strategic approach can be considered from several points of view. One of them is to choose methods of risk management, for example, to transfer responsibility for it. We will consider a different position on the strategy in the next section. Dealing with risk on a tactical level means, for example, starting to deal with it yourself.

At this stage, the psychophysiological aspect of the attitude of the head of the enterprise to risk is actively included. The psychological type of a leader is precisely manifested through the attitude towards threats: it can be either very cautious or adventurous, or demonstrate the ability to take justified risks. Naturally, extreme options are not favorable. Once a threat mitigation program has been developed, the end result is an acceptable level of risk. On the basis of the approved program, the stages of implementation, control and evaluation of the results of the decision are carried out. The results of the final assessment are used in the new technological control cycle.

Integration strategy and management principles

The choice of management strategy is not only related to the methods of responding to threats. Risk management in an organization from the standpoint of a systematic approach also provides for the choice of an integration strategy for managing risk events. Integration here refers to the inclusion of decision-making procedures in the functional and managerial interaction of business units and external actors activities: companies, experts and consultants. There are several types of integration strategy.

  1. Internal horizontal integration. All structural divisions of the company exchange information, participate in the assessment and management at the linear level.
  2. Vertical internal integration. A special coordinating service or position is created in the management of the company, through which information and conclusions are collected and consolidated.
  3. External vertical integration. There is a difference between downward integration (interaction with suppliers is formed) or upward integration (with consumers).
  4. External horizontal integration. Integration interaction is established with industry enterprises that produce an identical product and are not direct competitors.
  5. External diagonal integration. Examples of such a solution are cooperation with universities, research institutes, i.e. organizations that are not operators of the same market, but are included in the information or technological chain with other homogeneous subjects of activity.

The main principles of risk management that guide those responsible for management include:

  • mandatory compliance with the current strategy of the enterprise;
  • the maximum possible objectivity of decisions made in relation to threats, based on complete information, dynamics and assessment of the prospects of the environment in which the company operates;
  • economic feasibility of decisions made;
  • the level of profitability and financial capabilities of the enterprise, which must exceed the level of riskiness of transactions and operations;
  • continuity of the management process, which implies monitoring the development of events associated with threats at all stages of management, including monitoring and control;
  • extension of assessment and management to all hazards, even those that are beyond the scope of financial and insured risks and cannot be quantified at this level of development;
  • integration into the procedures for identifying, evaluating and managing all departments of the company and selected external partners.

Implementation of risk identification procedures

The stages of forming a list of risk factors are carried out according to a standard plan, which, as a rule, includes the following.

  1. Definition of goals and objectives of the procedure for identifying factors.
  2. Formation of a group of specialists-experts to identify factors.
  3. Building a procedure for identifying factors.
  4. Obtaining information about factors from experts.
  5. Analysis and processing of expert information about factors.

Let us give an example of the implementation of the first step of the presented algorithm. A variant of the goal could be to identify as many possible risks as possible in the preparation and implementation of a future solution. Tasks can be formulated by analogy with the composition of the positions of this stage of management technology, while it is immediately desirable to develop options for making decisions depending on the type of management activity. Below is an example of such an algorithm.

Alternative decision-making algorithms for identifying risks

Approaches to the formation of expert groups differ for small and large companies. In the first case, almost the entire staff can be involved in the examination, in the second it is more expedient to form expert groups, including top management, heads of departments and team representatives from among the leading highly qualified specialists (3-4 employees). Let us give an example of a procedure for identifying risks in a fairly large company. The following procedure is possible.

  1. The participants in the discussion are located in the conference room so that they can see each other. The responsible moderator is in the center, and his assistant is near the board or a sheet of paper to record the proposals made.
  2. All ideas expressed and assumptions about future adverse events should be recorded without any selection, no matter how unexpected they may be at first glance.
  3. The ideas and assumptions expressed at this stage should not be detailed and developed, it is enough to formulate them and give a brief description.
  4. In this method, the quantity, not the quality, of the ideas and assumptions put forward is important.
  5. Basic Rule group work- not to allow criticism of the ideas expressed, so as not to hamper the initiative of the participants.

After the collection of information on risk factors is completed, all of them are collected in a single list, go through the procedure of primary systematization and are transferred for analytical processing. For these purposes, special methods and tools are used to identify risks. Below is the maximum possible set of methods for conducting a thorough primary analysis of factors.

General and specific analytical methods used to analyze risk factors

General and special analytical methods used to analyze risk factors. Continuation

Response Models in the Risk Management Process

At the third stage of our technological algorithm, after assessing and analyzing the factors, we will have to answer the question: what does riskology offer methodologically in the context of ways to influence risks? Risk management methods include five scenario options for responding to identified and assessed threats. Let's consider them.

  1. Evasion or refusal. If the risk seems to be very dangerous, the best solution is to refuse it. The basis for making such a decision are the results of the analysis used in financial management. It is advisable to use certain boundary values ​​of the risk coefficient indicator, calculated as the ratio of the maximum possible loss to the volume of investments of own funds to eliminate it.
  2. Transfer or its special case - insurance. If the risk carries a slightly smaller threat, and we cannot avoid it, then it is better to transfer it to another person for a fee on the basis of an insurance contract, to other market participants. Examples are exchange transactions through the conclusion of futures contracts, option agreements, etc.
  3. Localization and its special cases: restriction, limitation. In certain situations, it is more convenient to limit the scope of the risk within the specialized divisions of the company or by developing internal regulations. This method does not require large capital investments, but involves painstaking work management to limit risks.
  4. distribution or diversification. One common way to mitigate threats is diversification, which is especially common in portfolio investments. This method is acceptable for use in relation to the risk of operating activities and other forms of investment activities. For example, in terms of investment sources, such as bank loans.
  5. Compensation. There are methods of working with risks that work to prevent the occurrence of threats. One of these methods is the compensation method. It uses tools for forecasting, strategic planning, monitoring of external and internal situations, creating reserves, etc.

Main methods of responding to identified risks

To support the choice of risk management methods, the question should be answered: when and which of the methods is recommended to be used? This goal is served by a matrix of risk management methods developed by experts depending on its probability and danger. This matrix is ​​presented below.

Risk Management Method Selection Matrix

Concluding this article, I want to recall its main points. Risk management in modern practice has a powerful methodological platform that is constantly being improved. The risk management system is in harmony with the company's strategy, is based on a special information platform and consists of technology and organization. The management ideology is evolving towards a dynamic approach to the concept of acceptable risk.

Methods for analyzing and responding to identified threats are implemented in a sequential series of stages of process technology, each step of which effectively reduces the level of threats and dangers. All this instills confidence that the management, which has undertaken the implementation of risk management, will immediately begin to receive effects, at first insignificant, and by the end of the project - significant. I express my faith and hope in this.

Many companies do not have a risk strategy at all, although all investment decisions depend on it and therefore it is vital for any organization to develop it.

From a management point of view, strategy is a long-term system of measures aimed at providing an organization with a long-term competitive advantage. The development of a strategy consists in choosing the most optimal direction for the development of the organization.

A good strategy identifies the types of risks that promise the company the maximum benefit, indicates the maximum amount of risk that it can take on, and the level of income required for this. It is up to the CEO, with the support of the board of directors, to formulate the company's risk strategy, and it is important that all employees understand the company's overall risk strategy.

In the conditions of modern market economy The foundation of a good risk management strategy is to take a strong position in the market and build an organization that is able to function successfully despite unforeseen circumstances, strong competition and internal problems.

To date, it is customary to distinguish three main types of strategy: portfolio, business and functional.

Portfolio strategy is the highest level of strategy. Portfolio strategy management involves the management of all enterprises and organizations that are part of the corporation, with the help of securities.

A business portfolio is a set of securities of subsidiaries owned by a parent company.

In general, portfolio strategy suggests:

1. Buying new companies.

2. Strengthening and expansion of the companies within the corporation.

3. Liquidation of unwanted companies.

4. Placement and control of financial resources.

5. Using the effect of unity of joint efforts available in the portfolio of enterprises.

Business strategy is a strategy at the level of individual firms that are part of a corporation or independently operating in the market.

The main task of business strategy is to provide your company with a long-term competitive advantage.

The implementation of a business strategy includes three stages:

1. Developing the right corporate mission.

2. Development of the vision and goals of the corporation.

3. Development of measures to achieve strategic advantages.

Functional strategy is a strategy at the level of individual divisions of the company.

The following points are important in a functional strategy:

1. Determination of the specific content of the structural unit.

2. Clear assimilation of the goals and objectives of the business strategy by all employees of the department.

3. Awareness by each employee of his place in the department and the place of his department in the company.

4. A clear delineation of the functions of all departments of the company.

5. Coordination of functions and unification of efforts of departments.

identify the following risk management strategies in the company:

A risk-free strategy (risk avoidance) is an effective means of avoiding the negative consequences of a company's business activities in the event that the likelihood of risk and the consequences of its impact have a significant impact on the company's assets.

The risk acceptance strategy is used when the company does not provide for any special actions in relation to a certain type (class) of risk. In this case, the company's management deliberately takes risks and develops the business until the losses from the consequences of the onset of risks lead to irreparable losses. Such a strategy also does not seem to be optimal due to the fact that the likely end result - negative profit - does not correlate with the main goal of the business. The main miscalculations in this case are the lack of a systematic analysis of the state of the market and its dynamics, risk factors, as well as a flexible response to changing conditions.

The strategy for the subsequent impact on risks is developed in order to create conditions for reducing (minimizing) the impact of the consequences of the implementation of a risk event on the company's activities.

28. Organization of control over the management of information flows and risks of distortion of consolidated and other reporting.

The task of minimizing the risks of material misstatement of the financial statements of an economic entity is solved by it within the framework of the internal control system.

The risks associated with the financial statements of an economic entity are due to internal and external factors that may adversely affect the organization's ability to generate, record, process and report information that accurately reflects its financial condition and results of financial and economic activities. The emergence of risks may be caused, in particular, by changes in the business environment in which an economic entity operates, the modernization of its information system, a rapid increase in the volume of activities, the introduction of new technologies, changes in the organization's management system, the expansion of foreign economic activity, changes in regulatory documents and others. circumstances.

Distortions in financial statements may be the result of errors (unintentional errors in the collection, processing of information) or fraud (deliberate actions/omissions of responsible persons)

There are two types of intentional misrepresentations:

    fraudulent preparation of financial statements (the goal is to mislead users of financial statements)

    concealment of misappropriation of assets (theft of organization property)

For financial reporting, an entity's risk assessment process involves management identifying risks associated with the preparation of reliable financial statements, assessing their significance and likelihood of occurrence, and making decisions about how to respond to those risks. As a risk is identified, management assesses its magnitude and significance and develops ways to respond. Management may conclude that it is not appropriate to respond to a risk, for example, because the costs of such activities are disproportionate to the magnitude of the negative effect to be avoided.

The effectiveness of an organization's internal control is greatly influenced by the extent and nature of its use information technologies(IT)

As a rule, the control activities associated with the accounting process include:

    conducting review checks. In particular, it can be a comparison of actual indicators with planned, forecast, indicators for previous periods; comparison of information obtained from internal and external sources;

    data processing. At the same time, control is carried out at the level of individual programs and the entire system of computer data processing in the organization;

    direct control. Examples include restricting access to assets and documents and inventory;

    distribution of responsibilities among employees, for example, initiating transactions, maintaining accounting records, ensuring the safety of assets.

Control monitoring involves ongoing monitoring by management to ensure that internal controls meet established parameters and are modified in accordance with changing circumstances. When evaluating the ability of internal control to prevent and correct material misstatements in the financial statements, it must be remembered that they provide only reasonable, not absolute assurance, that an entity's objectives will be achieved.

29. Control over information security.

constitutional rights and freedoms of citizens, enterprises and organizations in the field of informatization;

    the required level of security of information to be protected;

    security of systems for the formation and use of information resources (technologies, systems for processing and transmitting information).

The key point of the state policy in this area is the awareness of the need to protect any information resources and information technologies, the misuse of which can cause damage to their owner, owner, user or other person.

Normative acts of legal regulation of issues of informatization and information protection in Russian Federation include:

    Laws of the Russian Federation

    Decrees of the President of the Russian Federation and regulatory documents approved by these decrees

    Resolutions of the Government of the Russian Federation and normative documents approved by these resolutions (Regulations, Lists, etc.)

    State and industry standards

    Regulations, Orders. Guiding documents and other regulatory and methodological documents of authorized state bodies (State Technical Commission of Russia, FAPSI, FSB).

Federal laws and other regulations provide for:

    division of information into categories of free and restricted access, and restricted information is divided into:

    • classified as a state secret

      classified as an official secret (information for official use), personal data (and other types of secrets)

      and other information, the mishandling of which may cause damage to its owner, owner, user or other person;

    legal regime of information protection, mishandling of which may cause damage to its owner, owner, user and other person, as determined by:

    in relation to information classified as state secrets, by authorized state bodies on the basis of the Law of the Russian Federation "On State Secrets" (dated July 21, 1993 N 5485-1);

    in relation to confidential documented information - by the owner of information resources or an authorized person on the basis of the Law of the Russian Federation "On Information, Informatization and Information Protection" (dated February 20, 1995 N 24-FZ);

    in relation to personal data - by a separate federal law;

    activity licensing enterprises, institutions and organizations in the field of information security;

    attestation automated information systems that process information with limited access for compliance with information security requirements when working with information of an appropriate degree of confidentiality (secrecy);

    certification of protective equipment information and means of monitoring the effectiveness of protection used in the AU;

    entrusting decisions on the organization of licensing, attestation and certification to government bodies within their competence, determined by the legislation of the Russian Federation;

    creation of automated information systems in a secure design and special units that ensure the protection of information with limited access that is the property of the state, as well as monitoring the security of information and granting the right to prohibit or suspend the processing of information in case of failure to comply with the requirements for ensuring its protection;

    definition of the rights and obligations of subjects in the field of information protection.

30. Analysis and control of all types of risks in business.

A risk is any event or action in the future that could adversely or positively affect the achievement of an organization's business objectives. Risk in business is a potential existing probability loss of resources and loss of income.

Business risk:

a) is directly related to the management of the organization;

b) is directly dependent on effectiveness and validity taken managerial decisions.

The most important elements underlying the risk classification are

are:

Time of occurrence;

The main factors of occurrence;

The nature of accounting;

The nature of the consequences;

Sphere of occurrence, etc.

According to the time of occurrence, risks are divided into retrospective,

current and prospective. Analysis of retrospective risks, their nature and

methods of reduction makes it possible to more accurately predict the current and

prospective risks.

According to the factors of occurrence, risks are divided into political and

economic (commercial).

Political risks are the risks caused by changes in the political

business environment.

Economic risks are the risks caused by unfavorable

changes in the economy of the enterprise or in the economy of the country. According to the nature of accounting, risks are divided into external and internal. External risks include risks that are not directly related to the activities of the enterprise or its contact audience (social groups, legal and (or) individuals who show potential and (or) real interest in the activities of a particular enterprise). The level of external risks is influenced by a very large number of factors - political, economic, demographic, social, geographical, etc. Internal risks include risks caused by the activities of the enterprise itself and its contact audience. Their level is influenced by the business activity of the company's management, the choice of the optimal marketing strategy, policy and tactics, and other factors: production potential, technical equipment, level of specialization, labor productivity, safety. By the nature of the consequences, risks are divided into pure and speculative. Pure risks (simple) are risks involving only the probability of loss. This species contains only the danger of damage, without any possibility of gain. The causes of these risks can be natural disasters, wars, accidents, criminal acts, the incapacity of the organization, etc. Speculative risks (dynamic or commercial) are risks that involve the likelihood of both profits and losses. Reasons for speculative risks may be changes in market conditions, changes in exchange rates, changes in tax legislation, etc. The most numerous group according to the classification according to the sphere of origin, which is based on the spheres of activity. - production - an entrepreneur, directly using

as factors of entrepreneurship tools and objects of labor, labor

force, produces products, goods, services, works, information, spiritual

value for subsequent sale to the consumer.

Commercial - the entrepreneur acts as a merchant, selling

finished goods purchased by him from other persons to the consumer. With such

business profit is generated by selling goods at a price,

in excess of the purchase price.

Financial - a special form of commercial entrepreneurship, in which

the subject of sale and purchase are money and securities,

sold by the entrepreneur to the consumer (buyer) or provided

him on credit.

Intermediary - the entrepreneur himself does not produce and does not sell the goods,

but acts as an intermediary, a link in the process of commodity

exchange, in commodity-money transactions.

Insurance - it lies in the fact that the entrepreneur for

a certain fee guarantees the consumer (insured) compensation

possible loss of property, valuables, life as a result of unforeseen

disasters.

In accordance with the areas of business activity, usually

distinguish: industrial, commercial, financial risk, as well as the risk

insurance.

Production risk is the risk that an enterprise will not fulfill its plans and

obligations for the production of products, goods, services, other types

production activities as a result of the adverse impact

external environment, as well as inadequate use new technology And

technologies, fixed and working capital, raw materials, working hours.

Among the most important causes of production risk are -

possible decrease in expected production volumes, increase in material and (or) other costs, payment of increased deductions and taxes, low

supply discipline, loss or damage to equipment, etc.

Commercial risk - the risk arising in the process of selling goods and

services produced or purchased by the entrepreneur.

The reasons for commercial risk are: decrease in sales volume

due to changes in market conditions or other circumstances, an increase in

the purchase price of goods, loss of goods in the process of circulation, increase

distribution costs, etc.

Financial risk is the risk that a firm may not meet its

financial obligations. The reasons for this are: depreciation

investment and financial portfolio due to changes in exchange rates, failure to make payments; wars, riots, disasters, etc.

Insurance risk - the risk of an event stipulated by the conditions of insurance, in

as a result of which the insurer is obliged to pay insurance compensation (insurance

amount). Risk results in losses caused by inefficient

insurance activities as at the stage preceding the conclusion of the contract

insurance, and at subsequent stages - reinsurance, formation

insurance reserves, etc. The main causes of insurance risk are:

incorrectly determined insurance rates, gambling methodology

the insured; wars, riots, disasters, etc.

First, consider external risks that are not dependent on the entrepreneur.

Country risk is the risk directly related to

internationalization entrepreneurial activity. They depend on

political and economic stability of countries - importers, exporters.

The reasons for the country risk may be the instability of the state

authorities, features of the state structure and legislation,

inefficient economic policy pursued by the government, ethnic and regional problems, a sharp polarization of interests of various social groups and so on.

Currency risks are risks associated with changes in exchange rates.

The amount of foreign exchange risk is associated with the loss of purchasing power

currency, so it is directly dependent on the gap in time

between the date of the transaction and the moment of payment. exchange rate losses

of the exporter arise in the event of the conclusion of a contract before the fall in the exchange rate

payment, because for the proceeds the exporter receives less

national money. The importer, on the other hand, has losses when the exchange rate rises, because. its acquisition will require spending more national currency.

Tax risks are considered from two positions - an entrepreneur and

states.

The tax risk of an entrepreneur is associated with possible changes in tax policy (the emergence of new taxes, the elimination or reduction of tax

benefits, etc.), as well as changes in tax rates.

The tax risk of the state consists in a possible reduction in revenues in

budget as a result of changes in tax policy and/or tax rates. Internal risks, unlike external ones, are largely

determined by the erroneous decisions made by the entrepreneur,

due to his incompetence.

Organizational risk - the risk due to shortcomings in the organization

work. The main causes of organizational risk are:

a) low level of organization:

Planning and design errors;

Lack of coordination of work;

Weak regulation;

Wrong supply strategy;

Errors in the selection and placement of personnel;

b) shortcomings in the organization of marketing activities:

Wrong choice of products (no sales);

Goods of poor quality;

Wrong choice of market;

Incorrect definition of market capacity;

Wrong pricing policy (storage of goods);

c) unstable financial situation.

The main causes of resource risk are:

Lack of a margin of safety in terms of resources in case of a change in the situation;

Labor shortage;

Lack of materials;

Supply disruptions;

Lack of products.

Portfolio risk is the probability of loss for certain types of

securities, as well as for the entire category of loans.

Credit risk (the risk of debt default) is the risk of non-payment by the borrower

principal and interest on it in accordance with the terms and conditions

loan agreement.

Innovation risk is the risk associated with the financing and application of

scientific and technical innovations.

Qualitative analysis involves: identifying the sources and causes of risk,

stages and work, during the performance of which there is a risk, i.e.: establishing

potential risk areas; identification (establishment) of all possible

risks; identification of practical benefits and possible negative consequences,

that may occur during the implementation of a solution containing a risk.

In the process of qualitative analysis, it is important not only to establish all types of

risks that threaten the project, but also, if possible, to identify possible

loss of resources accompanying the onset of risk events.

The results of the qualitative analysis serve as an important input for

implementation of quantitative analysis.

Quantitative analysis involves the numerical determination of individual

risks and risk of the project (solution) as a whole. At this stage, the

numerical values ​​of the probability of occurrence of risk events and their

consequences, a quantitative assessment of the degree (level) of risk is carried out,

is determined (established) also admissible in this particular

stopping risk level.

The most common methods for quantitative risk assessment are the statistical method and the method of expert assessments.

The essence of the statistical method lies in the fact that statistics are studied

losses and profits that occurred in this or similar production,

the magnitude and frequency of obtaining one or another

economic result and the most probable forecast for

future. The main tools of the statistical method are: the mean value of the random variable under study, variance, standard (root mean square) deviation, coefficient of variation, probability distribution of the random variable under study.

This method requires a significant amount of data that is not

are always at the disposal of the entrepreneur, and the collection and processing of data

can get expensive. The essence of the expert method is to obtain quantitative estimates

risk on the basis of processing the opinions of experienced entrepreneurs or

specialists. This is especially effective when solving complex non-formalizable problem situations, when incompleteness and unreliability of information do not allow the use of statistical or other formalized methods for quantitative risk assessment. The disadvantages are: the lack of guarantees of the reliability of the estimates obtained, as well as difficulties in conducting a survey of experts and processing the data obtained. The most acceptable option for practice is a combination of statistical and expert methods.

31. Concepts, classifications of objects and criteria for corporate control of activities

QC is the result of the distribution of forces, positions, opportunities, power among the subjects of corporate relations.

QC is the totality of opportunities to benefit from the activities of the corporation.

Objects of the CFC - the financial flows of the corporation associated with operating, investment and financial activities

For KFK facilities:

Control over the activities of the corporation's business units

Control of financial responsibility centers

Operational control of business units

Control of investment activities of business units

Controlling the financial activities of business units

Criteria for internal control– Regulations on the ICS of the company, internal regulatory documents of the company.

Criteria for evaluating the activities of the internal audit service: - Organizational status (subordination only to the top management of the enterprise); - Functions (the degree of implementation by the management of the enterprise of the recommendations of the specialists of the internal audit service); - Competence (the degree of validity of the policy of hiring employees of the audit internal control service, further continuous professional training); - Professionalism (the degree of compliance with the order of planning, documenting the results of work, etc.). .

Internal Control Concepts: COBIT, SAC, COSO and SAS 55/78 Control Objectives in the Use of Information Technology (COBIT) standard developed by the Information Systems Audit and Control Association ISACA

System Control and Audit (SAC) report prepared by the Research Foundation of the Institute of Internal Auditors

· Report “Internal Control: An Integrated Approach” (COSO) prepared by the Committee of Sponsoring Organizations of the Treadway Commission

· Guidance on Considering Internal Control Structure in Audits of Financial Statements (SAS 55) approved by the American Institute of Chartered Accountants, as amended later (SAS 78).

The COBIT document (1996) is a systems approach that provides business process owners with the tools to fully and effectively fulfill their responsibilities for overseeing the security of information systems.

The SAC (1991, amended 1994) offers support to internal auditors in the control and audit of information systems and technology.

SAS 55 (1988) and SAS 78 (1995) provide guidance to external auditors on the impact of internal control on planning and performing an audit of an entity's financial statements.

COSO Concept: INTERNAL CONTROL CRITERIA

INTERNAL CONTROL- is a process carried out by the Board of Directors, management and staff of the organization, aimed at achieving reasonable assurance in achieving the objectives of the following criteria:

    Efficiency and efficiency of activities

    Reliability of financial statements

    Compliance with applicable laws and regulations

There are 5 components of the coso model

Control environment

Risk assessment

Controls

Information and communication

Monitoring

    Internal control functions to identify, assess and prevent unacceptable risks.

This type of risk refers to the likelihood that some events and actions may have an adverse effect on the object of verification.

For example:

Competence of full-time employees and compliance with their positions;

Falling competitiveness of manufactured products;

Complexity and variety of activities;

In developing an audit approach, the auditor takes into account a preliminary assessment of the risk of controls, as well as an assessment of the inherent risk in order to determine the appropriate detection risk that can be taken into account in relation to the assertions of preparing financial (accounting) statements, as well as to determine the nature, timing and extent of substantive audit procedures. In assessing the inherent risk, the auditor relies on his professional judgment to take into account the following factors: a) the experience and knowledge of management, as well as changes in its composition over a certain period

b) unusual pressure on management

c) the nature of the activities of the entity being audited

d) factors affecting the industry to which the audited entity belongs

e) accounting records that may be subject to distortion

f) the complexity of underlying transactions and other events that may require the involvement of experts;

All risk factors are subject to study and a weighted assessment of relative importance.

The risk of fraud of the auditor and the controller and reporting errors increases if:

1) the necessary work is not being carried out to eliminate shortcomings in the operation of accounting and control systems;

2) there is a significant understaffing compared to staffing IAS, accounting and legal departments;

3) there are unusual transactions, especially at the end of the year, that have a significant impact on the value of financial indicators (transactions with related parties or payments for services to consultants, lawyers, etc.) and look clearly inappropriate for the services provided;

4) there are incomplete files, ledgers and accounts with numerous corrections, business transactions not reflected in the accounting, there are no supporting documents, vague and unreasonable answers are received from the management and specialists of the audit object to the requests of controllers.

The inherent risk is assessed at the reporting level of the audited object. It should take into account the following additional factors:

1) the experience and knowledge of management, as well as changes in its composition over a certain period of time (management's inexperience may affect the preparation of reports of the audited entity);

2) unusual pressure of circumstances on the management of the audited object (for example, lack of working capital);

3) characteristic features of the economic activity of the object of verification (for example, the potential for obsolescence of manufactured products and services in the near future).

Risk management, which is usually considered as a system for managing risk and economic (primarily financial) relations that arise in the process of this management, includes the strategy and tactics of management actions. Under management strategy the directions and ways of using the means to achieve the set goal are understood. In accordance with the strategy, options for management decisions are selected and efforts are concentrated on the implementation of these options. When the goal is achieved, a certain strategy loses its significance, and new goals require the development new strategy. task management tactics is the choice of the optimal solution, management methods and techniques that are most appropriate for a specific economic situation.

Table 2 presents a classification of the main risk management methods for enterprises (firms). These methods contribute to reducing the overall value of the entrepreneurial risk of the enterprise. Some of these methods guarantee risk reduction in the long term, and some - immediately. Some methods can be characterized as measures of direct impact on the magnitude and probability of risk realization, while others can be characterized as measures of indirect (indirect) impact.

Risk Prevention Methods Risk Avoidance Methods Risk localization methods Risk Diversification Methods Methods to reduce the economic consequences of risk
Acquisition of the necessary information about the risk; Strategic planning of the enterprise; Active, targeted marketing; Forecasting the development of the external environment; Staff training and instruction; Implementation of preventive measures (anti-emergency, fire fighting, etc.) Rejection of unreliable partners; Search for guarantors of risky projects; Conservation of property; Dismissal of incompetent workers Creation of subsidiaries for the implementation of risky projects; Creation of special (with a separate balance sheet) structural units; Conclusion of agreements on joint activities for the implementation of risky projects Distribution of risks between participants of individual projects (co-executors); Diversification of sales and supplies; Diversification of investments; Diversification of activities; Distribution of risk over time Limitation; Self-insurance (stocking and reservation); Mutual insurance; Insurance

Table 2. Classification of risk management methods



In Russian economic practice, the methods of localization and risk avoidance are the most common. These methods are used by the heads of many enterprises who refuse the services of unreliable intermediaries, try not to expand the circle of partners, and work only with reliable counterparties. They prefer their conservation to leasing unused space, and the search for guarantors to insurance.

Business entities that use risk avoidance methods, refuse innovative and other projects, the effectiveness of which raises at least slight doubts. The method of "search for guarantors" is widely used by both small and large enterprises. Small enterprises use the guarantees of various funds (support for small businesses, market reforms, etc.), and large enterprises enjoy the guarantees of state and municipal authorities. The issuance of such guarantees to some extent contributes to the development of corruption and does not interest enterprises in taking measures to reduce the risk.

Risk localization methods allow the company to allocate the most financially dangerous stage or area of ​​activity into a separate structural unit or subsidiary (usually a small business). This method also allows the implementation of risky investment and innovation projects through the mechanism of agreements on joint activities. Manufacturing enterprises apply risk localization methods through the allocation of their trading departments (developed due to the need to sell goods received by barter), transport and repair and construction divisions into independent subsidiaries.

Risk Diversification Methods are more flexible, but in many cases difficult to apply management tools that are in a certain conflict with risk avoidance methods (for example, diversification of supplies and sales is possible when distributing supplies among many consumers, interacting with many suppliers, which objectively leads to an increase in the number of counterparties of the enterprise) .

Risk limitation

The main methods of limiting and reducing the economic consequences of risk are limiting, self-insurance and insurance. Limitation- this is the establishment of the maximum amount of expenses for one transaction, the norms for investing in one object, the limits of competence in making financial decisions by individual employees. It should be used to reduce the possible economic consequences of risk realization, especially with a rather complex and branched management structure for large facilities with branches and subsidiaries.

Insurance - it is essentially insurance held internally. In this case, the enterprise creates insurance stocks of raw materials, materials and components, reserve funds of funds, plans for their use in crisis situations are formed, free capacities are not used, a database is created about possible suppliers and buyers who have concluded agreements of intent to cooperate with the enterprise. The main task of self-insurance is to promptly overcome temporary difficulties in financial and economic activities.

Insurance is often considered in the literature as the main method of risk management. However, by its very nature, insurance cannot be an alternative to other measures aimed at reducing the risk of the enterprise (firm). Its historically and logically established purpose is to complete the system of intra-company (in-production) risk management.

In the risk management of enterprises (firms), two relatively autonomous blocks of actions should be distinguished - the organization of the fight directly with the dangers (risks) and the organization of the fight against the economic consequences of the realization of these dangers (risks). Fighting risks from a technical point of view can be in the nature of prevention (prevention) and crossing (repression). Actions such as the acquisition (collection) and analysis of the necessary information about the risk, forecasting the development of the external environment, active marketing and strategic planning of the enterprise, employee training, the implementation of emergency, fire and other preventive measures are aimed at preventing hazards. Because the preventive activity allows you to prevent the realization of risk (and therefore avoid financial losses), it should take precedence over repressive activities.

Repressive activities is aimed at reducing the economic consequences of an already realized risk. Its success in the enterprise (company) is predetermined by the readiness to take emergency measures, such as termination of contracts with unreliable partners, reduction in the number of personnel, liquidation of unprofitable branches, work of fire brigades to extinguish fires, rescue operations, repair of damaged power lines, hydraulic structures, overpasses, etc. In many cases, the success of repressive measures depends on the ability to quickly make managerial decisions (i.e., delegation of authority and responsibility in the management apparatus of the enterprise).

Even with the most effective organization of preventive and repressive activities, it is impossible to completely avoid damage from the realization of dangers (risks). The entrepreneur tries to protect his enterprise (firm) from possible damage primarily through self-insurance. It is obvious that the random nature of risk events makes self-insurance an insufficient method of dealing with them. Therefore, there is a need to organize insurance, associated with the variety of forms of manifestation of risk, the frequency and severity of the consequences of its manifestation, the impossibility of absolute elimination of its probability.

Since many risk management methods are not only complementary, but also alternative, based on a specific situation, each enterprise (firm) must make the most economically justified choice between them. The limited financial resources of the enterprise gives rise to the desire to reduce any costs. For an enterprise to make the right decisions in the field of financing activities related to risk management, the cost of risk should be taken into account.

Risk assessment

Under cost of risk should be understood as actual losses for the enterprise, the costs of their reduction, or compensation for such losses and their consequences. There are three main elements in the risk cost structure: the cost of risk control; the cost of the risk remaining on the responsibility of the enterprise; the cost of transferring risk to insurance.

The first and most important element is risk control cost m. Having developed an effective control program, it is necessary to ensure that this program fits into the general mechanism of intra-company management and successfully fulfills the tasks assigned to it. The risk control system must ultimately ensure the safety of people, property, information, as well as profit. Although the implementation of control measures generates associated costs, sometimes very significant, it should help reduce the cost of risk remaining on the responsibility of the enterprise and the cost of transferring risk to insurance. Thus, according to the applicable insurance rules, many insurers offer significant (up to 40-50% of the annual amount) discounts on payments to policyholders, motivating them to organize risk control and preventive measures. At the same time, savings on financing the creation of an internal risk control system can deprive an enterprise (firm) of the opportunity to shift the risk to insurance.

The second element is cost of risk remaining on the enterprise's responsibility, - is determined by the amount of actual direct and indirect damage from the risk, not compensated by the insurer. Usually, all insurers in the insurance rules provide for cases in which the insurer is not liable for the death and damage to property. In such a situation, the company itself covers the losses. It may also not insure part of the risks (or all risks) and provide self-insurance for them. In any case, the company needs to keep statistics, take into account, analyze the results of self-insurance. Since any business entity is interested in the continuity of production, confirmed by various risky circumstances, in the conditions of the crisis of the Russian insurance market, the boundaries of self-insurance can significantly expand. In this regard, the share of the cost of risk, which remains the responsibility of the enterprise, in the total cost of risk may increase.

And finally, the third element is cost of transferring risk to insurance. This includes the cost of the company to pay insurance premiums. Since dozens of insurance companies simultaneously operate in the insurance market offering similar insurance services, it is important for the company to correctly assess how much responsibility the insurer takes on and what is the price of this service. It is important to have information about the financial stability of the insurer, since the insurance payment is made by the company to ensure guaranteed compensation for damage. In order to avoid possible miscalculations when concluding insurance contracts, it is advisable to use the services of insurance brokers, as well as to have employees in the financial service staff who are competent in matters of risk insurance.

Popular in category:
Causes of bruising under the eyes Eternal bruising under the eyes
Causes of bruising under the eyes Eternal bruising under the eyes
read
Causes of the uprisings: Reforms and transformations of Peter I were carried out by force, (changes in the way and pace of life) New
Causes of the uprisings: Reforms and transformations of Peter I were carried out ...
read
Kazan Higher Military Command School Kazan Higher Military Command Tank School
Kazan Higher Military Command School Kazan Higher...
read
The main stages in the history of the Baltic countries: the formation of political traditions What applies to the Baltics
The main stages in the history of the Baltic States: the formation of political...
read

Latest Articles
Bookplate. What is exlibris? What's on...
read
Concept, management, reform of legal and...
read
The path from the Varangians to the Greeks and "from the Greeks to the Varangians
read
The secret committee of Alexander I
read
Russian-Byzantine treaties Treaty with the Greeks...
read
Meanings and origin of the word
read
Setting time of cement mortar
read
The Pacific Fleet and the Amur Flotilla in...
read
Top