Risk management comprises the structured recording, analysis and evaluation of entrepreneurial risk as well as the handling of this risk through appropriate measures (e.g. elimination, reduction, acceptance and distribution). The risks considered can be of a financial, market-related, operational, technological, legal or personnel nature and, in extreme cases, jeopardize the continued existence of the company.
Field of application
Risk management is an issue for every company. According to the law on control and transparency in the corporate sector, the early detection of risks that could jeopardize a company's existence is part of a company's duty of care. Companies must comment on such risks in the management report.
Benefits
- Creation of transparency regarding risks
- Reduction of risk costs
- Greater planning reliability
- Optimization of the basis for business decisions
- Creation of a contribution to increasing the value of the company
Prerequisites
- Close integration between risk management, corporate planning, controlling and corporate management
- Combination of top-down and bottom-up risk management measures (e.g. identification)
Core elements / Procedure
Risk management comprises a large number of activities that can be divided into the following three core blocks:
- Identification of risks
o Company-specific definition of risks (including definition of risk limits)
o Segmentation of risks, e.g. according to the dimensions of probability of occurrence, area or extent of loss
o Assignment of risks and risk groups to risk owners and possible establishment of a risk manager
o Development of rules regarding the handling of risks in corporate planning and definition of reporting systems
- Analysis and evaluation of risks
o Identification of risks top-down and bottom-up
o Risk assessment with regard to economic effects and probabilities of occurrence; combinations of both parameters result in the expected loss value
o Analysis with regard to frequency of risk occurrence
o Consolidation of individual risks into overall risk
- Risk management
o Objective: 1. elimination (e.g. sale of impaired receivables);
2. reduction (e.g. exit from risky business areas),
3. acceptance or distribution of risks (e.g. insurance of risks)
o Establishment of risk monitoring (early warning system)
o Documentation of recorded risks and damages
Inference
Most importantly, companies are realizing that risk management will become increasingly important due to increasing complexity in a variety of areas and should therefore be tackled urgently. In general, the conclusion can be drawn that, depending on the size of the company, the industry and the complexity of the business model, the existence of a model of risk management can provide indications of possible reductions in audit risk.
Sources
- Brühwiler: Risk management as a management task 2003
.jpg)
