logolog1
LogForum


>Elektroniczne czasopismo naukowe z dziedziny logistyki<
ISSN 1734-459X
2007
Vol. 3
Issue 3
No 4
 


CRITICAL RISK IMPACT IN RISK MANAGEMENT

Wojciech Machowiak
Poznan School of Logistics, Poznań, Poland



ABSTRACT

The purpose for his paper is to highlight the importance of those business risk categories, which have outstanding crisis-genic potential. The reference to most common approaches to the problem of business safety and continuity is made, with a special emphasis on Risk Management strategy. Introduced concepts of "critical risk" and "critical impact" allowed making an efficient selection of critical risks from the generic variety of threats.

Key words: risk, risk management, risk impact, crisis, crisis management



Identification and evaluation of threats, which are inevitable present in business activity, is a core element of each process aiming in improving business safety and sustainability. It doesn't matter is it Risk Management (RM), Business Continuity Management (BCM), Crisis Management (CM), or any other from the variety of concepts - in diverse shape, variously named and situated in the processes, risk assessment must be done. Neglected or misestimated in preventive emprise, risk can result in crisis, misdiagnosed (as a reason of) in the course of crisis, may contribute to make survival unachievable.

Critical situations happen in enterprises as well as in supply chains. In many cases crises are unavoidable, however, being aware what may happen, company's management may do a lot - either to avoid crisis, or at least to reduce the range and the magnitude of possible impacts. The sooner we know threats and risks which may result in critical situations, the better risk treatment may be applied. That seems to be obvious. Nevertheless, crises - caused by a wide spectrum of reasons - are quite frequent in common practice, and thousands of enterprises collapse each year due to their unpreparedness or lack of abilities to face such event successfully. Only in 2006 there were over 10 000 business crises reported [ICM 2007].

In business management strategies numerous solutions are proposed and practiced concerning crises. Whatever are their names, generally may be grouped into three main approaches to the considered problem corresponding to these mentioned before: risk management, business continuity management and crisis management. To a certain extent all three concepts evidently interfere, have some convergent features, and in some aspects are complementary (Fig. 1.). Nevertheless, developed independently, they have no direct contact points and frequently represent somewhat different way of thinking or "philosophy of management", they also significantly differ in which main procedures and activities (analytic ones and actions) are they focused on. One of such differences is how the possibility of crisis occurrence is situated in the entire process.



 
 


Fig. 1. Types of managements
Rys. 1. Typy zarządzania


Crisis Management concept is drawn from the military and community disaster applications [Heath, 2005], nowadays extended also onto business practice. CM patterns basically provide managers with the tools enabling them to cope with critical situations, so from its nature is focused more on dealing with crises than preventing them. Certainly, it comprises also procedures of identification of crisis sources, but this is usually done from the position how to best counteract already existing problems, as necessary step to understand what happened. Sometimes CM procedures are extended on preventive functions, than the assessment of risks (understood as potential sources of crises) is also included. Such risk and impact analysis is subservient to reactive response and strategy of recovery and doesn't invoke what we practice as risk management.

According to Peter Barnes [Burnes, 2005], Business Continuity Management is "the development of strategies, plans and actions which provide protection or alternative modes of operation for those activities or business processes which, if they were interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise". Depending on execution (specific to particular organization), BCM may comprise activities typical for both - RM and CM. As it is focused on recovering from a given situation, conventional BCM, like CM is a kind of reactive approach, where evaluation of risks and their impacts plays rather auxiliary, although extremely important role and is subordinated to quickly finding the optimal survival solution. Usually this phase is referred to as Business Impact Analysis or Risk and Business Impact Analysis. Contrary to Risk Management, in this approach risk analysis is made after defining and analyzing the possible impacts [Meredith, 2005].

From clearly pragmatical point of view the most rational approach is to anticipate contingency of crisis affecting it at its source. Generally speaking this source may be designated as a specific risk category. So the backbone step for the entire process of counteracting critical situations should be determination and evaluation of these risks, which may result in crisis ("crisis-genic", or "critical" risks). In RM concepts the most substantial attention is paid to the process of risk identification and assessment. During its already 50-years old financial/insurance tradition [Sadgrove, 2005], as well as in more contemporary versions of risk treatment (Enterprise Risk Management), numerous tools and techniques have been developed, almost all based on dual risk measure: describing risk as combination of the likehood of its occurrence and the magnitude of its impact. Within this formula, methods which are in use focus at attempts to avoid weighty risk consequences (when materialized), to reduce all major threats in such way, that perspective of crisis should be rather eliminated. The entire process of risk management is usually systematized into few steps (Fig. 2a), ending on monitoring and control of the risk-reducing actions taken (preventing the occurrence of dangerous situations), with no contingency of continuation in case of crisis.



 
 


Fig. 2a. Steps of risk management process
Rys. 2a. Etapy procesu zarządzania ryzykiem


Risk Management approach gives no direct relevance to Crisis Management, no junction to that - whatever to say - possible extensure of events, which we used to call "crisis". The term "crisis" itself is rather absent in the literature concerning risk management. Also in numerous taxonomies and risk categorizations proposed, there is no reference to this quite real after-effect of various threats. Considering all the convergences - substantial identity as well as formal resemblance of procedures, it seems to be reasonable to recognize crisis management as the next (potential) step in risk management process (Fig. 2b).



 
 


Fig. 2b. Crisis and risk management process
Rys. 2b. Proces zarządzania ryzykiem i kryzysem


Nevertheless, in books and articles on risk management, crises are present everywhere - in form of examples and illustrations of extreme risk impacts, case studies, hypothetic results of risk taking with poor risk management, etc. Such inconsequence seems to be understandable considering the different history of both concepts, but inexplicable from pragmatic and both - strategic and operational point of view. Within the procedures of risk management process it may easily happen, that using common techniques (especially considering lack of precision of available tools and simplifications inevitable in standard risk assessment phase), two or more risks are qualified to the same impact category - let it be "high", or even "very high" (adequately to the established scale). When reported by risk manager to the board, it makes a vital difference if particular risk may result in - say - financial loss (even very high) only, or might cause a seriously critical situation. Existing formalism doesn't provide any risk assessment criteria referring to the critical potential of risk, which could be applied effectively to distinguish above mentioned cases. Obviously - it may be assumed, that within risk assessment procedures such imaginable consequence may be considered, but the final judgement remains: "very high impact" only. Such record may appear to be insufficient from the management's point of view, especially considering necessity to be well prepared for that kind of contingency. Additional difficulty is that in "traditional" risk assessment techniques only the maximal risk impact is considered, whereas it can happen that some level of risk consequences may be considerably lower then maximum, may appear to be a critical one. Moreover, the probability of "realization" of such threat may be higher, than maximum. This situation must be recognized as far from being satisfactory.

In this aspect the key question is how to distinguish and select critical risks using more accurate means than descriptive ones. What must be clearly emphasized here is fact, that crisis-genic risks [Machowiak, 2005, Konecka, Machowiak, 2006] must not be perceived as another risk category (in typological sense), as financial risks, operational, logistics or similar. Each of such identified risk may be supposed to be critical, if only its impact will overrun the magnitude ("critical impact") which - in consequence - makes impossible reaching the enterprise's goals (definition of crisis according to Ch. F. Hermann [8] and other sources). If so, all those risks, for which such threshold value of impact may be defined (and is lower than really feasible maximal one), should be considered as critical risks and treated as extremely dangerous for business safety and continuity.

There are a lot of examples of risk types, which (in particular, enterprise specific conditions and circumstances) may be qualified as potentially critical. Almost all financial risks belong to this category, e.g. risk of delayed payments - having exceeded easy to be defined total amount; they disrupt cash-flow, what quickly may become critical. A large group of such risks are technical and logistic ones - for example stoppage in supply longer than "x" days may easily result in crisis. Also some HR categories - as group absence of more than "y" employees (caused by avian flu pandemic), which paralyses normal functioning of the enterprise. Other examples are such risks as loss of key customer or of market share, production disruptions etc. Certainly, this tool may be not so easy to be applied in case of all, sometimes very sophisticated risk categories (than we may stay with descriptive warning), but it seems to be very helpful in selection of critical risks.

Critical situations - whatever are their origins and affected areas - are the most dangerous threats for business safety and ability to be continued. According to another of its many definitions, crisis in the enterprise is the situation which - when tolerated - invites the organization's breakdown [Nogalski, Macinkiewicz, 2004]. What is frequently emphasized - additional and extreme difficulty when they come about is time shortage. Then the circumstance of inappreciable value is if enterprise's staff and management preparedness to crisis. This is why risks of high crisis-genic potential as well as their possible impacts should be included into risk management procedures a special matter of interest and considerations.



REFERENCES

Burnes P., 2005, The Definitive Handbook of Business Continuity Management; J.Wiley&Sons Ltd.

Heath R., 2005, A crisis management perspective of business continuity, in: A. Hiles, P.Burnes (ed.), The Definitive Handbook of Business Continuity Management; J.Wiley&Sons Ltd.

ICM Crisis Report 2006, Institute for Crisis Management, Louisville, June 2007.

Konecka S., Machowiak W., 2006, Kryzysogenne kategorie ryzyka specyficzne dla struktur logistycznych., 1st International Conference of Logistics INTLOG.

Machowiak W., 2005, Logistyczne aspekty kryzysu w przedsiębiorstwie, Logistyka, 4.

Meredith W., 2005, Business Impact Analysis, in The Definitive Handbook of Business Continuity Management, J.Wiley&Sons Ltd.

Nogalski B., Macinkiewicz H., 2004, Zarzšdzanie antykryzysowe przedsiębiorstwem, Difin.

Sadgrove K., 2005, The Complete Guide to Business Risk Management, Gower.

Zelek A., 2003, Zarządzanie kryzysem w przedsiębiorstwie. Perspektywa strategiczna, Instytut Organizacji i Zarządzania w Przemyśle ORGMASZ.





RYZYKO KRYTYCZNE W ZARZĄDZANIA RYZYKIEM



STRESZCZENIE Zamierzeniem niniejszej publikacji jest zwrócenie uwagi na znaczenie tych kategorii ryzyka w działalności gospodarczej, które cechuje zwiększony potencjał kryzysogenny. Problem odniesiony jest do najbardziej popularnych koncepcji dotyczących kwestii bezpieczeństwa i ciągłości biznesu, ze szczególnym uwzględnieniem strategii Zarządzania Ryzykiem. Wprowadzone pojęcia "ryzyka krytycznego" i "skutku krytycznego" pozwalają na dokonanie skutecznej selekcji ryzyk krytycznych z ogólnej różnorodności zagrożeń.

Słowa kluczowe: ryzyko, zarządzanie ryzykiem, skutek ryzyka, kryzys, zarządzanie kryzysem.






KRITISCHES RISIKO IN RISIKOMANAGEMENT



ZUSAMMENFASSUNG. Die vorliegende Publikation hat zum Ziel, die Aufmerksamkeit zu machen auf die Bedeutung von diesen Risikokategorien in der wirtschaftlichen Tätigkeit, für die ein vergrößertes Krisenpotenzial charakteristisch ist. Das Problem bezieht sich auf die bekanntesten Konzeptionen von Sicherheits- und Businesskotinuitätsfragen, mit besonderer Rücksicht auf die Risikomanagementstrategie. Die eingeführten Begriffe, wie "kritisches Risiko" und "kritische Folge" ermöglichen, eine erfolgreiche Selektion von kritischem Risiko aus der gesamten Gefahrenvielfalt durchzuführen.

Codewörter: Risiko, Risikomanagement, Krise, Krisengefolgen, Krisenmanagement.




dr inż. Wojciech Machowiak
Wyższa Szkoła Logistyki
ul. Estkowskiego 6
61-755 Poznań
e-mail: wmachowiak@wsl.com.pl


       Copyright © 2005 LogForum, Wyższa Szkoła Logistyki, ul.E.Estkowskiego 6, tel. 061 852 95 55, 851 06 04, tel./fax. 061 851 06 03