Challenges of Risks
Risks management is a major consideration for controlling costs and driving a company toward strength and excellence. Foregoing risk management can threaten sound financial management as well as the going concern of a company. Ignoring or down playing risks can drive business costs up without awareness risks are drivers. They could also lead to missed opportunity for markets and revenue. Small businesses are particularly vulnerable due to limited available resources for identifying, monitoring, and measuring risks. Such a limitation does not discount heightened priority and action. Rather, it should be a call to action for evaluating the costs of risks, taking steps to curb them, and engaging an action plan.
According to the “2010 Report to the Nations on Occupational Fraud and Abuse,” 37.8% of fraud cases resulted from a lack of internal controls. Lack of management review and poor tone at the top contributed to 26.3% of cases. Another 19.2% was due to overriding of existing controls. This same report identified private companies as having the greater dollar loss per victim. However, that amount declined for these companies from 2008 to 2010 while the number increased for publicly held companies. Companies with fewer than 100 employees had a higher frequency of fraud than those with more than 100 employees. This discovery points toward the urgency for small businesses to enact measures and allocate resources for curtailing risks.
A dollar toward prevention avoids so much more costs toward asset replacement, higher insurance premiums, and reallocation of resources from productive activities to dealing with losses. Unattended risks can be a huge financial disruptor especially for smaller businesses possessing fewer resources for allocation to risks management.
Areas of Risk
Costly risks occur in all functions and organizations among private and public firms alike. The “2010 Report to the Nations on Occupational Fraud and Abuse” found that inventory management comprised the highest percentage of fraud cases (29%). Accounts Receivable came in second (25%) with plant and equipment coming in a distant third (14%). Cash accounts, loans, investments, and prepaid expenses comprised the rest.
For manufacturing, retail, and wholesale, inventory costs take a necessary priority. The entire supply chain pivots around inventory management with materials purchasing, receiving, quality control, WIP, and finished goods on the one hand and revenue and cost of sales on the other hand. Consequently, laxity of risks in inventory management can have a negative impact on revenue. Such laxity can also drive inaccurate costing, lead to incorrect orders, lend to material financial misstatements, and drive costly write-offs. Materiality due to misappropriation of assets can become a large liability in financial reporting, resulting in damage to credit ratings, customer losses, and even company closure.
Plant and equipment oversight is a cross functional responsibility. Theft of equipment contributes to increased replacement costs that could otherwise be allocated to productive projects for market penetration and expansion. Insurance premiums covering them can also rise due to losses resulting from poor risk management.
Five Risk Deterrents
Commitment to risk management serves to close the risk gap and lends to cost reduction. Five risk management deterrents can be excellent starting points for a firm lacking risk management or may be in a rudimentary stage of implementation:
- The tone at the top
- A code of ethics
- Key risk indicators (KRIs)
- Risk management committee
- Internal controls
Once in place, building on them incrementally through process and technological improvements as further discoveries arise strengthens operations and provides for greater efficiency.
Tone at the Top and Code of Ethics
The first two items take less effort and expense while contributing toward designing and implementing the other three.
Tackling risks that drive greater costs has a natural starting point that can reap immediate benefits – the “tone at the top.” The tone at the top is not a fuzzy theory but a concrete proactive stance. It refers to the ethical environment that executives create and champion within the company. Board members, CEOs, CFOs, and senior level management establish this tone through example and policy. Ethics in the aggregate and details make a difference company-wide and can prevent economic losses. They also create initiative and incentive to “do the right thing” with all constituents. When vendors, customers, employees, and financial institutions perceive a rigorously practiced tone at the top, they will catch on with appropriate disclosures, contractual commitments, and operational best practices when it means gaining business.
My book, “Customer-Driven Budgeting: Prepare, Engage, Execute,” addresses an issue that caused Jeremy Hope and Robin Fraser of the Beyond Budgeting Roundtable to dismiss or marginalize operating budgets. They asserted that budgeting contributed to cheating by managers “low-balling” targets and inflating results. I stated in my book, “discarding a practice due to dishonesty does not solve financial management challenges. In fact it may be disruptive in giving the real problems a pass while casting aside the benefits of sound practices implemented effectively” (p. 4). The point I make is to exercise integrity while embracing practices that lead to growth and strategic support. Ethics supports successful operating activities. The tone at the top becomes a catalyst for encountering such challenges in financial management.
The tone at the top is a critical risk reduction beginning. It involves two important oversights: a code of ethics and initiation of sound internal controls. Both of these point to the adage former President Reagan stated in the eighties concerning the old Soviet Union – “trust but verify.” Compliance with an established code of ethics is the trust part. It oversees stewardship of resources. Verify points toward internal controls. The tone at the top begins with a board of directors that champions both of these operating fundamentals.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) found that 89% of fraud cases involved the CEO or CFO. Enron and WorldCom are graduate level case studies of executives who misled companies and committed fraud. If top executives do not champion risk management, laxity toward risks will be the norm rather than the exception.
A Committee, Key Risk Indicators, and Internal Controls
The other three risk management activities also contribute toward controlling costs: a risk management committee dedicated to risk review and risk management strategic plan, Key Risk Indicators (KRIs) and internal controls.
The risk management committee is not a complex matter with a large group of people spending hours on risk challenges. The number of members can consist of 2-3 people for a small company. Managers from various functions of the company can bring their expertise to the table for risks improvements and corresponding cost savings. These examples lend well to budgeting risk management activity toward process improvements, lean management, and costs reduction as interrelated activities.
A committee could also recommend and adopt best practice internal controls, key control points, cost and risk reduction automation, and KRIs. In their publication for COSO, Mark Beasley, Bruce Branson, and Bonnie Hancock identify KRIs as “metrics used by organizations to provide an early signal of increasing risk exposures in various areas of the enterprise” (“Developing Key Risk Indicators to Strengthen Enterprise Risk Management,” December 2010, 1.) They illustrate how a company’s revenues and costs streams lead to the development of strategic initiatives that point to potential risks and identification of KRIs (p. 2). These KRIs contribute to proactive leadership in identifying benchmarks and lead to streamlining operations.
This model suggests that KRIs are not simply related to fraud, theft, or embezzlement. They also encompass economic and competitive conditions, financial arrangements, and other variables. Such risks are internal and external. Emerging risks also include cyber crime and terrorism, the mobility of employees from one company to another, and the regulatory environment.
A company must consider the measures that lend not only to reduction of risks related costs but also to risks to revenue. The benefit of implementing a sound risk management plan, even incrementally according to the five deterrents discussed above, far outweigh the expense allocated to their implementation. The ROI payoff from the time and effort involved reaps rewards. A risk management strategic plan includes a strong tone at the top and code of ethics for putting in place streamlined internal controls, sound oversight, and measurements. It also supplies a company with concrete mechanisms for risk reduction, cost savings, greater profit picture, and operational superiority and greatness.
Rose Hightower writes,
“Risk management adds value to the bottom line when it provides opportunities for cost savings through identifying and correcting operational inefficiencies, when it promotes “out of the box” thinking, when it opens opportunities to leapfrog the competition” (Hightower, Rose (2008-12-03). Internal Controls Policies and Procedures (Kindle Locations 407-409). Wiley Publishing. Kindle Edition.).
Risk management has a direct relationship with not only securing a company but also by offering cost reduction, operational efficiencies, innovation, and marketing opportunities. Applied according to the five stated deterrents does indeed open opportunity and options while providing avenues for growing stronger in the face of a volatile economic environment and tough competition.
Recommended Readings and Resources
“2010 Report to the Nations on Occupational Fraud and Abuse,” Association of Certified Fraud Examiners, 2010, http://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/rttn-2010.pdf.
Association of Certified Fraud Examiners, http://www.acfe.com.
Committee of Sponsoring Organizations of the Treadway Commission (COSO), http://www.coso.org/contactus.htm.
Customer-Driven Budgeting: Prepare, Engage, Execute, the Small Business Guide, Floyd Talbot, Business Expert Press, New York, 2012.
Fraud Magazine, http://www.fraud-magazine.com/home.aspx?pageid=50.
Internal Controls Policies and Procedures, Rose Hightower, John Wiley & Sons, Inc., Hoboken, New Jersey, 2009.
Risk Management Templates, http://www.riskmanagementtemplates.com.
The Institute of Internal Auditors, https://na.theiia.org/periodicals/Pages/Tone-at-the-Top.aspx.
The Risk Management Association, http://www.rmahq.org.