Use appropriate tools

We all know the situation. The contestant on "Who wants to be a millionaire?" has to decide whether he wants to play the safety or the risk variant. He has to weigh up whether, in the case of a critical question, he will lose 500 euros of the sum he has won so far if he gives the wrong answer (risk variant) or whether he is sure to win 16,000 euros - but will do without a joker and possibly also without earnings potential. It is important to weigh up which approach can generate the maximum result and at the same time keep the risk as low as possible.

Of course, risk management in companies is not a game, and of course far more factors play a role in weighing up for or against a measure than in the popular TV show. Nevertheless, it is important to weigh up the pros and cons and make the right decision.

Recognize dependencies
Defining effective and holistic management is no easy task. In any case, one of the most important steps is to identify potential risks. To what extent is the company exposed to currency fluctuations, what dependencies exist, for example, on the development of commodity prices, which risks can be influenced, which cannot?

The second step is then to classify the identified risk and evaluate it in terms of its impact on the company: Is a risk a low, a medium or a high risk and: What do these classifications mean for the company's development? How expensive can certain risks - and also unrecognized opportunities - become for companies? How does the time factor influence the development of various risks, how does the interplay of different risks and dangers?

Early warning systems
Critical developments can be identified using early warning indicators that provide information about the current status of a risk. Exceedances of these indicators can trigger automated escalation levels for early warning. For control purposes, measures can then be defined that reduce the net risk and the probability of occurrence and make the consequences manageable. In order to be able to initiate the necessary steps of risk control, the risks must thus be quantifiable and their probability of occurrence and amount of damage must be assessed.

The individual risk areas and factors are very different: In addition to strategic or financial risks, there may of course also be operational risks or risks arising from personnel developments, for example if key players suddenly drop out. What-if" scenarios, which can show the probability of occurrence of a risk with its dependencies depending on the constellation of the individual factors, are also very helpful in the risk assessment.

A well-functioning risk management platform offers numerous helpful features even at the basic level. These include, among other things, the preparation of a variety of data for different perspectives and entrepreneurial roles with the help of an integrated solution for risk strategy, identification, assessment and control. With a wide range of customization options, companies can keep their current risk situation under control at all times by obtaining a good view of all relevant risks, including their respective cause-and-effect chains.

Good input, good output
However, an IT-based risk management system can only deliver good and honest output if the input is equally good and honest. In other words: For comprehensive, proactive risk management, a company must not be afraid of asking uncomfortable questions - or, for that matter, of the answers. It must honestly find out what risks a particular corporate strategy could entail and how successful management can minimize or eliminate these risks and thus help to achieve the company's goals. Only then can countermeasures be introduced in the event of critical developments that really take effect and are reflected in the results.

"What-if scenarios are helpful in considering risk."

must be defined in a preceding work step and implemented on the data side

As a first measure, it is therefore crucial to create a solid database in order to formulate and quantify the risks and to define attributes such as the amount of damage and the probability of occurrence. Based on this, the necessary steps are then taken to implement risk management. It is ideal if risk management and strategic planning and controlling work hand in hand.

The fulfilment of legal documentation and control obligations is only one of several building blocks on which an effective risk management system should be based.

Documentation tool
A comprehensive documentation tool is precisely such a building block, which allows a convenient review of the company's status at any time. As a result, the risk management system is not only a reporting tool, but also a control tool that enables active influence on the company's success. There are "natural" connection points to other central applications such as overarching key figure systems, strategy management or internal and external reporting. The financial impact of risk-related measures or the development of risks can flow directly into financial planning. Thus, the risk management tool simultaneously becomes part of a comprehensive solution platform for corporate planning, controlling, analysis, reporting and performance management. The old saying also applies here: Everyone is the architect of his own fortune.