Financial Risk management is the primary objective of internal controls in an organisation, and the reason for in-depth internal audits of those controls. All organisations face risk, but this is especially the case with large, complex, corporate structures, organisations that operate globally, and business with many departments and/or branches.
Risk management involves internal controls, checks and balances and creating frameworks and strategies for taking advantage of opportunities (positive risk) and dealing with threats (negative risk). Both positive risk and negative risk can be internal or external.
Positive risks are risks an organisation must take in order to reach its financial and operational objectives, grow, or remain competitive in evolving markets. These risks can be quantified to some or other degree. The controls required to mitigate these risks are known and can be planned as part of a risk management strategy.
An example would be the risk your organisation faces from investments in IT infrastructure or equipment upgrades, entering new markets or diversifying. Can you risk operating at a loss for a year to reach your operational goals? Two years? Ten? How do you decide? How do you know if you have stepped too far off the ledge?
You might have the money now, but what if ‘this happens’, or ‘that happens’, while you are walking the tightrope to your destination. You might have made it – except for…that gust of wind. Now you are bankrupt. Proper risk management will give you a 7-day weather report. It might not be a guarantee, but it will mitigate the risks you are taking, and the one you wouldn’t otherwise know you are taking.
Negative risk are threats to an organisation that cannot be planned for with operational and internal controls. However, these risks they can be prepared for with wise financial management and actuarial insights into ‘what might happen in this, or that’ circumstance. In the simplest of terms, it’s ‘saving and planning’ for any eventuality. This kind of risk management is essential as any number of negative risk factors exist outside of an organisation’s control.
These kinds of risks can include litigation from an accident, the sudden emergence of a powerful competitor or a sharp economic downturn.
No matter how well your business may be doing, how much of a profit you are turning, or are about to turn, or how tight you think your operations are, it is essential to recognise the risk factors that can bring it all crashing down. Financial risk management is designed to mitigate the effects of those risk factors and ensure that your business is prepared and resilient.
It can be argued that the most vulnerable businesses, in need of the tightest and most extensive risk management are the Goliaths of the corporate world. The higher you climb, the harder you can fall. However, even a small and medium sized business needs to implement risk management strategies and controls.