Come to think of it! What could strike your business and cause negative impact to your business objectives? It can be ﬂoods, catastrophic ﬁre, system crushes, fraud, lawsuits, riots, war, it can be anything. This list appears endless. Risk identiﬁcation requires you to ‘momentarily step out of your business’ and ﬁgure out all possible events including those that seem beyond your imagination that can negatively affect your business. For instance, who would have imagined that ﬂoods would damage some private properties in Borrowdale this year? Who would have imagined that armed bank robbers would be replaced by cyber robbers – the new breed of robbers who steal millions from banks using computers? The danger with some risks is that they may be so infrequent to the extent that we relax as business people and never imagine them striking us. Sadly, if such risks strike, their impact will be so devastating. Risk identiﬁcation is a deliberate and well-structured exercise carried out by organisations in order to identify possible negative events that can affect business operations. Organisations carry out Risk Identiﬁcation exercises using internal human resources or hired external experts.
Risk identiﬁcation techniques vary from industry to industry. For example, risk identiﬁcation techniques suitable for the Services Industry may be different from those used in the Manufacturing Industry, i.e. there is no ‘one-size ﬁt all’ technique although the basic principles of risk identiﬁcation are the same. What is perhaps common across industries is that, in carrying out a Risk Identiﬁcation exercise you want to examine the past (what happened in the past), the current (what is currently happening) and make future projections (what is likely to happen in future). From that perspective, Risk Identiﬁcation can broadly be classiﬁed into the following phases:
- Research on the Past – existing information
- Research on the Present – as it happens
- Projections into the future – what is likely to change?
Research on the past – existing secondary information
Organisations should analyse existing information (secondary information) to identify risks that occurred and to unearth risk exposures. There are many sources of historical information which include but not limited to:
- Past loss / Insurance Claims Experience records
- Financial Statements and Management Accounts
- Other business records
- Other external records and reports
Research into the present – as it happens
This involves in-depth examination of current business operations to identify risks that could possibly strike. The techniques include but not limited to:
- Physical Inspections / Risk Surveys
- Technical tests – e.g. Technical tests of Plant & Equipment by experts
- Value Chain Analysis / Work Flow Chart analysis – analysis of the production/service cycle and asking “what if?” questions at each process.
- Brainstorming, Risk Questionnaires – employees should be involved in the in the risk identiﬁcation exercise.
Projection into the future – what is likely to change?
The business environment continues to change and so do the risks facing your business. It is important for businesses to project into the future, carry out scenario analysis and identify emerging risks that can face their business. For instance, how many businesses went under soon after dollarization? Did they anticipate it? It can still happen to your business if you do not project risks into the future. Come to think of it!
The next article will focus risk identiﬁcation techniques for speciﬁc industries.
Joey Shumbamhini is the Principal Officer for CBZ Risk Advisory Services (Pvt) Limited. He writes in his own capacity. For feedback relating to this article you can contact him on firstname.lastname@example.org