Making Your Risk Assessments Count: An Operational Perspective to Risk Assessment
Operational assessment is often directed to assessing performance against quality, time, innovation and cost targets to identify gaps in process performance. Significant performance gaps lead to decisions around making appropriate midcourse corrections or analyzing root causes with the objective of determining actionable process improvements to close the gaps. Given this traditional approach to an operational review, the question of the appropriate level of focus arises when evaluating operational risks.
The reality of today’s business environment enterprise has no boundaries and is not an island. Accordingly, the appropriate risk assessment approach applied to operational risks suggests the need for an end-to-end, extended enterprise view of the value chain, requiring consideration of looking upstream to supplier relationships, including strategic suppliers, as well as downstream to channels, customer relationships and the ultimate end users.
For instance, a consumer packing company serves the needs of consumer product companies by marketing its products to its customers. The marketing strategies of its customers, as well as the preferences of the ultimate consumers, can have a significant impact on demand for the company’s packaging products. When it comes to success, the enterprise’s business relationships are just as important as its internal processes, personnel and systems because they are inextricably linked to what makes the business model work. Therefore, the assessment of operational risk is directed to understanding the risk of loss or ineffective performance of any key links in the chain. A four-walls-oriented approach misses the big picture for evaluating operational risks focused solely on the company’s internal processes and systems risks.
What would happen to the organization’s business model if any key component of the value chain were (a) taken away through failure of an unexpected catastrophic loss, or (b) altered in a significant way to place the company at a strategic disadvantage? To illustrate the use of an extended end-to-end enterprise perspective, the analytical focus is on the entire value chain and the company’s positioning within the chain. For example, which suppliers do we depend on for essential inputs? Suppliers’ inputs include raw materials, component parts and supplies, and the transportation for delivering them to the company’s facilities in a timely manner. Questions that arise when evaluating supplier inputs include the following:
- Are we confident that strategic suppliers meet specifications?
- What if one or more strategic suppliers were lost?
- What if there were temporary shortages in raw materials?
- What if there were serious defects in supplier inputs?
- What if there were significant disruptions in transportation?
- What if one or more of the above events caused material volatility in costs?
Will the company’s key suppliers take corrective action in the event of a disaster? Is there a formalized understanding and agreement in place? One company had a major supplier decide to discontinue the manufacture of key components parts for its products, and the company had to take this production process in-house in order to continue doing business.
Other inputs include the available labor force and talent pool, the availability of power at a reasonable price, lines of credit, and working capital. There are other considerations with respect to company processes. For example, there are high-value employees that the company truly depends on; critical processes, systems and facilities; and key outputs, products and services. In addition, the company’s products and services are distributed to major customers through channels and incorporate transportation and logistics considerations.
What would happen if any of those elements of the value chain were taken away? Said another way, at every stage of the value creation process, what would be the implications of a shortage, disruption or quality problem in an input or output? How long would the company be able to operate? What if major customers were to fail? What if vital customer contracts were not renewed? What if key customers were to consolidate? What if weather patterns adversely affected customer demand? What would the business impact be?
When evaluating operational risks, management should consider the following factors:
- The velocity or speed to impact, including whether the loss of any critical component of the value chain can occur without warning (i.e., does it smolder or is it sudden)?
- The persistence of the impact (i.e., the expected duration of time before the loss of the component can be replaced).
- The resiliency of the company when responding to the catastrophic event.
- The extent of uncompensated risks the company faces across the value chain (e.g., increased warranty costs and/or product recalls and the potential for increased environmental, health and safety exposures).
These issues should be periodically considered when conducting operational reviews. In this analysis, note that while the likelihood of occurrence can be a consideration, it may not be a significant factor in evaluating exposures to catastrophic events as the enterprise’s response readiness. Every company faces a crisis sooner or later. Even the most effective risk management strategy can’t prevent this exposure.
Just like crisis is a server manifestation of risk, crisis management is the natural follow-up to risk management. A rapid response to sudden, unexpected events depends on the enterprise’s crisis management capabilities. Fires can’t be fought with a committee. Building a capable crisis management capability is a management imperative for risks with high velocity to a severe reputation impact. A world-class response to a persistent crisis is vital to the company’s ultimate recovery. Risk assessments focused on velocity to impact, the persistence of the impact and response readiness can help identify areas where preparedness is more critical.
Learn more about risk assessment topics by exploring this related publication on KnowledgeLeader: Making Your Risk Assessments Count: An Operational and a Compliance Perspective.
These tools on KnowledgeLeader may also interest you: