Many factors, whether internal or external to the company, can threaten the sustainability of an organisation. In order to anticipate and reduce the impact of these various hazards, a solid strategy exists: risk management.

The definition of risk management

Risk management is a process that aims at identifying, analysing and evaluating the possible risks associated with a company's activity, treating them in order to eradicate them entirely or minimise their impact. This strategy can be applied to all sectors of activity, regardless of a company’s size. Risk management can be very effective for anticipating crisis situations, and for measuring the potential risks related to a profound transformation or change management (new commercial positioning, digital transformation, an internationalisation project, etc.). Risk management thus helps to avoid or minimise situations that could jeopardise the achievement of objectives or the sustainability of a company. Some organisations have specialised risk management teams, led by a risk manager. Indeed, in some sectors, such as the financial world, risk management is a sine qua non condition for the proper functioning of the company.

The different types of risks

There are several types of risks that can hinder a company's activity:

Financial risks: increase in manufacturing or production costs, drop in demand, drop in sales, bankruptcy, cash flow problems, etc.
Strategic risks: linked to inadequate decision-making or strategic orientations, a flawed mode of governance, the arrival of a new competitor on the market, a change in demand, an obsolete commercial positioning, an attack on the company's reputation, a devaluation of the brand image, etc.
Legal, regulatory or statutory risks: bringing premises into compliance, change in labour laws or data processing laws, implementation of new standards and legal requirements, litigation, etc.
Environmental risks: risks that are external to the company (political instability, natural disasters, economic crisis, health crisis, etc.).
IT and technical risks: cybercrime, breakdowns, technical problems, etc.
Operational risks: decrease in productivity (absenteeism, disengagement, telecommuting, excessive turnover, etc.), limited production capacity, etc.

How can you set up efficient risk management?

There are three main steps in risk management:

Risk identification
Risk assessment
Risk control.

1) Identifying the risks

Risk identification is the first step in any risk management process. It is necessary to analyse the factors that represent a potential danger through an exhaustive internal audit and a careful analysis of the environment and the market. This will enable the nature of the risk to be researched and defined, and its sources, causes and characteristics to be identified.

2) Assessing the risks

Risk assessment consists of analysing the stakes, the probabilities of occurrence and the severity and the acceptability of the risk. Parameters such as costs, deadlines and performance are all indicators that make it possible to gauge the degree of risk. The ISO 31000 standard "Risk management - guidelines" is a reference guide to risk management, which sets out the fundamental principles of risk management. In particular, it includes guidelines for assessing the criticality of a risk. The risk analysis must then enable the assessment of the actions to be taken: is the risk acceptable? Should it be monitored? Reduced? Or totally eliminated?

3) Controlling the risk

Lastly, if the risk is unacceptable, a risk elimination or reduction strategy must be put in place. To eliminate a risk, it will be sufficient to eradicate its causes, re-evaluate the project management strategy or, if need be, reassess the objectives to be reached or the means to be deployed. To reduce a risk, it is necessary to decrease its probability of occurrence and/or minimise its impact and/or reduce its scope. In addition, risk management requires the implementation of preventive measures such a quality control, obtaining certification, competitive and environmental monitoring, employee training, implementation of safety protocols, insurance coverage, etc. Risk management is therefore truly part of a continuous improvement process.

Calling on a risk management transition manager

Risk management in a company is an activity in its own right. Very time-consuming, it can be difficult to carry out internally. Lack of time, lack of skills, but also lack of perspective make this task all the more complex. It can therefore be very beneficial to outsource this strategy to an interim manager specialised in risk management. Thanks to their many years of experience, their neutral viewpoint and their solid expertise, these risk managers are able to analyse and eliminate the risks incurred by the organisation, whatever they may be. At WAYDEN, we provide interim managers specialised in risk management. They can be called upon at any time, whether in a preventive context, during a change process, or in an emergency for crisis management (cyber-attack, health crisis, absence of the director, social conflict, financial instability, etc.). Risk management carried out in a precise way by an expert makes it possible to improve decision-making, carry out savings, preserve competitive advantage and ensure the continuity of the company.

Risk management, what is it and how to implement it?