Critically analysing and understanding risk management

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The literature review is about critically analysing and understanding risk management. To start off with what is risk basically; its various features, what does risk management means, why risk management is important among organizations? Why organizations have moved from traditional risk management to enterprise risk management. The aim of this literature is to focus on the various aspects of risk management such as different types of risk as well as on enterprise risk management. According to Olson and Wu (2008), enterprise risk management is a combination of various factors which has a potential impact on the activities, their processes and resources of the organization. This also includes other external factors like economic change, financial market developments are to name a few, all these factors go beyond the control of the organization even though the organizations are prepared with various alternatives to protect against uncertainty (Olson and Wu, 2008). Hence risk portfolios are developed with serious responsibilities. The primary objective of this literature is to analyse risk basically, to understand critical perspectives on risk management, understanding enterprise risk management (ERM) and analysing its importance in today's competitive corporate world and finally focussing on supply chain risk management which is based on the principles of enterprise risk management (ERM).

2.1 Risk

It is important to understand what is risk basically. Something related to uncertainty is known as risk, this is a very basic understanding of every human being. Now that uncertainty has consequences if it is dependant to uncertain situation. Risk and uncertainity are related to each other. According to Hillson & Murray-Webster (2007), risk is not the same as uncertainty. Risk is a common term used in today's world, that may be related to any circumstances such as personal, society or business. Uncertainty can be termed as a risk environment and it has two characterictics variablility and ambiguity. Risk is related to uncertainty and has it consequences, but its not the same as uncertainty due to its two characteristics. Variability can be termed as a situation or an issue which can be measured with various possible values (Hillson & Murray-Webster, 2007). Whereas ambiguity is defined as the uncertainty of meaning itself. Unsure of a particular event or unforeseen occurence, there might be uncertainty of the event itself. There is no content or meaning of the event, basically it lacks clarity on all the aspects of that event. This type of uncertainty is known as epistemic ambiguity, epistemic derived from greek word episteme means knowledge, the knowledge which not clear or incomplete knowledge. Another beautiful perception of risk given by Dickson (1995), states that risk brings sweetness as well as bitterness to life, unlooked for an unwanted event in the future. Everyone wants their world to be totally risk free which is inevitable. The bitter side is the downside of risk which concerns every human or entity (Dickson, 1995).

2.2 Risk Management

Risk management term is given for collective activities pertaining to risk. Activities like planning, avoiding, reducing, controlling risk and improving risk strategy. Managers have a poor understanding of risk management as they cannot foresee or they do not intend to forsee what would happen in the future and deriving multiple probabilites possible outcomes (Warring and Glendon, 1998). Managers and employees both have different perception towards risk. Everyone have their own ideology on managing risk this is known as attitude toward risk (Hillson & Murray-Webster, 2007). According to D'Arcy & Brogan (2001), risk management is being practiced for thousands of years. An example for this is a risk manager burning fire at night to keep wild animals away. Risk is totally unavoidable the more managers and organizations try to mitigate risk (reduce risk) there are more possibilities of getting new risk, risk can never be fully quantified (limited) but can try to control (D'Arcy & Brogan, 2001). Warring and Glendon (1998), states that risk management is extensive, the scope of risk management is huge, considering various hazards and threats like pure risk and speculative risk. Before Enterprise Risk Management (ERM) came into existence, organizations followed traditional risk which focussed on pure risk and speculative risk. Pure risk is defined as those risks in which there is a possibility of total loss or no loss (D'Arcy & Brogan, 2001). An example of pure risk is to own a house, there might be a possibility of the house getting burned down or hit by an earthquake. Other possibilities are health and safety, fire hazards, business interruption, environmental impact are to name few (Warring and Glendon, 1998). Speculative risk on the other hand is defined as the possibility of gains in risk (D'Arcy & Brogan, 2001). It's just like gamble if succeeds it maximizes profits (Warring and Glendon, 1998). For example in stock purchase, there might be a possibility of stock value going down, leading to loss, possibility of stock value remaining intact, possibility of rise in stock value there by maximising profits (D'Arcy & Brogan, 2001). The next key dimension of risk management is risk contexts, it is the context of how risk is perceived to exist and the ways by which the risk management responds to identify, understand and analyse various threats and hazards (Warring and Glendon, 1998). The other two dimensions are the objectives of risk management and various methods to evaluate risk, in other words risk management methodology, summarizing the objectives of risk management such as reducing, eliminating and controlling pure risk and gaining utility, profits, benefits from speculative risk (Warring and Glendon, 1998). Risk management is a tool which identifies, evaluates, estimates and quantifies risk. Hence risk management is an ongoing process which needs improvement from time to time at regular intervals, thereby striking a balance between benefits and quantifying risks. Greater the risk taken, greater are rewards achieved, this is one of the positive aspects of risks (Ritchie & Marshall, 1993).

Crockford (1986), states risk management is difficult to define, but it can be considered as a simple application to solve particular problems of risk with proper decision making such as defining problem, evaluating possible solutions for quantifying risk, implementing proper optimal solutions and monitoring the performance of that solution. World cannot exist without uncertainty, irrespective of well managed factors, the possible changes are not within ones control. According to Dickson (1995), understanding the risk management philosophy is essential. It gives a clear picture of where the company stands with respect to the issues of risk as well as its management. Writing a risk management statement is very important as it derives the risk management philosophy of the organization, showing a clear understanding of corporate nature towards risk is known as risk management philosophy. Setting long term objectives by the company rather than responding to the incidents occurred (Dickson, 1995). Risk managers should educate staff members make them understand about risk and creating a positive approach, a positive attitude towards risk. Risk management philosophy is quite useful in setting benchmarks to achieve the desired targets. Risk management philosophy allows viewing on risk from company's perspective rather than individual's perception (Dickson, 1995). Risk management is not an individual's responsibility but it's a responsibility of the entire line management. Identifying risk is the first stage and step towards controlling and reducing risk (Crockford, 1986).

Another perception of risk known as regulation of risk with respect to government management or it can be even termed as society risk. Risk is identified in terms of government decisions. The regulation of risk is defined as "Governmental interference with market or social processes to control potential adverse consequences to health, risk conventionally defined as the probability not necessarily calculable in practice of adverse consequences" (Hood et al, 2001:1). In order to control risk, various regulations are laid in power by the government enforcing laws, products and behavioural standards. For example the mad cow disease during the 1980's and 1990's posed a risk towards the society, the cows were infected and the people who consumed the meat of cows were infected by hazardous human brain disease know as new variant Creutzfeldt-Jakob (nvCJD), government had to take steps to control risk by implementing various regulations such as banning meat consumption and imposing standards on meat consumption (Hood et al, 2001). Usually when risks is defined in terms of society threats, where the impact is huge on a state or country, government plays a vital role in deriving risk regulation and hence the term risk regulation regime, the term regime denotes the complexity of the institutional geography (Hood et al, 2001).

2.3 Types of Risks

Risk can be classified in different types depending on the occurrence of uncertainty. As Crockford (1986), said risk can never be fully controlled or eliminated but various measures or steps can be taken to reduce and avoid. Every risk is different from the other and has its own consequences and various methods are implemented to mitigate them. Both enterprise risk management and traditional risk have similar types of risk but their attitude and approach towards them is different. Every author has given different perception towards different types, let's discuss few of them. The different types are Natural disasters and human loss, natural disasters are those risks which are affected nature incidents such as fire breakout in a factory, floods, earthquakes and any natural catastrophe risk is classified as natural disaster. Human loss is when someone in an organization or factory dies in an accident or employees get injured during work, the company has to pay compensation bonus to the injured ones or to the families of the dead. The company loses work, time and it also costs them by paying insurances (Crockford, 1986). Opportunities in risk, any event which is under favourable circumstances which may give rise in financial profit, it is also known as serendipitous, that means by chance or by accidental fortunate something good happens (Olson & Wu, 2008). A lethal or killer risk is a one where an impact leads to major loss, disaster or damages which ultimately leads to permanent closure of those operations itself (Olson & Wu, 2008). Environmental risk are those hazards that cause damage to humans through undesirable changes in the eco system such contamination of water, soil and air (Warring and Glendon, 1998). Any risk which is related to ecological changes thereby cause harm to humans, living beings can be termed as environmental risk (Warring and Glendon, 1998). Risk in terms of labour and liability, labour carries risk dealing with employees such as possibility of loss of employees that might be of any means such as death, injuries and lack of performance is also a potential loss in terms of risk. Business risk is termed as liability risk. Risk is high with manufacturers or suppliers developing products for third parties of different countries, in this process any single event or a catastrophe would cripple their business there by building liabilities to third parties (Crockford, 1986). Political risk is a one where wrong, hazardous decisions taken by group members or leaders belonging to various entities like organizations, associations, unions as well government which might result in loss of charisma, trust, support and attraction among members thereby turning against them, ultimately ending in losing power and position (Warring and Glendon, 1998). Political risk are speculative they can attract support as well turned against decision maker. Political risk and social risk are interconnected. Social risk is one where activities like terrorism, curfews, and environmental hazards affecting humans takes place, political and social are interconnected because these risk involves government interferences and when government or other parties takes decision they risk their position and power, their actions can have serendipitous or adversarial affects (Crockford, 1986). Financial risk can be defined as risk taken in international business in terms of fluctuation of foriegn exhcange rates during imports and exports of products and commodity risk is known as the possiblilities of changes in prices of raw materials during buying, selling from and through suppliers (CAS, 2003).

2.4 Enterprise Risk Management

Enterprise risk management (ERM) has a holistic approach towards risk. Holistic approach is known as to view risk in terms of group, a collective elements of risks or combining the risk altogether to view as a single issue (CAS, 2003). Let's look enterprise risk management from a practitioner's perception. Practitioner is a one who applies and practices any management related concepts in real time business world. In the case of enterprise risk one among them is Casual actuarial society (CAS), according to CAS committee ERM is defined as " ERM is a discipline by which an organization in any industry assesses, controls, exploits, finances and monitors from all the sources for the purposes of increasing the organizations short and long term value to its stake holders" (CAS,2003:8). In order have a detailed understanding of enterprise risk management with respect to this research study, it is necessary to have an insight on critical perspectives of risk management from the practitioner's point of view. Practitioner's perception gives the ability to understand real time involvement of risk management in organizations and to differenciate risk management in terms of conceptual and practical application. Hence this literature involves few practitioner's perspective on risk management. Enterprise risk management is a new term which is becoming an ultimate approach to risk management (D'Arcy & Brogan, 2001). This new approach has proved through effective performance thereby making organizations to move from traditional risk management to enterprise risk management. Here is another practitioner's definition of ERM "It is the process whereby organizations methodically address the risks relating to their activities, with a goal of achieving sustained benefits across the portfolio of activities. This is often called as enterprise risk management (ERM) and its objective is to add maximum values to these activities" (Reuvid, 2007:5). According to D'Arcy & Brogan (2001), enterprise risk manages the overall activities of the organization in an aggregate manner unlike traditional risk managing issues independently, more over ERM focuses risk as a potential benefit opportunity rather than just focussing on minimising or controlling risks. This is one of the reasons for organizations to shift from traditional risk to ERM. Many authors have similar perceptions towards ERM, according to Nocco & Stulz (2006), an organization can manage risk in two different ways, managing one risk at a time which is a traditional approach and managing all the risk holistically whereas this approach is also known to enterprise risk management, considering all factors when assessing risk is known as holistic approach. The concept of enterprise risk management was developed during the mid 1990's in organizations with objectives to manage risk effectively, keeping risk management as a top priority among organization (Olson & Wu, 2008). The casual actuarial society (CAS), the committee for enterprise risk management describes on the evolution of ERM, stating its various factors and characteristics that gave birth to enterprise risk management. Risk management has been practiced in organization since ages but it was carried in various parts or risk was dealt separately which is known as traditional risk (CAS, 2003). Similar actions were carried out like identifying risk, assessing, prioritizing and treating risk has been a common practice, what now had changed is various parts of risk management has combined together and treated in a holistic manner and escalated to top management responsible for risk management (CAS, 2003). There are various factors that lead to the development of enterprise risk management. Factors like Increase in number of complicated risks such as hazard risk which is also known as pure risk, financial risk in business and increase in uncertainty among corporate world thereby creating corporate risk, external pressures for instance corporate governance such as the regulation of risk, government interventions in corporate world insisting top management to handle risk as their prime priority (CAS, 2003). Another factor is the increasing tendency to view risk in a holistic manner, thereby developing a combine integration of various parts of risk grouping together to form a collective risk which is also known as portfolio of risk (CAS, 2003). In ERM creating a portfolio of risk is a primary objective; it's just not summing up all the risk, portfolio of risk means understanding individual elements of risk in collective group. One of the key features of enterprise risk management is; ERM sees risk as an opportunity to make benefits as discussed earlier, rather than only taking measures to control them. Enterprise risk management has become a new trend in business world (KPMG, 2001). Here is another practitioner's understanding to ERM, according to KPMG (2001), enterprise risk management is a combination of holistic, integrated and strategic approach which helps to manage business risk, future focussed such as viewing risk as opportunity to maximise profit for organizations and increase stake holder's value. Holistic approach is viewing risk collectively or grouped together. Integrated approach makes employees to think what to do, how to do and to think intuitively in situation which requires immediate action (Harmon et al, 2007). Strategic approach views a holistic perception to risk, combining pure and speculative risk together which are involved in hazards or threats to an organization (Warring and Glendon, 1998).

ERM was developed setting some standards and guidelines in association with corporate governance regulations such as self regulatory organizations for industries they develop specific standards for risks, guidelines and framework (Reuvid, 2007). Reuvid (2007), states some of the self regulatory organizations such as Committee of Sponsoring Organizations (COSO), COSO has their own perception of enterprise risk known as COSO ERM, COSO derived a new concept in ERM known as risk appetite (Moeller, 2007). "Risk appetite is defined as the amount of risk, on a broad level, that an organization and its individual managers are willing to accept in their pursuit if value" (Moeller, 2007:51). COSO works on behalf of auditing profession, other regulatory organization such as the Basel Committee on Banking Supervision for financial institutions and Global Association of Risk Professionals (GARP) work on behalf of financial risk managers (Reuvid, 2007). The IFRIMA, International Federation of Risk and Insurance Management Association, it is known as the international umbrella for risk management associations, they encourage the best practices and guidelines for ERM. Even the Federation of European Risk Management Associations (FERMA) also adopted risk management standards and guidelines, it was first published in UK in 2002 (Reuvid, 2007). This means due to increased uncertainty and risk in industry, these self regulatory organizations continuously setting standards and encouraging, recommending the implementation of ERM among organizations because there is a need of risk management in industry.

2.5 Supply Chain Risk Management

This literature discusses on supply chain and its risk, which is known as supply chain risk management. ERM is applied in supply chain, this part of literature focuses on the critical aspects of supply chain risk and different ways to control and reduce risk. The primary objective of this research is to focus on the supply chain risk, critically analyse and evaluate the major aspects of risk with respect to supply chain. Perhaps understanding what is supply chain would be a better start, an organization must identify, assess, evaluate, prioritize and manage the overall supply chain to stand out in today's competitive market. A good definition of supply chain can be stated as "A web of autonomous enterprises collectively responsible for satisfying the customer by creating an extended enterprise that conducts all phases of design, procurement, manufacturing and distribution of products" (Sinha et al, 2004:154) and supply chain management can be defined as "A set of three or more entities, organizations or individuals directly involved in the upstream and downstream flows of products, services, finances, and or information from a source to a customer" (Mentzer et al,2001:4). Today's world consists of market uncertainty and turbulence, a rapid demand in almost all the sectors of businesses is one of the key reasons for this turbulence (Christopher & Lee, 2004), industries have shortened the development of product life cycles, and when new products introduced in competitive market, leaving the demand life cycle to be unpredictable (Christopher & Lee, 2004).Product life cycle is known as the stages involved from planning, designing till the development and completion of the product, and demand life cycle is known as the demand created for new products which is consumer based, developing a competitive stance in market place, there by predicting the demand of the product. This lead to a rise of more and more complex supply chains and managing supply chains irrespective of simple or complex is challenging in present competitive industry (Christopher & Lee, 2004). In today's world managing supply chain is becoming increasingly challenging, with the rise of industries expanding their business and increase in manufacturing of products there by adding more and more suppliers in the supply chain stack, makes supply chain vulnerable to disruption, supply chain are always at the higher side of exposure to risk (Christopher & Lee, 2004). In recent news from MAA (Midlands Aerospace Alliance), Annette Oliver, Director, Supply Chain at Aero Engine Controls (AEC), stated that "A GOOD supply chain management doesn't happen by itself, not does it arrive overnight like the season's first snow. It takes focus and determination over a long period, but the results are worth every bit of the effort" (MAA, 2009:6). Learning practitioners approach towards risk gives the ability to understand real time application of supply chain risk among organization. According to Norrman & Jansson (2004), supply chain risk management is a tool applied to control risk. "Supply chain risk management is to collaborate with partners in a supply chain, apply risk management process tools to deal with risks and uncertainties caused by, or impacting on, Logistics related activities or resources" (Norrman & Jansson, 2004:436). Peck (2006), states that Supply chain risk has become a fashionable area in the field of management research. Risk managers have to take steps to avoid the supply chain breakdown, perhaps understanding the risk factors analysing and then taking step to mitigate them would control supply chain breakdown. According to Chopra & Sodhi (2004), understanding, analyzing the variety and interconnectedness of the supply chain would give managers an insight to develop effective risk reduction strategies. Without understanding the structure of supply chain it's quite difficult to implement a risk reduction strategy. Chopra & Sodhi (2004) also state that in order to devise a risk reduction strategy one must understand and analyse the risk, categorise it and find the drivers pertaining to risk, the causation of risk is known as risk drivers, analysing the conditions and events of particular risks would improve managers to devise an effective tailored risk mitigation strategy. Organizations have devised several strategies to mitigate risk in supply chains; in fact those risk reduction strategies have been quite successful when implemented in their organizations it is important to understand that every risk strategy devised is unique, a risk strategy of one organization cannot be implemented in another because of its risk categories and their drivers, every strategy will not fit in another place, but it is possible to adapt the best practices from collective organizations and devise a new strategy and implement based on existing risk strategy. According to Norrman & Jansson (2004), identifying and analysing the risk in supply chain is first and most important stage in development of risk reduction strategy, it enables the decision makers to understand the events and causes of disturbances. In order to assess the risk exposure, the organization not only must identify the direct risk to its operations but also identify the potential causes of risk in every link along the supply chain (Norrman & Jansson, 2004). This is a good strategy to find out the potential causes in supply chain.

There are several issues and challenges facing supply chain disruptions, in supply chain if any suppliers or sub suppliers are affected by any catastrophes and hazards, irrespective of any category, the whole supply chain would be disrupted and it's a difficult task to put these suppliers back to track, more over managing supply chain itself is a difficult task. Supply chains also are vulnerable to international terrorism; these not only disrupt but also cripple the business. In the case of September 11th 2001, many manufacturers soon after the attack faced problems of disruption as the flow of materials to several plants were stopped (Sheffi, 2001). An example, Ford had to stop the work in assembly lines since the loaded trucks with components were delayed from Canadian and Mexican borders. In the case of Toyota the SUV plant Sequoia in Indiana halted their production in hours since the steering sensors shipped from Germany delayed due to air traffic shutdown. Ford and Toyota faced transportation disruption because they operated on Just in Time (JIT) system, as they held inventory few days or few hours prior to manufacturing (Sheffi, 2001). The Just in Time is a Japanese innovated system for supply chain where the essential manufacturing components for any industry are delivered few days or few hours prior to operations (Olson and Wu, 2008). Hence in these cases supply chains are managed under increased uncertainty (Sheffi, 2001). According to Sinha et al (2004), there are some major factors to deal with supply chain risk. In supply chain the network relationships between supplier, distributors and manufacturers is delicate which should be managed diplomatically for long term sustenance of business. The relationships in supply chain is based on trust, if there is no trust among trading partners, if they don't trust to do the jobs properly then entire supply chain would be disrupted. Non co operating and in active partner can cripple the supply chain. It is difficult to build trust with same partner for business. Transparency of information is another major issue, in order for smooth running of supply chain activities, information transparency is very important. Information sharing through collaboration can be levied between buyers and sellers (Sinha et al, 2004). The aim of information transparency is to create an extended enterprise in order to built trust and commitment among partners. Every manufacturer, supplier or sub supplier have ways of interpreting the customer information, if wrong information is interpreted then there are possibilities of creating distortions and disruptions, this increase of distortions in supply chain would ultimately create a bull whip effect (Sinha et al, 2004). According to Lee et al (1997), bullwhip effect can be defined as the orders to the suppliers tends to vary largely than sales to the buyer which is known as demand distortion and this distortion shoots upwards with much amplified form, there by varying amplification. Lack of ownership is a very serious issue and one of the major factors affecting the supply chain breakdown, according to Jüttner et al (2003), the risk involved in lack of ownership among supply chain occurs when the relationships between buyers and seller are unclear. Outsourcing, core competencies are key issues, as the supply chain increases, increase of more suppliers, manufacturers, sub supplier, logistics partners, thereby extending the network and making the supply chain more complex, these relationships are often confused with their line of responsibilities and refuse to take ownership of required work. Supply chain is vulnerable to risk known as inertia, it's a general lack of response to the changing environmental, market and organizational conditions (Jüttner et al, 2003). In order to successfully manage supply chains, a cross functional integration with marketing playing a critical role is required which is quite challenging (Lambert & Cooper, 2000).


Risk management is a difficult task. This literature has discussed about risk, risk in general carries a negative perception, without uncertainty the world would not survive. People, organizations and every entity should take measures, steps to reduce and avoid risk in everyday life. Risk management process means managing collective activities at the same time. Initially the perception of people and organizations towards risk was negative, but it is rapidly changing. It was the traditional risk which carried the negative perception, since traditional risk consists of pure and speculative risk; organizations gave more importance to pure risk such as natural catastrophes and hazards, rather than focusing on speculative risk as well. The attitude of organizations and people toward risk was to manage single risk at a time, but that's not the present situation. After the introduction of enterprise risk management among organizations, risk management is more focussed and given a top priority. Enterprise risk management sees risk as opportunity rather than just seeing as a threat and finding ways to mitigate them. In traditional risk, risk is usually seen as an individual responsibility, whereas in enterprise risk management, risk is viewed as everyone's responsibility (Olson & Wu, 2008). Organizations are becoming more and more aware of enterprise risk management, its performance have proved why organizations have shifted from traditional risk to enterprise risk management. A holistic approach in identifying and mitigating risk makes enterprise risk to stand out in business world. Moreover the various regulatory organizations, risk standards encourage organizations with best practices of ERM to implement. Supply chains are usually difficult to manage, the longer the supply chain, more increased complexity to manage them, and managing risk is an ongoing process in supply chain industry. The major factors that affect the supply chain breakdown is lack of trust and ownership, information transparency, outsourcing and other logistics disruptions like transportations should be the first priority in resolving issues in supply chain risk. It is not an easy task to manage a supply chain of a particular company especially companies with a huge portfolio, supply chains are usually complex, the structure of the whole supply chain consists of multiple suppliers and sub suppliers which are quite difficult to analyse and the risk involved is highly unpredictable. However accurate a risk strategy may be designed and closely monitored still there are possibilities of new risk emerging out. Hence risk cannot be fully quantified but can be controlled and mitigated or reduced to certain extent to avoid possible losses.