You are here

Home » Operations Management » Enterprise Risk Management to Drive Operations Performances

Risk classification

19 January, 2016 - 17:08
Available under Creative Commons-ShareAlike 4.0 International License.

Uncertain events can have both a positive and a negative effect: on the one hand, in fact, they are a threat to the achievement of business objectives, on the other hand can become a significant source of opportunities for companies able to understand, anticipate and manage them. According to1, risks are “events with negative impacts that can harm the creation of business value or erode the existing one” while opportunities are “events with positive impact that may offset negative impacts”. The opportunities are chances that an event will occur and positively affect the achievement of objectives, contributing thus to the creation of value or preserving the existing one. Management needs to assess the opportunities, reconsidering its strategies and processes of setting goals and developing new plans to catch benefits derived from them.

An inherent risk can so be defined as “the possibility that an event occurs and have a negative impact on the achievement of objectives” while the control can be defined as “any means used by management to increase the likelihood that the business objectives set are achieved”, mitigating the risks in an appropriate manner. In this context, a hazard is a “potential source of risk” while a residual risk is the “risk that still remains after mitigations”.

Along with these definitions, it is possible to organize the different types of risks in different classes and their possible combinations. In Table 7.1 first example of classification is shown, based on two characteristics that relate the origin and generation of the risk (organizational perimeter) with the possibilities of intervention (controllability of risk).

 
Table 7.1 Example of risk classification by perimeter

Controllability

Organization

Controllable

Partially controllable

Uncontrollable

 

Internal

Quality and cost of products

Environmental impacts

Incidents and accidents

 

External

Technological progress

Demand variation

Natural disasters

 

Further classifications can also be taken from the already mentioned risk management models, where the descriptive categories are represented as a function of different objectives and decision-making levels (Table 7.2).

 
Table 7.2 Example of risk classification by target

Model

Dimension

Classes

Risk Management Standard2

Level of interaction (internal and external)

- Strategic risks (partner and market)  
- Financial risks (economic-financial cycle)  
- Operational risks (process)  
- Potential risks (social and territorial environment)

Strategy Survival Guide3

Decisional level

- External risks (PESTLE - Political, Economic, Socio-cultural, Technological, Legal/regulatory, Environmental)  
- Operational risks (delivery, capacity and capability, performance)  
- Change risks (change programs, new projects, new policies)

FIRM Risk Scorecard4

Area of impact

- Infrastructural risks  
- Financial risks  
- Market risks  
- Reputational risks

Enterprise Risk Management5

Area of impact

- Strategic risks  
- Operational risks  
- Reporting risks  
- Compliance risks

 

Developing the classification to an extended level and considering all the sources of uncertainty that affects business targets, vulnerability of organizations can be assessed on five different areas (Table 7.3).

 
Table 7.3 Risk classification by organization

Risk Category

Risk factors

Demand (Customers)

- Number and size of customers
- Changes in number and frequency of orders  
- Changes to orders  
- Seasonal and promotional effects  
- Forecasting  
- Warehouses and inventory  
- Level of innovation and competition  
- Life cycle of the product  
- Timing and mode of payment  
- Retention rate

Offer (Suppliers)

- Number and size of suppliers  
- Level of quality and performance  
- Level of flexibility and elasticity  
- Duration and variability of lead time  
- Length and mode of transfers  
- Forecasting and planning  
- Just-in-Time or Lean approaches  
- Cost efficiency  
- Price levels  
- Outsourcing  
- Internationalization  
- Disruption

Processes (Organization)

- Flexibility of production-distribution systems  
- Variability in process management  
- Variability in process performance  
- Level of productivity  
- Capacity  
- Handling  
- Operational and functional failures  
- Redundancy of backup systems (quantity and quality)  
- Profit margins  
- Technological standards  
- Technological innovation of product and process  
- Product customization

Network and collaboration (Relations)

- Trust and interdependence among partners  
- Level of collaboration  
- Design and development of relations  
- Level of integration  
- Level of service  
- Opportunism and information asymmetry in transactions  
- Bargaining power  
- Strategic objectives and mission  
- Corporate cultures  
- Business Logic  
- Relationship and stakeholder engagement  
- Social and administrative responsibility  
- Availability and reliability of information systems  
- Intellectual property

Environment (Externalities)

- Regulations  
- Policies  
- Laws  
- Taxes  
- Currency  
- Strikes  
- Natural events  
- Social events (i.e. terrorism)

 
  • 2408 reads