
Uncertain events can have both a positive and a negative effect: on the one hand, in fact, they are a threat to the achievement of business objectives, on the other hand can become a significant source of opportunities for companies able to understand, anticipate and manage them. According to1, risks are “events with negative impacts that can harm the creation of business value or erode the existing one” while opportunities are “events with positive impact that may offset negative impacts”. The opportunities are chances that an event will occur and positively affect the achievement of objectives, contributing thus to the creation of value or preserving the existing one. Management needs to assess the opportunities, reconsidering its strategies and processes of setting goals and developing new plans to catch benefits derived from them.
An inherent risk can so be defined as “the possibility that an event occurs and have a negative impact on the achievement of objectives” while the control can be defined as “any means used by management to increase the likelihood that the business objectives set are achieved”, mitigating the risks in an appropriate manner. In this context, a hazard is a “potential source of risk” while a residual risk is the “risk that still remains after mitigations”.
Along with these definitions, it is possible to organize the different types of risks in different classes and their possible combinations. In Table 7.1 first example of classification is shown, based on two characteristics that relate the origin and generation of the risk (organizational perimeter) with the possibilities of intervention (controllability of risk).
|
|
Controllability |
||
Organization |
|
Controllable |
Partially controllable |
Uncontrollable |
Internal |
Quality and cost of products |
Environmental impacts |
Incidents and accidents |
|
External |
Technological progress |
Demand variation |
Natural disasters |
Further classifications can also be taken from the already mentioned risk management models, where the descriptive categories are represented as a function of different objectives and decision-making levels (Table 7.2).
Model |
Dimension |
Classes |
Risk Management Standard2 |
Level of interaction (internal and external) |
- Strategic risks (partner and market) |
Strategy Survival Guide3 |
Decisional level |
- External risks (PESTLE - Political, Economic, Socio-cultural, Technological, Legal/regulatory, Environmental) |
FIRM Risk Scorecard4 |
Area of impact |
- Infrastructural risks |
Enterprise Risk Management5 |
Area of impact |
- Strategic risks |
Developing the classification to an extended level and considering all the sources of uncertainty that affects business targets, vulnerability of organizations can be assessed on five different areas (Table 7.3).
Risk Category |
Risk factors |
---|---|
Demand (Customers) |
- Number and size of customers |
Offer (Suppliers) |
- Number and size of suppliers |
Processes (Organization) |
- Flexibility of production-distribution systems |
Network and collaboration (Relations) |
- Trust and interdependence among partners |
Environment (Externalities) |
- Regulations |
- 2854 reads