The Debate: How best to managing risk

Risk management or gloss?

By Philip Rego

It should now be an accepted fact that sound risk management will protect and enhance organisational performance. However, all too often, directors still view risk management as just one more area of compliance they have to deal with as part of the preparation of the annual report and accounts, especially when making the combined code disclosures.

The focus can be on pulling together a statement rather than ensuring there is really good risk management practice. In my experience, when you scratch under the surface of the annual report disclosures, you will find few that have embedded risk management into the culture of the organisation.

Turning the exercise around to achieve both protection and performance enhancement requires core basic disciplines to be in place such as risk identification, risk assessment, risk control and risk strategy – unfortunately, not enough businesses pay this sufficient attention. Also, to be successful, risk management needs to be an inclusive process, that is, risk managers consulting on a regular, almost constant basis, with their fellow professionals throughout the company.

As companies grow they expand into new markets, develop new products and services, make acquisitions, merge with other organisations and respond to market opportunities which cause their day to day business to change constantly. Each change has its own risk associated with it and requires specialist expertise – something that is frequently overlooked. It cannot be underestimated how quickly the momentum of problems can develop if risk is overlooked.

Similarly, if business direction is not challenged often enough, especially by the board, then strategically the business may just end up doing the wrong thing altogether. This is why using risk management to exploit opportunities is so important, not just focusing on possible adverse events.

Ask the question: if we continue with the current business strategy, are we at risk of missing other opportunities? Are we at risk of not doing something now that is potentially going to lead to the company’s downfall?

  • Philip Rego is a partner in BDO Stoy Hayward’s risk assurance services.

Test before you buy software
By Dennis Keeling

Customers are significantly more careful at selecting business and accounting software than they were 10 years ago. This is not surprising, as the choice of packages available today is quite limited. There were more than 700 business and accounting systems listed in the Thesaurus of Business Systems in 2001, but I estimate only 100 exist today.

Risk awareness is not a concept usually defined by the small to medium-sized organisations. It is a term more widely used by consultants advising larger corporates, who obviously have a vested interest in getting it right. Small to medium-sized companies do evaluate the risks involved, but they are usually just very specific about their requirements.

The days when customers prepared detailed ‘checklists’ of the functions they require in their replacement system are over. Today the leading packages are flexible enough to cope with most functional requirements. Customers now have to concentrate more on their business process requirements than functionality.

With few new software developers joining the market, the opportunistic developers that could only demonstrate ‘vapourware’ are few and far between.

Customers, particularly accountants, are more careful and require reference sites before they consider using ‘unknown’ products.

Unfortunately, risk analysis is still rarely seen as such. It is unheard of in government departments, which explains the government’s ongoing disasters with its IT systems procurement. Few large corporates consider risks at the ‘macro’ level – they tend to concentrate on the ‘micro’ detail.

While systems may meet the functional and process requirements, many are not scalable enough to meet the large number of concurrent users that may be required – especially in enterprise-wide implementations.

The software industry employs some of the best salesmen in the world – most are on a commission basis – but it is still buyer beware! The secret is to test the software package in-house before buying it and double-check reference sites for scalability.

  • Dennis Keeling is chief executive of BASDA, the software standards body.

Related reading