Risk management

from Wikipedia, the free encyclopedia

Under risk management ( risk management ) is understood in the risk management of enterprises all measures to avoid risks, risk mitigation, risk diversification, risk transfer and risk provisions.


Businesses are exposed to a variety of risks . They are then also called risk carriers because they consciously or unconsciously have to bear risks. Risk carriers are also the individual objects or processes that harbor risks, such as operational weaknesses such as unqualified personnel . These risks can arise for technical , general economic , especially financial or legal reasons and lead to operational disruptions , losses or even corporate crises up to insolvency . Risks of this kind are a subject of investigation in business administration , which deals with the types, consequences and avoidance of operational risks. Within the scope of risk management, she has developed several strategies to minimize or even completely eliminate operational risks. Risk management influences the risk behavior and risk appetite of a company and vice versa.

The risk identification as the first step before a risk management attempted a systematic collection and collection of potential risks , followed by risk analysis , which examines the risks identified according to their causes and probability of occurrence. This is followed by a risk assessment , which determines the threat posed by the analyzed risks to a company and assesses the acceptability of the analyzed risks. In the context of risk management, it is then important to bear the risks that are considered justifiable and to install a suitable risk control system.

Risks have to be taken in order to constitute profit and wealth for a company. However, the decisive assessment of the success of a company is based on the selection of the "right" risks ( English "upside risks" ). In order to master risks, the right strategies must be developed and correspondingly efficient and effective business processes must be defined as part of risk-conscious corporate management.


A general distinction is made between active and passive risk management, also referred to as cause-related and effect- related risk control . The active risk management is to influence the probabilities take and / or risk span lengths. In passive risk management , measures are taken to be able to deal with the economic consequences of existing or expected risks. Existing risks are therefore not changed by passive risk management. Active risk management is also called a preventive risk policy , passive is a corrective risk policy .


For active risk management include risk avoidance, risk reduction and risk diversification.

  • Risk avoidance : If a company decides not to carry out planned activities (e.g. investments ) or to abandon existing activities before the risk occurs, risk avoidance is in place. Risk avoidance describes the complete renunciation of a risky activity. However, this strategy should only be taken into account if, due to acute relationships, no other approach is possible or the risk-reward ratio cannot be adequately optimized, as this method cannot generate any profits . An example would be leaving a critical business area. It is the most radical possibility of risk management, in which the probability of occurrence of a specific risk is set to zero.
  • One speaks of a (reduction) of risk if someone
The likelihood of occurrence is reduced to an acceptable level of risk , because loan collateral (especially with banks and insurance companies ) or retention of title and prepayment (with suppliers ) reduce existing credit and debtor risks . A reduction in the damage caused by technical risks can be achieved with the help of product recalls .
Risk diversification serves to regulate risks, but does not necessarily minimize the probability of occurrence of the individual risk, but it does affect the extent of the damage. Since it is very unlikely that all risks will occur synchronously in their entirety, the risk of dependencies should be avoided by, for example, having several suppliers to choose from and comparing the quality of the business partners.

The passive risk response consists of pass-risk (risk transfer) and provisioning. It is necessary if, consciously or unconsciously, no active risk management has been carried out for risks, which means that the occurrence of a risk can be dealt with operationally.

After all of the measures have been implemented, there are residual risks that a company consciously accepts. It assumes that the technical or market development will proceed according to plan with a probability of over 50%.

Application in practice and problems

Psychological research has shown that most people have an intense antipathy towards risks and losses. Significant consequences for entrepreneurial risk management arise from the human endeavor to avoid cognitive discrepancies and to steer the environment: The conscious or unconscious neglect of existing risks means that economic risk management procedures are not used and plan discrepancies that have occurred are not examined later with regard to the causal risks . In some companies, the approaches to risk management are therefore still reduced to insurance alone. However, risk management is not about eliminating all risks from the organization ("zero risk illusion"), since every entrepreneurial activity is associated with taking risks. The aim is to optimize a company's risk-opportunity profile. The use of just one risk management strategy should not be used in practice. A mix of different measures is most efficient. The assessment of forecast earnings and the associated risks is part of every thorough planning of business decisions.

Risk report

According to the KonTraG, which has been in force since May 1998, corporations are obliged to add a risk report to the management report , to document risks that threaten the existence of the company and also to “ address the risks of future development”. However, the statutory regulations on risk reports are only described in half-sentence in Sections 289 (1) and 315 (1) of the German Commercial Code ( HGB ), so that there is a large margin of discretion for the company. This also results in an indirect legal obligation for corporations to examine and control their risks and opportunities through risk management. You must install an internal control system that defines recurring control steps and executes them at a determined frequency in order to reduce key risks.

Individual evidence

  1. Frank Romeike, Risk Management in the Context of Corporate Governance , in: The Supervisory Board 70, 2014, p. 72
  2. Reinhold Hölscher / Marcus Kremers / Uwe-Christian Rücker, Industrial Insurance as an Element of Modern Risk Management , 1996, p. 8
  3. Marcel Meyer, Recognizing and Managing Risks , Bättig Treuhand AG, February 22, 2010, pp. 8-10
  4. Ulrich Blum / Werner Gleißner, company evaluation, rating and risk management , in: Scientific journal of the Technical University of Dresden, 55th year, issue 3–4, 2007, p. 115
  5. Reinhold Hölscher / Ralph Elfgen (eds.), Challenge Risk Management , 2002, p. 14
  6. Risk compensation is based on the experience that random fluctuations are less significant the larger the scope of the observed elements and the longer the observation period of an element. This applies in particular to insurance, since experience has shown that , according to the law of large numbers , the greater the number and the period under consideration of the actuarial units, the lower the random fluctuations (see Tristan Nguyen, Limits of Insurability from Disaster Risks , 2007, p. 84).
  7. ^ Frank Romeike / Robert Finke, Success Factor Risk Management , 2003, p. 237
  8. Frank Spellmann, Overall Risk Measurement of Banks and Companies , 2002, p. 33
  9. ^ Hans Büschgen , Interest rate futures , 1988, p. 86
  10. Reinhold Hölscher / Ralph Elfgen (eds.), Challenge Risk Management , 2002, p. 15
  11. Marcel Meyer, Recognizing and Managing Risks , p. 9
  12. Dieter Farny , Versicherungsbetriebslehre , 2006, p. 8
  13. Marcel Meyer, Recognizing and Managing Risks , p. 9
  14. Oliver Everling / Jens Leker / Stefan Bielmeier (eds.), Credit Analyst , 2012, p. 342
  15. Marcel Meyer, Recognizing and Managing Risks , p. 9
  16. Werner Gleißner, Effective Risk Management to Improve Planning Uncertainty and Crisis Stability , in: Risk, Compliance & Audit, 2012, 28–33, 82–89, p. 5
  17. Frank Romeike, Risk Management in the Context of Corporate Governance , in: The Supervisory Board 70, 2014, p. 72
  18. Marcel Meyer, Recognizing and Managing Risks , p. 10
  19. Frank Romeike, Risk Management in the Context of Corporate Governance , in: The Supervisory Board 70, 2014, p. 72
  20. Walther Busse von Colbe / Monika Ordelheide / Günther Gebhardt / Bernhard Pellens, Consolidated Financial Statements: Accounting According to Business Management Principles , 2010, p. 627 ff.
  21. Claus Huber / Daniel Imfeld, Success factors and stumbling blocks , in: Die Bank , Heft 9, 2012, p. 16