Risk early warning system

from Wikipedia, the free encyclopedia

Terminology

General

Risk early warning systems are part of risk identification and thus form the basis for risk management . As part of risk identification and early risk detection, potential risks are determined in a specific project. It should be noted that the risks should not be assessed in this phase. In a narrow sense, risk can be understood as the risk of loss when making decisions under uncertainty. It therefore describes all undesirable events that result in a negative deviation of the actual values ​​from the plan. In a broad sense, however, risk can be expanded to include positive deviations from the planned values. Thus, according to this perspective, the risk also includes potential earnings opportunities, which an early warning system should also oversee.

The task of risk management is to provide early warning of potential risks and to create risk awareness in projects. Risk management is intended to shift conflicts in advance in order to increase the scope for action. By recognizing risks at an early stage, uncontrolled action is to be prevented.

definition

In Germany, risk early warning systems are often defined as mandatory management information systems without clarifying the content. Early detection systems are special information systems that show the decision-maker possible risks in advance and allow them to take appropriate countermeasures to avert or reduce the risks identified.

In the Anglo-American region there is no linguistic equivalent to the risk early warning system. There, this area of ​​risk management is generally summarized under the terms “ risk assessment ” and “risk identification”, ie risk assessment and identification. The term “risk management plan” is also very common in the Anglo-American region.

Legal basis

According to Section 317 (4) of the German Commercial Code ( HGB) in conjunction with Section 91 (2 ) of the AktG , the risk early warning system is a legal part of an audit carried out by the auditor. Only listed stock corporations are included. At other companies, the review of the early risk detection system can represent an extension of the audit order, because these also require regular examination of the early risk detection system. Another occasion is a special order. The auditor only assesses the risk management system (§ 53 HGrG ), his task is not to develop a concept for the introduction of an early risk detection system by the company. This is not a management check, but a pure system check. The system is checked for its existence, suitability / usefulness and functionality. It must be able to “identify risks that could jeopardize the continued existence of the company in good time so that the responsible decision-makers can react appropriately” and this must be company-wide. The aim of the audit is to give the auditor improved control options.

The law leaves possible criteria for the test open, but the IDW has set up its own catalog of criteria with its test standard IDW PS 340 , which can also be viewed as minimum requirements for the test. However, due to the lack of parliamentary legitimation of the IDW, the standard is only indicative; it has no legal character.

If an early risk detection system is not set up, there is a serious violation of the law according to Section 321 (1) sentence 3 HGB, which must be declared in the audit report. The result of the test is to be listed in a special part of the test report. It must be stated whether the system has been suitably set up, whether it is performing its tasks effectively and in which areas improvements should be sought. The system itself is not to be shown here, but it is advisable for an initial test. The auditor's report is to be qualified if, due to the system, the risks of future developments cannot be adequately presented in the management report. The knowledge gained from the examination of the risk early warning system is therefore indirectly the subject of the reporting obligation.

Risk early detection

Early detection systems give companies scope for countermeasures in the event of internal and external risks, as they signal the occurrence of these business threats at an early stage.

As early as the early 1970s, business administration dealt with the early detection of entrepreneurial risks. In a first phase, the first methods were developed that were used to record and evaluate, but also to control risks. These were initially aimed at the short term and only enabled control invoices during the year. Using simple methods, the actual values ​​were extrapolated with the help of forecasts for the further course of the periods. Thus a “target-performance comparison” was obtained. This comparison should draw the management's attention to possible undesirable developments based on the calculated expected value and enable countermeasures to be taken in good time. Due to the manageable informative value and the limited time components, these systems were only sufficient for operational controlling . In a second phase towards the end of the seventies, computer-aided systems were increasingly developed which made statements with the help of certain indicators and made deviating developments visible. The definition and meaningfulness of indicators that were used from various economic areas was of great importance. In early detection, for example, one referred to profitability, a financial key figure or the scrap rates in production, a production economic figure.

The latest generation of warning systems are based on the “early signals” principle. According to this, far-reaching changes and upheavals are announced early on by weak signals . Such signals range from the development of new ideas to the expressions of famous people. This approach can be borne out by the recent financial crisis, in which the ever widening real estate bubble was announced long in advance.

Risk identification

A systematic identification of risks is a good starting point for the risk management process. That is why risk identification plays an important role in the early identification of risks. In corporate practice, there are still no sufficiently practicable tools for comprehensive risk identification. Taking this problem into account, an effective set of instruments for the complete identification of external and internal risks is presented below. Internal risks are understood as the risks resulting from corporate decisions and actions that have a direct impact on existing business processes. These mainly include performance-related, financial risks and risks from management and organization. The external risks that can be indirectly influenced arise from the corporate environment. Because of the differences between industries and regions, companies have different risk profiles. External risks can be further differentiated into economic, socio-cultural, technological, political-legal and force majeure areas. And due to risk interdependencies, the identified individual risks are not to be viewed and analyzed separately, but from the point of view of causal relationships.

After a rough identification of the risky areas, a risk profile is created with the help of the following powerful instruments: value chain analysis, process chain analysis, network technology and early warning systems.

In the first approach, the business activities are classified and broken down according to their intrinsic value. The sub-processes associated with high risks are analyzed further. This value chain approach provides a good overview of possible company risks, but there is a risk from neglected risk areas.

The analysis of the process chains, using process trees, offers the most complete picture possible of company processes, which enables processes to be traced and sources of risk to be identified quickly. In particular, risks with monocausal cause-and-effect relationships in operational processes are taken into account.

In order to be able to identify risk potentials in strategic processes as well, management decisions have to be made with the help of network technology. Based on monocausal cause-and-effect relationships, the chaining of decisions and influences in a constantly changing environment is examined. In doing so, the sources of risk for strategic decisions should be guaranteed using networked thinking.

Since companies are in a dynamic environment, risk identification does not have to be carried out once, but rather is part of an ongoing process. The risks that have already been identified should also be continuously monitored.

Individual evidence

  1. ^ A b Wolfgang H. Staehle: Management. A behavioral perspective . 6th edition. Munich 1991, p. 594 .
  2. a b Krystek, U., Müller, M .: Early reconnaissance systems. Special information systems to fulfill the risk control obligation according to KonTraG. tape 4/5 , 1999, p. 177-183 .
  3. Parker, D., Mobey, A .: Action Research to Explore Perceptions of Risk in Project Management. International Journal of Productivity and Management . tape 1 , 2004, p. 18-32 .
  4. a b Happe, V., Horn, GA, Otto, K .: Das Wirtschaftslexikon . 2nd Edition. Bonn 2016, p. 7-13 .
  5. a b c d e f g Müller, M .: Practical information on so-called risk management . In: Working aids for supervisory boards . tape 13 , 2009, p. 19, 33 .
  6. a b c Diederichs, M .: Risk Management and Risk Controlling . 3. Edition. Munich 2013, p. 46-60 .
  7. Saitz, B., Braun, F .: The Control and Transparency Act - Challenges and opportunities for risk management . 1st edition. Wiesbaden 1999, p. 191 .
  8. ^ Ansoff, I .: Managing Surprise ans Discontinuity - Strategic Response to Weak Signals . In: ZfbF . tape 3 , 1976, p. 129-155 .