Risk identification

from Wikipedia, the free encyclopedia

The risk identification (including risk identification ; english risk identification ) is in the context of risk management , the systematic recording and collection of all to a company acting risks .

General

A risk identification can only begin with the risk perception ; it is the prerequisite for the recognition and discovery of risks at all. The problem arises here that different risk carriers perceive the same risk differently or not at all. If the risk is perceived incorrectly as selective perception , only certain risks are perceived, but other existing risks are ignored. Inadequate risk perception has a negative effect on the subsequent phases of risk management. Risk identification includes the “collection of current, future, potential and theoretically conceivable risks” and is usually considered the first stage of the risk management process. All sources of danger, potential disruptions and causes of damage in a company that can have a negative impact on the achievement of corporate goals are recorded.

The aim of risk identification is to record the sources of risk for the entire company and all functional areas as completely and continuously as possible. The methods convey a systematic approach to the process and structure the procedure, help identify internal or external risks, support the creation of an organization-specific risk profile and the continuous tracking of risks.

Process flow

The risk identification is carried out as the first process phase of the risk management process with the help of methods for risk identification similar to an inventory . The aim of risk identification is to record the sources of risk in the entire company and in all functional areas ( procurement , production , financing , administration , sales ) as completely and continuously as possible. The methods convey a systematic approach to the process and structure the procedure, help identify internal or external risks, support the creation of an organization-specific risk profile and the continuous tracking of risks. This also must vulnerabilities are discovered. Early warning systems , which monitor the objects at risk ( equipment such as systems , buildings or machines , personnel , finances ) for any type of operational disruption, are an important instrument for risk identification . The risk identification follows the risk analysis .

Methods

The SWOT analysis , checklists , risk identification matrix and surveys can be considered as methods for existing risks . Potential risks can be identified through failure mode and effects analyzes (FMEA) or questionnaires , brainstorming , brainwriting or the Delphi method . From the risk identification it can only be deduced which risks alone could endanger the existence of a company. The possible interdependence of different types of risk , which only becomes apparent in the risk aggregation , cannot be recognized as a result .

SWOT analysis

The SWOT analysis is used to determine the position and develop strategies of companies and other organizations.

Checklists and employee surveys

The inspection of risk-threatened objects is used for the simple and quick recording of visually perceptible risks (especially environmental risks and technical risks). This method enables the formation of a general overview of the local conditions. Interviewing external experts or competent employees can provide important information about internal and external company risks. Surveys can be carried out both in writing and orally. The employee survey primarily contributes to the recording of internal risks, while the expert survey aims to record external risks.

Checklists are standardized questionnaires for the systematic recording of risks throughout the company or in areas of the company. They can contain open-ended and closed-ended questions, with closed questions i. d. Are usually more beneficial for identifying risks. In practice, checklists reach a large number of employees. However, checklists narrow the view, which is why risks that are not queried in the list can be forgotten.

The table shows an excerpt from a checklist with open questions for the area "Management and Organization"

question meaning
Does the management know the opportunities / risks / strengths / weaknesses of the company An opportunity-risk analysis and strengths-weaknesses analysis should be carried out at least once a year. While the opportunities show the external developments in the market, the strengths and weaknesses show the (internal) potential of the company. A comparison between the two perspectives is necessary for the strategic alignment with regard to markets, customers, products, organization, employees, information technology (keyword: strategic success factors), etc.
Do developments in e-commerce affect the organization of the company? E-commerce has grown in importance. It will be a key strategic success factor in the future. Missing this development can have existential consequences.
Is there a documented strategy? A missing or insufficient strategic consensus of the management paralyzes a common and appropriate prioritization and pursuit of goals within the management
Is the strategy communicated? With the communication of the strategy the discrepancy between strategy formulation and implementation can be closed. The inadequate or missing strategy communication in the operational units is followed by a different implementation according to the individual point of view of the employees (position / department / remuneration etc.). The consequence can be a suboptimal resource allocation.
Are the staff motivated? Inadequate motivation has a negative impact on the individual's work performance, on the one hand, and has a significant influence on the working atmosphere on the other

FMEA (failure mode and effects analysis)

The Failure Modes and Effects Analysis (FMEA) is a systematic, semi-quantitative risk analysis method which was developed in the 1960s for the investigation of weak points and risks in aircraft. It was then used in space travel, for production processes in the chemical industry and in the automotive industry.

The central idea of ​​the FMEA is the early detection and prevention of potential errors. Errors and their causes are therefore examined preventively. The risks are then assessed in terms of occurrence and significance. There are four different approaches:

  • System FMEA : Here the focus is on the individual system components and their contribution to the overall risk.
  • Construction FMEA : The primary focus here is the error-free functioning of the production components.
  • Process FMEA : This investigation focuses on the manufacturing process.
  • Design FMEA : This FMEA is part of product development and also extends to suppliers.

Procedure:

  • Step 1: The company is described as an intact, trouble-free system.
  • Step 2: The "company" system is broken down into different functional areas.
  • Step 3: Potential faults in the individual components and the entire system are examined.
  • Step 4: Deriving effects on the entire system.

Delphi method

The Delphi technique is a method with which experts or employees are interviewed in several stages. The results of one survey round influence the next, so that possible risks can be better assessed. This is only possible if the respondents have in-depth specialist knowledge. Because the basic assumption of the Delphi technique is that experts know the influencing factors on their respective subject area. As a result, you can use the cumulative and condensed expert opinion to make a relatively concrete statement about existing and future risks.

procedure
  • 1st round - Open survey (online, collecting ideas)
  • 2nd round - closed survey (online, condensing ideas)
  • 3rd round - personal conversation (workshop, final discussion)

New ideas are collected and condensed.

brainstorming

Brainstorming is a method that aims to encourage creative creativity in a group. Based on the basic idea of ​​association of thoughts (one idea evokes another, etc.) the goal of brainstorming is to leave familiar paths mentally. Ideally, the process is carried out with 4 to 10 participants. It makes sense to appoint a moderator and a secretary . It is important that no criticism may be voiced during the brainstorming session, because it is a matter of collecting ideas without any judgment. The basic requirement for this is a good relationship of trust. This method can be used in risk identification to independently identify risks that are generally known.

Brainwriting

In contrast to brainstorming, ideas are not expressed, but written down and first collected. With this method, the number of participants is more variable than with brainstorming, since individual participants cannot, for example, interrupt each other. Also, no recorder or discussion moderator is needed. This method is particularly effective in groups in which there is no good relationship of trust or when you want to collect ideas from a particularly large number of people.

Documentation analyzes (risk identification based on existing data)

The documentation analysis is an ex post analysis. This means that the risk identification is based on documents that have already been created, for example from the accounting or controlling department. Risks that can be derived from accounting (especially the annual report):

Risk identification based on the income statement ( Section 275 HGB )
Item of the
profit and loss account		 identifiable risk areas
Sales Product structure risk , competition risk , currency risk , dependencies on major customers
Cost of materials Dependencies on suppliers , incorrect / inadequate security strategy , inadequate benchmarking with regard to the material used
Personnel expenses bad / wrong remuneration systems , qualifications of specialists and managers (dependency aspect)
Depreciation Investment / divestment risk
Interest expense Financeability of investments, interest rate risks
Risk identification based on the balance sheet ( Section 266 HGB)
Balance sheet item identifiable risks
Intangible assets Intrinsic value (e.g. for patents )
Property, plant and equipment Operator risk (environment, official requirements), age structure of the systems, system intensity , insurance coverage
Financial assets Futures , equity investments , derivatives
Stocks Age structure , dependency on major customers, insurance coverage, circulation intensity
Equity Equity ratio
accruals Financing the company pension scheme ( pension provisions ), impending losses from pending transactions
liabilities Current account credit , supplier credit

Controlling

An important task of controlling is the provision of information for decisions , such as B. Business planning , investment planning or budgeting . These decisions are made with the help of assumptions about the future development of certain influencing factors. Since these assumptions are not certain, the controlling department reveals a potential risk every time it makes an assumption. Possible assumptions that are made are e.g. B. Economic assumptions , raw material prices , sales etc.

Synectics

Synectics is an unknown, unsystematic method of risk identification . This method combines seemingly unrelated / irrelevant factors. As a result, she transfers structures that are not problematic to the problem, which in turn leads to a different perspective and approach. The essential principle of this method is: "Make the foreign familiar and alienate the familiar". The aim of the method is to produce new knowledge by reorganizing knowledge. The process is very complex and a moderator is necessary to lead the discussion. The individual process steps of the synectic are listed below:

  1. Problem analysis and definition
    • Example: How can the plate be attached to the frame as easily as possible?
  2. Spontaneous solutions
    • Example: suction cups, nails, screws, adhesive tape
  3. Reformulating the problem
    • Example: How can it be achieved that the plate can be easily removed again?
  4. Formation of direct analogies (e.g. from nature)
    • Example: animal loses fur, tree loses leaves, snake sheds skin (chosen by the group in this example)
  5. Personal analogies (identification)
    • Example: How do I feel as a molting snake? Narrowed
  6. Symbolic analogies (contradictions)
    • Example: oppressive shell, gapless fur (chosen by the group)
  7. Direct analogies (e.g. from technology)
    • Pressure vessels, crash barriers
  8. Analysis of the direct analogies
    • Example: pressure vessel: solid, hard, shiny
  9. Transfer to the problem (force fit - should follow the rules of brainstorming)
    • Example: Profile frame, balls between the plate and the frame, frame only on two sides
  10. Development of solution approaches

Value chain analysis

Porter's value chain

The value chain analysis is based on the value chain model which was developed by Michael E. Porter . This model assumes that competitive advantages arise from value-adding activities of the company. With the help of this model, competitive advantages and core competencies of a company can be identified.

Every business is made up of a multitude of interrelated activities. Every activity has a share in the added value and is therefore crucial for business success . In addition to revealing competitive advantages, the value chain model can also be used to identify risks. For this, the company-specific value chain must first be mapped. For this purpose, the entrepreneurial activities must be entered based on the basic model (illustration). It also makes sense to divide the activities into individual parts in order to identify the processes in the company which are most important for the provision of services. The need for coordination between individual areas can also be derived from this and areas subject to risk can be identified. The value chain analysis thus gives a good overview of the entrepreneurial risks in their entirety.

Fault tree analysis

The fault tree analysis is a deductive top-down system that can be used to study complete systems. The aim of the analysis is to determine the reliability of the individual processes and, as a result, of the overall system. The detection of all possible combinations of failures of individual processes is ensured. In addition, it enables the description of the probabilities of occurrence and the consequences of events. Prerequisite for the analysis of complex fault trees is a software .

The aim of this analysis method is to define the conditions under which the system will not work. For this reason, the malfunction of the overall system must first be described as precisely as possible. An analysis takes place based on this. This examines which secondary disorders can lead to a disruption of the overall system. These secondary causes can potentially be further broken down. The graphical representation of these relationships is the fault tree. More complex error events can also be dealt with using logical links, e.g. B. Map AND / OR links. The example shows an excerpt from the fault tree, which considers the entire "ERP" system:

Fault tree: ERP failure

Early warning systems

The aim of early warning systems is to identify internal and external risks well before they occur, so that the company has enough time to take countermeasures. These systems can be applied to a specific area in the company as well as to the entire company. Early warning systems have evolved over time. Today a distinction is made between three generations that can be assigned to the operational or strategic early warning systems. Regardless of the stage of development, all early warning systems should use the information available at the time to predict the future of the variables relevant to the company as early as possible, as precisely and as comprehensibly as possible.

The systems 1st generation and systems of 2nd generation cover operational risks using the ratio analysis. First generation systems were used as early as the 1960s. These systems forwarded exception messages. Strategic risks are uncovered with some 2nd generation systems as well as with 3rd generation systems . Systems for identifying operational risks include key figure systems that only process data from the past (ex post) and, if necessary, extrapolate them. The extrapolation can be used to obtain estimated future key figure values. On this basis, for example, plan values ​​can be compared with projected actual values. The accuracy of the extrapolation depends on the underlying forecasting methods. Forecast methods are divided into qualitative and quantitative ( time series analysis , causal methods) methods. Quantitative methods use mathematical calculations and are therefore only useful for short periods of time. In addition, only quantitative, but not qualitative facts are considered. Strategic early warning systems try to track down previously undetected developments and risks through an unrestricted 360 degree search in the sense of a strategic radar.

Risk workshops

Certain types of risk can be identified through critical discussions in a risk workshop. This includes operational and strategic risks. In particular, this means that risks from the service creation process (operational risks), legal risks, political risks, risks from support processes, etc. can be identified.

The advantage of risk workshops is that, in addition to risk identification, other topics relating to risk management can be discussed, such as: B. the further procedure with the identified risks. Furthermore, regular risk workshops increase the risk awareness of the workforce. Regardless of whether strategic or operational risks are to be identified, good planning is a basic requirement for a successful workshop.

  • Step 1 - Selection of the observation areas: First of all, it must be precisely determined which questions are to be clarified and in which areas risks are to be identified.
  • Step 2 - Expert selection: Which employees / experts are important to answer the key questions and should be invited to the workshop? (Approximately two working days should be planned for a workshop.)
  • Step 3 - Kick-off event: As part of the kick-off event, the experts are provided with the necessary information about the project. It is also advisable to provide information about the project with the invitation to the kick-off event.
  • Step 4 - Entry into the workshop: During the workshop, risk identification methods are carried out in groups. It is advisable to emphasize the intention of the project once again at the beginning and to show the process and the expected results. It also makes sense to clarify the basic terms used in risk assessment.
  • Step 5 - Risk Identification: Many possible methods of risk identification have already been considered in the context of this article. The value chain analysis is z. B. an important tool for identifying operational risks. Furthermore, an analysis of the structure of the risk areas provides a good starting point. Simply carrying out a checklist is not expedient, as people rarely think about other, unlisted risks when such a list is presented. But it can be a good addition. Other methods such as B. the Delphi technique can also be useful in such a workshop.
  • Step 6 - Relevance assessment: Finally, the identified risks must be assessed according to their relevance. The aim is to find the risks for which further processing makes sense. Risks that are not processed further must not be deleted. It must be stated why they are not being pursued.

Individual evidence

  1. Nikolaus Raupp, The decision-making behavior of Japanese venture capital managers under the influence of risk perception in conjunction with other factors , 2012, p. 27
  2. Frank Romeike (Ed.), Success Factor Risk Management , 2004, p. 165
  3. Karsten Füser / Werner Gleißner / Günter Meier, Risk Management (KonTraG) , 1999, p. 754
  4. Katarzyna Smirska, Optimizing a Risk Management System in SMEs , 2009, p. 37
  5. Marc Diederichs / Stephan Form / Thomas Reichmann, Standard for Risk Management , in: Controlling Heft 4/5, 2004, p. 191
  6. Frank Romeike (Ed.), Success Factor Risk Management , 2004, p. 165
  7. a b c d Marc Diederichs: Risk Management and Risk Controlling. 2013, p. 105.
  8. ^ A b Frank Romeike, Robert Finke: Success factor risk management. 2013.
  9. Frank Romeike (Ed.), Success Factor Risk Management , 2004, p. 174
  10. ^ Heribert Meffert / Christoph Burmann / Manfred Kirchgeorg, Marketing , 10th edition. Gabler / Wiesbaden, 2008, p. 236
  11. ^ Kai-Ingo Voigt: Risk management in plant construction. 2010.
  12. a b c d Werner Gleißner: Fundamentals of risk management in companies. 2011.
  13. a b Klaus Wolf, Bodo Runzheimer: Risk management and KonTraG: conception and implementation. 2013, p. 104.
  14. ^ A b Frank Romeike, Peter Hager: Success Factor Risk Management 2.0: Methods, Examples, Checklists. Practical manual for industry and trade. 2009.
  15. Ulrich Thonemann: Operations Management: Concepts, Methods and Applications. 2010
  16. ^ University of Leipzig, working papers on the Delphi method
  17. a b c d Mirco Grethen: Risk management in medium-sized companies. 2001.
  18. Markus Junginger: Value-Oriented Control Of Risks In Information Management, 2005.