Risk policy

from Wikipedia, the free encyclopedia

As risk policy of a company is known all measures within the risk management of the risk management of all corporate risks are.

General

Risks and the possibilities of limiting them are a central topic in business administration , as they are inextricably linked with entrepreneurial activity. The corporate risk is initially reflected in the volatility of the result ( profit or loss ), which can be determined through statistical analyzes or future-oriented using risk aggregation . The extreme form of corporate risk is called insolvency risk and expresses the probability that the company will not be able to meet its obligations, or not fully, due to insolvency and / or over-indebtedness . The insolvency probability, which is dependent on the aggregated risk scope - but also the risk-bearing capacity ( equity ) and profitability - is expressed by the rating (see also rating forecast and insolvency forecasting procedure ). In the worst case, risks can lead to a corporate crisis and ultimately to the bankruptcy of a company. In order to avoid these existential consequences, the risk policy has to ensure that the company risks are analyzed, cataloged and assessed.

The risk policy is based on corporate goals with the classic conflict of goals between profitability , liquidity and risk . In order to achieve a certain profitability while maintaining liquidity, reasonable and manageable risks must be taken. However, these risks must always be monitored and controlled with measures known as risk policy instruments. The task of risk policy is to analyze and shape the risk situation of a company in a targeted and planned manner. The risk policy defines who in the company conducts risk management with which objective and which means and methods are used for this.

Risk policy instruments

The risk identification is the first step of a systematic collection and collection of potential risks, followed by the risk analysis that the risks identified according to their causes and probabilities examined. This is followed by a risk assessment , which determines the threat posed by the analyzed risks to a company and assesses the acceptability of the analyzed risks. In the context of risk management, it is then important to bear risks that are considered acceptable ( residual risk ) and to install a suitable risk control system for this. Risk management uses risk policy instruments and includes all measures that serve the operational active and passive risk management . Active ones include risk avoidance , risk reduction and risk diversification . Passive risk management consists of risk transfer and risk provisioning and is required if risks - consciously or unconsciously - have not been actively managed.

Risks have to be taken in order to generate profit for a company. The decisive assessment of the success of a company takes place through the selection of the "right" risks ( English "upside risks" ). Financing risks , however, are among the most preventable risks ( english "downside risks" ). In order to master risks, the right strategies must be developed and correspondingly efficient and effective business processes must be defined as part of risk-conscious corporate management. For financial instruments , companies can their financial risk by hedging instruments control.

Risk policy as part of the corporate strategy

The risk policy is anchored in the corporate strategy as a prerequisite for determining the future strategic thrust to increase corporate value. The core competencies, competitive advantages and general corporate goals targeted in the corporate strategy should be achieved and secured through an appropriate risk policy . For this, on the one hand, all relevant risks that influence the strategic goals and central success factors set within the corporate strategy must be recorded and quantified in order to then arrive at a standardized handling of risks. Due to its strategic orientation, the determination of the risk policy is the task of the company management. The company management must exude a kind of risk culture and emphasize the importance of this topic. The execution of the risk policy, on the other hand, is the responsibility of all employees in the company. A company-wide, uniform risk management communication is created through a strategic and value-oriented risk policy .

Weighing return and risk

For an optimally operating company, it is essential to weigh the return and risk with regard to possible entrepreneurial options for action. The return alone is not enough to tell you whether a decision is good or bad. Because a decision with a possible return of 8% is not necessarily better than a decision with a return of 5%, if in the first case a disproportionately large risk is taken. The risk policy should define a uniform decision criterion, according to which it is determined how employees should act with regard to possible risks and returns and targeted control takes place. A key figure that combines risk and return is company value . The higher the company's risks, the more equity capital must be available as risk coverage potential in order to be able to cover risky positions if necessary. If one calculates the company value by deriving the cost of capital from future earnings risks and considering the value driver rating, a performance measure is created that combines earnings and risk.

The risk management system should consider opportunities and dangers (risks) together and weigh them up against each other.

Upper limit of the total risk scope and fixing of the desired rating

In order to ensure the continued existence of the company, the total scope of the risks must not exceed the risk-bearing capacity of a company. To do this, all of the company's risks must first be recorded within the risk identification process and then quantified. This is done through an overall risk portfolio that shows how the risks in the company are distributed according to the amount of damage and the probability of occurrence.

With the help of value-at-risk calculation methods such as the Monte Carlo simulation , the next step is to determine the company's overall risk as part of risk aggregation. It should be noted that the addition of the individual risks does not correspond to the aggregated overall risk, but rather is lower due to the correlation between the individual risks. An addition of risks does not represent a risk aggregation, as is necessary in order to comply with “developments threatening the company's existence” within the meaning of Section 91 of the German Stock Corporation Act.

In order to be able to assess the overall risk determined, it is compared with the company's risk-bearing capacity. The risk-bearing capacity is an objective measure of the loss a company can bear without threatening its existence . The financing structure therefore plays a decisive role with regard to the maximum risk that the company can take. This creates an individual risk-return ratio for each company.

In particular, the equity ratio is a decision criterion for the rating of the company. A high equity ratio signals the company's independence from lenders and thus from repayments and interest. The rating of the company is influenced by economic indicators such as the equity ratio, so that a desired rating can be fixed. Establishing this desired rating is also the task of risk policy.

Core and peripheral risks

With the separation of core and peripheral risks, a systematic check is carried out to determine which risks a company should and should not bear. Core risks are risks that are directly related to the expansion and use of the company's potential for success and that cannot be meaningfully transferred to third parties. This includes, for example, technological skills, for which high investments must be made in research and development and thus also a certain risk.

By avoiding or transferring all other risks, which are referred to as peripheral risks, the overall risk of the company can be reduced. In addition to risk transfer , i.e. risk transfer to third parties, there is the option of using derivatives on currencies, interest rates or raw material prices. How a company deals with this depends to a large extent on the risk costs incurred in transferring the risk and must be clearly specified in the limits set out in the risk policy.

Limits for individual risks

The limit of a risk denotes a monetary limit of the loss that the company would like to accept as a maximum with regard to this risk. The limit is related to the company's risk-bearing capacity, but does not have to correspond to this, but is determined individually. This difficult task of determining limits depends largely on the company's willingness to take risks . If the willingness to take risks is higher, the limit will be higher than if the willingness to take risks are lower. One generally divides into the relative and the absolute limit. The relative limit is a kind of deviation limit that determines how much your own risk can deviate from the risk of a benchmark . The problem with the relative limit is the lack of reference to equity and thus to the company's individual risk / return ratio. The absolute limit, on the other hand, represents an absolute maximum value that must not be exceeded due to losses. This value is determined taking into account the equity ratio, which eliminates the problem of relative limits.

Procedure for assessing risks

Once identified, risks are weighted qualitatively and quantitatively within the risk assessment. Depending on the type of data, a risk is assessed either qualitatively by considering and analyzing the cause-effect relationship of the risk or quantitatively by evaluating the two risk determinants of the probability of occurrence and the amount of damage. This procedure must be specified in the risk policy so that a uniform risk assessment takes place in the company.

Problems of risk policy

Risk policy is exposed to several problem areas that must be taken into account:

  • Different decision criteria (for example, once sales, once profit) are used for different risks.
  • The risk policy is not geared enough towards the company's risk-bearing capacity (equity).
  • Risks are identified, but no suitable measures are presented in the risk policy.
  • Without a detailed risk policy, there will be no uniform risk management in the company.
  • Failure to divide the risks into core and peripheral risks leads to inefficient handling of risks. It is unclear which risks should be taken and which should not.
  • The risk policy must be permanently adapted to changes in the company with regard to success potential, competitive advantages and general company goals. External boundary conditions in particular can change constantly and require different approaches to dealing with risks.

Demarcation

The specialist literature sometimes regards the terms risk policy and risk management as synonyms, but the latter is the functional implementation of risk policy in the context of the process organization of companies. In this sense, the risk management functions as a department that deals with the implementation of the risk policy.

publication

The risk policy pursued in companies is also of interest to the public in the case of legal forms that are subject to disclosure . Therefore, in May 1998 the KonTraG obliged the corporations to add a risk report to the management report and to document risks that threaten the existence of the company and also to “ deal with the risks of future development”. These companies publish the results of their risk policy in the risk report.

literature

  • Werner Gleißner: Fundamentals of risk management in the company . Munich 2011, ISBN 978-3-8006-3767-6
  • Werner Gleißner: Future Value - 12 modules for strategic value-oriented corporate management . 2013, ISBN 3-322-82328-8
  • Franz J. Sartor, Corinna Bourauel: Risk management compact: In 7 steps to the aggregated net risk of the company . 2013, ISBN 3-486-71773-1
  • Thomas Kaiser: Competitive advantage risk management: Successful control of strategy, reputational and operational risks . 2007, ISBN 3-503-10015-6
  • Werner Gleißner, Günther Meier: Value-oriented risk management for industry and trade: methods, case studies, checklists . 2013, ISBN 3-322-90746-5
  • Werner Gleißner: Risk Policy and Strategic Management, in: Der Betrieb Heft 33/2000, pp. 1625–1629
  • Frank Scholz: Public Sector Risk Management . 2009. ISBN 3-7908-2142-X
  • Bruno Brühwiler, Frank Romeike: Risk Management Practical Guide: Using ISO 31000 and ONR 49000 safely . 2010, ISBN 3-503-12476-4
  • Hans-Jörg Hoitsch, Peter Winter, Raphael Bächle: Risk culture and risk policy principles: structuring proposals and empirical results . 2005, ISBN 3-89936-493-7
  • IRM project, HSLU IBR - Hübscher / Senn: Risk policy and strategy. https://www.hslu.ch/de-ch/hochschule-luzern/search/#?q=risikopolitik

Individual evidence

  1. Silvia Rogler, Risk Management in Industrial Operations , 2002, p. 1
  2. Bruno Wiederkehr / Rita-Maria Züger, Risk Management System in Companies , 2010, p. 77
  3. Dieter Farny (ed.), Handwortbuch der Versicherung HdV , 1988, p. 659
  4. Torsten Gründer (ed.), Management Handbuch IT-Sicherheit , 2007, p. 36
  5. Frank Romeike, Risk Management in the Context of Corporate Governance , in: The Supervisory Board 70, 2014, p. 72
  6. Werner Gleißner: The aggregation of risk: early detection of "developments threatening the existence". In: The Supervisory Board, 04/2016, pp. 53–55
  7. ^ Franz J. Sartor, Corinna Bourauel: Risk management compact: In 7 steps to the aggregated net risk of the company. 2013, p. 1
  8. P. Hager: Limitsysteme ( Memento of the original from December 30, 2015 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. . 2004, p. 239 ff. @1@ 2Template: Webachiv / IABot / www.riskwiki.de
  9. Students of the “Purchasing and Logistics” seminar: Guide to the introduction of a risk management system in purchasing and logistics . 2005, pp. 30–32 (PDF file)
  10. Bernd C. Mossgraber, Insurance as part of the risk policy of private households , 1996, p. 9, FN 41
  11. Walther Busse von Colbe / Monika Ordelheide / Günther Gebhardt / Bernhard Pellens, Consolidated Financial Statements: Accounting According to Business Management Principles , 2010, p. 627 ff.