Scroll Top

Risk management is a ladder that leads to success through a tough business terrain

Organizations exist to achieve the mission for which they were created. For example, business organizations exist to make profits while others exist to achieve the mission for which they were set up.

Success is then about the organizations achieving the goals that help them to move towards their mission.

Success involves moving from the current unsatisfactory state to a desired future state over a given period. Success is about achieving the results of the planned move.

It is important to note that success is not easy to achieve because the route to success passes through a rough environment caused by both internal and external uncertainties.

Internal uncertainties

The internal uncertainties are caused by the assumptions the organization makes at the planning stage about the internal factors that are within the control of the organization.

The realities about the factors often come out differently from the assumptions used for planning purposes hence the resulting risks.

The internal factors for which assumptions are include the following among others;

  1. Availability of adequate financial resources to acquire other resources necessary to implement the strategic plan;
  2. The existence of the organizational culture that includes the beliefs, values, and attitudes of the employees;
  3. The existence of reliable internal processes, policies, and procedures to guide management and staff in implementing the strategic plan;
  4. The speed of adopting the technology within the organization;
  5. The risk appetite level as set by the board;
  6. The availability of competent human resources to implement the strategic plan.

The external uncertainties

The external uncertainties arise as a result of assumptions made at the planning stage about the external factors that are beyond the control of the organization.

The risks come up as a result of the realities about the external factors coming out differently from the assumptions used.

The external factors for which assumptions are made include the following among others;

  1. Economic environment factors like inflations among others affect the demand of the consumers and the performance of the organization.
  2. The political policies of the government and other government international organizations tend to impact the organizations either positively or negatively.
  3. Social environment factors like culture, religious faith, education, and gender among others tend to shape the behavior of the target market.
  4. Technological environment factors relate to external factors in technology that may affect the way the organization does its business.
  5. Legal environment factors related to the regulatory framework of government and government-related entities and international organizations that impact the performance of the organization.
  6. Natural factors like earthquakes, flooding, climate change, and outbreaks of epidemics like COVID-19

What can go wrong because of uncertainties?

There are so many things that can go wrong if the uncertainties are not critically looked into. The following are some of the things that can go wrong;

  1. Hiring incompetent staff that can manage the risks;
  2. Wrong selection of the market segment for the products and services;
  3. Failures at the planning level due to limitation of resources;
  4. Inadequate feasibility studies;
  5. Inadequate financial resources;
  6. The uncertainties can also cause a lack of focus on the way forward.

What causes risks in an organization?

Organizations operate in an environment impacted by both internal and external environmental factors that may lead to several identifiable and non-identifiable uncertainties or reservations during the planning and implementation of the strategic plan.

When these several uncertainties materialize they result in risks or exposures to the organizations that affect their performance.

Can an organization avoid risks?

Yes, an organization to some extent can minimize risk to the lowest level by designing and implementing a risk management framework or policy. The framework is a guideline used by management to identify, eliminate, and minimize risks. The risk management framework serves the following key objectives;

  1. Risk identification

This is a process that involves defining the risk universe, selecting risks that the organization is exposed to, and categorizing the selected risks into core and non-risks.

  1. Risk assessment

This is the process of identifying risks that could negatively impact the performance of the organization and assessing their impact on the organization.

  1. Risk evaluation

This is the process of defining the estimated risks to those affected by the risks.

  1. Risk treatment.

This is the process of implementing risk mitigation strategies aimed at avoiding, optimizing, transferring, or retaining risk.

  1. Monitoring and reviewing of risk.

This is a process of tracking and evaluating risk levels within the organization.

The risk management framework is intended to minimize risk to the lowest level but not completely avoid it.

Is there risk-free business?

An environment in real life without risk does not exist. Therefore, there are no risk-free businesses or activities that one can engage in to avoid risks. The business activities can however be ranked on a scale of low to high risk to help entrepreneurs venture into business activities that are in line with their risk appetite. However, it should be noted that accepting high levels of risk may easily lead to business failure.

Is there a link between risk and rewards?

It is important to note that risks and opportunities are the two sides of the same coin. Therefore, as you manage risks on one side, you should not overlook exploiting the opportunities created along the way. It is also important to note without risks adequate rewards on capital are difficult to come by as reward is a compensation of the risk taken. Entrepreneurs are therefore willing to take risks because of the rewards for the risks taken. It is therefore a difficult balancing act between the risk taken and the expected reward.

What are the risk mitigation strategies?

The common mitigation strategies include the following among others;

  1. Risk avoidance strategy

This is a risk management technique where the organization avoids all unwanted consequences presented by the risks. For example, the organization could avoid placing orders with a supplier who offers poor-quality goods.

  1. Risk reduction strategy

This involves taking mitigation strategies to reduce the adverse impact of the risk. For example, the supply of medical services could be outsourced to a third-party medical practitioner to offer medical services to staff at an agreed medical cover. This is done to keep medical costs within budget.

  1. Risk transference strategy

This a risk management technique where the potential loss resulting from adverse outcomes is transferred to a third party or entity at agreed compensation.  The entity is compensated by the third party when the risk materializes.

  1. Risk acceptance strategy

Management may decide to acknowledge some risks within defined risk levels with their potential consequences and to accept to live with the risk. High and medium risks are not handled under this strategy.

What is the purpose of risk management?

Risk management is important to the organization and individuals for the following reasons;

  1. Prevention of problems because of the controls in place;
  2. Early identification of red flags of potential problems and prevention of their occurrence;
  3. Prompt identification of problems when they occur and development of the mitigation strategy;
  4. Identification and exploitation of opportunities

What can go wrong with the risk mitigation strategy?

An organization may have the state of art risk governance structures but still things may go wrong in the area of risk because of the following;

  1. Adequate risk governance structures with adequate lines of defense are not in place. The lines of defense should be provided at various levels including frontline staff, oversight functions staff, internal and external audit providers, and finally the board.
  2. It is possible for things to go wrong because of the selection of the wrong risk mitigation strategy. For example, management may acknowledge and accept living in a high-risk situation that leads to business failure.
  3. Inadequate risk communication strategy to top management therefore risks and warning signs are not communicated.
  4. The known risks in the sector are not taken into account and
  5. Lack of competent resources to manage existing and new risks.

What are the benefits of having an effective risk management framework?

There are so many benefits to reap because of having an effective risk management framework and the following are some of them among others;

  1. The organization will have the capacity to attract cheap capital resulting in an overall reduction of the cost of capital;
  2. Leads to informed decision-making;
  3. Brings up a degree of certainty in planning;
  4. Leads to the overall improvement of performances because of savings and exploitation of opportunities and
  5. Better protection of the assets and other resources of the company.


Leading an organization to its mission is increasingly becoming difficult because of the tough business terrain your organization operates.

The business terrain is clouded with a lot of ambiguities, uncertainties, constant changes, and a lot of moving and interconnected parts.

However, your chances of success are enhanced if you are guided by an effective risk management framework. The framework gives the capacity to manoeuvre through the tough business terrain.