How many risks can you think of, that a company should definitely take into account at the moment? Some? Yes, me too. For example, there would be a high supply chain risk due to the COVID and Ukraine crises. Or the risk of business interruption, for example due to a lack of gas supplies. All these risks represent (significant) financial risks for many companies. But do companies also systematically and continuously record and control all these risks? And even in case yes, can the impact of individual risks or aggregated risks on the company’s success be determined? How is your risk management & -controlling?
Risk management does not seem to be top-of-mind
The answer to this question cannot really be found in current studies on risk management & -controlling. Although there are numerous studies1 that attest to the high relevance of risk management, there is hardly anything to be found on the dissemination of systematic risk management systems in practice. Only a study by Deloitte indicates that slightly less than 70% of large companies have a professional risk management. This can be because large companies are often publicly traded and risk management is required by law. No current studies can be found for SMEs, but the expert group Digital Controlling Competence of the Internationaler Controller Verein (ICV) estimates the proportion at a maximum of 30%. Risk management & -controlling does not seem to be a favorite topic in many companies.
“Risk controlling is actually the controller’s very own job, which is anchored in numerous controlling profiles and roles2,” said Uwe Seidel, Professor of Business Administration at the OTH Regensburg at the last controller meeting of the ICV expert group Digital Controlling Competence. He asks the participants at the expert event: “What risks are you currently recording in your company?”. From the silence in the room one can guess that risk management is not top-of-mind for controllers. Only one controller colleague comes forward with a risk management system that is more than presentable, but he admits that he would not voluntarily implement it if the legal requirements of the listed company did not dictate it to him. The picture of the studies cited above corresponds to the result of this expert event. Interested in an expert webinar on the subject of risk management systems? Please find all information regarding our webinars here >>
Isn't the economic benefit of a risk management system recognized without pressure?
Is a professional risk management system based on auditing standards only set up if it is necessary – as a listed company? And even if this is required by law, is there a link to financial planning to record the impact of risks on the company’s results?
“Actually, every company should record, quantify and weight risks (and opportunities) as part of the SWOT analysis. If this is not the case, they cannot be taken into account in the top-down planning,” said Uwe Seidel at the last ICV expert event DCC on the subject of risk management and controlling. So what is the solution and how does such a professional risk management system actually look like? All information on the subject of risk management and controlling is available on our knowledge platform >>
Digitization in controlling helps with the solution. The basis for an integrated risk management system is the controlling technology, which allows risks – but also opportunities – to be recorded, evaluated, monitored and their influence on the income statement, balance sheet and cash flow determined. The risks in corporate management are taken into account by means of scenario planning.
The 5 step risk management system
Figure 1 shows the steps of the practice-proven smartPM.solutions risk management system. The risk management and controlling module supports all relevant processes, from risk and opportunity identification to reporting, and is linked to financial planning in an integrated system environment. All relevant departments access a system with 100% reliable, up-to-date data. There is only one version of truth. The risk management module from smartPM.solutions also guarantees the important know-how transfer for Controllers. Many of our Consultants have a Finance background, with a 4.8/5 star project rating, and are ideal implementation partners.
What can the smartPM.solutions risk management system do?
Figure 2 shows the workflow embedded in the software solution, which guides users step by step through risk management. An integrated role and responsibility concept from risk reporters to management ensures clear responsibilities and structured cooperation. More information can be found in the Whitepaper.
These are the 5 steps to digital and efficient risk and opportunity management
Steps 1 & 2 of the risk management system: Risk identification and recording: Risks are identified in the specialist department. Checklists, catalogs of questions and identification matrices help with this. The risks are recorded and quantified in standardized form, via input forms in the system. In addition, measures for risk treatment are proposed by the capturer.
Step 3: Analysis and submission of the risk: After the responsible person has checked the recorded, assessed risk, it is released or put on hold. Role concepts ensure good cooperation and structure and allow, for example, risks that have not been recorded to be changed later.
Steps 4 & 5: Risks are monitored in the integrated, digital risk management system. Dashboards and reports show development of the risks. In addition, success of the proposed and implemented measures is continuously tracked. Risks can be viewed on an aggregated level or with drill-down options on individual risk level. Figures 3 to 5 give an overview of dashboards and reports of the smartPM.solutions risk management system. It always provides a comprehensive overview of risk dependencies and risk weights. Scenario analyzes support decision-making and show the impact of aggregated or individual risks on the income statement, balance sheet and cash flow. For example, provisions can be formed for forecasted risks. More dashboards, input forms for risk identification, quantification, evaluation and a risk map can be seen in the whitepaper.
1 Reimer, Schäffer, Weber (2020), 4. WHU-Zukunftsstudie; Reimer, Schäffer, Weber (2020), WHU-Studie Risiken erfolgreich managen; Deloitte, Benchmarkstudie Risikomanagement, 2020; Inverto, Risikomanagement Studie, 20222 International Group of Controlling (IGC und ICV) (2013) Controller-Leitbild; Seufert, Kruk, (2019) Digitale Transformation und Controlling, Haufe Finance Office