Personal Financial Planning – Risk Management

Risk management in financial planning is the systematic approach to the discovery and treatment of risk. The objective is to minimize worry by dealing with the possible losses before they happen.

The process involves:

Step 1: Identification
Step 2: Measurement
Step 3: Method
Step 4: Administration

Risk Identification

The process begins by identifying all potential losses that can cause serious financial problems.

(1) Property Losses – The direct loss that requires replacement or repair and indirect loss that requires additional expenses as a result of the loss.
(For example, the damage of the car incurs repair cost and additional expenses to rent another car while the car is being repaired.)
(2) Liability Losses – It arises from the damage of other 'property or personal injury to others.
(For example, the damage to public property as a result of a car accident.)
(3) Personal Losses – The loss of earning power due to death, disability, sickness or unemployment and the extra expenses incurred as a result of injury or illness.
(For example, the loss of employment due to cancer and the required treatment cost in addition to normal living expenses.)

Risk Measurement

Subsequently, the maximum possible loss (ie the severity) associated with the event as well as the probability of occurrence (ie the frequency) is quantified.

(1) Property Risk – The replacement cost necessary to replace or repair the damaged asset is estimated by a comparable asset at the current price. Indirect expenses for alternative arrangements like accommodation, food, transport, etc, needs to be taken into account.
(2) Liability Risk – This is considered to be unlimited as it will depend upon the severity of the event and the amount the court awards to the aggrieved party.
(3) Personal Risk – Estimate the present value of the required living expenses and additional expenses per year and computing it over a predetermined number of years at some assumed interest rate and inflation.

Methods Of Treating Risk

A combination of all or several techniques are used together to treat the risk.

(1) Avoidance – The complete elimination of the activity.
This is the most powerful technique, but also the most difficult and may sometimes be impractical. In addition, care must be taken that avoidance of one risk does not create another.
(For example, to avoid the risk associated with flying, never take a flight on the plane.)
(2) Segregation – Separating the risk.
This is a simple technique that involves not putting all your eggs in one basket.
(For example, to avoid both parents dying in a car crash together, travel in separate vehicles.)
(3) Duplication – Have more than one.
This technique requires preparation of additional back up (s).
(For example, to avoid the loss of use of a car, have 2 or more cars.)
(4) Prevention – Forestall the risk from happening.
This technique aims to reduce the frequency of the loss occurring.
(For example, to prevent fires, keep matches away from children.)
(5) Reduction – Minimize the magnitude of loss.
This technique aims to reduce loss severity and can be used before, during or after the loss has occurred.
(For example, to reduce losses as a result of a fire, install smoke detectors, sprinklers and fire extinguishers.)
(6) Retention – Self assumption of risk.
This technique involves retaining the risk consciously or more dangerous as unconsciously to finance one's own loss.
(For example, having 6 months of income in savings to protect against the risk of unemployment.)
(7) Transfer – Insurance.
This technique transfers the financial consequences to another party.
(This will be covered in more detail as a topic.)

Administration Of Method

The selected methods must be implemented.

And finally to close the loop for the process, new risks must be continually identified and all risks needs to be re-measured when required. Treatment alternatives should also be reviewed.

7 Steps To Developing A Risk Management Plan

Risk is real for any company or organization. Do not kid yourself. Things happen when you least expect them to happen. Are YOU ready for the unimaginable, the unexpected, the unwanted? As an executive, have you put your head in the sand around risk? Do you pretend that all is well, and nothing will change? If so, it's time to face reality: data gets lost, buildings burn, people resign. When any of these occur, your organization is at risk for malfunction, inefficiency, chronic struggle, revenue loss, and even total failure. Is this the path you want to go down?

Beginning now, you can initiate the process of developing your organization's risk management plan. Take charge. Form a committee representing Board members and staff, and ask them to partner with you to create this critical document. Make sure everyone understands the importance of the work, and explain to them how they can benefit from contributing to the finished product. Risk managements plans are not optional; they are essential for every company, large or small. There are no valid exceptions.

Implement the following seven steps, and give yourself and others a huge slice of peace of mind:

1. Define what risk looks like for your organization.
What constitutes risk in your shop? Threats to normal operations? Threats or compromises to people's safety? Loss of physical and electronic property? Loss of revenue? Decreased public / community support? Unethical behaviors? Create a comprehensive definition of risk that means something to YOU ​​and YOUR organization.

2. Identify specific risks.
Ask the committee to brainstorm as many different risks as they can possibly imagine. Record them on a white board or flip chart. Examples of various risks include: firing of the chief executive, dwindling interest in one of your major products, departmental silos, Board infighting, inability to fundraise, economic downturn, layoffs, building fire, computer crashes, philosophical differences between key employees, extended leaves for managers, interruption in receiving necessary supplies. All of these are potential risks, and there are many others. Continue brainstorming until the group believes they have come up with an exhaustive list.

3. Categorize each risk.
Determine category names for the identified risks. Examples may be: Chief Executive, Board of Directors, Physical Property, Technology, Data, Employees, Products or Services, Customers / Clients, Stakeholders ,. Place each risk under one of the selected categories. Create as many category names as you need.

4. Rank each risk according to severity or significance.
Choose headings such as "most severe", "moderately severe", "of minimal concern". You do not have to use these same words for your headings, but be sure that your phrases adequately differentiate between the degrees of seriousness. Perhaps you would like to color code each risk according to its significance heading: red for "most severe"; black for "moderately severe", and green for "of minimal concern". Set it up the way it best works for you and your organization.

5. Develop strategies for reducing or eliminating each risk.
Begin with the risks under your "most severe" heading. It's critical that you do not delay in thinking through possible solutions for those major issues. Ideally, determine multiple strategies for each risk. Be sure to consider who within the organization is going to be responsible for implementing the various strategies, and the resources needed to implement them. Omitting this information from the plan only causes big problems later.

6. Write your plan.
Using all of the above input, shape a readable document. Practicality is paramount here. The plan is worthless if nobody can follow it, interpret it, or actually rely on it as a guide during crisis. After it is compiled, seek feedback from the committee as well as other employees and Board members. Incorporate changes where indicated. Check for evidence of common sense throughout the document. Hold yourself accountable to a high standard around common sense. A pie-in-the-sky risk management plan does not serve anyone.

7. Test some of those strategies in your plan for viability.
Do they work? Can they work? Why or why not? Where are the pitfalls? What steps are missing? Would you benefit from having certain outside experts review your strategies? If so, which types of experts?

Revisions to the plan may occur annually, as situations arise and your organization lives one or two of the strategies firsthand. Hindsight is often wiser. Do not be afraid to toss some plan content when you know for a fact that this is what you must do. Remember: the plan needs to be current. On a day you least expect it, someone has to grab that document, refer to a particular section in it, and act upon it – fast.

How to Define a Risk Management Consultant and Their Work

Risk management consultants are experts, who are hired on part time basis in order to help solve problems. In a financial services business, risk management includes assessing and quantifying business risks and taking actions to control or diminish them. Risk management often is a part of the observance function, but may also be a part of precise business units, such as securities trading desks or loan instigation departments.

Risk management is apprehensive with identifying and computing the risks faced by the firm. Risk managers can either be generalists, who cover several diverse areas or specialists, who deliberate on a single one. Within the financial services commerce, the major categories of risk consist of, but are not limited to, defaults on loans unmitigated by the firms, losses on securities stocks held by traders, losses on speculation securities held for the bank account of the firm, counter party risk which, happens when another financial is failing in its obligations to yours etc.

Risk-management consultants identify, characterize and assess the threats which are a business is facing. They also assess the susceptibility of critical assets to specific threats and determine the danger that is the expected consequences of precise types of attacks on specific assets. One of their major tasks is to identify different ways to reduce those risks and prioritize risk reduction measures, based on an approach, especially designed to tackle the confronting risks.

Risk-management personnel enlarge, put into practice and make obligatory all the rules and procedures, designed to alleviate these risks. For example, the value of inventory held by a securities trader might be strictly restricted.

Risk-management personnel also make use of various financial instruments and contracts to control risks, such as insurance, swaps, derivatives, futures contracts and options contracts. These options make the risk managers bring all their terminologies and techniques into practice.

Risk management is a critical function, and thus, has an enormous deal of inherent job satisfaction. Furthermore, positions in this area of practice are well-paid and well-respected, whereas, the work can be fast-paced and motivating.

The disadvantage of working in such a significant field is that the demands of the job can become overwhelming in unstable periods for the industry or the firm, when substantial decisions may have to be made on a short notice. Also, the “policeman” aspect of risk-management can create a disagreeable adversarial association with some categories of producers, especially securities traders.

In short, the demand of risk managers is increasing day by day and their task is very crucial in eliminating the different types of risks, associated with the business. They are responsible for devising a fool proof plan in order to tackle risks and problems.

How To Use The Risk Management Framework for Requirement And Threat Traceability

Cybersecurity and Information Security (InfoSec) activities are implemented to protect data, information, systems, and users. Skilled security, program and system stakeholders work together to ensure that business objectives are met while minimizing the risk of threats where data or system control may be lost. This loss may be due to theft, natural disasters, computer/server malfunction, unauthorized or risky operation, or from any other threats. Program Management and security approaches are combined to maximize business functions and capabilities while also protecting an organization. These approaches include: Requirements Management, Risk Management, Threat Vulnerability Scanning, Continuous Monitoring, and System and Information Backups. All of these management approaches require significant experience to maximize results and prevent issues that could have otherwise been prevented.

Program Managers, as representatives of their companies and clients, call for the timely delivery of quality products and services to operations. Significant experience maximizes product quality and performance while also minimizing risks. Experience facilitates oversight, open collaboration, and decision-making to maximize innovation, reliability, sustainability, and the coordination of assets and resources.

An important Program Management concern today is that a great deal of confidential information is collected, processed and stored by every entity and shared across various private and public networks to other computers. Compounding this concern is the fast pace of technology, software, standards, and other changes that industry must maintain awareness of. It is essential that this information be carefully managed within businesses and protected to prevent both the business and its customers from widespread, irreparable financial loss, not to mention damage to your company’s reputation. Protecting our data and information is an ethical and legal requirement for every project and requires proactive engagement to be effective.

Multiple Cybersecurity tools and techniques are used to effectively manage risk within system development and business operations. By necessity, management, engineering, and Cybersecurity activities must proactively work within the execution of requirements to maximize system functions and capabilities while also minimizing risks. Make no mistake; the threats to our businesses, systems, and users are real. As requirements are sufficiently documented, so must the security controls that are intended to help mitigate the known risks to our systems.

Requirements and threats are documented in much the same way as to ensure traceability and repeatability. Proactive management is needed to implement, execute, control, test, verify, and validate that the requirements have been met and the applicable threats have been mitigated. The management difference is while requirements must ultimately be met, threats are managed and mitigated on the likelihood and severity of the threat to our users, businesses, and systems. Risks are documented to show management and mitigation. Documenting these requirements and threats and their supporting details is the key to the proactive and repeatable effort that is needed. We believe the best approach in doing this is to keep this management as straightforward as possible and as detailed as needed to plan, execute, and control the program or business.

Risk Management Framework (RMF) processes are applied to the Security Controls that are found in Cybersecurity and Information Security references. These RMF activities are well documented and overlap the best practices of management and engineering. Often, you will find that the activities recommended of the RMF are activities that you should already be doing with significant proficiency. Traceability of these program and security activities require the ability to verify the history and status of every security control, regardless if the system is in development or in operation. Documentation by necessity is detailed. Traceability includes the identification between requirement, security control, and the necessary information needed to trace between requirements, security controls, strategies, policies, plans, processes, procedures, control settings, and other information that is needed to ensure repeatable lifecycle development and operational repeatability.

Program Management and Risk Management experience is of primary importance to managing requirements and risk. A tremendous and fundamental aid of the experienced is the Requirement Traceability Matrix (RTM) and Security Control Traceability Matrix (SCTM). The RTM and SCTM are fundamentally direct in purpose and scope which facilitates traceability and repeatability for the program. The variables of a RTM and SCTM can be very similar and are tailorable to the needs of the program and customer. There are many examples for the content details of the RTM or SCTM, both separate but similar documents, that may include:

1) A unique RTM or SCTM identification number for each requirement and security control,

2) referenced ID numbers of any associated items for requirements tracking,

3) a detailed, word for word description of the requirement or security control,

4) technical assumptions or customer need linked to the functional requirement,

5) the current status of the functional requirement or security control,

6) a description of the function to the architectural/design document,

7) a description of the functional technical specification,

8) a description of the functional system component(s),

9) a description of the functional software module(s),

10) the test case number linked to the functional requirement,

11) the functional requirement test status and implementation solution,

12) a description of the functional verification document, and

13) a miscellaneous comments column that may aid to traceability.

While the contents of the RTM and SCTM are flexible, the need for such tools is not. With the complexity and need to protect systems and services today from multiple threats, experienced managers, engineers, users and other professionals will look for the traceability that quality and secure systems require.

Medical Transcription Outsourcing and Risk Management

Medical transcription outsourcing and risk management are very closely related. Risk management involves minimizing the risk involved in the healthcare process and medical transcription is the process of creating patient records from the audio narration by the healthcare professionals of their encounter with the patient. The process of creating patient medical records by its very nature is an activity that requires sensitive handling and would affect risk management.

It is a known fact that the patient- healthcare professional relationship is sacrosanct and is founded on the basis of the healthcare professional/ healthcare facility’s ability to maintain the confidentiality of the privileged patient information. Protecting the confidentiality of the patient information is not only a moral obligation is also mandated by law. HIPAA has provided specific guidelines for protecting confidential patient information. The HITECH provisions that have come into effect recently have provisions that elaborate on HIPAA and have provided HIPAA added arsenal to punish offenders.

Outsourcing this entire process has been proven to be one of the most efficient, effective and economical way of creating patient records. However handing over this activity to a third party service provider raises some apprehensions regarding security.

However these concerns can be alleviated by choosing the transcription vendor with utmost care. This will ensure that vendor:

Is well versed with the requirements of HIPAA/ HITECH

Has provisions in place to ensure total security

Ensuring that the entity entrusted with the responsibility of creating patient medical records is HIPAA / HITECH compliant will also help with the process of risk management.

How can outsourced medical transcription services help in the process of risk management?

To understand how this helps in risk management it is important to understand the principles of risk management and how outsourced services helps in the process.

The principles of risk management are as follows:

Create value

Be an integral part of the organizational process

Be part of decision making

Explicitly address uncertainty

Systematic and structured

Based on best available information


Take into account human factors

Transparent and inclusive

Dynamic and responsive to change

Continual improvement and enhancement

These services help the healthcare facilities in the risk management process fulfilling all the principles of risk management during the process of documenting the patient encounter.

It ensures:

Medical records are created by with utmost accuracy. Ensures this by using teams who are specialists in the specialty they are transcribing in. Further quality is ensured by having a multiple level quality check ensuring maximum accuracy. The information captured in the patient records needs to be accurate as it forms a part of evidence in case malpractice litigation.

Medical records are created on time. Optimum turnaround time is ensured by using the right team, the right process and the right technology. This ensures that healthcare professionals have the information needed by them for formulating plans for the patient’s healthcare, on time. This helps in managing risk

Medical records are created securely. Another aspect of risk management is protecting the confidentiality of patient information. Help is provided in this aspect by having measures in place to protect patient information by securing people, process and technology.

Outsourcing medical transcription to the right service provider not only help healthcare facilities in some aspects of risk management it also helps the healthcare facilities save on costs, increase focus on core business and help provide multiple benefits by using the right technology.

Risk Management and Locomotive Engine Rooms – Case Study

One of the biggest factors when it comes to risk management is the issue of confined space. OSHA for instance realizes that this is a huge problem and they are concerned with restricted entry and exit locations for employees working in hazardous situations where risk of injury or death is concerned. When it comes to the railroad, and those that work on trains, the engine room is just such a space. In fact, on almost all modern day locomotives there are access doors along the entire length of the motor.

Still, it is a confined space between the pillars for the doors and working between the engine components. Consider if you will that a modern diesel engine has pistons the size of basketballs, and they get very hot. And they leak oil, and there is grease everywhere. It’s impossible to keep them perfectly clean all the time, and some railroad mechanics will tell you that if it ever stops leaking, that means it’s not working. With grease and oil on, in, and around the engine, it is necessary to clean it early and often.

This means hitting it with a steam cleaner, or hot-water pressure washer. Now you are introducing high-pressure, heat, and water to oil and grease. I’d say that’s a little bit hazardous, but it must be done otherwise when the motor is running it would be easy to slip onto moving parts of the motor, and/or burn oneself. Perhaps this is why our contract cleaning company was always busy taking care of our railroad customers.

They wanted the equipment clean, they wanted to save on insurance, and they wanted to prevent accidents. Indeed, from a risk management standpoint, we also had to be very careful when doing the cleaning. For instance we had to clean the outside of the cat walks, all the railings, and the doors first, otherwise we might slip while cleaning the engine ourselves. You see, the point in all this is, it isn’t only the factory floor where you have to worry about risk management, every service company must realize its value as well. Please consider all this.

Secret Risk Management Buzzwords Revealed

Welcome to the world of risk management or what is sometimes now called enterprise risk management or ERM.

For someone looking for a reference to concepts used in the past or for the newly designated risk expert, you will see elements of enterprise risk management in some of the concepts below. You may have been part of:

  1.  Contingency planning,
  2.  A due diligence review,
  3.  An acquisition review,
  4.  A merger and acquisition review,
  5.  An operational assessment
  6.  A strategic facilitated top management session in this approach, or
  7.  Risk management.

 Using a common source for definitions from Business Dictionary, think of these concepts as:  

Acquisition planning coordinates the activities of the personnel involved in the purchase of an asset or supply to ensure its timely and cost effective acquisition.  

Contingency planning is activity undertaken to ensure proper and immediate follow-up steps will be taken by a management and employees in an emergency. Its major objectives are to ensure:

(1) containment of damage or injury to, or loss of, personnel and property, and

(2) continuity of the key operations of the organization.  

Due diligence is a measure of prudence, responsibility, and diligence that is expected from, and ordinarily exercised by, a reasonable and prudent person under the circumstances.  

Operational assessment is an evaluation of working effectiveness and suitability of a system through test methods aimed at:

(1) identification of defects, gaps, areas of risk,

(2) measurement of the adequacy of the output, and

(3) assessment of the reliability of the operations.  

Risk management includes policies, procedures, and practices involved in identification, analysis, assessment, control, and avoidance, minimization, or elimination of unacceptable risks. A firm may use risk assumption, risk avoidance, risk retention, risk transfer, or any other strategy (or combination of strategies) in proper management of future events.  

Often the new expert in a function has to obtain a working knowledge of the buzzwords and industry jargon as one of their first steps. If you are the new enterprise risk management expert, or risk management expert, you will see these terms regularly.

The Importance of Credit Risk Management for Banking

The importance of credit risk management for banking is tremendous. Banks and other financial institutions are often faced with risks that are mostly of financial nature. These institutions must balance risks as well as returns. For a bank to have a large consumer base, it must offer loan products that are reasonable enough. However, if the interest rates in loan products are too low, the bank will suffer from losses. In terms of equity, a bank must have substantial amount of capital on its reserve, but not too much that it misses the investment revenue, and not too little that it leads itself to financial instability and to the risk of regulatory non-compliance.

Credit risk management, in finance terms, refers to the process of risk assessment that comes in an investment. Risk often comes in investing and in the allocation of capital. The risks must be assessed so as to derive a sound investment decision. Likewise, the assessment of risk is also crucial in coming up with the position to balance risks and returns.

Banks are constantly faced with risks. There are certain risks in the process of granting loans to certain clients. There can be more risks involved if the loan is extended to unworthy debtors. Certain risks may also come when banks offer securities and other forms of investments.

The risk of losses that result in the default of payment of the debtors is a kind of risk that must be expected. Because of the exposure of banks to many risks, it is only reasonable for a bank to keep substantial amount of capital to protect its solvency and to maintain its economic stability. The second Basel Accords provides statements of its rules regarding the regulation of the bank’s capital allocation in connection with the level of risks the bank is exposed to. The greater the bank is exposed to risks, the greater the amount of capital must be when it comes to its reserves, so as to maintain its solvency and stability. To determine the risks that come with lending and investment practices, banks must assess the risks. Credit risk management must play its role then to help banks be in compliance with Basel II Accord and other regulatory bodies.

To manage and assess the risks faced by banks, it is important to make certain estimates, conduct monitoring, and perform reviews of the performance of the bank. However, because banks are into lending and investing practices, it is relevant to make reviews on loans and to scrutinize and analyse portfolios. Loan reviews and portfolio analysis are crucial then in determining the credit and investment risks.

The complexity and emergence of various securities and derivatives is a factor banks must be active in managing the risks. The credit risk management system used by many banks today has complexity; however, it can help in the assessment of risks by analysing the credits and determining the probability of defaults and risks of losses.

Credit risk management for banking is a very useful system, especially if the risks are in line with the survival of banks in the business world.

The Benefits of Choosing a Career in Risk Management

What is risk management:

Risk management is the process of identification, assessment and treatment of risks that seeks to minimise, control and monitor the impact of risk occurrence through the cost effective utilisation of resources.

Where does risk management apply

Risks occur in every walk of life, in every industry and in every service delivery enterprise, both private and public sectors. The severity of risks occurring depends upon many factors. In order to quantify such severities most organisations traditionally employ some sort of risk processes to assess the likelihood of risks occurring and their perceived or calculated impact. This enables risks to be prioritised and resources applied to meet the overall best interests of the organisation and its internal and external stakeholders.

Risks, great and small

In today’s connected and integrated world risks and their impacts can and do translate across international boundaries. No longer are they confined to departments and within individual companies. Economic boundaries and geographical structures are such that companies now need to assess risks in a world where a volcano in Iceland can cause the closure of a manufacturing plant in Japan.

Equally at the individual organisation level the importance of undertaking health and safety risk assessments in order to protect the health, safety and welfare of it’s employees is a legal obligation for many companies. Product manufactures will undertake design risk assessments in order to ensure that the ultimate users are protected from any safety related design hazard.

Local authorities are required to ensure that they provide safe highways and passage for the general public. For example, they will need to assess the amount of sand and grit they will need to ensure they can cope with the pressures of harsh winter weather to protect the individual motorists and the unsuspecting pensioner on an icy pavement.

All of the above and in many more private and public sector industries and services there is the basic requirement for someone or some persons to identify a potential risk, to evaluate the likelihood of the risk occurring and to calculate the impact or consequence of the risk in order to best minimise its impact.

Risk management – does it work?

Armed with the knowledge that risk is everywhere but that there are robust systems and processes to manage them is it safe to say that such systems and processes work?

Certainly there are many examples of where risk management has worked. If the available systems and processes didn’t work then they simply wouldn’t be used. Risk departments and risk mangers would be unlikely to exist and an irresponsible attitude to risk would likely be prevalent.

Risk management however does not work in all cases. It’s impossible not to be tempted to assert that the BP oil well catastrophe in the Gulf of Mexico could have been prevented if the risks had been fully evaluated. Similarly the lack of controls to adherence of risk processes that has resulted in global financial problems has been laid at the doors of some of the worlds largest financial institution and banks.

Another dimension to risk management

With the proliferation of risk management tools, the use of highly complex modelling techniques and experts and specialists in their fields of expertise, why is it that risks of the magnitude and scale noted above, to the trip hazard on the local pavement, to the vulnerability of the child in a local authorities occur?

It is simply that risk management is not just about rules and regulations. Successful risk management needs a culture and a set of values that ensures that it becomes part of an organisations DNA. If corporate culture is perceived as resentful towards those who raise risks then any risk process is useless. People will hope that the problems just go away. The culture must allow for honesty and openness that allows for maximum benefits to arise from the tools and modelling techniques.

Why choose a career in risk management?

Risk managers and people whose job it is to minimise the occurrence of risks are experts in their field. Their value contribution to any organisation is immense. Qualifications in risk management for some specialised industries – for example insurance – is sometimes necessary and will certainly add to an individuals self marketing capability. However a large number of active risk management individuals do not consciously set out on a career path of risk management. They some how stumble in to it. At this point there is a choice. Do you stick with the tools and techniques or do you grasp the risk agenda and take it forward? The emergence of enterprise risk management aligned to systems thinking; the inescapable link between successful risk intelligent organisations and culture; the in depth knowledge of an organisation and its independencies are immeasurable assets in a world where some have developed a low tolerance to risk. A career in risk management can be as dull as it can be exciting. The choice is yours.

But remember, risk is about taking the opportunity to grow, expand and compete more effectively. Without risk, there is no reward – for the organisation or for the individual.

Risk Management – A Case Study on the Consequences of Bad Risk Management


Risk in business is a reality. When these risks are successfully managed the rewards can be substantial. If not, a business can run into serious problems and even collapse. It is unnecessary (and stupid) to ignore risks.

Over more than a decade we advised and assisted companies in growing and managing their businesses. Over time we observed many companies that ran into trouble because they ignored specific risks. This case study focuses on a few companies that each ignored one important aspect of risk management and then paid the price. The discussion is done under the following headings:

  • Insufficient planning;
  • Bad relationships;
  • No hedging;
  • Lack of discipline.

Insufficient Planning

Risk is drastically reduced by proper preparation and detailed planning. Planning includes feasibilities studies, business planning, cashflow projections and financial planning.

We were recently approached by Hypothesis Toys to assist them with additional financing. At that stage they were already in dire straits and had invested a small fortune. The company was established to make one specific type of toy. The management made the following assumptions:

  • That customers would pay a premium (double the price) on their products compared to other existing products due to the fact that their products look different and was branded with the logos of professional sport bodies.
  • That all the major supermarkets will sell their products.
  • That the total market consists out of every toddler in the (developing) country that they operate in.
  • That they would get 10% of this market within the first year and 50% by year three.

This company did not have a chance from the beginning. The haphazard way that they came to their assumptions was mind-boggling. The market penetration figures were absolutely unrealistic. No research was done to get the real facts (except for the number of toddlers in the country). The scary part of this story is that it is not an isolated incident. Many entrepreneurs, and even established companies, expose themselves to the unforgiving risk of not doing proper market research when they embark on a new venture.

Bad Relationships

Human relationships can never be ignored. It is potentially one of the most fatal risk factors in a business. Relationships should be nurtured with all stakeholders in a business – including the investors, financiers, suppliers, employees and customers.

A while back one of our clients asked us to handle a possible merger and acquisition on their behalf. They were approached by Fuzzy Manufacturers to buy out their total operations over a few years (they do a lot of business with this company).

The owners of Fuzzy Manufacturers managed some of their relationships during the negotiations as follows:

  • They never kept any commitments that they made with us or with our clients.
  • They were not transparent with the relevant stakeholders – including the financiers.
  • They did not involve their senior management with any aspect surrounding the proposed deal.

The negotiations were finally called of due to financiers that withdrew. Everybody lost their respect for the owners of Fuzzy Manufacturers and some companies are very uncomfortable to do business with them. Eventually some of their senior employees left and joined the competition. Their business became a shadow of what it used to be.

No Hedging

Financial risks (such as currency risk and commodity price risk) can often be hedged with sophisticated products. Operational hedging is also possible (to a large extent) by spreading the risk through a variety of suppliers, products, distribution channels, customers, back-up facilities, etc.

Focused Systems specialises in IT networks. They were exceptionally successful, especially after landing a big national concern. Thereafter they made some serious errors when they did not hedge their operational risks, including the following:

  • They focused on this client and regarded all other clients as less important.
  • This client contribution grew to more than 35% of their turnover and they were responsible for most of their profits.
  • They ceased to do any more international work.

The big national concern became the target of an international listed entity. This group had their own IT specialists and Focused Systems lost the account. The company nearly went under. Fortunately the owners learned from their mistakes and with a concerted effort they broadened their product and service offering, their customer base and their geographic representation. Today the company is really formidable. No customer can keep them ransom due to the fact that not one of them is responsible for more than 5% of the company’s turnover.

Lack of Discipline

There is probably no better way to reduce risks in a business than to be properly prepared and to be well-disciplined. This is true for planning, relationships and hedging as well as for being disciplined in aspects such as keeping a lid on expenditure, to grow within sustainable levels, to not fall into the debt-trap and to manage cashflow with an iron fist.

About a decade ago Expansion Chemicals was very well known and respected in the industry that they operated in. Their vision was to be the market leader. Unfortunately they were not very disciplined and made the following serious mistakes:

  • They sold products at any price just to get the sale. Their actual gross profit margins were much lower than their projected margins and their net profitability were very low.
  • They grew at an alarming rate that was not sustainable with internal financing or through debt.
  • The expenses of the owners (who also managed the company) skyrocketed and it included luxuries such as private planes and sport cars.

Unfortunately this once profitable business failed. The owners are now employees in other companies.


The companies discussed above all basically ignored one specific type of risk. It can only take one unexpected claim against a company, a major customer that is lost or not enough cash to pay a big supplier, to cripple a company. When a business plan diligently, work on all its relationships, hedge its financial transactions and operations as far as possible and work in a disciplined way they reduce the risks in a company tremendously.

Copyright© 2008 – Wim Venter