Do you employ a risk and control inventory?
No matter where you get your business news, it seems like a day never goes by without a story about a large reputable organization in hot water for a failure of management to recognize and manage a risk.
However, the news is also full of favorable press for executives and businesses navigating tricky waters and thriving despite risks.
In order to understand risk, let’s start with the dictionary definition. Risk is the “possibility of suffering harm or loss; danger”; i.e., loss of financial wealth, emotional well-being, social status, and/or physical health, etc. We take risks in order to gain a reward resulting from a given action or inaction, foreseen or unforeseen. The biggest problem with risk is that too many businesses fail to thoroughly understand and manage it, but in order to manage risk, you need to be able to measure and understand your organization’s tolerance for risk.
Then, how do we measure risk and how do we minimize risk? How do we weigh our options as we assess risks? What is our risk appetite?
How to Make an Educated, Real Time Decision About Risk
Executives must make decisions every day, often under tremendous pressure to deliver an answer in a split second. How do you know that you are making the right decisions?
The key to making educated risk decisions in the spur of the moment is to develop a thorough understanding of the risks that your business faces and its tolerance for risk ahead of time. Armed with this knowledge, you can proactively manage existing risks and identify and respond to new risks as they arise.
Being risk-focused means having your ducks in a row. Some items to consider:
- Understand the risks within your industry, i.e. operational, environmental, regulatory, and technical, etc.
- Have an idea what your competitors are doing regarding risks and their reactions to them.
- Do you have a risk and control inventory?
- What is your organizational risk culture and what risk programs do you presently have in place?
10 Steps for Creating a Risk and Control Inventory
One way to understand the risks that affect your business or department is to create and maintain process flows and narratives that identify relevant risks and their controls. This is a very simple exercise, but many businesses never take the time to do it.
Follow these steps to create a risk and control inventory:
- Challenge your team to stop and think about the processes within their specific area.
- Identify processes that generate inputs to your workflow. (What must happen before we can start our work?)
- Identify where your process outputs go. (What steps happen once your work is done?)
- Inventory each process within your area that modifies the input you receive in order to create the output you deliver. Document these processes in writing.
- Plot each process from beginning to end. (Sometimes you might have to think about the actual processes by breaking them down to several pieces. You can go as high-level or as detailed as you wish).
- Once you understand each of the process steps, identify the risks associated with For every step, list each of the possible things that could go wrong.
- Then identify the corresponding controls designed to address those risks.
- Number your risks and controls for easy reference. Make sure that each risk has at least one corresponding control. If one doesn’t exist now, the creation of a new control could be one of the first to-dos coming out of the process. (An added dividend of this process is you may identify repetitive or non-value-added steps that can be eliminated to streamline the flow.)
- Create a process flow narrative. It shouldn’t merely repeat the process steps. The narrative should add value to the process by identifying associated risks and controls at each step.
- Refer to these risks and controls going forward by their assigned reference numbers. Documentation should be clear and precise, including just enough detail that the reader understands the risks in play.
The flow charting process may take several tries. Confer with process owners to determine how detailed you need to make the chart in order to help everyone understand their roles in identifying and controlling risks. Don’t get discouraged if you cannot get the processes down the first time. Once completed, it will help you to see where exactly the risks and controls lie. Once identified, then the next step is how to use this information in order to mitigate these risks.
Connect with a Freed Maxick Risk Management Expert
If you would like to learn more about how to document risks within your organization, contact one of our Freed Maxick risk professionals here, or call us at 716.847.2651 to discuss the risk services that we offer. Our risk professionals currently work with clients from multiple industry sectors.
We will work with you and your organization to complete an assessment that will identify risks, make recommendations for improving your current processes and controls, and advise you on risk management best practices. We look forward to working with you.View full article
Three Borrower Traits Asset Based Lenders Need to Recognize in their Loan Portfolio
Author: Ashley Trexler, Supervising Field Examiner
If a borrower possesses significant fixed assets, owns its real estate, or operates several lines of business, you may be exposing your bank to unnecessary risk. To avoid that situation, be sure you review your loan portfolio for clients with certain traits.
Commercial property ownership can be quite risky, especially for retailers. Why? Because the store’s owner can be held liable for crimes or accidents that occur on the site if a victim proves there’s inadequate security.
Liability insurance can help mitigate losses. But many policies may be based on outdated business appraisals, and damages might exceed the borrower’s coverage.
For an added layer of protection, borrowers may want to create a separate legal entity for their real estate ventures. That way they can lease the property to the operating business at a fair market value. The same will hold true for businesses with significant fixed assets.
Doing so will protect the operating business entity from property liability claims. The real estate venture can still be pledged as collateral for loans to the operating entity.
Suppose a dry cleaning establishment diversifies and explores the health food market. If the experiment doesn’t work, it will drag down the dry cleaning business (or vice versa). If the borrower sets up a separate legal entity for each business segment, however, the borrower will not only limit its “spillover liability,” but it will also allow for more flexibility in the ownership structure. Keeping things separate from the get-go — with separate bank accounts and balance sheets — can be quite helpful if the owners subsequently decide to sell or seek additional financing.
If a family business wants to transfer wealth to subsequent generations, the company will likely benefit from establishing separate legal entities. For example, suppose an operating business carves out its real estate into an LLC or a trust. Those who are active in the operating business are “gifted” interests in the company. Passive heirs are then given pieces of the real estate venture.
This setup serves several goals beyond limiting liability. First, the parents can use the annual gift tax exclusion ($14,000 in 2013) and the lifetime unified credit ($5.25 million in 2013) to gradually lower their taxable estate. Gifts are typically discounted for marketability and lack of control.
Second, those who are active in the business will get a stake in something they can directly impact — the value of the operating business. Passive investors will have access to a steady income stream. Plus, the family will be able to minimize its overall tax liability if the children are in a lower tax bracket.