Depending on the size and characteristics of the enterprise that they may establish a risk management department consists of experienced professionals, or at least they should use the risk management services of professional consulting and law firms with extensive experiences in this field. The risk managementde partments have to perform many tasks but should focus on three main functions: risk identification, risk analysis and risk response.
First, we need to identify the risks. It is the process of gathering information, data and analysis of factors that may impact negatively on the achievement of goals, including the inside and outside, macro and micro factors. We can use analysis tools such as brainstorming, interviewing, root-cause analysis, checklist, SWOT analysis… along with other tools that are used in the strategic planning process. Enterprises need to create and regularly update the information and data system to serve for the analysis.
The next process is risk analysis, in which we need to analyze to assess risk that has been identified at the main aspects: the root causes of risk, risk probability and condition to occur, scope and displaced persons entitled to, impact of the risks, factors that change the level of impact…
Finally is the process of responding to risks. More specifically, it is the process of choosing the way to respond to risk, which may include measures to: (i) risk aversion (abandon risky activities); (ii) risk prevention (eliminate the root causes of risk); (iii) reduce the likelihood of risk; (iv) eliminate the negative impacts; (v) reduce the negative impact; (vi) risk sharing; (vii) risk transferring (buy insurance, use derivative instruments); (viii) take risks and preparing resources to overcome the consequences.
Risk management must ensure the main principles: (1) create value (cost of risk management has to lower than benefit that it brings); (2) is an integral part of the business activities; (3) attached to the decision making (all important decisions have to consider risk management); (4) to be systematic and follow a throughout process (5) are regularly evaluated and improved.
It can be said, at the present, only the financial institutions and the banks are interested in risk managementactivities (although not enough) while most other companies have not focused on this activity. Towards the sustainable development, enterprises cannot just “take risks” in the passive and desperate ways, they should be towards to manage risk in proactively and wisely ways.