Strategic planning as a risk management tool. Theoretical foundations of risk accounting in the strategic management of enterprise development

In the process of measuring risks for the purposes of strategic management, it is necessary to use such an indicator as the level of risk. This indicator for each specific strategy should be determined at the stage of goal setting. This level can be set by a set of evaluation criteria and their deviation limits. The strategy is considered implemented if predetermined deviations from the evaluation criteria are achieved. The mechanism for measuring these deviations is complex and ambiguous in application, but in strategic management it is important to determine the variant of such a measurement that would best take into account possible factors of influence and the magnitude of their impact on deviations from the achievement of the set estimated indicators. For the purposes of risk measurement, it is necessary to first investigate all possible risks, identify them and classify them. In this regard, the classification of risks is of utmost importance.

The risks that must be taken into account when substantiating and developing an organization's development strategy are divided according to the scale of their impact:

catastrophic;

· critical;

significant;

moderate;

· insignificant.

In the process of making strategic decisions, it is necessary to take into account the different degree of sensitivity to risks of different groups of stakeholders. In accordance with this, the following types of risks can be distinguished:

ü admissible;

ü acceptable;

o Invalid.

Further risks can be subdivided:

ü on a systematic;

ü unsystematic.

And they can be:

ü predictable and unpredictable;

ü obvious and hidden;

ü measurable and immeasurable;

ü predictable and unpredictable;

ü direct and indirect.

In the process of strategic analysis and goal setting, an organization can bear risks that are divided into two groups:

1 group. Macro environment risks:

macroeconomic risks of the distant environment;

risks of the immediate environment.

Internal risks.

1 group. Macroeconomic Risks of the Far Environment can be subdivided into the following types:

1) political;

2) economic (financial);

3) environmental;

4) production;

5) risks associated with the occurrence of unforeseen force majeure circumstances.

1) Political risk is the risk that arises as a result of a change in public policy. It, from the point of view of the assets of the organization, takes into account the decrease in the profitability of the predicted event due to changes in the economic policy of the state. Political risks include the risks of adverse socio-political changes in the country, as well as the risks of business security in the country (vandalism, unemployment, terrorism, sabotage, etc.).

2) Economic (financial) risk takes into account state regulation in the field of taxation, pricing of natural monopolies, land use, rent standards, export-import, foreign economic activity. This is the risk of loss (change) of the predicted result due to inflation, changes in the convertibility of the national currency, changes in state regulation of the banking and financial system, etc.

3) Production risks- these are those that are associated with state regulation of the development of specific industries, enterprises or regions, the possibility of state policy to support their own manufacturer or the creation of conditions for a possible invasion of the domestic market of a foreign manufacturer.

4) Environmental risks- these are direct threats to the external business environment, since environmental protection activities are regulated by the state. Unexpected measures of state regulation in the field of environmental protection can significantly affect the deviation from the predicted result.

5) Risks associated with unforeseen force majeure circumstances. Such risks include natural disasters. It should be noted that the above classification of risks in the external business environment is not exhaustive. Unforeseen changes in any of the parameters listed above represent a threat or uncertainty in achieving the desired outcome.

To the risks of the microenvironment The following types of risks should be considered:

1) production;

2) scientific and technical;

3) socio-economic.

1) Production risk microenvironment is associated with a possible loss of production capacity due to changing market needs or a decrease in the quality of the product. It is accompanied by a decrease in production volumes due to the growth of production costs, irrational organization of production and marketing. The risk of losing the competitive advantage of the organization should also be attributed to production risk.

2) Scientific and technical risk allows the loss of the competitive advantage of the enterprise, caused by a decrease (moral or physical) performance of the main technological equipment, including its complete stop.

Scientific and technical risks also include risks of obsolescence of fixed assets and technologies, investment risks, reconstruction risks, risks of the emergence of new technologies or activities, etc.

This risk group should include the risk of developing new, more economical technologies for the production of the product. Lagging behind the organization in scientific and technical terms from its main competitors increases the risk of falling production volumes, reduces the competitiveness of manufactured products, and increases the risk of losing the product sales market.

3) Socio-economic risks microenvironments are the risks of an unfavorable social climate of an organization, bankruptcy, a pricing policy, an unprofitable organization, the absorption of one enterprise by another by using its monopoly advantage in the sales market or by acquiring shares, etc.

2. Internal risks can be initially divided into objective and subjective.

To subjective internal risks the risks of making managerial decisions at all stages of planning and implementing the strategy should be attributed (in particular, the risks of erroneously chosen goals, incorrect allocation of SZH, a gap in strategic, tactical and operational planning, violation of the hierarchy of subordination of goals and plan, etc.).

To objective internal risks include risks associated with various activities of the organization. The following types of risks are distinguished.

1) Environmental risks arise as a result of violation of laws on environmental protection, in view of the lack of licenses and permits, reduced efficiency of treatment facilities, etc. Organizations include natural disasters and the risk of floods, fires, and others as environmental risks.

2) Legal risks of the organization- these are the risks caused by the lack of licenses to carry out activities that provide for its existence, non-compliance with patent law, the occurrence of litigation with external clients, failure to fulfill contractual obligations, etc.

3) Personnel risks include risks:

insufficiently qualified personnel management and employee motivation;

· inefficient system of remuneration;

Loss of highly professional personnel;

Decrease in labor productivity;

loss of working time for various reasons.

4) Risks of circumstances, force majeure for the organization is unpredictable changes in the conditions of economic activity, as well as specific risks in violation of technology and safety.

5) Economic risks include risks: loss of profitability of the organization, reduction in prices for the sale of products, changes in market conditions for the main raw materials and energy carriers.

Economic risks should also include the risks of losing the organization's assets, reducing the liquidity and financial stability of the organization, reducing the amount of own funds and increasing the amount of borrowed capital.

6) Marketing risks associated with the loss of markets for products, with changing consumer requirements, with an inefficient portfolio of orders, changes in consumer demand, etc. Marketing risk also includes risks from unsatisfactory advertising, the emergence of new competitors or the appearance of substitute products, an incorrect assortment policy and incorrect chosen pricing policy.

7) Financial risks- these are the risks of a reduction in cash flow, inflation, an increase in refinancing rates, changes in the taxation system, rising energy prices, loss of financial resources to service the debts of natural monopolists.

The above classification of risks is rather conditional, since it is difficult to determine clear boundaries between different types of risks. All of them are interconnected, changing and complementing each other both in the direction of strengthening the impact of risk factors, and in the direction of weakening such an impact.

Strategic planning is the most important function of strategic management and its central link. It is the process of developing and concretizing the organization's strategy in the form of a strategic plan.

The main task of strategic planning is to provide the flexibility and innovation in the activities of the organization necessary to achieve its goals within the capabilities of the enterprise with an acceptable level of risk that exists in any business.

Therefore, at all stages of strategic planning, it is necessary to provide for the identification, classification and development of methods for taking into account the impact of risks on the result obtained.

G.B. Kleiner in relation to making strategic decisions gives the following definition of risk:

“Risk is the possibility of such consequences of strategic decisions being made, in which the set goals are partially or completely not achieved.”

The concept of developing any development strategy assumes that future results can be determined, evaluated or measured.

The main features of risk are: inconsistency, alternativeness and uncertainty. Such a feature as inconsistency in risk leads to a collision of objectively existing risky actions with their subjective assessment.

Since, along with initiatives, innovative ideas, the introduction of new promising activities that accelerate technical progress and influence public opinion and the spiritual atmosphere of society, there are conservatism, dogmatism, subjectivism, etc.

Alternative risk implies the need to choose from two or more possible solutions, directions, actions. If there is no choice, then there is no risky situation, and, consequently, no risk. Uncertainty is the incompleteness or inaccuracy of information about the conditions for the implementation of the project (solution). The existence of risk is directly related to the presence of uncertainty, which is heterogeneous in form and content. Entrepreneurial activity is carried out under the influence of the uncertainty of the external environment (economic, political, social, etc.), many variables, counterparties, persons whose behavior cannot always be predicted with acceptable accuracy. The uncertainty of the decision, the result is due to the following factors:

• - a sufficiently long time interval between the development of a strategy and the result obtained from its implementation;
• - the degree of controllability of the management process;
• - the degree of awareness of the variables that affect the developed strategy and the nature of the relationship;
• - lack of experience in making specific management decisions;
• - subjective approach to making managerial decisions.

The process of strategic choice always takes place in conditions of many alternatives, each of which is inherent in one or another type of risk. The process of developing strategies and their implementation is continuous and requires the constant adoption of certain decisions at its different stages. This process consists of formulating the goal, formalizing the planned result, determining the way to achieve it and the criteria for its evaluation, taking into account the risks and selection rules. In addition, the choice of a solution depends on the level of information obtained in the process of studying the problem of its level (systemic, personal, functional), the structure and completeness of the analysis, the risk management system, psychological mechanisms for choosing a solution (volitional, intellectual, emotional, etc.). The main decision-making factors are information conditions and their uncertainty.

According to the degree of certainty, the conditions under which strategic planning is carried out can be divided into: deterministic, random and uncertain. Deterministic (definite) conditions assume a known result under various alternative choices. Random conditions involve determining the result for each of the alternatives with a certain degree of probability. Uncertain conditions do not imply the definition of a potential outcome.

In the general case, all risks that may arise in the course of the activities of enterprises are conventionally divided into known, foreseen and unforeseen.

Known risks - the risks of paying fines, losing part of the resources due to theft or safety violations - arise as a result of certain types of impacts or changes in factors that affect the type of business being analyzed.

Foreseeable risks - loss of quality due to non-compliance with the requirements of the developed standards, contractual risks on an advance payment basis, certain types of currency risks, etc., the possibility of occurrence of risks is predictable based on the accumulated experience of enterprises. Unforeseen risks - changes in the goals of shareholders, changes in the political situation in the country, etc., which are not predictable in advance due to lack of experience or information.

For the effective development of a risk management strategy, it is necessary to clearly and accurately define for all participants in the implementation of the enterprise strategy what is meant by the concept of "risk". Here are the most common definitions of this concept.

A.P. Gradov, interpreting the risk, draws attention to the following aspects:

• - firstly, risk means the danger that the implementation of the project may lead to losses;
• - secondly, risk is understood as a measure of dispersion (dispersion) of the estimated indicators of the project under consideration (for example, profit, profitability, etc.) obtained as a result of a multiple forecast;
• - thirdly, risk is understood as the danger associated with the fact that the goal of an entrepreneurial project will not be achieved in the intended volume.

In turn, Shannon gives the following definition of risk in relation to the need for business valuation: "Risk is the degree of certainty (or uncertainty) associated with obtaining expected future returns."

According to E.A. Utkin, the risk is very often compared with certain quantitative losses of material, labor or financial resources due to the implementation of the developed action plan.

The lack of a generally accepted definition of the concept of "risk" is primarily due to the diversity of the risks themselves, the varying degree of their impact on business development and varying degrees of sensitivity to these risks. The risk is objectively present in any area of ​​human activity, including in the process of implementing strategic plans for the development of enterprises.

It seems to us that in this field of activity, risk should be understood as the possibility of not achieving the value of evaluation criteria in the process of implementing the basic or functional strategy for the development of an enterprise.

An indicator of the impact of risk on the implementation of the strategy is the assessment of the consequences of not achieving the goal. Influence can have both negative and positive effects. However, the presence of various obstacles and risk factors in the implementation of the developed strategies reduces the attractiveness of these developments or makes them completely unattractive. Factors affecting the risk and its consequences are divided into objective (factors of the external business environment) and subjective (which are directly related to the activities of the enterprise, its resource potential).

Risk subjects should include either those who assume the risk in full, partially or indirectly, or those who manage risks. In accordance with this, all stakeholders of the enterprise can be attributed to risk subjects, since they are associated with the implementation of the strategy of this enterprise and have the opportunity to influence the course of its implementation. Stakeholder - a fairly wide range of people related to the enterprise. The main stakeholders of the enterprise are:

• - investors who invest their capital in the company with a certain degree of risk in order to receive income on it;
• - creditors;
• - enterprise managers;
• - employees of the enterprise;
• - suppliers;
• - consumers (customers of the enterprise);
• - public and state organizations.

Often, the acceptable risk limits of one subject may not coincide with the risk assessment of other subjects. Already at the stage of goal-setting, it is necessary to reach a compromise understanding of risk.

The enterprise needs to find the optimal values ​​of the given boundaries according to the established and agreed set of basic indicators of the strategy, to determine the boundaries of its acceptable level. The coordination of such parameters is one of the most difficult tasks of strategic risk management.

Risks can arise when developing enterprise development goals. At the stage of formulating the goals of the strategic plan for the development of an enterprise, it is necessary to collect the maximum amount of reliable and reliable information, which in turn will reduce the influence of the subjective factor and select the most optimal solution in a particular risk situation.

Information can be reliable, which is obtained from reliable sources, both official and unofficial (the degree of reliability largely depends on the stakeholders), relatively reliable and unreliable, which is obtained with a certain distortion.

For the purposes of risk measurement, it is necessary to first investigate all possible risks, identify them and classify them. In this regard, a detailed classification of risks is of paramount importance.

Initially, the risks that must be taken into account when substantiating and developing an enterprise development strategy are divided according to the scale of their impact:

• - catastrophic;
• - critical;
• - significant;
• - moderate;
• - insignificant.

According to the degree of sensitivity to risks of various groups of stakeholders, the following types of risks can be distinguished:

• - admissible;
• - acceptable;
• - invalid.

Of particular practical interest is acceptable risk, which assumes that in order to achieve the chosen strategic goal, it is always possible to find a solution that provides a certain compromise level of risk that corresponds to a certain balance between the expected benefit and the threat of losses.

Risks are also divided into systematic and non-systematic. And they can be:

• - predictable and unpredictable;
• - explicit and hidden;
• - measurable and immeasurable;
• - predictable and unpredictable;
• - direct and indirect.

According to the nature of accounting, risks are divided into external (macroeconomic risks of the distant environment and risks of the near environment) and internal (objective and subjective).

1. Macroeconomic risks of the distant environment include political, economic (financial), environmental, production, risks associated with the occurrence of unforeseen force majeure circumstances. Political risk is the possibility of losses or reduced profits as a result of government policy. Thus, political risk is associated with possible changes in the course of the government, changes in the priority areas of its activities. Accounting for this type of risk is especially important in countries with unstable legislation, lack of traditions and business culture. Political risk is inevitably inherent in entrepreneurial activity, it cannot be avoided, it can only be correctly assessed and taken into account. Political risks should include, mainly, the risks of adverse socio-political changes in the country, as well as the risks of business security in the country (vandalism, unemployment, terrorism, sabotage, etc.). Economic (financial) risk takes into account state regulation in the field of taxation, pricing of natural monopolies, land use, rent standards, export-import, foreign economic activity. This is the risk of loss (change) of the predicted result due to inflation, changes in the convertibility of the national currency, changes in state regulation of the banking and financial system, etc.

Production risks are those associated with state regulation of the development of specific industries, enterprises or regions, the possibility of state policy to support their own manufacturer or the creation of conditions for a possible invasion of the domestic market by a foreign manufacturer. Environmental risks are direct threats to the external business environment, since environmental protection activities are regulated by the state. Unexpected measures of state regulation in the field of environmental protection can significantly affect the deviation from the predicted result. Risks associated with unforeseen force majeure circumstances. Such risks include natural disasters.

It should be noted that the above classification of risks in the external business environment is not exhaustive. Unforeseen changes in any of the parameters listed above represent a threat or uncertainty in achieving the desired outcome.

The risks of the near environment include industrial, scientific and technical, socio-economic ones. Production risk:

• - the risk associated with the possible loss of production capacity due to changes in the needs of the sales market or a decrease in the quality of the goods produced;
• - the risk of non-fulfillment of the planned scope of work, increase in costs, deficiencies in planning;
• - scientific and technical risk - the risk of losing the competitive advantage of the enterprise, caused by a decrease in the performance of the main technological equipment, including its complete stop;
• - the risk of obsolescence of fixed assets and technologies, investment risks, reconstruction risks, risks of new technologies or activities, etc.;
• - the risk of developing new, more economical technologies for the production of the product;
• - socio-economic risks - the risks of pursuing a pricing policy that is unprofitable for the enterprise, the absorption of one enterprise by another by using its monopoly advantage in the sales market or by acquiring shares, the risks of an unfavorable social climate of the enterprise, bankruptcy, etc.
• 2. Subjective internal risks include the risks of making managerial decisions at all stages of planning and implementing a strategy (in particular, the risks of erroneously chosen goals, a gap in strategic, tactical and operational planning, violation of the hierarchy of subordination of goals and plan, etc.).

To objective internal risks - risks associated with various areas of the enterprise - environmental, legal, economic, marketing, financial, risks of personnel, circumstances.

The above classification of risks is rather conditional, since it is difficult to determine clear boundaries between different types of risks.

The environmental risks of the enterprise include natural disasters and the risk of floods, fires and others that arise as a result of violation of laws on environmental protection, due to the lack of licenses and permits, reduced efficiency of treatment facilities, etc.

The legal risks of an enterprise are the risks caused by the lack of licenses to carry out activities that provide for its existence, non-compliance with patent law, failure to fulfill contractual obligations, the occurrence of litigation with external clients.

Economic risks - risks of loss of profitability of the enterprise, risks of loss of assets of the enterprise, decrease in liquidity and financial stability of the enterprise, decrease in the amount of own funds and increase in the amount of borrowed capital, risks of lower prices for product sales, changes in market conditions for basic raw materials and energy carriers, etc.

Marketing risk includes risks from poor advertising, the introduction of new competitors or substitute products, wrong assortment policies, and wrong pricing policies. They are associated with the loss of sales markets for products, with changes in consumer requirements, changes in consumer demand, etc.

Risks of inflation, increase in refinancing rates, changes in the taxation system, rising energy prices, loss of financial resources to service the debts of natural monopolists are financial risks.

Personnel risks are associated with insufficiently qualified management of personnel, motivation of employees, loss of highly qualified personnel, and an inefficient remuneration system.

Circumstance risks are unpredictable changes in business conditions, as well as specific risks in violation of technology and safety regulations. All risks are interconnected, changing and complementing each other both in the direction of increasing the impact of risk factors, and in the direction of weakening such impact.

Risks in the work of the enterprise and their types

Objects of management operate in multifactorial conditions. The company's activities may be influenced by the macro-, meso- and microenvironment. Factors can be controllable or uncontrollable.

Risk is understood as the possibility of adverse events that can bring negative changes.

Definition 1

Manageable risks are those types of risks that can be predicted and minimized the result of their impact using various methods.

Consider some types of risks:

1. Depending on the result of the impact, risks can be divided into speculative and pure. The first give a positive, negative or neutral result. This includes financial risks that can bring benefits. Pure risks usually result in zero or negative results. There are natural, man-made and natural risks.
2. One of the methods of overcoming crisis situations in case of risk is insurance. It can be both third-party and internal, that is, risk minimization occurs at the expense of its own resources and reserves. Therefore, they are divided into insurance and non-insurance.
3. Depending on the nature of the negative impact, the risks associated with the impact of man or nature are distinguished.
4. According to the principle of insurance, risks are divided into individual and universal. The former imply the presence of specific properties of the insured object or phenomenon, while the latter refer to common forms of insurance.
5. Anomalous risks are a group of negative impacts that lead to the complete destruction or disruption of the life of the object.
6. Commercial, technical, environmental, political, currency, property, production and other types of risks are distinguished according to the peculiarities of occurrence.
7. The risks associated with the probability of the completion of the enterprise are called the risks of bankruptcy, liquidation, financial losses, and reduced profitability.

Enterprise risk management

One of the methods to overcome the onset of risky situations is risk management. Its essence lies in the organization of processes for risk identification, its analysis and the adoption of an appropriate management decision to eliminate or minimize it. The risk management process itself includes:

• Risk planning is aimed at developing a methodology for overcoming them in the course of the company's activities.
• Identification of risks and places of their occurrence on the basis of analytical work.
• Qualitative assessment is aimed at understanding the effect that a risk can bring.
• Quantification shows the amount of damage that a risk can cause.
• Carrying out continuous monitoring and analysis of past risks in order to overcome them and prevent them in the future.

In entrepreneurial activity, a set of methods for overcoming crisis situations has been developed. The most common is avoiding the onset of negative trends. This approach allows predicting the risk and putting into practice methods to overcome it. This includes the refusal to work with unreliable suppliers, the refusal of dubious contracts, transactions and agreements. In addition, an entrepreneur can resort to the services of insurance and guarantors who can take on part of the risk.

Risk localization is the isolation of certain areas of work. However, this approach requires a clear identification of weaknesses and risk identification. For these purposes, special subsidiaries or structural divisions can be created, or contracts can be concluded with third-party companies for the implementation of risky projects.

Remark 1

Risk diversification is the distribution of the result of its impact on the entire activity of the company in order to minimize losses. The risk can be distributed among project participants, types of activities, types of purchases. In the field of investment activity, a portfolio can be formed, which implies the presence of various assets in order to distribute risks among them.

Strategic risk management

Management methods used by enterprises are usually divided into strategic and tactical. The first relate to the long term and the plans of the enterprise. They are focused on the entire process of the life of the enterprise. Tactical management deals with the implementation of specific practical tasks within a certain period of time. Strategic risk management deals with the analysis, planning and overcoming of negative trends in case of their occurrence.

The strategy involves the development of methods and principles of the company's behavior, taking into account their forecasting and analytical preparatory work. Careful work with risk management allows you to increase the investment attractiveness of the company, increase the confidence of counterparties, partners, third-party organizations providing services. The development of a strategy allows you to create a set of alternative solutions and respond flexibly to crisis events.

The company's line of conduct for dealing with risks can follow the following directions. Risk avoidance lies in such an organization of enterprise processes that will minimize the situation of its occurrence. Withholding involves accepting that risk may occur. In order to get out of the crisis, reserves are being developed that can cover sudden expenses or damage. To implement this approach, it is necessary to create a transparent information environment that minimizes the uncertainty of the decision-making environment. Risk taking includes risk insurance. It turns out that the insurance company assumes obligations to cover the costs, and the company pays service fees. Self-insurance implies that the company independently creates a certain financial reserve, which will be used only to cover expenses in the event of a crisis.

Remark 2

The hedging method is widely used in financial activities. There are even special funds that provide insurance in the field of financial services. The essence of this procedure is to carry out such operations, which, in any case, will allow the owner of the assets to receive a certain amount of payments.

Everyone is interested in risk because risk is associated with success. What is success, people define in different ways, but no one disputes that one has to take risks on the way to it. The implementation of any activity is impossible without risk. In fact, business is the acceptance of risk in the expectation of an acceptable reward.

Risk management is an integral part of the overall management of any organization that seeks to survive and fulfill its mission. Risk management may even be a systemic goal for some organizations. In this case, risk management can become part of operational management. For example, what is the purpose of the army in the modern world? Fight against war by all means, including the military. In this case, risk management is the main goal, and warfare is a secondary goal.

What does enterprise risk management involve?

Risk Management Processes

Risk management is the processes associated with the identification, analysis of risks and decision-making, which include maximizing the positive and minimizing the negative consequences of the occurrence of risk events. The project risk management process typically includes the following procedures:

1. Risk management planning - the choice of approaches and planning activities for project risk management.

2. Identification of risks - identification of risks that can affect the project, and documentation of their characteristics.

3. Qualitative risk assessment - a qualitative analysis of risks and the conditions for their occurrence in order to determine their impact on the success of the project.

4. Quantification - a quantitative analysis of the likelihood of occurrence in the impact of the consequences of risks on the project.

5. Risk response planning - determination of procedures and methods for mitigating the negative consequences of risk events and using possible benefits.

6. Risk monitoring and control - monitoring risks, identifying remaining risks, implementing the project risk management plan and evaluating the effectiveness of risk mitigation actions.

Risk identification

The risks are many and varied. But when determining the risk profile of any organization, analysts first of all highlight strategic risks. What is it based on?

The development of any company is impossible without tactics and strategy. Even when top managers claim that there is no strategy, it is in fact a short-term strategy for adapting to current changes. Sometimes, for example, in troubled times, this strategy may turn out to be correct. If the management is simply passive, and this may be beneficial for the current management, then the company will inevitably begin to lose its market value under the blows of competitors and random circumstances.

Are there any mistakes in management? Practice shows that the more likely to make mistakes, the more aggressive the development policy and the more ambitious the company's management. The possibility of such errors constitutes a set of errors that can be combined under a single name - strategic risks.

Considering strategic risk means considering the possibility of an unexpected event that reduces the possibility of an unexpected event that reduces the ability of managers to timely and efficiently develop a company management strategy and implement management strategy adopted by management (Simons.R.A Note on Identifying Strategic Risk// Harvard Business Scool Review .1999/November.P.1)

The control system may not be able to implement the strategy for the following reasons:

1) from the process of doing business (operational risk)

2) from the possibility of deterioration of the company's assets

3) from changes in the competitive environment

4) from the loss of a good name, loss of reputation, loss of trust.

In order to consistently protect the company from the risk of failure of the adopted management strategy, it is necessary to build a protection system based on a clear way of describing the strategy itself.

Such a tool - strategy mapping as a way to consistently describe an organization's management strategy as a whole - was first proposed by Kaplan and Norton in their concept of a balanced scorecard.

The strategy contains a transition from the current state to a desirable future. The construction of strategic strategy maps includes the formulation of a strategy and a system of ways to implement it. A detailed description of strategy mapping techniques can be found in the books by Norton and Kaplan.

The base map of any management strategy is shown in Figure 2.

I don’t even really get into the essence of the concept, risk managers can draw significant conclusions from this structural diagram.

The assessment of the complex of strategic risks here should be carried out in relation to each element and indicator of success, in turn analyzing the specific formulation of the strategy as aggressive, moderate or non-aggressive. . The risk assessment then shifts to an assessment of a strategy to increase revenue and productivity. Then the strategies of communication with the clientele are analyzed, the possibilities of new ideas within the company, as well as the accumulation of experience, training and development of the corporate culture under the new overall strategy. If the risks for at least the bottom element turn out to be too high, then the whole strategy may be questionable. In this case, a decision is made on the excessively risky element, and then the overall strategy is evaluated and the risk indicators of all elements are reconsidered.

For some elements of the management strategy, techniques have been developed to detect early symptoms of problems and opportunities. An example of such a technique is “Management of strategic circumstances”. Essentially, this is a preventive way to deal with the risk of falling behind the process. The method focuses on the so-called strategic gaps, which are detected by weak qualitative and quantitative symptoms that herald the emergence of new technologies.

The most important strategic risks include the risk of stopping the company's production. For some firms, it is so important that special business continuity plans are drawn up for it. One of the most important indicators of a company's risk resilience is the number of downtime days that turn downtime into bankruptcy and exit from business. Sometimes this indicator is difficult to calculate, and sometimes it is obvious. In any case, it needs to be known both for the company as a whole and for its key divisions and elements.

Risk Management Methods

Under the influence of various external and internal risk factors, various methods of risk reduction can be used that affect certain aspects of the enterprise's activities.

The variety of methods used in entrepreneurial activity can be divided into 4 groups:

Risk Avoidance Methods

Risk localization methods

Risk diversification methods.

Risk compensation methods.

When choosing a specific risk management method, the risk manager should proceed from the following principles:

You can't risk more than your own capital can afford.

Don't risk a lot for a little

The consequences of the risk should be foreseen.

The most common methods of risk avoidance in economic practice.

Risk Avoidance Methods:

Refusal of unreliable partners, refusal to participate in projects related to the need to expand the circle of partners, refusal of investment and innovation projects, the confidence in the feasibility or effectiveness of which is questionable

Risk insurance is the main method of risk reduction. Insurance of possible losses serves not only as protection against bad decisions, but also increases the responsibility of decision makers, forcing them to take the development and decision-making seriously, to regularly carry out protective measures in accordance with insurance contracts.

Search for guarantors

Dismissal of incompetent employees.

If it is possible to clearly identify the risks and sources of their occurrence, apply risk localization methods. For example, by separating the most dangerous stages or areas of activity into separate structural units, you can make them more controllable and reduce the level of risk.

Risk diversification methods consist in the distribution of the total risk into independent ones, thereby lowering the probability of the total risk.

For example, it can be diversification (diversity) of activities or areas of management - expanding the range of products or services provided, targeting different types of consumers, enterprises of different regions. This may be the diversification of sales and supplies, i.e. work simultaneously in several markets, when losses in one market can be compensated in other markets.

Diversification of the risks of investment projects is the preference for the implementation of several relatively small investment projects

When implementing projects, this is the distribution of responsibility between project participants, a clear distribution of the scope and responsibility of each participant.

Risk compensation methods

Risk compensation methods are associated with the creation of hazard prevention mechanisms. These methods are more labor intensive and require extensive upfront work to apply them.

Strategic planning of activities as a method of risk compensation gives a positive effect if the development of a strategy covers all areas of the enterprise. The stages of strategic planning can remove most of the uncertainty, allow you to predict the emergence of bottlenecks in the implementation of projects, identify sources of risks in advance and develop compensatory measures, a plan for the use of reserves.

Forecasting the external environment, i.e. periodically developing development scenarios and assessing the future state of the business environment for project participants, forecasting the behavior of partners and competitors, general economic forecasting.

Monitoring the socio-economic and regulatory environment involves tracking current information about relevant processes.

Creation of a system of reserves. This method is close to insurance, but concentrated within the enterprise. The enterprise creates insurance stocks of raw materials, materials, components, reserve funds of funds, develops plans for their use in crisis situations, does not use free capacities.

It is relevant to develop a financial strategy for managing your assets and liabilities with the organization of their optimal structure and sufficient liquidity of invested funds.

Personnel training and instruction.

When using the methods of strategic planning and monitoring, it is necessary to widely use informatization - the acquisition and constant updating of systems of regulatory and reference information, connection to commercial information networks, conducting one's own predictive and analytical research, and attracting consultants. The data obtained will allow us to catch trends in the development of relationships between economic entities, give time to prepare for regulatory innovations, provide an opportunity to take appropriate measures to compensate for losses from new business rules, and adjust operational and strategic plans.

The abundance of information makes it necessary to use a specialized information system.

To automate risk management processes, various solutions have been proposed, for example, the use of relational databases, enterprise resource planning (ERP) systems. Not too great adaptability of these systems to the variety of processes involved in risk management processes leads to the fact that office applications are used as a maximum to automate these processes, which means automation of work at one workplace and cannot give an operational picture of the work of the entire organization.

The development of electronic document management systems (EDMS) shows that the most rationally integrated solution is a combination of ERP and EDMS using WorkFlow (“Workflow”, business process automation), moreover, the transactional and settlement part of the processes is in ERP, and the documentary part is in EDMS.

The need to use EDMS determines the presence of such factors:

Variety of risks, methods of dealing with risks,

The information used in risk management processes can be very different - text files, spreadsheets, scanned documents, photographs (for example, pictures from the scene),

Many employees and departments of the organization can be involved in the processes of working with this information.

Program monitoring and early warning system

Corporate risk-hazard monitoring systems were first created in the 60s of the 20th century. These systems were based mainly on the analysis of historical data and the identification of trends. Taking into account these trends, target figures were planned, upon reaching which the system was considered normal (normal)

The next generation in the early 1980s was early warning systems for hazards and opportunities, which relied on special lists of empirical and calculated diagnostic quantitative and qualitative signs. This methodology supplements the monitoring system with a map of control and diagnostic points, which are monitored and compared with standards. If an abnormality in the state of one or more of these points is detected, an alarm signal is issued to the control system, which must take measures to correct the situation.

At present, systems for monitoring the strategic components of the risk management program (Strategic Issue Management, SIM) are considered to be the last word in this area. The main difference of this approach from the previous ones is an attempt to implement risk management of the company from the positions “Before”, and not “Post-the-fact” . SIM systems focus on structural changes in the company and its environment, acting like a 360-degree radar and trying to detect so-called strategic discontinuities or strategic surprises as early as possible. Added to this is the “violation of the status quo” and the “growing asymmetry”. Such violations are detected on the basis of diagnostic lists even in conditions of weak signals and unstructured information.

For this purpose, monitoring of suspicious symptoms is established and its development is monitored.

Examples of discontinuity: breakeven point and points of no return. The latter can be characterized economically, financially, legally, technically, etc. A point of no return is a situation after which the process will inevitably go into a certain risk corridor. After this point, the risk can be considered accepted, and in the event of the realization of the danger that created this risk, all losses will fall on the account of the person or organization that accepted this risk. Managers can “play back”, cancel a risky project with acceptable losses up to this point, and after passing it, all that remains is to hope that the risk with the accepted probability of defeat will follow the path of victory, and be ready to apply crisis or catastrophic management schemes if, despite all precautions, the process went unfavorably.

No surprises happen completely out of the blue. Surprise is the result of ignorance, inattention, unarmedness or inability of the observer. That is why SIM systems attach such importance to increasing risk sensitivity and diagnostic qualification of personnel. With this approach, it becomes possible to preventively manage risks in conditions of complete uncertainty and incomplete repeatability of events.

The methodology for identifying symptoms of early warning about company problems is evolving in different directions.

One of the most popular lists of early warning symptoms of a firm's problems was published in 1993 by John Barrickman, commissioned by the American Bankers Association. This list has become something of a classic. It is often quoted and inserted into banking publications. The volume of the article does not allow citing it in its entirety. Here is a small excerpt as an example:

A noticeable change in the behavior (personal habits) of the image of the key personnel of the company

Inability of key employees to clearly articulate the mission, overall and competitive strategy of their firm

Problems in the family and marriage of key employees of the company

A change in the attitude of the firm or its representatives towards the bank or the banker, especially a decrease in interest in cooperation.

Personal optionality of the client (or his representative) or reduction in the level of obligation.

The firm's inexperience in the industry or line of business.

Changes in the composition of the company's management

Changes in the composition of the company's owners

Changes in the composition of key specialists

Failure to meet schedule obligations.

Bringing back issues that have already been resolved in the past.

The inability of the company to plan its activities in a quality manner, etc.

Another direction in building a forecast for the development of events is to monitor the balanced scorecard, which has already been mentioned when considering strategic risks.

The concept of Kaplan and Norton proceeds from the position that it is impossible to manage according to one indicator - profit, just as it is impossible to fly an airplane using only one instrument. Profit is an indicator of past decisions made and does not at all show how events will develop further.

Through a balanced scorecard, you can simultaneously build a company strategy. The indicators will then act as benchmarks for collective action.

At the same time, they can serve as indicators of how effective the actions taken are in achieving the goals set. Comparison with planned indicators makes it possible to determine the direction of development of events.

Building an effective risk monitoring system

How to navigate the variety of risks that occur in the activities of any company that decides to operate in such difficult modern conditions?

An effective risk monitoring system should have the following elements:

Clearly defined surveillance areas

Wide network of observers and agents

Filters and criteria for evaluating incoming information

Clearly defined channels of communication with the management and managed subsystems of the company

subsystem of self-improvement.

What information system can provide the requirements for the operation of such risk monitoring systems?

Attempts to use relational databases or systems such as ERP (resource management) for this have not been very effective, and currently office applications are mainly used to automate risk management work. The simplicity and low cost of this solution are combined with the limitations of the system to one workstation, i.e. the control system cannot be made multi-user and reduce the possibility of analysis.

The capabilities of modern electronic document management systems make it possible to organize the collection and storage of information at all stages of risk management, to create and regulate the necessary information flows.

The main advantages of the EDMS for building a risk management system include the following:

1) the ability to store a wide variety of information.

The main processes of risk management are the collection of documents, storage and transfer of them to all those who need it.

Therefore, EDMS are more suitable for carrying out such processes, which can store part of the information in a structured (like tables) form, and part in the form of attached files. For numerical methods of analysis, data can be transferred to specialized programs.

The information used for risk monitoring can be extremely varied - WORD files (eg expert opinions), scanned images (eg licenses), photos from the scene, tables of exchange rates, etc.

2) availability of mechanisms for monitoring the implementation of plans

Planning actions and monitoring their execution is an important part of the risk management system. The mechanism for creating a hierarchical system of orders with the appointment of specific executors, sending reminders about the approaching deadline or that the deadline has passed, but the order has not been fulfilled, drawing up analytical reports on performance discipline makes risk management really work with minimal time spent on control processes, what gives people the opportunity to really think - have we foreseen everything?

3) the possibility of functional and geographical scaling.

All experts agree on the practical impossibility of simultaneously introducing a full-scale risk management system in an organization.

As a rule, the process of introducing a risk management system begins with a pilot project in a separate, most critical area (operational risks for banks, technical risks for industry, foreign exchange risks for foreign economic activity). Having worked out risk management technologies in this pilot area, risk management is deployed to other types of risk.

Deployment can proceed on a functional basis: at first, only the functions of monitoring events or monitoring the execution of plans are implemented, then drawing up predictive scenarios for the development of comprehensive action plans, and already - as a crown - drawing up analytical expert generalizations with an analysis of the situation and the effectiveness of the measures taken.

The EDMS functionality makes it possible to carry out both geographical and functional scaling.

The "Client - Server" architecture allows you to connect new users and include them in ongoing processes simply by connecting workplaces without making changes at the program code level.

The reliability of work is ensured through the integration of servers into clusters.

To ensure the work of remote users, a replication mechanism is used. A replica is a complete copy of a database on another server that may be thousands of miles away from where the original document was created. The transfer of information is carried out by the method of replication - maintaining full copies of databases on two or more remote servers. With this mechanism, it is impossible to lose any message. The servers will exchange data until a full match of the information stored in the replicated databases is obtained.

Functional scaling is realized due to the modularity of the EDMS. The sequence of input of risk management processes can be implemented due to the sequence of input of EDMS modules.

The organization of the EDMS, intended for a set of works on the implementation of risk management processes, can be represented as the following scheme:

The initial stage is the development of a strategy and building a risk profile of the organization.

Based on the created risk profile of the organization, forecasts of the development of events are created.

Development of plans for preventive measures and plans for the elimination of consequences.

A control plan is being developed to monitor risk events.

Carrying out control measures with registration of identified risk events in a special database.

Monitoring of the external environment is carried out with the registration of information in the database of risk events.

Analysis of forecasts, accumulated information is carried out and the effectiveness of ongoing activities is determined

The action plan is being adjusted.

The system of balanced scorecards is monitored with the creation of analytical generalizations.

Based on the results, the base of the balanced scorecard is adjusted.

And how to build analytical generalizations, what methods and processing algorithms to use - this task is solved by risk managers in each specific situation.

Methods for constructing analytical generalizations are very diverse and their set continues to grow, as risk management is constantly evolving. New types of risks are emerging, such as the risks of doing business online. And each organization can supplement the theory and practice of risk management with its own experience.

As practice shows, a risk manager, like a doctor, has to learn all his life.