Businesses are facing more risk today than ever before. Maybe the risks have been there all along, but we are encountering more business surprises than ever before, which makes us focus on the underlying risks. Whether it's an impending SEC investigation or the threat of online phishing, paying attention to the types of risk that our organizations may encounter, along with risk signals - clues to the potential identification of an emerging risk - can lead to risk mitigation strategies that can help us avoid those surprises. What are the major types of risk we should look for? Here are my top ten, in true David Letterman format.

10. Market Risk. Changes in market conditions can have a negative effect on a company's asset values. These changes are routinely tracked and forecasted by economists and industry analysts.

9. Strategic Risk. This is the risk that a company encounters when it fails to adequately define and communicate strategies or gaps in strategies. If goals exist, but the projects that would enable you to meet those goals have not been identified, you have a strategic risk issue.

8. People Risk. A risk that business objectives are not met resulting from management failure, personnel turnover, organizational structure or other human resources gaps can be classified as people risk. There is more people risk than you may think in an organization, particularly in the ability to adapt to rapid changes and new processes. It's what prevents us from being as nimble as we would like.

7. Regulatory Risk. This risk involves either violating or not complying with regulations, rules and policies. Regulatory risk may expose the company to fines, penalties, punitive damages and legal fees. Clues to emerging regulatory risks can be discovered by keeping tabs on the regulatory bodies and what their current areas of focus are, as well as on current "broken" processes that may affect a company's ability to comply with regulation.

6. Legal Risk. This brings us to the risk of violating or not complying with laws, prudent fiduciary practices and ethical standards. Like regulatory risk, legal risk exposes the company to fines, penalties, legal fees, compensatory damages and the like. Both may result in loss of reputation.

5. External Factor Risk. Risk arising outside the business' normal span of control can be categorized as external factor risk. Examples include the risks of dealing with vendors, service providers and alliances, as well as geo-political, cultural, social and environmental factors. Some signals indicating areas of concern in the latter areas can be found in the press and industry analyst coverage.

4. Technology Risk. This is the risk that technology - whether through complexity, instability, inability to scale or failure to meet requirements - fails to support the business. A big factor here is the overall aging of systems. The key is to recognize when this is likely to occur.

3. Processing Risk. The risk that transactions are not processed or services delivered efficiently or effectively is processing risk. Critical to identification of processing risk signals is accurate operational data and the tools to measure it.

2. Execution Risk. Somewhat tied to processing risk, execution risk involves the failure to execute on company strategy. Clues may arise from negative customer experiences (customer complaints), the failure to meet sales goals, inadequate financial performance, process inefficiencies, diversion of management attention away from strategies, excessive attention on problem management and constant changing of priorities.

1. Reputation Risk. Reputation risk is the "big kahuna." It is the risk that the company suffers from negative customer or shareholder perception. Impacts can be felt in the industry marketplace (effects on revenues, earnings, market share), in the equity markets (effects on stock price, P/E ratios and the like) or both. Reputation risk is difficult to quantify, but has potentially huge impact.

Of the many risks facing businesses today, the largest is reputation risk. Once a company is identified as "bad or risky to do business with," it is difficult to overcome it. Paying attention to risk signals in all of these areas can help address all emerging risks with mitigation strategies and can help provide the ability to avoid those business surprises that force us to suck in our breath and exclaim, "What just happened here and how can we overcome it?"

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access