INTERNAL RISK MANAGEMENT
The earlier part of this series on risk management dealt with the implications of external risks and how the PESTEL analysis, representing Political, Economic, Social, Technology, Environment and Legal, is used to determine the implications(click here to read earlier post) . This part of the article focuses on the sources of internal risks and implications of the same.
The biggest source of risks for organisations would be that of its human resources. Ironically, though they represent the biggest strength of the organisation, they can also, in some cases, if not addressed adequately prove to be the source of the risks. Mr NR Narayana Murthy, founder of Infosys has very succinctly captured the essence of the value of the human assets with this observation “Our assets walk out of the door each evening. We have to make sure that they come back the next morning”. With attrition being very high in organisations, it has become very critical to ensure that the key resources were adequately reviewed, motivated and actions taken for their long-term retention including adequate business continuity measures initiated. In the same vein staff could pose a significant source of risks in the form of espionage or intentional damage to assets, more often sponsored by entities inimical to the success or growth of the organisation. With increasing reliance on information technology, they could also potentially become vehicles for data theft and cyber security lapses.
The other big source of risks, especially the smaller ones, face is that of concentration risk. Concentration risk refers to a situation wherein a single customer, vendor, geography or market constitute a substantial portion of the revenue or resources. This would also include the implications of a single location establishment that contributes to a significant portion or all of the revenue. The implications of these risks tend to get accentuated smaller organisations generally financially leverage for its operations. This also is the source of what is referred to as financial risk as any changes to the interest rates could have an adverse impact on the profitability of the organisations. Operational risks could also include excessive dependence on manufacturing capabilities or delivery capabilities. If there are disruptions to this, it could adversely affect, the ability to fulfil contractual obligations.
The other major risk, especially small ones, is the lack of management bandwidth as many of them or technocrat driven organisations. These organisations inevitably, compounded by the lack of a board of directors, suffer from serious business continuity process and oversight on many other strategic decisions too. Any dislocation to the technocrat, albeit temporary, could prove to become an existential crisis.
Then there are a host of other situational or specific type of risks like project management risks where delays, in project execution, that could have a significant impact on the viability of the project as material project cost over-runs may have adverse impact on the economic feasibility. There are other operational risks like hazard risks that are linked to operational processes or specific materials used.
The other major source of internal risks could be the ones linked to business models. There is a fair amount of innovation that is taking place in this space where changes to business models like renting as against buying could also impact the viability of the organisations.
In the ultimate analysis, internal risks tend to grow under the feet, and it is imperative and critical to constantly evaluate and review the nature and source of this which would be the next part of this series.