Which type of risk is easier for an organization to manage. Risk management in your enterprise. Credit risk management

In an era of economic and financial crisis, risk management is the most topical issue facing the Russian industrial companies. The processes of globalization are becoming another source of economic risks, so the use of the principles of risk management in management will help achieve the goals and objectives of chemical companies, although, of course, it will not reduce the likelihood of various kinds of risks to zero.

The introduction of a risk management system at enterprises makes it possible to:

• identify possible risks at all stages of activity;
• predict, compare and analyze emerging risks;
• develop the necessary management strategy and a set of decision-making to minimize and eliminate risks;
• create the conditions necessary for the implementation of the developed measures;
• monitor the operation of the risk management system;
• analyze and control the results.

The features of risk management include: the need for the management of companies to have anticipatory thinking, intuition and foresight of the situation; the possibility of formalizing the risk management system; the ability to respond quickly and identify ways to improve the functioning of the organization, reduce the likelihood of an undesirable course of events.

Comprehensive risk management system ERM (Enterprise risk management) In many foreign companies, for example, in the USA, is already used quite widely, since the owners of large global companies have already made sure in practice that the old management methods do not correspond to modern market conditions and are not able to ensure the successful development of their business.

The application of risk management implies a clear distribution of responsibility and authority between all structural divisions. Top management functions include appointing those responsible for the implementation of the necessary risk management procedures at all levels. Such decisions should be consistent with the strategic goals and objectives of the company and not violate the terms of the current legislation. At the same time, it is necessary to correctly distribute among the executors the measure to identify risks and the functions of control over the created risk situation.

Risk management as a key tool aimed at improving performance

Risk management is one of the key tools aimed at improving the effectiveness of the programs of activities of enterprise managers, which they can use to reduce costs. life cycle products and mitigate or avoid potential problems that could hinder the success of the business.

Achieving the goals of the enterprise requires specific ideas about the main activity, production technologies, as well as studying the main types of risks. Prevention of risks and reduction of losses from impact leads to sustainable development of the enterprise. The process by which the activities of an enterprise are directed and coordinated in terms of the effectiveness of risk management and constitutes risk management. Risk management is the process of identifying the losses an organization faces in its core business and their impact, and selecting the most appropriate method to manage each. separate view risk.

In another view, risk management is a systematic process in which risks are assessed and analyzed in order to reduce or eliminate their consequences, as well as to achieve goals.

Based on the foregoing, it can be concluded that risk management to ensure the viability and efficiency of an enterprise is a cyclical and continuous process that coordinates and directs the main activities. It is advisable to do this by identifying, controlling and reducing the impact of all types of risks, including monitoring, contacts and consultations aimed at meeting the needs of the population, without compromising the ability of future generations to meet their own needs. Risk assessment leads to the stability of the enterprise, contributing to its sustainable development. Risk management - a contribution to sustainable development, is an essential factor in maintaining and improving the stable operation of the enterprise. Proactive risk management is critical to the management process to ensure that risks are being handled at the appropriate level.

Planning and implementation of risk management includes the following steps:

• Management of risks;
• identification of risks and the degree of their impact on business processes;
• application of qualitative and quantitative risk analysis;
• development and execution of risk response plans and their implementation;
• monitoring risks and management processes;
• the relationship between risk management and performance;
• evaluation of the overall risk management process.

Methodology (program) for continuous risk management

In order to facilitate risk management activities, an enterprise needs to develop a methodology (program) for continuous risk management (CRRM). MNRM is a theoretically significant program aimed at developing project management mechanisms with best practice processes, methods and tools for enterprise risk management. It provides conditions for active decision-making, continuous risk assessment, determination of the degree of significance and level of influence of risks on management decisions, and the implementation of a strategy to combat them. In addition, progress can also be made in the scope of the project, the budget of the enterprise, the timing of its implementation, etc. Figure 1 clearly illustrates the methodology of the continuous risk management process.

Rice. 1. Continuous risk management process

The performance management process acts as an auxiliary tool for obtaining the information necessary for the developed risk management mechanism. Unfavorable trends should be analyzed and assessed for their impact on this mechanism. Appropriate actions of the control mechanism should be taken for those areas of activity that are defined as basic in the business processes of the enterprise. Corrective actions may include a reallocation of resources (funds, personnel, and rescheduling of production) or the activation of a planned risk mitigation strategy. Severe cases, adverse trends and key indicators can also be taken into account when using this mechanism.

It is important that this mechanism emphasizes the need to reassess the identified risks that systematically affect the activities of the enterprise. As the system goes through the development lifecycle, this case much of the information will become available for risk assessment. If the magnitude of the risk changes significantly, approaches to its treatment should be adjusted.

Overall, this progressive approach to risk management is critical to a comprehensive management process and ensures that risk metrics are handled efficiently and at the appropriate level.

Development of a risk management program at the enterprise

Consider the risk management policy that should be applied in the enterprise. The developed mechanism (program) should be aimed at effective and continuous risk management. Thus, early, accurate and continuous identification and assessment of risks is encouraged, and the creation of informationally transparent risk reporting, planning measures to reduce and prevent changes in external and internal conditions will have a positive impact on the program.

This mechanism, including relationships with counterparties and contractors, should perform the functions of identifying risks and monitoring them. For its implementation, it is necessary to have a certain plan in the form of a set guidance documents developed for specific areas of activity. This plan sets out the guidelines for the implementation of the ISDM in a specific time frame. It does not affect the conduct of other activities of the entire enterprise, but rather can provide management leadership in risk management.

The risk management process must meet a number of requirements: it must be flexible, proactive, and must also work towards providing conditions for effective decision-making. Risk management will influence risks by:

• encouraging risk identification;
• decriminalization;
• identifying active risks (constant assessment of what could go wrong);
• identifying opportunities (constantly evaluating the likelihood of favorable or timely cases);
• estimates of the likelihood of occurrence and severity of impact for each identified risk;
• determining appropriate courses of action to reduce the possible significant impact of risks on the enterprise;
• developing action plans or steps to neutralize the impact of any risk that needs to be mitigated;
• maintaining continuous monitoring of the occurrence of risks with a negligible degree of impact at the present time, which may change over time;
• production and dissemination of reliable and timely information;
• facilitating communication between all program stakeholders.

The risk management process will be carried out in a flexible manner, taking into account the circumstances in which each risk occurs. The main risk management strategy is designed to identify the critical areas of risk events, both technical and non-technical, and take the necessary measures in advance to deal with them before they have a significant impact on the enterprise, causing serious costs, reducing product quality or productivity.

Let us consider in more detail the functional elements that are components of the risk management process: identification (detection), analysis, planning and response, as well as monitoring and management. Each functional element will be discussed below.

1. Identification

• Data review (i.e. earned value, critical path analysis, integrated scheduling, Monte Carlo analysis, budgeting, defect analysis and trend analysis, etc.);
• Consideration of submitted risk identification forms;
• Conducting and assessing risk using brainstorming, individual or group peer review
• Holding independent evaluation identified risks
• Enter the risk in the risk register

1. Risk identification/analysis of tools and methods to be used include:

• Interview methods for determining risk
• Fault tree analysis
• Historical data
• Lessons learned
• Risk Accounting - Checklist
• Individual or group judgment of experts
• Detailed work breakdown structure analysis, resource exploration and scheduling

1. Analysis

• Conducting a probability assessment - each risk will be assigned a high, medium or low level of probability of occurrence
• Creation of risk categories – identified risks should be associated with one or more of the following risk categories (e.g. cost, timing, technical, software, process, etc.)
• Assess the impact of risks - evaluate the impact of each risk depending on the identified risk categories
• Determining Risk Severity - assign probabilities and rating impacts in each of the risk categories
• Determine when the risk event is likely to occur

1. Planning and response

• risk priorities
• Risk Analysis
• Appoint a person responsible for the occurrence of the risk
• Determine an appropriate risk management strategy
• Develop an appropriate risk response plan
• Make an overview of priorities and determine its level in reporting

1. Supervision and control

• Define reporting formats
• Define review form and frequency of occurrence for all risk classes
• Risk report based on triggers and categories
• Conducting a risk assessment
• Submission of monthly risk reports

For effective risk management at the enterprise, we consider it expedient to create a risk management department. The main responsibilities of this structural unit, including for personnel and other users (including employees, consultants and contractors), in order to successfully implement the risk management strategy and processes are given in Table. one.

Table 1 — Risk Management Department Roles and Responsibilities

Roles	Assigned duties
Program Director (DP)	oversight of risk management activities. Risk monitoring and risk response plans. Approval of the decision to finance risk response plans. Monitoring management decisions.
Project Manager	assisting in the control of risk management activities Assistance in creating organizational authority for all risk management activities. Timely response to funding risk.
employee	facilitating the implementation of risk management (the employee is not responsible for the identification of risks, or the success individual plans risk response). The need to encourage a proactive decision-making stance in determining appropriate risk responses for risk owners and department managers. Stakeholder administration and commitment, risk management process Ensuring regular coordination and exchange of information on risk between all stakeholders, Management of risks in the registered risk register (database). Development of knowledge of personnel and contractors in the field of risk management activities.
Secretary	the functions of the secretary are performed by an employee of the risk department or they alternate between all employees. Features include: Planning and coordinating meetings; Preparing meeting agenda, risk assessment packages, and meeting minutes. Get and track the status of proposed risk types. Performing an initial assessment of the proposed types of risk to determine the most important. Expert subject area risk analysis at the request of the Chairman of the Board of Directors. Facilitate analysis by members of the Board of Directors who will decide whether risk mitigation is necessary. Regular coordination and communication of risk information exchange with all stakeholders,
Department Director (DO)	appointment of risk owners in their area of ​​responsibility and / or competence. Active promotion of employees Tracking the integration of risk management efforts of responsible persons in their areas of responsibility. Selecting and approving a risk response strategy. This includes approving resources (e.g. owner risk) for further risk analysis and/or drawing up a more detailed risk response plan if necessary. Approval of all tasks. Assign resources to the risk management response contained in the detailed plan.
Individual member of the Office of Management (OMP) program	identification of risks. Access to risk management data Identification of possible risks from the data using a standard form of identification if necessary Drawing up and implementing a risk response plan Determination of the time and all costs associated with the implementation of the risk response plan
Risk owner / Responsible person	attending meetings of the risk management department. Review and/or provision of relevant data, e.g. critical path analysis, project management/data support tools, defect analysis, auditing, and the possibility of adverse trends Participation in the development of response plans Risk status report and effectiveness of risk response plans Work to identify means of responding to risks through any additional or residual risk.
Integrated Brigade (KB)	identification and provision of information on the risks that may arise as a result of the CB's activities. Participation in the planning of any risk in accordance with this program. Such planning requires coordination with the risk management department, who, acting as a guide, can help acquire resources to respond to risks. Report on the progress and results of the risk response.
Quality control	control and review of the RCM when updating or changing the plan Commitment to maintain the quality of documentation practices and risk management processes

Risk management functions consist in organizing interaction with existing divisions organizational structure. CPIs are formed for functional areas that are critical to the successful implementation of the objectives. All functional departments or business processes not covered by the CU are assessed and reviewed by the DP, PM, and employees to ensure adequate behavior in relation to the occurrence of risk. Risk identification is the process of identifying which events can affect the operations of an enterprise and documenting their characteristics. It is important to note that risk identification is an iterative process. The first iteration is a pre-assessment and risk check of the team, as needed, with a risk ID. The second iteration includes presentation, review and discussion. The risk management process includes three separate risk characterization steps: identification, assessment and adjustment, and confirmation.

A graphical representation of the risk identification process is shown in fig. 2.

Rice. 2. Structural scheme risk identification algorithm

As a result of its implementation, a set of measures can be developed to assess the operational risks of an enterprise, an integral risk, the quantitative assessment of which is based on complex analysis financial and financial statements, and carrying out an assessment of the integral risk based on all levels of responsibility of the enterprise.

Conclusion

Risk management at chemical enterprises must be carried out within the framework of systemic and process approaches, taking into account the specifics of the industry, using modern effective management methods and production organizations, as well as using risk management tools. The risk management system for the activities of a chemical enterprise must necessarily take into account the safety requirements established by government bodies authorities, and ensure the safety and health of personnel involved in hazardous technological object. For the purpose of effective risk management of an enterprise, an integral risk management system is needed, which consists in an integrated approach to assessing the maximum number of risk factors for an enterprise's activities carried out in a dynamic economic environment. The author believes that the development of the above set of measures will be accompanied by an increase in the level of management and risk assessment in industrial organizations.

Introduction…….……………………………………………………………………

Chapter 1. Theoretical aspects risk management ...............................

1.1. Essence, content and .............................................. .................................

1.2. Techniques and methods of risk management .............................................. .........

1.3. The process of risk management at the enterprise ..............................................

Chapter 2. Risks in the activities of the Company (on the example of OJSC Megafon.)…………………………………………………………………..

2.1. General characteristics of the enterprise ............................................... ...........

2.2. Analysis of the business environment and the enterprise market ..............................................

2.3. Analysis of entrepreneurial risks in the Megafon Company ..........

2.4. Legal support of the project .............................................. ....................

Chapter 3. Proposals for improving the risk management system at the enterprise ............................................. ...............................................

3.1. Ways to minimize the risks of an enterprise in the market ...............................................

3.2. Improving risk management technology through the creation of a program of targeted risk management activities ..............................................

3.3. Economic justification of the proposed measures ..............................

3.4. Computer support of the project .............................................................. ......

Conclusion................................................. ................................................. ..

List of references .............................................................................. .........

Applications

Introduction

In a market economy, producers, sellers, buyers act independently in a competitive environment, that is, at their own peril and risk. Their financial future is therefore unpredictable and little predictable. Risk is inherent in any form of human activity, which is associated with a variety of conditions and factors that affect the positive outcome of people's decisions.

There is no business without risk. The highest profit, as a rule, is brought by market operations with increased risk. However, everything needs a measure. The risk must be calculated up to the maximum allowable limit. As you know, all market estimates are multivariate. It is important not to be afraid of mistakes in your market activities, since no one is immune from them, and most importantly, do not repeat mistakes, constantly adjust the system of actions from the standpoint of maximum profit. Historical experience shows that the risk of not getting the intended results is especially evident in the generality of commodity-money relations, the competition of participants in economic turnover. Therefore, with the emergence and development of capitalist relations, various theories of risk appear, and the classics economic theory pay great attention to the study of risk problems in economic activity.

The manager is designed to provide additional opportunities to mitigate sharp turns in the market. The main goal of management, especially for the conditions of today's Russia, is to ensure that in the worst case scenario, we can only talk about a certain decrease in profits, but in no case there was a question of bankruptcy. Therefore, special attention is paid to continuous improvement of risk management and risk management. Risk management is a system for assessing risk, managing risk and financial relationships that arise in the course of a business.

The degree and magnitude of risk can actually be influenced through the financial mechanism, which is carried out with the help of strategy and financial management techniques. This kind of risk management mechanism is risk management. Risk management is based on the organization of work to identify and reduce risk.

Risk can be managed using a variety of measures that allow predicting the onset of a risk event to a certain extent and taking timely measures to reduce the degree of risk.

Problem consists in the fact that the uncertainty of the economic situation, the uncertainty of conditions, changes in the political and economic situation and prospects force the entrepreneur to take the risk of these conditions. The greater the uncertainty of the economic situation when making a decision, the higher the degree of risk. It follows that urgency of the problem is that, regardless of the stability of the socio-political and economic situation, changes in the external and internal environment activities of any organization leads to the emergence of risks that must be managed in order to successfully achieve goals.

aim graduation project is the analysis of the risk management system in the activities of the enterprise and the development of methods for their minimization.

The goal set predetermined the formulation and solution of a number of interrelated tasks:

Consider the existing concept of risks, the reasons for its occurrence;

Research market activity enterprises;

Analyze business environment enterprises;

Identify the main risks of the enterprise;

Propose measures to minimize the risks of the enterprise;

An object research - JSC "Megafon"

Subject research - the process of risk management in the company.

The structure of the diploma project consists of an introduction, three chapters, a conclusion, a list of references and applications.

The first chapter presents the definition of risk in theory and practice, its causes and classification. In the second - the main indicators of the production and economic activity of the enterprise and the nature of the risks in the work of the enterprise are considered. The third chapter examines the main activities of the enterprise, the methods used to minimize risk and improve the risk management system at the enterprise.

When writing the graduation project, the methods of risk management, forecasting the results of activities, modeling based on such developments of domestic economists as Chernova G.V. were used. and Kudryavtseva A.A., Fomicheva A.N., Stoyanova E.G., Lapusta M.G. and foreign scientists Barton T, Shenkir U. and others.

practical significance graduation project is to identify the impact of risks on the activities of the enterprise, coordinated and systematic risk management in the company OJSC "Megafon" (Kaluga).

ChapterI. Theoretical aspects of risk management

1.1 Nature, content and types of risks

Risk is an action (act, deed) performed under conditions of choice (in a situation of choice in the hope of a happy outcome), when in case of failure there is an opportunity (degree of danger) to be in a worse position than before the choice (than in case of failure to perform this action ).

By their nature, risk is divided into three types:

1. When at the disposal of the subject, making a choice from several alternatives, there are objective probabilities of obtaining the intended result. These are probabilities that do not directly depend on the given firm: the level of inflation, competition, statistical studies, etc.

2. When the probabilities of the expected result can be obtained only on the basis of subjective assessments, i.e. the subject deals with subjective probabilities. Subjective probabilities directly characterize a given firm: production potential, level of subject and technological specialization, labor organization, etc.

3. When the subject, in the process of choosing and implementing an alternative, has both objective and subjective probabilities.

Thanks to these modifications of risk, the subject makes a choice and strives to realize it. As a result, the risk exists both at the stage of choosing a solution and at the stage of its implementation.

More fully, risk is defined as an activity associated with overcoming uncertainty in a situation of inevitable choice, during which it is possible to quantitatively and qualitatively assess the likelihood of achieving the intended result, failure and deviation from the goal.

From the last definition, it is possible to single out the main elements that will constitute the essence of the concept of "risk".

1. The possibility of deviation from the intended goal for which the chosen alternative was carried out (deviations of both negative and positive properties).

2. Probability of achieving the desired result.

3. Lack of confidence in achieving the goal.

4. The possibility of material, moral and other losses associated with the implementation of the alternative chosen under conditions of uncertainty.

Acceptance of a project associated with risk involves the identification and comparison of possible losses, income. If the risk is not supported by calculations, then it mostly ends in failure and is accompanied by certain losses. To cope with the negative phenomena associated with risk, it is necessary to identify: the main features and sources of its occurrence, its most important types, the acceptable level of risk, risk measurement methods, risk reduction methods.

The main features of risk are: inconsistency, alternativeness and uncertainty.

Such a feature as inconsistency in risk leads to a collision of objectively existing risky actions with their subjective assessment. Since, along with initiatives, innovative ideas, the introduction of new promising activities that accelerate technological progress and affect public opinion and the spiritual atmosphere of society, there are conservatism, dogmatism, subjectivism, etc.

Alternative implies the need to choose from two or more options decisions, directions, actions. If there is no choice, then there is no risky situation, and, consequently, no risk.

Uncertainty is the incompleteness or inaccuracy of information about the conditions for the implementation of the project (solution). The existence of risk is directly related to the presence of uncertainty, which is heterogeneous in form and content.

According to the source of occurrence, the risk is qualified as an economic activity associated with the personality of a person and due to natural factors.

The result of risk management is a guarantee of the quality of your products, compliance with regulatory requirements, obtaining stable profits, and therefore a guarantee of our stability.

Risk management arises when there is a need to make complex decisions. It is necessary to assess the risks at the stages of product development, when studying the feasibility of making changes, when investigating deviations, to organize the workspace or when deciding whether it is possible to combine the production scheme of different drugs, etc., that is, where there is, the problem of choosing from several options and there are no unambiguous regulatory requirements.

The risk management process is the source of requirements. The rules are a program to minimize the known risks associated with production. Prevention of cross-contamination, mix-ups or substitutions, hygiene rules and allowing personnel to work independently, the choice of a quality control strategy and the maintenance of a quality system are just a few classic examples from the field of risk management.

Many managers believe that they see the big picture of their processes and intuitively feel the risks to product quality. Professional, talented managers have amazing intuition, but it is not innate. It is gently developed and strengthened using a risk management methodology. Intuition is a subconscious analysis of various options for the development of certain events. Good intuition is a “spontaneous” risk assessment in the head of a single person: “what can happen?”, “if it happens, what will be the consequences?” and “what could cause this to happen”? And the conscious application of the risk management process is an objective corporate culture, weakly dependent on subjective factors. Moreover, it is a replicable and easily distributed technology.

Identification of quality risks and their assessment by themselves do not bring results. The result of risk management is the selection and implementation of a strategy for controlling significant risks. The task is to make the right, balanced decisions. Perhaps risky, but conscious.

Risks to product quality are risks to the consumer. Security is based on modern approaches to risk management. The only way to ensure safety is to implement an effective quality risk management system. This is an element of social responsibility. Safety does not mean the absence of danger. A safe state is when the manufacturer is confident about what dangerous events can occur and what impact they will have on the quality of work, products and, as a result, on the consumer. Security lies not in bans, locks and barbed wire, but in the development of effective procedures designed to ensure this security. If there is no way to prevent the danger, then at least there is an opportunity to prepare, to think in advance about measures to prevent and overcome their consequences.

Hazards are measured by risks. Risks vary in importance. In order to understand which risks require special attention, it is necessary to adequately assess them. Without studying the nature of possible risks, without determining the amount of missing information, there is no way to understand why this or that risk can be realized, and, accordingly, it is unlikely that it will be possible to reduce the likelihood of its occurrence. Risks need to be managed systematically and professionally. It is inalienable and necessary competence any leader at any level in any enterprise.

Risk management is just a catchy name and an incredibly harmful technology that can only be used by armchair people. The personnel of any department can be divided into two categories: managers and performers. Performers perform work based on established requirements. Managers establish requirements for the performance of such work, taking into account legislative norms, prescribe algorithms and create conditions, subsequently controlling the quality of their performance. In most cases, the contractor does not need a risk assessment. Leaders need it. It is needed where and when they are forced to make important and complex decisions in conditions of uncertainty, for example: there are no legal requirements or these requirements are set out without specific algorithms for their implementation, or there are several implementation options and there is no certainty which option to choose. Managers are responsible not only for the results of their work, but also for the results of the work of the performer. The higher the uncertainty caused by the uncertainty, the higher the responsibility for the consequences of the implementation of the decision. Based on how the manager manages risks, one can draw a conclusion about his professionalism. If the leader skillfully applies this methodology, he comes across as a person of insight, with remarkable logic and intuition. It is these qualities that the technology of risk management develops. In addition, such a leader understands the causal relationship that the mistake of the performer is often caused by the negligence of his leader, which manifests itself in the fact that he did not fully assess all possible threats.

Often we find ourselves in situations where it is difficult or scary to make a decision, when there is a feeling of uncertainty and unpredictability about how our decision will affect the quality of the product, and therefore the safety of the client. And then it may seem that risks are something that does not depend on us. Or vice versa, it is presumptuous to rely on the fact that the risk is completely excluded, but this is not so. Any deviation, malfunction engineering system or equipment, a claim received, a signal is a realized risk. You can not register deviations and problems that arise, thereby confirming the reliability of your processes, but this is a farce, there are and will be risks. The main thing is to see the threats in time and calculate the “unforeseen circumstances” under which they can be realized, to understand what can be done to prevent this from happening and what to do if it does happen. Do your best and be ready for any development of events.

If you are in a difficult situation, you need to understand the possible threats and their consequences, calculate in advance how to act in a given development of events, and be prepared for anything. Risk management improves predictability and certainty. It's an honestly earned feeling of confidence. This is certainly an approach that provides sufficient consumer protection, which, in turn, does not interfere with profits and does not slow down the development of the enterprise.

The basic principles of quality risk management are set out in the guidelines. The need for risk management is stated in various guidelines issued by regulatory agencies, professional societies (eg ISPE, PDA, IEST) and healthcare organizations around the world. The proposed methodology is based on the knowledge and experience gained in different countries. The risk management process model presented in the guidelines is easy to apply and, most importantly, oriented towards practical use.

In risk management, as in any technology, there are enough nuances and details. For its correct use, it is necessary to create internal standards and procedures, train managers and involved experts, and constantly monitor the quality of the assessment.

Attempts to exclude risk management technology from effective decision making are unacceptable. Risk assessment should be based on modern scientific achievements, on known facts and taking into account the accumulated experimental base, etc.

All gaps in knowledge and data should be assigned to a separate category of risk, the so-called "missing information". It is also impossible to elevate the risk management methodology to the status of a “regulatory requirement”. Decision-making techniques, by definition, cannot be a regulatory requirement. Risk management is not intended to circumvent regulatory requirements in the same way that risk management is not a direct regulatory requirement. The rules declare the need for risk management only to emphasize their paramount importance and their relationship with the quality system and the rules of good manufacturing and quality control. The need for risk assessment arises in the following situations:

• If during the investigation of the deviation it is not possible to establish the true cause of its occurrence (Part 1, 1.4 (xiv)). In such a situation, it is necessary to select the most probable cause using deductive or inductive risk management methods.
• To establish a cross-contamination prevention program (Part 1, 5.18, 5.19).
• When organizing packaging processes (Part 1, 5.44).
• When making decisions on the possibility of processing or reprocessing substandard products (Part 1, 5.62, 5.63).
• When deciding on the possibility of resuming the turnover of all or part of the returned products (Part 1, 5.65).
• When justifying the scope of validation work (Appendix 15).

When there is a need to make complex decisions that do not conflict with regulatory requirements, the successful functioning and survival of the enterprise depend on the effectiveness of managerial decisions made by the manager. It is also necessary to take into account the fact that, in addition to the obvious advantages, the risk management process has serious disadvantages:

Advantages:

- Increasing confidence in decisions
- Elimination of conflict of interest
- Preservation of knowledge and logic of decisions made
- Informal knowledge transfer process
- Improving performance discipline

Flaws:

- Big waste of time
- Distraction of specialists from direct routine duties
- Making shallow decisions
- Mind manipulation
- Self-deception

The statement of the problem - to exclude only the risks that are indicated in the regulatory documents is not correct. Regulatory documents are a kind of average perception of known risks. Each production has its own specifics, its own processes, and regulatory requirements do not take it into account.

It is also not necessary to manage all the risks. No need to strive for total control. It is necessary to identify the most dangerous risks and develop adequate and timely measures to manage them. Even not the largest assessment can identify dozens, even hundreds, of a wide variety of risks. Such a number of risks can confuse any specialist, since it is not clear what to do with them and what to take on in the first place. Of course, eliminating all risks is good, but most often it is impossible to do this. Our resources, like cash, are always limited, so we are forced to choose priorities. Intuitively, some risks require priority decisions, while some are not of interest to us at all. To determine priority actions, it is necessary to establish the elements of risk - the level of its impact and the likelihood of implementation. If the hazard is realized, it can have different effects, which largely determine the severity of the risk. Just as an assessment of the likelihood of a particular negative event can tell us a lot. Knowing how likely a particular hazard may be to occur predetermines the perception of safety.

By definition, risk is a combination of the likelihood of a particular hazard occurring and the severity of the harm it causes. By using two risk assessment criteria, we are not talking about risk averaging. Probability is taken into account in order to cut off incredible, unrealistic events.Given the likelihood, priorities are placed based on the level of their impact. The axiom of risk management is that the severity of the harm takes precedence over the likelihood.

Consider an example, with an aircraft using a five-point scale (from 1 to 5), an error can be considered an incorrect gradation of risk when using a quantitative assessment:

Non-hazardous event- late arrival of the aircraft (harm severity equal to 1), but often repeated (probability equal to 5).

dangerous event- plane crash (harm severity is 5), but extremely rare (probability is 1).

Multiplying the weight coefficients gives the same number 5, but does not equalize their significance. The first event is a minor risk, and the second event can be ranked as a significant risk (due to the fact that the severity of harm exceeds a certain threshold, for example, 2), and therefore will require close attention and the development of a program to control such a risk, ensuring constant monitoring its effectiveness. A risk control program can range from a single action to a single comprehensive plan.

The introduction of the risk management process into the daily life of an enterprise does not require investments and does not imply the introduction of any complex systems and models. It is enough to take a few steps, only five.

First step- it is necessary to see and clearly define the dangers (threats). Often this is done unconsciously - empirically. This is not enough. To fully define the risks means to take into account all its parameters.

Second step- you need to learn how to create risk profiles, that is, systematically determine all the risks inherent in the object of our assessment. This is what is called a risk assessment protocol. There should be a document in which all risks are identified. It is important to manage risks "pointwise".

A task third step in determining which risks to deal with first. To do this, you need to be able to analyze risks, be able to prioritize.

For successful implementation fourth step you need to be able to select and implement strategies for managing significant risks. It is important to understand what specific actions need to be taken in order to gain more and / or lose less.

And finally fifth step- create an optimal "cushion" of safety, that is, develop an action plan in case a particular risk is realized. The task of this step is to be able to prepare for any development of events and always have a plan "B".

These are basic steps applicable in any situation, in any business and at any level of the enterprise hierarchy. The international standard ISO 31000 has found its application in most countries of the world.

Today, for the implementation of the risk management process in practice, a serious methodological base has been accumulated, which has been actively developed since the 1960s. More than 100 risk assessment methods are known. The ISO 31000 guidelines describe 31 methods, and there are many more in real life. However, this does not mean that each must be used. You need to choose those risk assessment tools that you can work with and that you will trust. The main thing is that they are understandable to you.

Conclusion.

To learn how to manage risks professionally, you need to "get your hands on it" and gain some experience - this requires effort and time. First to a greater extent, then to a lesser extent. The main thing is to start gradually introducing risk management technology into your work. To use it, there is absolutely no need to allocate some special day, wait for some event or mood. By managing risks, we ensure the quality of our work and, conversely, by ensuring quality, we manage risks. The result of risk management is a guarantee of the quality of your products, a guarantee of compliance with regulatory requirements, a guarantee of stable profits, and therefore a guarantee of our stability.

Making decisions of a managerial nature and their subsequent implementation is a set of measures for the implementation of the organization's risk management.

This management was created to control the likelihood of an unfavorable result, to reduce losses in the management process.

The main goal is to reduce and prevent the likelihood of risks in crisis management associated with economic activity organizations. Consider the organization of risk management in an enterprise.

Organization process

Main component crisis management is risk management in the organization in the process of developing and implementing the anti-crisis strategy of the enterprise. This is an economic event or an unforeseen change in the contract with a partner, the result of which is the occurrence of only neutral or negative consequences. The receipt of income becomes uncertain, and the probability of loss equity enterprises are increasing.

Management activities are directly related to risk situations in predicting the result and making managerial decisions in the current problem. In order to survive the crisis, organizations must actively respond to the danger, take appropriate measures to ensure the assessment of prioritization in management.

Risk is constantly changing under the influence of external and internal factors. Regardless of whether these changes occur in the business processes of the company itself, or directly in the industry.

A company with a strong strategy will periodically review its programs and risk maps, allowing management to respond to these changes as necessary. A well-functioning management system allows companies to consider and evaluate various opportunities, as well as create additional value by taking risks prudently.

By analyzing the situation and developing solutions, it is first established what types of situations the manager will encounter in the management process. Ways to conduct managerial work very much in risk management. AT comparative analysis hazards, there are several main steps in the risk management process.

Stage 1

Involves setting goals and sizing problems. Direct, here are numerous environmental issues, the required solutions in any environment of life. environment a person, the environment itself, the results of the enterprise and the interaction to create them or improve the situation. Mutually beneficial cooperation in the field of ecology itself is a separate issue here, which is the scale and long-term perspective. A wide range of participants determines the exact goals and objectives in this area.

Stage 2

It implies the choice of measures to reduce or prevent risks that would be aimed at their achievement. They are considered from the point of view of their technological and economic feasibility. Activities are selected based directly on these indicators, selection criteria. are taken into account in without fail deadlines, criteria social justice and the realism of the implementation, in accordance with which, further or planned interactions of the work departments are carried out.

Stage 3

Stages of risk management activities are created and analyzed, in the process of endless verification of their feasibility and effectiveness to achieve the set goals. The strategies of the management process itself are applied. In the course of the work itself, all proposed activities are analyzed to assess the benefits of using different strategies. As a result of the analysis, the most suitable and expedient, the most effective are selected. Group meetings are also held here. At the main stage, a wide range of stakeholders are involved in order to avoid a negative attitude on their part.

Stage 4

It implies the implementation of control over the implementation of various stages of work. Control methods depend directly on specific activities and goals. At each stage, the indicators of control and the tasks of the activities performed are analyzed. Monitoring is carried out over a certain period of time, monitoring the results of all aspects of the event and indicators of compliance with the scale.

In a number of Western countries, there has long been a transition to a model of comprehensive preventive measures based on the introduction of an occupational risk management system and the formation of economic incentives for employers to improve working conditions. It consists in the adoption of laws obliging employers themselves to conduct a risk assessment, to develop their own guidelines on the principles and methods of assessment, draw them up in the form of national standards.

Labor protection rules are subjected to a thorough audit, in particular, the existing system of labor safety standards and giving standards the status of regulatory legal acts.

The new labor system consists in the formation of the main mechanisms, methods and tools at the state level, with the help of which it is possible to objectively assess the existing risks, manage them and influence working conditions in the workplace.

In this area, large-scale studies of occupational risk and the creation of statistical base for further in-depth analysis. There are many goals, the main of which is the reduction of industrial risk indicators and labor safety. Occupational safety centers manage and implement the occupational risk management system at enterprises.

Financial Management Methods

Perhaps the most important component of bank management as a whole is interest rate risk management.

Interest rate risk is a factor that significantly affects the operation of a bank only in conditions of a stable economy, highly developed infrastructure and financial market and fierce competition.

Banks' interest in this type of risk has increased. Here there is a need to carry out complex calculations covering all possible sources of its occurrence, as well as an adequate response and correct measurement. The need to draw up a complete picture of the connections and relationships that are formed in the management of interest rate risks and apply all kinds of means of managing it. High-quality management of the enterprise, including risk management, is the condition for the stability and competitiveness of the bank.

Financial stability is the main component of the overall sustainability of the enterprise. This is his state financial resources, their redistribution and use, when provided, the development of the enterprise on the basis of its own profit and the growth of capital while maintaining its solvency and creditworthiness under conditions of an acceptable level of financial risk.

There are several types of risk and the maximum possible loss is calculated for this species risk. Then it is compared with the amount of capital of the enterprise at risk. Then the entire possible loss is compared with total volume own finances.

Methods of financial risk management is to reduce the losses associated with this risk to a minimum, assessed in turn and steps to prevent them. The risk management regulation balances these two assessments and plans how best to close a deal from a position of risk minimization.

Risk Management Toolbox

Risk reduction methods are management methods that affect certain aspects of the enterprise's activities. These methods fall into four groups:

• Risk avoidance- This is the most common organizational measure in practice in the management of an organization.
• Localization of dangers accurately determines the source of occurrence, predicting the dangers themselves. Here, a whole system of control of subsidiaries with risky projects using the potential of the parent company is triggered.
• Diversification is the distribution of risk between its participants and structural units.
• Compensation is related to planning, forecasting and monitoring of external environments for the implementation of hazard prevention mechanisms. As well as the creation of a system of reserves within the organization, training and instruction of its employees.

Uncertainty in project risk management exists in every project. They are predictable and not predictable. When implementing project management with a high degree of uncertainty, much attention is paid to the development and application of corporate risk management methods.

Proven methods and stages of risk management are applied, the specifics of projects and corporate management methods are taken into account. This process includes the implementation of procedures according to the risk reduction methodology.

The modern business world is dynamic. After two years of intertime (2014-2015), the features of a new reality are gradually emerging for the prospects for business development in Russia. Under the conditions of a shrinking market and a weak ruble, enterprises are forced to form and develop their export potential in every possible way, which will require additional management restructuring. In this regard, the risk management system, which one way or another will have to be created by enterprises, can become an attractive resource for investors and a success factor in foreign and domestic markets.

The essence of risk management

This article echoes the materials of the article on the topic of organizational aspects. Risk management is proposed to be understood as a set of targeted procedures for identifying, assessing and reducing risk to the values ​​​​set by the strategic choice, which involves a multi-stage implementation process. The economic goal of management is to reduce or compensate for damage to the organization in the event of adverse consequences of decisions.

Under the conditions of uncertainty in the economic activity of an enterprise, risk management is a set of regulation of strategic, tactical, design and operational-production relations. An integrated approach has a number of advantages (the corresponding diagram is located below), and from the position of management functions, almost the entire arsenal of management tools is involved, including components of financial management, logistics, economics, accounting, sales, etc. The complex of procedures is aimed at:

• forecasting risk events and their identification;
• rationale for risk aversion;
• justification of risk acceptability;
• risk minimization using the available range of tools;
• elimination of the causes and consequences of risky events;
• adaptation of companies that survived the crisis period to new business conditions;
• bankruptcy protection.

Benefit Demonstration Scheme integrated approach to risk management

The uncertainty of activity is weakly correlated with the scale of activity. Indeed, regular management, which can be deployed on large enterprises, gives a significant "handicap" in comparison with empirical methods of management in small business. But, firstly, the cost of management increases dramatically, and secondly, the very number of risk factors becomes much larger. Therefore, it can be confidently stated that one of the conditions for the success of the activity is the implementation by the management of the business, regardless of its size, of anti-risk measures. Another question is how systematic is risk management?

The objects of management are the actual risk, economic relations accompanying probable adverse events and risky investments. The subjects of management can be considered both in the broad and in the narrow sense of the word. From a common position, they are all members of the organization's team, including managers and employees. In a narrow sense, subjects are specially authorized managers, employees and divisions of the company. The goals and objectives of risk management are related to the stages of business development and its passage through the stages of the life cycle. The scheme for changing the composition of management objectives at the stages of the organization's activities and the tasks corresponding to them are shown in the diagram below.

Dynamics of goals and composition of risk management tasks by stages of company development

The concept and content of risk management systems

The risk management system (RMS) as a set of interrelated elements, on the one hand, contains two subsystems: managing and managed. In addition, the RMS is a component of a higher-ranking system - corporate management and is guided by the requirements of the organization's strategy. On the other hand, the system includes a technological complex of management and a complex of organizational tools and structures. Pay attention to the scheme "Buildings of the RMS" presented below. It displays the main elements of the risk management system.

Scheme "Building RMS" in the relationship of technological and organizational aspects

The enterprise risk management system is an element of the internal control and risk management mechanism, which is part of the corporate governance, a technological tool and tools that ensure the effectiveness of risk management. This system provides organizational prerequisites, principles, and structures for designing, implementing, and improving an organization's risk management business processes. Thus, the RMS creates an infrastructure for risk management on a regular basis.

Ensuring the minimization of the level of uncertainty regarding the achievability of the tasks set for management, the development and practical development of risk management processes is the main goal of the RMS. Under the specified tasks, the results to be achieved according to the development strategy are considered in the programs of the tactical and operational levels. The RMS serves the regulated management of assessed risks, as well as maintaining the integral risk of the company at the level of the preferred acceptable risk. The scheme of interrelation of integral risk management with stakeholders is placed below.

Conflict resolution scheme for business leaders through integral risk management

The risk management system, especially in large companies, is called the corporate risk management system (CRMS). In addition to simply expanding the abbreviation, this, as a rule, entails increased requirements for the level of regulation of activities within the system. From the position of solving the main tasks in the CRMS, the following stages are sequentially performed.

1. RMS diagnostics at the level of business units and the entire company.
2. Development of the main structures of the CRMS (organizational, informational, financial, etc.).
3. Creation of regulatory and methodological support for the CRMS.
4. Structuring databases according to identified risks and risk events that have taken place.
5. Development of mechanisms for monitoring and reporting on emerging events.
6. Identification, identification and assessment of risks, drawing up a plan for their minimization and compensation.
7. Formation of a risk map.
8. Integration of the map update procedure into the business planning process.
9. Analysis and assessment of the facts of response to risk events.

Specifics of risk management standardization

Risk management systems at domestic enterprises are built on the basis of Western standards that are rather poorly adapted to our realities. I do not consider here the experience of banks and insurance companies. It seems that in this sector of the economy the point of no return has been passed and the pace of development of risk management and the RMS supporting them can be considered satisfactory. Interested in what Russian companies can rely on, primarily in the manufacturing sector, in order to quickly increase their risk management potential? To do this, you need to touch on the history of the development of a systematic approach to risk management in the world and in our country.

Diagram of the world history of the development of standards in the field of risk management

Composition of current national and international standards in risk management

Above is a diagram of the history of standardization and the composition of existing standards in the field of risk management in the world. Obviously, in order to Russian enterprise satisfies the needs of investors and inspires confidence in the international arena, the approach to building CRMS should be at least close to world standards. And to meet the demands of the exchange trading floors, international and Russian corporate legislation, the system itself must be transparent and understandable for a competent stakeholder.

The COSO ERM risk management model is not a standard and is a deep methodological development. Therefore, the COSO cube is difficult to ignore and not emphasize its main postulates. Below are two diagrams that give an overview of this concept. In the model:

• defines the basic concepts of the internal control system;
• the main components of the risk management process are described in detail;
• an integrated risk management model is presented in a cubic visual form;
• developed the principles of this management system;
• the functions and responsibilities of participants in the risk management process are formulated;
• the management process itself is described;
• recommendations were given to external and internal stakeholders in ensuring the successful functioning of the RMS in companies.

Key Components of the COSO ERM Risk Management Model

The company always remains face to face with its risks and defends itself from threats and the consequences of their implementation at internal borders. Regulators also have their place on the "far approaches to the front of the fighting." And the support of regulators, of course, is necessary for business. Another thing is that domestic standards are "tracing paper" from Western counterparts. At the same time, it should be understood that the actual practice of the general mass of firms in developed countries has gone far ahead due to a longer history and a different level of managerial culture. However, as a basis, the resources provided by the regulators are useful for starting the implementation of the CRMS.

Scheme of the composition of regulators that determine the requirements for the RMS

Algorithm for building CRMS in a company

You and I remember the axiom that management and its components are connected with the company's strategy. It defines the principles of management activities and the main focus points. The specifics of risk management is that the local risk management strategy undergoes a major adjustment in the middle of the management process. To build a RMS, the company's experience in the practical application of financial and economic theory, tax and civil law, external regulatory assets and standards is important.

Internal and external pillars of building RMS in the company

Building a risk management system according to the model proposed below is based on the experience of Russian companies with a focus on the COSO methodology. This model implies the following steps of the algorithm.

1. Analysis of the environment. First of all, they analyze the elements of the external environment (the activities of the Central Bank of the Russian Federation, the State Duma, the Ministry of Finance, the Federal Tax Service, etc.), the business environment, market conditions, resources entrepreneurial activity. All this creates external factors risk.
2. Establishing customer risk management processes. The success of the implementation of the CRMS depends on this. Very often in Russian companies the customer is the financial service, which is associated with the dominant role of financial risks in the functioning of the company. In some cases, the customer is CEO, and is especially valuable if his undertakings are supported by the position of the main shareholders.
3. Determination of the organizational structure of the control subsystem. The system can be managed by a dedicated specialist or manager separate subdivision, which coordinates various areas: risky investments, insurance operations, venture investments. This organizational structure is called the concentrated model. The second variant of RMS organization can be a distributed risk management model.
4. Development of regulatory documentation of the system: risk management policies, provisions (concepts) for risk management, risk declarations. The policy serves as the main document of the CRMS, it is in public access on the corporate portal.
5. Development and adjustment of the corporate risk map. Here, measures are cyclically implemented to identify, identify and assess the risks of the company.
6. Development of a risk management strategy. In the strategy, in addition to the principles of choosing methods for dealing with risks, mechanisms for their financing, special place are occupied by the performance indicators of the RMS and the distribution of areas of responsibility between management company and business units.
7. The actual implementation of the risk minimization and compensation program.
8. Development of an operational risk management process.
9. Regular audit of the CRMS.
10. Implementation of procedures for informing about changes in the CRMS.
11. Creation and development of control and monitoring systems.
12. Implementation of procedures for saving and archiving information generated in the system.

RMS Implementation Principles

The principles of the functioning of the RMS in the company also determine the processes of its implementation and development. These principles are subject to compliance by managers responsible for the implementation of the system procedures by specialists and all employees of the company.

1. The principle of goal orientation. The goals are written in the company's strategic documents: in development strategies, strategic action plan, corporate cards, business plans.
2. The principle of balancing risks and profits. The RMS should promote a balance between risk and profitability (profitability) of the business, taking into account the requirements of legislative acts and the provisions of internal regulations.
3. The principle of accounting for uncertainty. Uncertainty is present in any business activity and is an integral part of the decisions made in the company. RMS serves to systematize information about the sources (factors) of uncertainty and helps to reduce it.
4. The principle of system. A systematic approach allows you to timely and fully identify, identify and assess risks, reduce them Negative consequences or offset the impact on results of operations.
5. The principle of quality information. RMS requires timely, secure and accurate information to function. When making decisions, however, it is necessary to take into account the limitations and assumptions of the sources of information, the possible subjectivity of the position of experts and the peculiarities of the methods used for assessing and modeling risk situations.
6. The principle of assigning responsibility for risk management. The concept of "risk owner" is introduced, this status is assigned to one of the company's managers. He is given responsibility for the appropriate management procedures within the given powers and functional composition.
7. The principle of efficiency. The RMS should provide a reasonable and economically justified combination of management effectiveness and costs for its organization and production.
8. The principle of continuity. The RMS operates in conditions of regularity (cyclicity) of the main processes and their continuity. The processes of the system originate at the time of the development of the company's strategy and cover all areas of its activity.
9. The principle of integration. The decision-making system at all levels of management should include the subject area of ​​RMS. Decisions are developed and approved taking into account the circumstances and the likelihood of adverse consequences associated with their adoption.
10. The principle of expansion. RMS involves the identification, assessment and settlement of all possible threats to activities, not limited to financial and insured risks. According to the last three principles, the schemes of their main elements are presented below.

Composition of procedures of the RMS continuity principle

Scheme of the main elements of the RMS expansion principle

Assessment of the company for risk management

What should a company do if it is only thinking about implementing RMS or if elements of the system are already present, but it is not clear how and in what direction to move on? Experts recommend in this case to analyze the risk management system at the enterprise in order to determine its strengths and weak sides and ways of further development.

It would be very useful for current and potential stakeholders in the company's activities and in investing in it to learn about the real state of affairs from the position of regular risk management. In 2015, the KPMG consulting group conducted a study “Risk Management Practices in Russia”, in which 48 respondents were asked about RMS diagnostics. The results of the answers are presented in the diagram below.

Results of a survey of 48 Russian companies on the diagnosis of SUR.