Management of risks in the organization briefly. Enterprise risk management. Legal risk management

The activity of any enterprise is inextricably linked with the concept of “risk”: the bank in which you keep your money may go bankrupt, the business partner with whom the transaction was concluded may turn out to be dishonest, and the employee hired may be incompetent. Do not forget about natural disasters, computer viruses, economic crises and other phenomena that can damage the company. However, risks can be managed in the same way as the production or procurement of materials.

In order for a company to make informed decisions in the face of uncertainty, it must develop a risk management policy. It should be regulated by a special internal document - a risk management program. It usually includes the following sections:

definition of the concept of "risk", adopted at the enterprise;
risk management objectives;
classification and detailed description of the main types of risks that the company may face;
risk management system.

The risk management policy must be approved and accepted by senior management or shareholders. Let's take a closer look at each section of this document.

Definition of "risk"

Each financial manager has his own idea of risk, methods for assessing it and ways to determine its size. In the explanatory dictionary of the Russian language S. Ozhegov, it is defined as “a possible danger; action at random in the hope of a happy outcome.

Personal opinion
Yuri Kostin,

Risk is the inability to predict the occurrence of an event and its consequences.

It should be noted that the concept is interpreted differently depending on the scope of its circulation. For mathematicians, risk is a function of the distribution of a random variable, for insurers it is the object of insurance, the amount of possible insurance compensation associated with the object of insurance. For investors, this is the uncertainty associated with the value of investments at the end of the period, the probability of not reaching the goal, etc.

Goals of risk management

Depending on the field of activity, business environment, development strategy and other factors, a company may face various types of risks. Nevertheless, there are common goals, the achievement of which should be promoted by an effectively organized process of managing them.

As a rule, the main goal pursued by companies when creating a risk management system is to increase operational efficiency, reduce losses and maximize income. According to Yuri Kostin, the main goal is the most efficient use of capital and obtaining maximum income. Director of the Russian Institute of Directors 1 Igor Belikov believes that one of the main goals is to increase the sustainability of the company's development, reduce the likelihood of losing part or all of the company's value.

How does the presence of a risk management system affect the company's lending conditions?
Alexander Brychkin, Deputy Head of the Credit Department of JSCB Evrofinance (Moscow)
The presence of the system is undoubtedly taken into account when considering the issue of granting him a loan, but affects the interest rate indirectly, through an assessment of the results of this system.
To assess the effectiveness of the system, the bank analyzes, in particular, the following aspects of the activities of a potential borrower:
. the total number of suppliers and buyers, the ability to switch to work with other counterparties, the level of diversification of purchases and sales;
. credit policy of the enterprise, including the level of overdue receivables;
. potential impact of changes in exchange rates on financial condition and results of the borrower;
. the availability of insurance covering the risks of loss or damage to the property of the enterprise or others, the amount of such insurance;
. riskiness of financial investments of the enterprise;
. the borrower's inventory management policy.
All these factors affect the level of credit risk. Accordingly, the more effective the control system, the less credit risk bank and the lower may be the interest rate on the loan.

Classification of the main types of risk

To achieve the above goals, it is necessary to disclose in detail the essence of the main types of risk faced by the organization. The author proposes the following classification: credit, market, liquidity risks, operational, legal.

Credit risk

They mean the probable losses associated with the refusal or inability of the counterparty to fully or partially fulfill its credit obligations. By trusting someone with its funds, the organization assumes credit risk. For example, the buyer may default on payment for goods after they have been delivered to him. The amount of damage as a result of a risk event is determined as the value of all uncovered obligations of the counterparty to the company in monetary terms, including possible costs associated with the return of his debt.

Market risks

They characterize the possible losses resulting from changes in market conditions. They are associated with fluctuations in prices on commodity markets and exchange rates, exchange rates on stock markets, etc. For example, a company entered into an agreement to supply goods to a buyer after a certain time and fixed the delivery price in the agreement. When the deadline for fulfilling obligations under the contract approached, the buyer refused to fulfill the terms of the transaction. By this time, the price on the market for this product had significantly decreased, as a result, due to the sale of goods at a lower price to another buyer, the company suffered losses.

Market risks are most exposed to volatile assets (commodities, cash, securities, etc.), since their value largely depends on prevailing market prices.

Liquidity risks

Liquidity risks - the possibility of a loss due to a lack of funds in the required time frame and, as a result, the company's inability to fulfill its obligations. The occurrence of such a risk event may result in fines, penalties, damages business reputation firms up to and including declaring it bankrupt. For example, an organization must pay off its accounts payable within two weeks, but due to a delay in payment for shipped products, it does not have cash. It is obvious that the creditors will impose penalties on the enterprise.

As a rule, liquidity risk occurs due to unprofessional management of cash flows, receivables and payables.

Operational risks

They mean potential losses of the company caused by errors or unprofessional (illegal) actions of personnel, as well as equipment failures. An example is the risk of producing defective products as a result of a violation technological process. According to the risk manager of RUSAL-UK Denis Kamyshev, The operational risks of an industrial organization should also include the so-called force majeure (for example, the impact of natural disasters).

The Basel Committee on Banking Supervision 2 characterizes operational risk as “the risk of direct or indirect loss due to inefficient or disrupted internal processes, people and systems”.

Legal risks

They represent possible losses as a result of changes in legislation, the tax system, etc. Legal risk may arise due to non-compliance of internal documents of the company (clients and counterparties) with existing legislative norms and requirements. For example, a transaction will be declared invalid if the contract between organizations is drawn up in violation of legal norms and rules.

Principles of managing various types of risks

General principles

Risk management begins with the identification and assessment of all possible threats that the company faces in the course of its activities. Then the search for alternatives is carried out, that is, less risky options for carrying out activities with the possibility of obtaining the same income are considered. At the same time, it is necessary to compare the costs of implementing a less risky transaction and the amount of risk that can be reduced. In other words, it should not happen that an organization avoids the risk of losing $100,000 by spending $200,000 on it.

Expert opinion

Yuri Kostin, Risk Manager of the Department of Corporate Finance of OAO Sibneft (Moscow)

In practice, there are many different risk classifications. In addition to credit, market, operational, legal and others, strategic and informational ones are often singled out.

Strategic risks are the risk of loss due to uncertainty arising from a company's long-term strategic decisions.

Information risks are understood as the probability of damage as a result of the loss of information significant for the company.

Once risks have been identified and assessed, management must decide whether to accept or avoid them. Acceptance implies that the company assumes responsibility for self-prevention and elimination of consequences. Management can also avoid risks, that is, either avoid the activities associated with them or insure them.

The decision to accept or decline largely depends on the strategy implemented by the company. According to the head of the risk management department of OJSC Magnitogorsk Iron and Steel Works Igor Tarasov,"Risk management is not so much the development of measures to counteract risk factors, but rather a change in the system of managerial decision-making in an organization."

Personal experience
Yuri Kostin

Most companies are looking to make risk management an ancillary function. The most common activities of a management unit are their identification and ranking. Less common is complex management, such as developing an enterprise strategy taking into account the risk-reward ratio.

Credit risk management

When managing credit risk, the company pre-determines the acceptable amount of losses that it can afford (loss limit). In the event that a particular transaction is characterized by the risk of losses, the amount of which exceeds the established limit, it is rejected. Thus, the organization regulates the level of risk on ongoing transactions.

It is assumed that the probability of default on the part of several buyers (borrowers) is quite low, therefore, the volume of losses per client is considered as the main indicator. In world practice, the maximum amount of credit risk per client varies between 15-25% of equity companies. Each organization chooses for itself this value depending on the attitude to risk. If the company has a large number of customers, then a transaction value limit is set, below which the company considers it inappropriate to manage risk.

After determining the maximum allowable amount of credit risk per customer, it is necessary to assess the probability of default by each customer. specific buyer(borrower) of its obligations. This can be done by analyzing internal factors that affect the creditworthiness of the client, such as the stability of cash flows, the amount of equity capital, credit history, quality of management, etc. The risk manager assigns a certain weight (an assessment of the significance of the indicator in percent) and a score (qualitative assessment) to each of the above factors. Based on the results of the credit analysis, a consolidated rating table is compiled, in which each counterparty is assigned a risk class (credit rating).

Example 1

All factors are divided into internal and external. The score of a group of factors is determined as the sum of the products of the factor scores and their weights. Thus, the score of qualitative factors is determined as follows: 8x0.25+4x0.15+1x0.5+3x0.2+5x0.15=4.2. At the same time, qualitative factors are assigned a weight of 55%.

Similarly, the score and weight of quantitative, sectoral and country factors are determined.

The final score is the sum of the assessments of external and internal factors.

The risk class is set on the basis of the calculated final score of the client. Each enterprise develops its own scale, in which the final score corresponds to a certain risk class. In the case under consideration, for the final score from 10 to 12 units corresponds to 4, from 12 to 14 - 5, etc.

Then, on the basis of each risk class, the amount of credit limits is determined, which can vary from the maximum possible to zero.

Thus, a certain limit size corresponds to a certain risk class. The higher the risk class, the lower the probability of default on the part of the buyer and the greater the credit limit will be set for him.

Personal experience

Andrey Novitsky, Risk Manager, Risk Management and Insurance Department, Aeroflot

The efficiency of credit risk management at Aeroflot is assessed based on two key indicators:

the ratio of the volume of losses from the ruin of agents to the proceeds received from the sale of air transportation agents (loss / profit);
the ratio of the credit risk assumed by the company to the revenue received from the sale by air transportation agents (risk/profit).

In this case, the dynamics of the risk / profit indicator shows the change in potential losses, loss / profit - actual.

Based on the strategy implemented in the market, the company determines for itself an acceptable ratio of losses (risk) to the income received. If the amount of losses exceeds the level set by the company, or the loss/profit dynamics worsens, then measures are taken to reduce both the overall risk and losses, and in relation to the group of counterparties with the highest credit risk.

The main tool for reducing credit risk was the use of bank guarantees when organizing the sale of air transportation through an agent network. That is, the bank guarantees the fulfillment of part of the obligations assumed by the counterparty. This approach allowed us both to significantly reduce credit risk and losses, and to provide our counterparties with a convenient tool for making mutual settlements, since there is no need to withdraw significant funds from the turnover for prepayment, which as a result stimulates the sale of air transportation.

Rating table

Client	Points	The weight, %
Internal factors	5,1
quality
Credit history in the market	8	25
Share on Ryanka	4	15
Availability of warranties or guarantees	1	25
Shareholder support	3	20
Quality control	5	15
Total	4,2	55
quantitative
Liquidity	7	25
Capital adequacy	8	30
Profitability	4	20
Cash flow stability	5	25
Total	6,2	45
External factors	6,76
Industry
The state of the competitive environment	8	60
Business Cycle Phase	9	40
total	8,4	60
Country
Country credit rating	5	30
Government regulation/support	4	70
Total	4,3	40
Final score	11,86
	Risk class4

To effectively manage credit risks, it is not enough to set credit limits for clients – it is necessary to regularly monitor client creditworthiness, periodically adjust rating tables and revise established limits. It is advisable to do this once a quarter or upon the occurrence of any significant event that may directly or indirectly affect the creditworthiness of the client.

Market risk management

Market risks, like credit risks, are managed using a system of limits. In other words, when selling products, forming a foreign exchange or investment portfolio, the probable maximum losses should not exceed the established limits.

When determining the limits, the maximum allowable one-time loss is taken as the basis, which will not entail a disruption to the normal activities of the company. The amount of possible losses on a specific asset of the company ( finished products, currency portfolios, investment portfolios, etc.) affected by market risk can be determined both on the basis of a “historical” analysis and by expert assessments.

When managing market risks, you can set the following types of limits:

for the amount of a transaction for the acquisition or sale of products, if it is concluded on such conditions under which the result of its implementation depends on fluctuations in market prices;
on the size of the currency component of assets, which reduce the likelihood of losses in the event of a change in the exchange rate of any currency;
on the total size of the company's own investment portfolio.

Example 2

The final amount of the limit is adjusted by senior management based on the development strategy, the availability of free cash and the company's attitude to risk.

It is also necessary to regularly conduct so-called stress testing, that is, modeling the consequences of the most adverse events. For example, a situation of a significant increase in prices for raw materials and materials is simulated and an analysis of the consequences of such an increase for the enterprise is carried out, conclusions are drawn and appropriate measures are developed.

Liquidity risk management

The basis of management is the analysis of the company's planned cash flows. Data on the timing and amounts of receipts and payments in the preparation of the cash flow budget are adjusted taking into account the identified risks. For example, when cash gaps are identified, the management of the organization must eliminate them by redistributing cash flows or plan to receive a short-term loan or loan to cover such gaps.

Operational risk management

Operational risks are inextricably linked with the activities of the enterprise, and they are usually managed by the heads of structural divisions. For example, the head of the production unit monitors the deterioration of equipment and determines the necessary measures to prevent failures associated with equipment failure. According to Andrey Novitsky, the risk management service cannot and should not completely replace that part of the work that is actually carried out by other structural divisions of the company in the course of their daily activities. The risk manager not only manages risks himself, but also helps other managers in this.

Personal experience
Mikhail Rogov, risk manager of the RusPromAvto automotive industrial holding (Moscow), member of GARP (Global Association of Risk Professionals), member of the Board of the Russian branch of PRMIA (The Professional Risk Managers International Association), Ph.D. economy Sciences, Associate Professor

Unlike investment and banking institutions in industrial and trade enterprises operational risks prevail. Risk management is managed by the CEO and CFO, Chief Accountant, and with the gradual growth of the company, the functions for managing them are distributed among the security services, the legal department, control and audit services or the department internal audit. In any case, risk management issues should be controlled by top managers, the financial director or representatives of the owner.

The principles of operational risk management are similar to other types of management methods: the choice of management criteria, their identification and measurement, as well as the implementation of measures to optimize them. In the process of analyzing operational risks, "probability trees" can be used, that is, detailed scenarios of possible outcomes of events that help to calculate quantitative risk estimates.

In order to manage operational risks, it is necessary to control the signals. Service notes about a complicated situation in any area, about frequent breakdowns of various components of the same machine, indicating a high probability of its failure, can also act as such signals.

Legal risk management

It is based on the formalization of the process of legal registration and support of the company's activities. In order to minimize legal risks, any business processes that are subject to them (for example, the conclusion of a supply contract) must undergo mandatory legal due diligence.

To minimize them when carrying out a large number of identical transactions, it is advisable to use standard forms of documents developed by the legal department.

Personal experience
Mikhail Rogov

One of the tasks of the risk manager in the process of managing any risks is to monitor their concentration. For example, to manage legal risk, you should request a monthly register of pending legal cases, claims, and problems from the legal department, indicating the “issue price”. Thus, the manager will have not only information about problems, but also data on possible losses due to untimely resolution of these problems. To reduce legal risks, the company needs a streamlined procedure for passing documents (vising and approval), as well as separation of powers of responsible employees.

Risk Management Organizations

According to Igor Tarasov, the success of the program largely depends on proper organization risk management services and delimitation of powers for risk assessment, management and control between departments. The effective management described above should be carried out by a special unit or employee (risk manager). The responsibilities of the Risk Management Unit include:

development of a detailed risk management plan;
collecting information about the risks to which the organization is exposed, their assessment and ranking, as well as informing management about them;
advising departments of the company on risk management issues.

An important point is the separation of powers between the risk manager and top management of the company or business owners. As a rule, powers are divided depending on the size of the most probable losses in the event of a risk event or the size of the limit. For example, a limit that does not exceed $10,000 can be approved by the risk manager, and a limit above this amount can be approved by the financial director.

In order to ensure the continuity of business processes in the absence or insufficiency of a certain limit, the risk management program must specify the powers of the relevant persons (as well as persons replacing them in case of absence) to approve exceeding the limits, the deadlines for responding to a request for exceeding the limits, the form of the corresponding applications, etc.

It is also necessary to determine the place of the risk management unit in the organizational structure of the enterprise and the principles of its interaction with other units.

When starting to develop a risk management policy, it is necessary to be prepared for painstaking and hard work, during which it is necessary to closely interact with various structural divisions of the company. Therefore, managers of all services should have a good understanding of the goals of developing a risk management system.

“Creating a risk management system will ensure business stability and maximize profits”

Interview with the Head of Crisis and Risk Analysis Department of Norilsk Nickel Shamil Kurmashov

- In my opinion, he should identify and analyze possible problems of the enterprise, as well as determine in which area to look for ways to solve them (mathematics, economics, logic). Its main tasks are to provide management with objective and complete information about its business positioning, develop effective management decisions aimed at preventing a crisis or minimizing the impact of risk factors, which is implemented in corporate system risk management. — What tasks does a risk manager solve?

— Why is the risk management system being developed?

— The main goal is to ensure the optimal balance for shareholders and investors between profit maximization and long-term business stability. I believe that in order to achieve this goal, the principles of comprehensiveness, continuity and integration should become the basis of the risk management system.

The principle of complexity implies the interaction of all divisions of the company in the process of identifying and assessing risks in areas of activity. At the same time, the transfer of management functions to a unit whose risks are controlled can neutralize the positive effect of the introduction of risk management procedures. For example, the sales department should not set limits on customer credit. This situation creates a lot of opportunities for abuse and is similar to the one when a person asks himself for permission and gives it to himself.

Not less than important principle enterprise risk management system is continuity, that is, continuous monitoring and control of enterprise risks. This is necessary because the conditions in which the enterprise operates are constantly changing, new risks appear, which also require careful analysis and control.

You should also follow the principle of integration, that is, evaluate the integral risk of the company - give a balanced assessment of the impact on the business of the entire range of risks, from the likely reduction in product prices to the possible damage from technological accidents. Its presence may be indicated by the instability of the key performance indicators of the organization: profit, cash flow, etc. This principle allows you to take into account the relationship of individual risks. As practice shows, the identification of such links between risks makes it possible to form a more balanced assessment of the situation and, accordingly, optimize the need for the amount of funds necessary to ensure a balanced business continuity.

In addition, management, as a rule, is interested in how much, for example, the cash flow from core activities may decrease compared to the plan adopted for the year and what needs to be done to eliminate the negative effect. To answer this question, it is necessary to assess all the risks of the company, and first of all, the integral one.

— What steps are required to build a risk management system?

— Based on the experience of our company, I can single out the following stages.

First, by analyzing business processes, the organization should identify risks and reflect them on a special map 3 . When analyzing business processes, it is important to take into account the specifics of production, the uniqueness of auxiliary and supporting industries, as well as the geographical location of the company's divisions, since these factors largely affect the nature of risks.

Secondly, it is necessary to create and implement a system of current risk monitoring based on a system of operational risk indicators in the context of all areas of the company's activities.

Thirdly, it is necessary to develop principles for assessing and predicting risks and test them for reliability using the back-testing method, which is as follows. The developed principles of evaluation and forecasting are applied to real historical data, and the results obtained are compared with real events that occurred in the company. Based on such a comparison, a conclusion is made about the adequacy of the system.

Fourth, risk management systems are being developed to prevent their occurrence. Crisis scenarios are created - an algorithm for the actions of units in crisis situations. I want to note that risk management and crisis management should not be confused. If risk is the possibility of an event occurring, then a crisis is the result of an event that has already taken place.

And finally, fifthly, it should be monitored to what extent the economic activity of the enterprise, taking into account the implementation of the risk management system, corresponds to strategic goals determined by the management of the enterprise (bring the parameters of economic policy in line with the adopted strategy).

As a result, employees who are engaged in the creation of a risk management system must develop a clear risk management policy that will ensure transparency, sustainability and business continuity.

Interviewed by Alexander Afanasiev

__________________________________________
1 Non-commercial partnership "Russian Institute of Directors" was established in November 2001 by leading Russian issuers. The founders of the partnership were OAO SUAL-HOLDING, OAO Mining and Metallurgical Company Norilsk Nickel, OAO United Machine-Building Plants (Uralmash-Izhora Group), OAO Surgutneftegaz, OAO NK Yukos. The purpose of the institute is to develop and implement classification and professional standards for the activities of corporate directors, to form an effective Russian model of corporate governance. - Note. editions.
2 Basel Committee on Banking Supervision (Basel Committee on Banking Supervision) is an advisory body established in 1975 and uniting representatives of banking supervisory authorities and central banks of thirteen developed countries. - Note. editions.

Risk management is the processes associated with the identification, analysis of risks and decision-making, which include maximizing the positive and minimizing the negative consequences of the occurrence of risk events.

The project risk management process typically includes the following procedures:

1. Risk management planning - the choice of approaches and planning activities for project risk management.

2. Risk identification - identification of risks that can affect the project, and documentation of their characteristics.

3. Qualitative risk assessment - qualitative analysis risks and conditions of their occurrence in order to determine their impact on the success of the project.

4. Quantification - a quantitative analysis of the likelihood of occurrence and the impact of the consequences of risks on the project.

5. Risk response planning - determination of procedures and methods for mitigating the negative consequences of risk events and using possible benefits.

6. Risk monitoring and control - monitoring risks, identifying remaining risks, implementing the project risk management plan and evaluating the effectiveness of risk mitigation actions.

All these procedures interact with each other, as well as with other procedures. Each procedure is performed at least once in every project.

A risk management system can support a range of organizational management objectives. It can serve as the basis for all management activities, on its basis, a management strategy and a control system are built.

The risk management system involves a comprehensive analysis of the totality of existing risks, their identification, assessment and development of control mechanisms. The requirement of a systematic approach implies maximum coverage of all types of risk.

RISK MANAGEMENT METHODS

Under the influence of various external and internal risk factors, various methods of risk reduction can be used that affect certain aspects of the enterprise's activities.

Variety used in entrepreneurial activity risk management methods can be divided into 4 groups.

Risk management methods:

1) risk avoidance methods;

2) risk localization methods;

3) risk diversification methods;

4) risk compensation methods.

Let us consider in more detail the methods of risk management as methods of avoiding risk.

Risk avoidance methods are the most common in economic practice, they are used by entrepreneurs who prefer to act for sure.

Evasion Methods from risk are divided into:

rejection of unreliable partners, i.е. the desire to work only with reliable, proven partners, not expanding the circle of partners; refusal to participate in projects related to the need to expand the circle of partners, refusal to invest and innovative projects, confidence in the feasibility or effectiveness of which is questionable;

Refusal of risky projects, i.е. rejection of innovative and other projects, the feasibility or effectiveness of which is in doubt;

risk insurance, the main method of risk reduction, insurance of probable losses serves not only as a reliable protection against unsuccessful decisions, but also increases the responsibility of decision makers, forcing them to take the development and decision-making more seriously, regularly carry out protective measures in accordance with insurance contracts. True, it is difficult to use the insurance mechanism when developing new products or new technologies, since Insurance companies do not have in such cases sufficient data for calculations;

· search for guarantors, thus in seeking guarantors, as in insurance, the aim is to transfer the risk to a third party. The functions of a guarantor can be performed by various entities (different funds, state bodies, enterprises), while it is necessary to observe the principle of equal mutual utility, i.e. the desired guarantor can be interested in a unique service, joint project implementation;

Risk localization methods are used in rare cases when it is possible to quite clearly identify the risks and sources of their occurrence. By separating the economically most dangerous stages or areas of activity into separate structural units, it is possible to make them more controllable and reduce the level of risk. These methods of localization include:

· the creation of venture enterprises involves the creation of a small subsidiary as an independent legal entity for high-tech (risky) projects. The risky part of the project is localized in the subsidiary, while retaining the possibility of using the scientific and technical potential of the parent company;

· Creation of special structural subdivisions (with a separate balance sheet) for the implementation of risky projects;

· conclusion of agreements on joint activities for the implementation of risky projects.

Risk diversification methods consist in the distribution of the total risk and are divided into:

distribution of responsibility between project participants. When distributing work between project participants, it is necessary to clearly delineate the areas of activity and responsibility of each participant, as well as the conditions for the transfer of work and responsibility from one participant to another, and legally fix this in contracts. There should be no stages, operations or works with vague or ambiguous responsibilities;

diversification of activities and areas of management is an increase in the number of applied technologies, expansion of the range of products or services provided, orientation to various social groups of consumers, enterprises of various regions;

· diversification of sales and supplies, i.е. work simultaneously in several markets, when losses in one market can be offset by successes in other markets, distribution of supplies among many consumers, striving for an even distribution of the shares of each counterparty. We can also diversify the purchase of raw materials and materials, which involves interaction with many suppliers, allowing us to reduce the dependence of the enterprise on its "environment". In case of disruption of supplies for various reasons, the enterprise will be able to safely switch to work with another supplier of a similar product;

· diversification of investments is the preference for the implementation of several relatively small projects in terms of investments, rather than the implementation of one large investment project that requires the use of all the resources and reserves of the enterprise, leaving no room for maneuver.

distribution of risk over time (by stages of work), i.e. it is necessary to distribute and fix the risk in time during the implementation of the project. This improves the observability and controllability of project stages and makes it relatively easy to correct them if necessary.

Risk compensation methods associated with the creation of risk prevention mechanisms.

Risk compensation methods are more laborious and require extensive preliminary analytical work for their effective application:

· Strategic planning of activities as a method of risk compensation gives a positive effect if the development of a strategy covers all areas of the enterprise. The stages of strategic planning can remove most of the uncertainty, allow foreseeing the emergence of bottlenecks in the implementation of projects, identifying sources of risks in advance and developing compensatory measures, a plan for the use of reserves;

forecasting the external environment, i.e. periodic development of scenarios for development and assessment of the future state of the business environment for project participants, forecasting the behavior of partners and actions of competitors general economic forecasting;

· Monitoring the socio-economic and regulatory environment involves tracking current information about relevant processes. Widespread use of informatization is necessary - the acquisition and constant updating of systems of regulatory and reference information, connection to networks commercial information, carrying out our own predictive and analytical research, attracting consultants. The data obtained will allow us to catch trends in the development of relationships between business entities, give time to prepare for regulatory innovations, and provide an opportunity to take appropriate measures to compensate for losses from new rules. economic activity and adjust operational and strategic plans;

· creation of a system of reserves, this method is close to insurance, but concentrated within the enterprise. The enterprise creates insurance stocks of raw materials, materials, components, reserve funds of funds, develops plans for their use in crisis situations, does not use free capacities. It is relevant to develop a financial strategy for managing your assets and liabilities with the organization of their optimal structure and sufficient liquidity of invested funds.

Staff training and instruction.

Heuristics is a set of logical techniques and methodological rules for theoretical research and the search for truth. In other words, these are rules and techniques for solving particularly complex problems.

Of course, heuristics are less reliable and less certain than mathematical calculations. However, it makes it possible to obtain a well-defined solution.

Risk management has its own system of heuristic rules and techniques for making decisions under risk.

Basic rules of risk management:

1. You can't risk more than your own capital can afford.

2. We must think about the consequences of the risk.

3. You can't risk a lot for a little.

4. A positive decision is made only when there is no doubt.

5. When in doubt, negative decisions are made.

6. You can't think that there is always only one solution. Perhaps there are others.

The implementation of the first rule means that before making a decision on risky capital investment, the financial manager must:

Determine the maximum possible amount of loss for this risk;

Compare it with the amount of capital injected;

Compare it with all your own financial resources and determine whether the loss of this capital will lead to the bankruptcy of this investor.

The implementation of the second rule requires that the financial manager, knowing the maximum possible loss, determine what it can lead to, what is the probability of the risk, and make a decision to reject the risk (i.e., the event), accept the risk on his own responsibility, or transferring the risk to another person.

The action of the third rule is especially pronounced in the transfer of risk, i.e. with insurance. In this case, it means that the financial manager must determine and choose the ratio between the insurance premium and the sum insured that is acceptable to him.

The insurance premium is the payment of the insured to the insurer for the insurance risk. The sum insured is the amount of money for which material assets, liability, life and health of the insured are insured.

The risk must not be withheld, i.e. the investor should not take the risk if the loss is relatively large compared to the savings on the insurance premium.

The implementation of the remaining rules means that in a situation for which there is only one solution (positive or negative), one must first try to find other solutions. Perhaps they really exist. If the analysis shows that there are no other solutions, then they act according to the rule "based on the worst", i.e. if in doubt, then take a negative decision.

In an era of economic and financial crisis, risk management is the most topical issue facing Russian industrial companies. The processes of globalization are becoming another source of economic risks, so the use of the principles of risk management in management will help achieve the goals and objectives of chemical companies, although, of course, it will not reduce the likelihood of various kinds of risks to zero.

The introduction of a risk management system at enterprises makes it possible to:

identify possible risks at all stages of activity;
predict, compare and analyze emerging risks;
develop the necessary management strategy and a set of decision-making to minimize and eliminate risks;
create the conditions necessary for the implementation of the developed measures;
monitor the operation of the risk management system;
analyze and control the results.

The features of risk management include: the need for the management of companies to have anticipatory thinking, intuition and foresight of the situation; the possibility of formalizing the risk management system; the ability to respond quickly and identify ways to improve the functioning of the organization, reduce the likelihood of an undesirable course of events.

Comprehensive risk management system ERM (Enterprise risk management) in many foreign companies, for example, in the USA, is already used quite widely, since the owners of large world companies have already made sure in practice that the old management methods do not correspond to modern market conditions and are not able to ensure the successful development of their business.

The application of risk management implies a clear distribution of responsibility and authority between all structural units. In function senior management includes the appointment of persons responsible for the implementation of the necessary risk management procedures at all levels. Such decisions should be consistent with the strategic goals and objectives of the company and not violate the terms of the current legislation. At the same time, it is necessary to correctly distribute among the executors the measure to identify risks and the functions of control over the created risk situation.

Risk management as a key tool aimed at improving performance

Risk management is one of the key tools to improve the effectiveness of enterprise management programs that they can use to reduce product life cycle costs and mitigate or avoid potential problems that could interfere with the success of the enterprise.

Achieving the goals of the enterprise requires specific ideas about the main activity, production technologies, as well as studying the main types of risks. Prevention of risks and reduction of losses from impact leads to sustainable development of the enterprise. The process by which the activities of an enterprise are directed and coordinated in terms of the effectiveness of risk management and constitutes risk management. Risk management is the process of identifying the losses an organization faces in its core business and their impact, and selecting the most appropriate method to manage each individual risk.

In another view, risk management is a systematic process in which risks are assessed and analyzed in order to reduce or eliminate their consequences, as well as to achieve goals.

Based on the foregoing, it can be concluded that risk management to ensure the viability and efficiency of an enterprise is a cyclical and continuous process that coordinates and directs the main activities. It is advisable to do this by identifying, controlling and reducing the impact of all types of risks, including monitoring, contacts and consultations aimed at meeting the needs of the population, without compromising the ability of future generations to meet their own needs. Risk assessment leads to the stability of the enterprise, contributing to its sustainable development. Risk management - a contribution to sustainable development, is an essential factor in maintaining and improving the stable operation of the enterprise. Proactive risk management is critical to the management process to ensure that risks are being handled at the appropriate level.

Planning and implementation of risk management includes the following steps:

Management of risks;
identification of risks and the degree of their impact on business processes;
application of qualitative and quantitative risk analysis;
development and execution of risk response plans and their implementation;
monitoring risks and management processes;
the relationship between risk management and performance;
evaluation of the overall risk management process.

Methodology (program) for continuous risk management

In order to facilitate risk management activities, an enterprise needs to develop a methodology (program) for continuous risk management (CRRM). MNRM is a theoretically significant program aimed at developing project management mechanisms with best practice processes, methods and tools for enterprise risk management. It provides conditions for active decision-making, continuous risk assessment, determination of the degree of significance and level of influence of risks on management decisions, and the implementation of a strategy to combat them. In addition, progress can also be made in the scope of the project, the budget of the enterprise, the timing of its implementation, etc. Figure 1 clearly illustrates the methodology of the continuous risk management process.

Rice. 1. Continuous risk management process

The performance management process acts as an auxiliary tool for obtaining the information necessary for the developed risk management mechanism. Unfavorable trends should be analyzed and assessed for their impact on this mechanism. Appropriate actions of the control mechanism should be taken for those areas of activity that are defined as basic in the business processes of the enterprise. Corrective actions may include a reallocation of resources (funds, personnel, and rescheduling of production) or the activation of a planned risk mitigation strategy. Severe cases, adverse trends and key indicators can also be taken into account when using this mechanism.

It is important that this mechanism emphasizes the need to reassess the identified risks that systematically affect the activities of the enterprise. As the system goes through life cycle development, in this case, most of the information will become available for risk assessment. If the magnitude of the risk changes significantly, approaches to its treatment should be adjusted.

Overall, this progressive approach to risk management is critical to a comprehensive management process and ensures that risk metrics are handled efficiently and at the appropriate level.

Development of a risk management program at the enterprise

Consider the risk management policy that should be applied in the enterprise. The developed mechanism (program) should be aimed at effective and continuous risk management. Thus, early, accurate and continuous identification and assessment of risks is encouraged, and the creation of informationally transparent risk reporting, planning measures to reduce and prevent changes in external and internal conditions will have a positive impact on the program.

This mechanism, including relationships with counterparties and contractors, should perform the functions of identifying risks and monitoring them. For its implementation, it is necessary to have a plan in the form of a set of guidance documents developed for specific areas of activity. This plan sets out the guidelines for the implementation of the ISDM in a specific time frame. It does not affect the conduct of other activities of the entire enterprise, but rather can provide management leadership in risk management.

The risk management process must meet a number of requirements: it must be flexible, proactive, and must also work towards providing conditions for effective decision-making. Risk management will influence risks by:

encouraging risk identification;
decriminalization;
identifying active risks (constant assessment of what could go wrong);
identifying opportunities (constantly evaluating the likelihood of favorable or timely cases);
estimates of the likelihood of occurrence and severity of impact for each identified risk;
determining appropriate courses of action to reduce the possible significant impact of risks on the enterprise;
developing action plans or steps to neutralize the impact of any risk that needs to be mitigated;
maintaining continuous monitoring of the occurrence of risks with a negligible degree of impact at the present time, which may change over time;
production and dissemination of reliable and timely information;
facilitating communication between all program stakeholders.

The risk management process will be carried out in a flexible manner, taking into account the circumstances in which each risk occurs. The main risk management strategy is designed to identify the critical areas of risk events, both technical and non-technical, and take the necessary measures in advance to deal with them before they have a significant impact on the enterprise, causing serious costs, reducing product quality or productivity.

Let us consider in more detail the functional elements that are components of the risk management process: identification (detection), analysis, planning and response, as well as monitoring and management. Each functional element will be discussed below.

Identification

Data review (i.e. earned value, critical path analysis, comprehensive scheduling, Monte Carlo analysis, budgeting, defect analysis and trend analysis, etc.);
Consideration of submitted risk identification forms;
Conducting and assessing risk using brainstorming, individual or group peer review
Holding independent evaluation identified risks
Enter the risk in the risk register

Risk identification/analysis of tools and methods to be used include:

Interview methods for determining risk
Fault tree analysis
Historical data
Lessons learned
Risk Accounting - Checklist
Individual or group judgment of experts
Detailed work breakdown structure analysis, resource exploration and scheduling

Analysis

Conducting a probability assessment - each risk will be assigned a high, medium or low level of probability of occurrence
Creation of risk categories – identified risks should be associated with one or more of the following risk categories (e.g. cost, timing, technical, software, process, etc.)
Assess the impact of risks - evaluate the impact of each risk depending on the identified risk categories
Determining Risk Severity - assign probabilities and rating impacts in each of the risk categories
Determine when the risk event is likely to occur

Planning and response

risk priorities
Risk Analysis
Appoint a person responsible for the occurrence of the risk
Determine an appropriate risk management strategy
Develop an appropriate risk response plan
Make an overview of priorities and determine its level in reporting

Supervision and control

Define reporting formats
Define review form and frequency of occurrence for all risk classes
Risk report based on triggers and categories
Conducting a risk assessment
Submission of monthly risk reports

For effective risk management at the enterprise, we consider it expedient to create a risk management department. The main responsibilities of this structural unit, including for personnel and other users (including employees, consultants and contractors), in order to successfully implement the risk management strategy and processes are given in Table. one.

Table 1 — Risk Management Department Roles and Responsibilities

Roles	Assigned duties
Program Director (DP)	oversight of risk management activities. Risk monitoring and risk response plans. Approval of the decision to finance risk response plans. Monitoring of management decisions.
Project Manager	assisting in the control of risk management activities Assistance in creating organizational authority for all risk management activities. Timely response to funding risk.
employee	facilitating the implementation of risk management (the employee is not responsible for the identification of risks, or the success of individual risk response plans). The need to encourage proactive decision-making in determining appropriate risk responses for risk owners and department managers. Stakeholder administration and commitment, risk management process Ensuring regular coordination and exchange of information on risk between all stakeholders, Management of risks in the registered risk register (database). Development of knowledge of personnel and contractors in the field of risk management activities.
Secretary	the functions of the secretary are performed by an employee of the risk department or they alternate between all employees. Features include: Planning and coordinating meetings; Preparing meeting agenda, risk assessment packages, and meeting minutes. Get and track the status of proposed risk types. Performing an initial assessment of the proposed types of risk to determine the most important. Expert in the subject area of risk analysis at the request of the Chairman of the Board of Directors. Facilitate analysis by members of the Board of Directors who will decide whether risk mitigation is necessary. Regular coordination and communication of risk information exchange with all stakeholders,
Department Director (DO)	appointment of risk owners in their area of responsibility and / or competence. Active promotion of employees Tracking the integration of risk management efforts of responsible persons in their areas of responsibility. Selecting and approving a risk response strategy. This includes approving resources (e.g. owner risk) for further risk analysis and/or drawing up a more detailed risk response plan if necessary. Approval of all tasks. Assign resources to the risk management response contained in the detailed plan.
Individual member of the Office of Management (OMP) program	identification of risks. Access to risk management data Identification of possible risks from the data using a standard form of identification if necessary Drawing up and implementing a risk response plan Determination of the time and all costs associated with the implementation of the risk response plan
Risk owner / Responsible person	attending meetings of the risk management department. Review and/or provision of relevant data, e.g. critical path analysis, project management/data support tools, defect analysis, auditing, and the possibility of adverse trends Participation in the development of response plans Risk status report and effectiveness of risk response plans Work to identify means of responding to risks through any additional or residual risk.
Integrated Brigade (KB)	identification and provision of information on the risks that may arise as a result of the CB's activities. Participation in the planning of any risk in accordance with this program. Such planning requires coordination with the risk management department, who, acting as a guide, can help acquire resources to respond to risks. Report on the progress and results of the risk response.
Quality control	control and review of the RCM when updating or changing the plan Commitment to maintain the quality of documentation practices and risk management processes

Risk management functions consist in organizing interaction with existing units of the organizational structure. CPIs are formed for functional areas that are critical to the successful implementation of the objectives. All functional departments or business processes not covered by the CU are assessed and reviewed by the DP, PM, and employees to ensure adequate behavior in relation to the occurrence of risk. Risk identification is the process of determining which events may affect the operation of the enterprise and documenting their characteristics. It is important to note that risk identification is an iterative process. The first iteration is a pre-assessment and risk check of the team, as needed, with a risk ID. The second iteration includes presentation, review and discussion. The risk management process includes three separate risk characterization steps: identification, assessment and adjustment, and confirmation.

A graphical representation of the risk identification process is shown in fig. 2.

Rice. 2. Structural scheme risk identification algorithm

As a result of its implementation, a set of measures can be developed to assess the operational risks of the enterprise, the integral risk, the quantitative assessment of which is based on a comprehensive analysis of financial and accounting statements, and the assessment of the integral risk based on all levels of responsibility of the enterprise.

Conclusion

Risk management at chemical enterprises must be carried out within the framework of system and process approaches, taking into account the specifics of the industry, using modern effective management methods and production organizations, as well as using risk management tools. The risk management system for the activities of a chemical enterprise must necessarily take into account the safety requirements established by state authorities and ensure the safety and health of personnel associated with hazardous technological object. For the purpose of effective risk management of an enterprise, an integral risk management system is needed, which consists in integrated approach to the assessment of the maximum number of risk factors for the enterprise's activities carried out in a dynamic economic environment. The author believes that the development of the above set of measures will be accompanied by an increase in the level of management and risk assessment in industrial organizations.

Making decisions of a managerial nature and their subsequent implementation is a set of measures for the implementation of the organization's risk management.

This management was created to control the likelihood of an unfavorable result, to reduce losses in the management process.

The main goal is to reduce and prevent the likelihood of risks in crisis management associated with the economic activity of the organization. Consider the organization of risk management in an enterprise.

Organization process

Main component crisis management is the management of risks in the organization during the development and implementation anti-crisis strategy enterprises. This is an economic event or an unforeseen change in the contract with a partner, the result of which is the occurrence of only neutral or negative consequences. The receipt of income becomes uncertain, and the probability of losing the equity of the enterprise increases.

Management activities are directly related to risk situations in predicting the result and making managerial decisions in the current problem. In order to survive the crisis, organizations must actively respond to the danger, take appropriate measures to ensure the assessment of prioritization in management.

Risk is constantly changing under the influence of external and internal factors. Regardless of whether these changes occur in the business processes of the company itself, or directly in the industry.

A company with a strong strategy will periodically review its programs and risk maps, allowing management to respond to these changes as necessary. A well-functioning management system allows companies to consider and evaluate various opportunities, as well as create additional value by taking risks prudently.

By analyzing the situation and developing solutions, it is first established what types of situations the manager will encounter in the management process. Ways to conduct managerial work very much in risk management. AT comparative analysis hazards, there are several main steps in the risk management process.

Stage 1

Involves setting goals and sizing problems. Direct, here are numerous environmental issues, the required solutions in any environment of life. environment a person, the environment itself, the results of the enterprise and the interaction to create them or improve the situation. Mutually beneficial cooperation in the field of ecology itself is a separate issue here, which is the scale and long-term perspective. A wide range of participants determines the exact goals and objectives in this area.

Stage 2

It implies the choice of measures to reduce or prevent risks that would be aimed at their achievement. They are considered from the point of view of their technological and economic feasibility. Activities are selected based directly on these indicators, selection criteria. The deadlines for execution, the criterion of social justice and the realism of implementation are taken into account without fail, in accordance with which, further or planned interactions between work departments are carried out.

Stage 3

Stages of risk management activities are created and analyzed, in the process of endless verification of their feasibility and effectiveness to achieve the set goals. The strategies of the management process itself are applied. In the course of the work itself, all proposed activities are analyzed to assess the benefits of using different strategies. As a result of the analysis, the most suitable and expedient, the most effective are selected. Group meetings are also held here. At the main stage, a wide range of stakeholders are involved in order to avoid a negative attitude on their part.

Stage 4

It implies the implementation of control over the implementation of various stages of work. Control methods depend directly on specific activities and goals. At each stage, the indicators of control and the tasks of the activities performed are analyzed. Monitoring is carried out over a certain period of time, monitoring the results of all aspects of the event and indicators of compliance with the scale.

In a number of Western countries, there has long been a transition to a model of comprehensive preventive measures based on the introduction of an occupational risk management system and the formation of economic incentives for employers to improve working conditions. It consists in the adoption of laws obliging employers themselves to conduct a risk assessment, to develop their own guidelines on the principles and methods of assessment, draw them up in the form of national standards.

The rules on labor protection are subjected to a thorough audit, in particular existing system labor safety standards and giving the standards the status of regulatory legal acts.

The new labor system consists in the formation at the state level of the main mechanisms, methods and tools that can be used to objectively assess existing risks, manage them and influence working conditions in the workplace.

In this area, large-scale studies of occupational risk and the creation of statistical base for further in-depth analysis. There are many goals, the main of which is the reduction of industrial risk indicators and labor safety. Occupational safety centers manage and implement the occupational risk management system at enterprises.

Financial Management Methods

Perhaps the most important component of bank management as a whole is interest rate risk management.

Interest rate risk is a factor that significantly affects the work of a bank only in conditions of a stable economy, highly developed infrastructure and financial market, and fierce competition.

Banks' interest in this type of risk has increased. Here there is a need to carry out complex calculations covering all possible sources of its occurrence, as well as an adequate response and correct measurement. The need to draw up a complete picture of the connections and relationships that are formed in the management of interest rate risks and apply all kinds of means of managing it. High-quality management of the enterprise, including risk management, is the condition for the stability and competitiveness of the bank.

Financial stability is the main component of the overall sustainability of the enterprise. This is his state financial resources, their redistribution and use, when provided, the development of the enterprise on the basis of its own profit and the growth of capital while maintaining its solvency and creditworthiness under an acceptable level of financial risk.

There are several types of risk and the maximum possible loss for this type of risk is calculated. Then it is compared with the amount of capital of the enterprise at risk. Then the entire possible loss is compared with the total amount of own finances.

Methods of financial risk management is to reduce the losses associated with this risk to a minimum, assessed in turn and steps to prevent them. The risk management regulation balances these two assessments and plans how best to close a deal from a position of risk minimization.

Risk Management Toolbox

Risk reduction methods are management methods that affect certain aspects of the enterprise's activities. These methods fall into four groups:

Risk avoidance- This is the most common organizational measure in practice in the management of an organization.
Localization of dangers accurately determines the source of occurrence, predicting the dangers themselves. Here, a whole system of control of subsidiaries with risky projects using the potential of the parent company is triggered.
Diversification is the distribution of risk between its participants and structural units.
Compensation is related to planning, forecasting and monitoring of external environments for the implementation of hazard prevention mechanisms. As well as the creation of a system of reserves within the organization, training and instruction of its employees.

Uncertainty in project risk management exists in every project. They are predictable and not predictable. When implementing project management with a high degree of uncertainty, much attention is paid to the development and application of corporate risk management methods.

Proven methods and stages of risk management are applied, the specifics of projects and corporate management methods are taken into account. This process includes the implementation of procedures according to the risk reduction methodology.

Essence of risks and their classification

For the first time, the concept of "risk" in relation to the business sphere of human activity was formulated in the insurance business, and later in the exchange business. Management as a management science has brought to a new field of knowledge an understanding of how the risk management process should be organized.

The concept of "risk" is defined ambiguously and often depends on the context of its use. Risk in the most general form can be defined as a possible hazard.

In a broad sense, risk is a situational characteristic of the activity of any market entity, which is a consequence of uncertainty in its internal and external environment, and when it is realized, adverse consequences may occur for this entity.

AT narrowly at risk it is necessary to understand the probability of incurring losses by the enterprise as a result of doing business.

The main characteristics of the risk are as follows:

The risk is always present at all stages of the activities of economic entities, regardless of the scope of their functioning, while the difference is only in its degree;

Complete elimination of risk is impossible due to a number of reasons, both objective and subjective.

Risk management began to take shape as a separate science in the second half of the 20th century; the categorical apparatus and methodology of risk management have not yet fully settled down. Nevertheless, it is believed that at the micro level, the occurrence of risks is associated with uncertainty.

According to the degree of severity, there are three main types of uncertainty:

Complete uncertainty (characterized by close to 0 predictability of the occurrence of an event);

Partial uncertainty (characterized by the fact that the probability of the occurrence of an event, and therefore the degree of its predictability, is in the range from 0 to 1);

Complete certainty (characterized by the predictability of the occurrence of an event close to 1).

The causes of uncertainty can be grouped into several main groups:

The indeterminacy of the processes taking place in society in general and in economic life in particular;

Lack of complete information when planning the behavior of a market entity or its subjective analysis;

Influence of subjective factors on the results of the analysis.

The emergence of uncertainty in the conditions of the operation of the enterprise and its management may be due to the action of various factors, among which the most common are:

Uncertainty in determining the period of strategic planning for the development of an enterprise;

Uncertainty in the formation of enterprise goals and the choice of development priorities;

Errors in assessing the current state of affairs within the enterprise and its place in the market;

Insufficient completeness or erroneous information about the prospects for the development of this enterprise and the market as a whole;

Failures in the process of developing an enterprise strategy, as well as during its implementation;

Uncertainty in the control and evaluation of the results of the enterprise.

Enterprise development strategy in the conditions market economy should be formed taking into account these types of uncertainty at each of the stages: at the stage of determining the strategy; formation of goals; development of ways to implement the chosen strategy and the formation of areas of activity; analysis of own competencies; control over the implementation of the strategy.

Business entities in the course of their functioning are influenced by various kinds uncertainties and risks and, to a certain extent, can manage them.

The effectiveness of risk management is largely determined by the identification of risks in the general system of their classification. Risks can be classified according to various criteria (table 16.1).

Table 16.1

Risk classification

№	Classification features	Types of risks
	Relationship with business activities	Entrepreneurial Non-entrepreneurial
	Belonging to the country of operation of the economic entity	Internal External
	Occurrence rate	Firm (micro level) Sectoral Intersectoral Regional State Global (worldwide)
	Sphere of Origin	Socio-political Administrative-legislative Production Commercial Financial Natural-environmental Demographic Geopolitical
	Causes	Uncertainty of the future Lack of information Subjective impacts
	The degree of justification for risk acceptance	Justified Partially justified Adventurous
	Degree of consistency	Systemic Non-systemic (unique)
	Conformity allowable limits	Permissible Critical Catastrophic
	Realization of risks	Realized Unrealized
	The adequacy of the time for making a decision on the response to the realization of risks	Preventive Current Late
	A group that analyzes the risk and decides on behavior if it occurs	Individual solution Collective solution
	Scale of influence	Monosingular Polysingular
	Possibility of Forecasting	Predictable Partially unpredictable
	Degree of impact on activities	Negative Zero Positive

Principles and main stages of the process

risk management

In the economic literature, there are a fairly large number of approaches to risk management. In a broad sense, risk management is understood as the science of ensuring the conditions for the successful functioning of any production and economic unit under conditions of risk, in a narrow sense, as the process of developing and implementing a program to reduce any random losses.

risk management Like any control system, it consists of a controlled and a control subsystem. Managed Subsystem or the control object is a combination of risks and related relationships, and control subsystem or the subject of management is a special group of people who, through various methods and methods of managerial influence, carries out the functioning of an economic entity under conditions of risk.

There are several basic principles of the risk management process:

1) scale principle lies in the fact that the economic entity should strive for the most complete study of possible areas of risk. Thus, this principle leads to the reduction of the degree of uncertainty to a minimum;

2)risk minimization principle means that enterprises seek to minimize, firstly, the range of possible risks, and secondly, the degree of their impact on their activities;

3) principle of adequacy of response consists in the fact that an economic entity must quickly respond to internal and external changes, taking into account the forecast of their development;

4) prudent acceptance principle means that only if the risk is justified, the enterprise can accept it. The components of this principle can be summarized as follows:

It is unwise to risk more for less;

It is necessary to accept risk only in the amount of own funds;

It is necessary to predict in advance possible consequences if the risk materializes.

The process of effective risk management includes the following: stages:

1. Identification. At this stage, the enterprise determines the occurrence of a combination of all possible risks.

2. Grade.At this stage, a complete analysis of the risk is made both in terms of the scale of its influence and the likelihood of occurrence.

3. Choosing a strategy regarding risk. The firm's strategy may be different: cautious, risky or balanced (table 16.2).

Table 16.2

Enterprise risk strategies

4. Reducing the degree of risk. At this stage, the enterprise is engaged in the choice of methods for influencing the risk in order to minimize either the amount of possible damage or the likelihood of adverse events.

5. Control. This stage consists in monitoring the effectiveness of the application of risk management methods, monitoring the current situation (both internal and external), identifying new circumstances that change the level of risk.

At each of these stages, information is collected and exchanged, and the degree of risk depends on its volume and quality.

In some cases, to manage risk in an organization, a special unit must be created - a risk management department headed by a risk manager, that is, a leader who deals exclusively with risk management problems and coordinates the activities of all units in terms of managing risk and ensuring compensation for possible losses and losses.

There are three main organizational aspects of creating a risk management structure:

Activities of the lead risk manager;

Activities of the risk management department;

The relationship of the unit with other structures of the enterprise.

The functions of a risk manager include:

Ensuring security and risk control;

Formation of the organizational structure of risk management at the enterprise;

Development of basic provisions and instructions for risk management.

The main task of the risk manager and his division is to develop a strategy and principles of risk management at the enterprise, which should be set out in internal normative documents, the main of which are the Risk Management Regulations and the Risk Management Guidelines.

Risk Management Statement expresses the company's attitude towards risk management. It should set out the key points of the enterprise's management strategy in this area, delineate powers between various structural units, etc.

Unlike him Risk Management Guide is a document that defines specific actions. It should contain instructions on how each specific risk management task will be solved, as well as answers to the following questions: who should assess possible losses; who and how should determine the conditions of insurance; what to do if an event occurred that led to losses; how to limit losses.

The main functions of the risk management department are: risk identification; risk assessment; selection and implementation of methods for influencing risks.

Risk assessment

The concepts of "damage", "loss" are closely related to the concept of "risk". If the risk is an indefinite possibility of loss, damage and destruction, then the loss is associated with the realization of the risk, that is, it is a material, monetary expression of losses.

Losses arising in the process of entrepreneurial activity, depending on their belonging to a specific type of resources used by the enterprise, can be divided into the following types: financial, material, marketing, time losses, moral and psychological, social, environmental.

In order to determine the likelihood of adverse events and the possible size of the loss, a risk assessment is carried out.

There are three levels in the system of risk assessment principles:

1. Methodological principles, that is, the principles that define the conceptual provisions that are the most general, and most importantly, do not depend on the specifics of the type of risk under consideration (uniformity, positivity, objectivity).

2. Methodological principles, that is, the principles directly related to the type of activity, its specificity (dynamism, consistency, etc.).

3. Operational principles related to the availability, reliability, unambiguity of information and the possibilities of its processing (modelability, simplification).

Risk assessment methods consist of two groups: qualitative and quantitative. Qualitative assessments are the most complex, their main task is to identify risk factors, identify areas of activity and stages at which risk may arise. That is, as a result qualitative assessment potential areas of risk are identified.

Quantitative risk analysis gives a numerical definition of the size of individual risks, as well as the risk of the entire chosen line of business.

Risk can be defined both in absolute and relative terms. It is advisable to use the measurement of the degree of risk in absolute terms when characterizing certain types losses, and in relative terms - when comparing the predicted level of losses with the real, industry average, average for the economy.

The main risk assessment methods include statistical, cost feasibility analysis, expert assessments, the analogy method, etc.

Statistical method is one of the most common. The method is widely used in cases where, when conducting a quantitative analysis, a company has a significant amount of analytical and statistical information on the necessary elements of the analyzed system. The essence of the statistical method for assessing the degree of risk is based on the theory of the probability distribution of random variables. This provision means that, having a sufficient amount of information about the implementation of certain types of risk in past periods for specific types of business, any business entity is able to assess the likelihood of their implementation in the future. This probability will be the degree of risk.

The probabilistic forecast of a random variable X, where x 1, x 2, ..., x n - the values \u200b\u200bthat it takes, is a table of the following form (table 16.3):

Table 16.3

Probabilistic prediction of a random variable

X	x 1	x 2	…	x n
R (X)	p1	p2	…	p n

According to one of the basic formulas of probability theory, the sum of probabilities in a probabilistic forecast should be equal to one, which is reflected in the formula:

Based on the probabilistic forecast of a random variable, the formulas can be used to find the mathematical expectation (that is, the forecast of its most probable value) and the standard deviation characterizing the forecast error:

where M (X) - mathematical expectation;

X - values that the parameter under study can take;

P is the probability of accepting these values.

The probabilistic meaning of the mathematical expectation of a specific parameter from conducting entrepreneurial activity is that it is approximately equal to the arithmetic mean of its observed (possible) values.

The economic meaning of the standard deviation from the point of view of risk theory is that it is a characteristic of a particular risk, which shows the maximum possible deviation of a certain parameter from its average expected value. Moreover, the larger the value of the standard deviation, the more risky this management decision and, accordingly, the more risky this path of development of the enterprise.

However, the value of the standard deviation does not make it possible to compare the riskiness of activities and specific situations according to signs (losses) expressed in different units.

This disadvantage can be eliminated by introducing the coefficient of variation. The coefficient of variation is a relative value, which is calculated as the ratio of the standard deviation to the mathematical expectation:

The coefficient of variation is a dimensionless and non-negative value that characterizes the risk of not achieving the set goals in full. The relationship between the coefficient of variation and the level of risk is presented in table 16.4.

Table 16.4

Correspondence of the level of risk with the value of the coefficient of variation

If our goal is for the random variable X to reach the value x * , that is

then the mathematical expectation of the absolute non-achievement of the goal (ANC) will be found by the formula:

for all x i< х * .

Relative non-achievement of the goal (ONC) can be found by the formula:

Obviously, the higher the value of the relative failure to achieve the goal, the higher the risk. An increase in the OCC indicates an increase in risk.

Essence cost-benefit analysis method is based on the fact that in the process of entrepreneurial activity, the costs for each specific direction, as well as for individual elements, have a different degree of risk.

So, for example, gambling is hypothetically riskier than bread production, and the costs that a diversified firm incurs in developing these two lines of business will also differ in degree of risk. The same situation persists with the costs within the same direction. The degree of risk for the costs associated with the purchase of raw materials (which may not be delivered exactly on time, its quality may not fully comply with technological standards, or its consumer properties may be partially lost during storage at the enterprise, etc.) will be higher, than payroll costs.

Determining the degree of risk through cost-benefit analysis is focused on identifying potential risk areas. This makes it possible to identify "bottlenecks" in the activities of the enterprise in terms of riskiness and develop ways to eliminate them.

The status for each of the cost elements should be divided into risk areas, which represent a zone of general losses, within which specific losses do not exceed limit value the established level of risk: the area of absolute stability; region of normal stability; region of unstable state; area of critical condition; area of crisis.

Table 16.5

Areas of activity of the enterprise in terms of sustainability

Each cost item is analyzed separately for its identification by areas of risk and maximum losses. At the same time, the degree of risk of the entire line of business activity will correspond to the maximum value of risk by cost elements. The advantage of this method is that, knowing the cost item with the maximum risk, you can find ways to reduce it.

Method for determining the degree of risk by expert assessments is more subjective than other methods. This subjectivity is a consequence of the fact that a group of experts involved in risk analysis expresses its own subjective judgments both about the past situation and about the prospects for its development.

Most often, this method is used when there is insufficient information or when determining the degree of risk of such a direction of business activity, which has no analogues, which also makes it impossible to analyze past performance.

In the most general form, the essence of this method is that the enterprise identifies a certain group of risks and considers how they can affect its activities. This consideration is reduced to scoring the probability of occurrence of a particular type of risk, as well as the degree of its impact on the company's activities.

Analytical method includes several stages.

At the first stage, preparation for analytical processing of information is carried out, which includes:

a) determination of the key parameter against which a specific area of business activity is assessed (for example, sales volume, profit volume, profitability, etc.);

b) the selection of factors that affect the activities of the company, and therefore on the key parameter (for example, the inflation rate, political stability, the degree of fulfillment of contracts by the main suppliers of the enterprise, etc.);

c) calculation of key parameter values at all stages of the production process .

At the second stage, the dependencies of the selected resulting indicators on the value of the initial parameters are built. The main indicators are selected that have the greatest impact on this species entrepreneurial activity.

At the third stage, critical values of key parameters are determined. In this case, the critical point of production or the break-even zone, which shows the minimum allowable sales volume to cover the costs of the company, can be most simply calculated.

At the fourth stage, the obtained critical values of key parameters, the factors influencing them are analyzed, and possible directions for improving the efficiency and stability of the company's work are determined, and, consequently, ways to reduce the degree of risk.

Thus, the advantage of the analytical method is the combination of a factor-by-factor analysis of the parameters that affect the risk and the identification of possible ways to reduce it.

Essence method of using analogues consists in the fact that when analyzing the degree of risk of a certain area of business activity, it is advisable to use data on the development of the same and similar areas in the past.

So, if it is necessary to identify the degree of risk in any innovative direction of the company, when there is no strict basis for comparison, it is better to know past experience, although not fully consistent. modern conditions than not knowing anything. The method is aimed at revealing similarities in the patterns of development of processes and, on this basis, making forecasts. When using the method, one should distinguish between historical, literary and mathematical analogy.

The analysis of past risk factors is carried out on the basis of information obtained from a variety of sources, such as published reports of companies on their past activities, websites and printed editions government organizations, data from insurance companies, etc. The data obtained in this way is processed in order to identify dependencies between the planned results of the company's activities and potential risks.

The objective difficulty in using the analogy method for assessing the degree of risk is that the data of past periods should be applied at the present time without taking into account the fact that any business activity is in constant development. This danger is most clearly visible when considering the production lines of entrepreneurial activity. Any product goes through several life stages from its development to its removal from production. Therefore, it is advisable to compare past and present indicators within the same stage. Otherwise, the probability of error during the analysis is quite high.

Risk Management Methods

All methods of influencing risk can be divided into the following main groups: risk rejection, risk acceptance, risk reduction, risk transfer.

In the practice of the company, there are major risks, which are simply impossible to avoid. These risks can be partially reduced, but not completely eliminated. In addition, the reduction of such risks practically does not reduce the danger of the consequences of their implementation. Therefore, the purpose and essence of using this method of managing major risks is to create such production and business conditions under which the likelihood of such risks is minimized.

When deciding on failure from a risky operation, the following should be considered.

First, avoiding risk completely may simply be impossible or unlikely, especially for small firms.

Secondly, the expected profit from making a risky decision can significantly exceed the possible losses. In such situations, risk avoidance is not considered as a possible solution.

Thirdly, the avoidance of one type of risk can lead to the emergence of other types of risk. That is, such a risk management method is effective when the probability of losses and the possible size of the loss are high - avoiding risky situations in this case is the best alternative.

Obviously, risks cannot always be avoided. Most often, businesses have to take the risk. It is necessary to pay attention to the fact that some risks are accepted by the company, as they contain the possibility of obtaining additional profit, other risks are accepted by the organization, since they are inevitable.

The essence of this method is to cover possible losses at the expense of the company's own financial capabilities. The use of this method is justified in the following cases:

Loss frequency is low;

The potential loss is small.

Losses with this method of risk management can be covered either at the expense of the current cash flow or at the expense of reserve funds specially created for these purposes.

As for the next control method, then risk reduction implies a reduction in either the likelihood of adverse events or the amount of possible damage.

The essence of the loss prevention method consists in carrying out measures aimed at reducing the likelihood of their occurrence. The use of this method is justified in the following cases:

The probability of realization of the risk is quite high;

The potential damage is small.

The use of this method is associated with the development of a program of preventive measures, the use of which is justified only as long as the cost of their implementation is less than the gain due to these activities.

When drawing up a preventive action plan, you should:

Assess the economic feasibility of each event;

Clarify with the management of the company and (or) its specialists the amount of funds that can be used for events;

Engage specialists to develop a program of activities or obtain advice on it, if necessary (for example, special knowledge is required);

Get approval from the company's management to carry out preventive measures;

Correct, clarify and control activities;

Periodically review the set of measures.

The essence of the method of reducing the amount of loss consists in carrying out measures aimed at reducing the size of a possible loss. The use of this method is justified in the following cases:

Large amount of possible damage;

The likelihood of the risk being realized is low.

It is possible to use the following methods to reduce the amount of losses: segregation (separation) of assets, combinations (combination) of assets and diversification.

Separation of assets often reduces the amount of possible losses in the event of an undesirable event. The essence of this method lies in the maximum reduction of possible losses per event. Assets can be separated by physically separating the assets themselves by use or by separating assets by ownership.

Combination of assets also makes losses or gains more predictable by reducing the number of units at risk controlled by a single commercial entity.

The combination of assets may occur on the basis of business concentration through internal growth (for example, an increase in the car fleet). But it can occur on the basis of business centralization, that is, when two or more commercial firms merge (the new commercial organization, as a rule, will have more assets, more employees, etc.). The desire to reduce losses is often the main reason for the merger of firms.

Process diversification assets and their application is understood in two aspects: in broad and narrow.

Diversification in a broad sense refers to the expansion of the scope of any organization.

Diversification of production should be understood as the process of penetration of specialized enterprises into new sectors of material and non-material production in order to ensure stable operating conditions.

One of the most convenient and common ways of risk management is insurance, which can be attributed to methods of reducing and transferring risks.

The essence of this management method is to reduce the participation of the company itself in compensation for damage due to the transfer by it (the insuring company) of the insurance company (insurer) of responsibility for bearing the risk.

The use of this method of risk management at the firm level is justified in the following cases:

If the probability of realization of the risk, that is, the occurrence of damage, is low, but the amount of possible damage is large enough. Regardless of the homogeneity or heterogeneity of risks, as well as the number of risks (mass or single), the use of insurance in this case is advisable;

If the probability of realization of risks is high, but the amount of possible damage is small. Insurance is justified if there are many risks.

Insurance methods differ in the way in which liability for risk is shared between the parties. A distinction is made between full insurance, which covers the entire specific risk, and partial insurance, which limits the liability of the insurer, leaving part of the risk to the insured.

There are two large groups of methods of partial insurance: proportional and non-proportional.