Enterprise risks: concept and management system

78589

Author of the article:

Sultanov Iskander Anvarovich

Founder of Projectimo.ru

Recent publications by the author:

Systematic labor standardization project

Implementation of a project to transfer accounting to outsourcing

Anticipation of significant changes in investments

The variety of existing risks inherent in the activities of commercial organizations is great. And their number is constantly growing, since not only production technologies are becoming more complex, but in the context of developing competition, management methods are undergoing changes, which also contributes to the complication of the architecture of risk events. Academic and industrial scientists are finding more and more new types of risks, and they need to be classified for the purposes of identification and effective management.

Definition of risk

Modern economic practice has recently acquired such concepts as “risk characteristics”, “unstable situation”, “risk analysis”, “risk minimization”. Only a few years ago, the combination of accumulated international experience and the Russian theoretical base made it possible to legislate these concepts, as well as make them a mandatory part of a business plan or investment project.

Risk is the likelihood of how much expected income will be missed or how much of the resources will be lost.

Risk characteristics:

potential damage expressed in money;
probability of risk occurrence;
level of risk, that is, the ratio of costs required to prepare and implement the risk and potential damage: if the result exceeds 1, then the risk is considered unjustified;
legitimacy of the risk: this value is determined by the probability of the risk being within the limits established by law and standards (for example, the reserve fund of a tour operator must be equal to no less than 1 million rubles).

Human life is also always accompanied by risk. The cause of danger can be the surrounding external environment or the person himself.

Risk is the likelihood that a hazard will occur, causing specific consequences and an uncertain amount of damage. An example is the risk of disease.

Entrepreneurial risks

Entrepreneurial risk was first classified by J. Keynes. He believed that the price of a product should include: costs associated with increased wear and tear of the equipment used, variability of market conditions, as well as a number of destructions caused by the occurrence of any emergency (risk costs).

In the economic sphere, it is customary to distinguish the following types of business risks:

The risk of a borrower or an entrepreneur arises if they plan to invest their own funds, and the entrepreneur has doubts as to whether the benefit he planned will be achieved.
Lender risk - occurs in cases where a credit transaction takes place. It is related to the validity of the trust given, because the debtor may begin to evade fulfillment of his own obligation or organize a deliberate bankruptcy. The likelihood of risk also increases due to insufficient collateral for the loan in the event that involuntary bankruptcy occurs as a result of the expected income not being achieved.
Inflation risk is a possible decrease in the value of a unit of money. This suggests the conclusion that the reliability of a cash loan is much lower than that of real property. In addition, the long-term perspective of investments puts the debtor in a privileged position in relation to the creditor.

J. Keynes believed that entrepreneurial risk requires preliminary quantitative and qualitative analysis.

Risk classification

Experts offer for consideration the following classification of risks in an enterprise .

[A]. By type of danger :

technogenic - associated with direct human activity;
natural - associated not with human activity, but with the natural and climatic conditions of the region;
mixed - natural risks that arise due to the impact of technogenic factors created by man.

[B]. By sphere of manifestation :

commercial - related to the implementation of direct financial and economic activities of the subject. They always arise when business activities are carried out, and are divided into two subtypes: (1) financial, related to the financial and economic activities of the enterprise, and (2) production, related to the implementation of the production process at the enterprise.
political - related to the political situation in the country and the world as a whole, as well as the actions of authorities in the immediate region where the company operates;
social - related to the social situation in society and crises in it;
environmental - associated with the occurrence of any negative situation in the environment, for which the enterprise will have to bear civil liability;
professional - related to the performance of one’s official duties;

[C]. If possible, predict:

predictable - they can be predicted with a certain degree of probability, and, therefore, certain measures can be taken to prevent the onset or minimize negative consequences;
unpredictable - these include force majeure situations that cannot be predicted and calculated in advance, and, therefore, cannot be properly prepared for them;

[D]. By origin:

external - occur in the external environment of the enterprise and depend on other subjects of the economic environment and the processes occurring in it;
internal - occur in the internal environment of the enterprise and depend on processes carried out within organizations, as well as the actions of company employees;

[E]. By the amount of damage:

acceptable - acceptable within the framework of ongoing operations;
critical - can cause quite significant damage to the enterprise;
catastrophic - capable of completely paralyzing the activities of the organization;

[F]. By time:

permanent - exists throughout the entire period of implementation of any event;
temporary - may appear and disappear under the influence of any factors;

[G]. If insurance is possible:

insured - can be insured by the relevant organization;
not insured - cannot be insured by the relevant organization.

The high frequency of occurrence of risks characterizes the organization as a risky enterprise , regardless of the classification presented.

Types of business risks

The concept of business risk includes the following issues:

risk management;
business risk insurance;
distribution of risks according to subjects;
change in risk conditions, etc.

Among the main ones, we can highlight the “danger” at the national level (the economy of the native country) and the international level (the economy of other countries).

National business risks include:

macroeconomic risks affecting the entire economy;
microeconomic level risks related to the activities of an individual manufacturing enterprise, organization, institution or individual.

Economic risks at the macroeconomic level are represented by national and local ones. The subject of the first is the highest body of state power. Local risk is inherent in private, specific tasks and manifests itself at the level of sectoral or regional economic management.

Risk subject

Characterization of risk involves its classification in accordance with the subject, type and manifestation. Risk subjects are usually legal or natural persons who take part in it or are the cause of it.

Subjects of business risks can be:

manufacturing enterprises;
individuals (individuals or beneficiaries);
other entities (organizations practicing non-productive activities, including government agencies).

Among the main types of risk are:

production (clean);
investment;
innovative;
financial;
complex;
commodity;
bank.

The last type of risk is a separate position, since its importance and specificity are very high.

general information

First you need to understand the terminology. What is risk? Essentially, it is the likelihood of an unfavorable situation occurring and/or an unsuccessful outcome of a particular activity. The following result is observed:

Loss/impairment of health.
Death.
Losses (loss of your funds).
Lack of income.
Lack of result (when there is no loss or profit).
Lost profit.

It is impossible to say that any of the things discussed below claim to be called “main types of risks.” After all, a lot depends on the position taken and the nature of the assessment.

Risk analysis

Any enterprise, business, company is inherent in the presence of certain risks that can affect the final result. In the process of implementing a business strategy, the rights, duties and obligations of the entrepreneur may change, an unforeseen or previously unapplied process may appear, as well as consequences of a different type. The choice of optimal actions aimed at achieving results is greatly influenced by risk analysis and consideration of the impact of side effects.

For the assessment, it is necessary to use all available information to determine the likelihood of a certain event occurring and the possible scale of its consequences. Risk analysis is aimed at identifying all negative events and circumstances, for example, a loss during a venture, a natural disaster that led to serious consequences, etc. It is also possible to identify potential positive consequences.

Qualitative risk analysis

This study is based on an internal (instinctive) assessment of emerging events. This level involves subjective judgment and the resulting opinions.

Qualitative risk assessment is of a simple descriptive nature, while the research analyst must arrive at a quantitative result, a cost estimate of the identified risk, its negative consequences and “stabilization” measures.

The qualitative approach, as its main task, sets itself the identification and identification of possible types of risks inherent in the project. In addition, the expected consequences of the hypothetical realization of the identified risk must be described and given a cost estimate and measures aimed at minimizing and/or compensating for this event must be proposed.

Quantitative risk analysis

Quantitative risk assessment can be carried out using the following methods:

The deterministic approach involves a point estimate, that is, in order to understand what the outcome will be in a particular case, each event must be assigned a certain value. For example, a financial model allows you to evaluate the following options: the worst (unprofitability of the project), the best (future profit) and the most probable (moderate, relative profit). This method has a number of disadvantages: it does not allow for the maximum possible number of scenarios for the development of events (only the main versions are considered), in addition, risk factors that have a significant impact on the situation are not sufficiently taken into account, which significantly simplifies the model.
Stochastic risk analysis is a much more reliable method. This approach involves the use of range values of the initial parameters (a probability distribution is generated). At the same time, different variables have different probabilities of consequences. The value is chosen randomly based on a possible probability distribution.

Internal and external risk factors

Risk factors for any business can be divided into 2 groups:

internal;
external.

An external (objective) factor is everything that has a direct connection with the production process of a business entity, that is, an organization.

External risk factors may be:

regional;
socio-economic;
political;
industry-specific.

The socio-economic sphere includes: inflation risk factor, deflationary, tax, interest, price in relation to raw materials, materials and components. As a result of the impact of these factors, the market situation may change dramatically, the solvency of demand may decrease, or competition may become tougher.

The regional factor includes: socio-demographic risk, regional and tax. The industry factor presupposes the danger of the organization’s position in the industry, environmental and others. The political factor is a loss of control caused by instability and the impossibility of normal business activities due to the fact that restrictions related to trade and trade were introduced.

An internal (subjective) risk factor can manifest itself directly in the process of conducting business and directly depends on what type, method, strategy and tactics of business have been chosen.

Types of risks and their classification

All kinds of existing species that are found everywhere, in various fields of human activity, are usually classified according to their main characteristics.

By object of influence

Individual implies all sorts of undesirable consequences that an individual may encounter in the process of everyday or professional activities. An example is various occupational diseases caused by specific working conditions.

technical type is expressed in the fact that during the operation of various components and mechanisms of machines and technical equipment, malfunctions, failures and other negative preconditions arise. The reason for this may be either a human factor or a defect or defect in equipment.

Example: a boiler room operator, due to improper performance of duties, can create an emergency situation resulting in a boiler explosion. The same development of events can be caused by malfunctions of the safety valve.

Collective involves the likelihood of injury to two or more persons located at the epicenter of an accident or natural disaster.

The economic essence of this type lies in the fact that the implementation of certain commercial activities of a production nature may be associated with various kinds of difficulties. They manifest themselves fully when there is a lack of information and entail loss of profit and a decrease in the level of production efficiency. An example is food spoilage after its shelf life has expired.

Environmental risk - this concept is inextricably linked with harmful environmental changes. This situation arises as a result of technogenic, anthropogenic and natural factors. Example: discharge of waste from an industrial enterprise into a reservoir, bypassing treatment facilities.

Strategic is characterized by the presence of problems associated with the effective implementation of planned tasks. Their appearance is due to a short-sighted analysis of a given activity.

Example: unreasonable expenses of manufacturers for research activities in areas that are at the initial stages of development. In this case, it is appropriate to mention the so-called organizational risk, the emergence of which is dictated by poor, inconsistent organization of work for the implementation of specific activities.

The risks of an enterprise relate to all possible complications that in one way or another impede its productive activities. It is believed that the company is most exposed to this type of risk in the presence of an unfavorable economic situation at both the regional and federal levels.

For example, as a result of a sharp increase in prices for fuel and lubricants, transport companies are forced to charge higher prices for their services in order to compensate for fuel costs. The company, in this regard, suffers losses by paying for the transportation of products at inflated tariffs.

In this case, industry risks should also be mentioned. Their presence is the result of changes in the economic component of a certain industry.

By source of exposure

Natural affects all socio-economic spheres of society. It is expressed in the form of harm caused to humans due to various natural anomalies: typhoons, tsunamis, hurricanes. An extreme degree of this type is mentioned when there is a potential threat to the health and life of people.

Man-made is characterized as the most likely negative scenario due to violations of requirements and instructions when working with the equipment of a particular facility. This risk was fully demonstrated, for example, during the explosion of the CHAS reactor.

Social risk is a concept closely related to human life. It contains all the harmful factors of a political, economic, sociological, industrial nature that can lead to a person’s disability or limit his opportunities in labor and social activities.

Examples include the so-called asocial elements, who, due to their low social adaptation, were unable to become full members of society.

Political risk is a hypothetically possible development of events of a political nature, the occurrence of which will be fraught with negative consequences that impede the successful implementation of certain tasks in the economy, production and financial sphere. Thus, tax increases caused by government reform will hit the pockets of private entrepreneurs.

The essence of economic risk consists of circumstances that are inappropriate from the point of view of effective economic activity, which lead to losses and all kinds of complications.

An example of this would be the situation in which an insurance company would find itself if insured antiques of great cultural value were burned in a fire caused by a short circuit in the electrical wiring.

By source of occurrence

External or market is the result of environmental factors that are subject to all kinds of changes. In other words, the enterprise does not in any way influence the nature of this type of process. The formation of external risks in management is influenced by a number of factors of a political, economic, geographical and social nature.

Example: an unstable situation in reforming tax legislation has a negative impact on the income of a private entrepreneur.

Internal , on the contrary, is directly related to the processes within a particular organization. Most often, its appearance is dictated by the unskilled work of specialists involved in planning the financial activities of an enterprise. It is often called treasury .

Example: an irrational pricing policy leads to the fact that the demand for a product falls - the company suffers losses.

According to the mechanism of occurrence

According to this criterion, three types of risks are distinguished:

caused by disruptions in the life/work of the enterprise,
caused by natural disasters and unforeseen situations of a social and man-made nature,
arising as a result of harmful trends of a crisis nature.

According to the degree of influence on human life

Tolerable or acceptable risk represents the minimum possible share of probability, based on specific technical and economic prerequisites. It can also be called pure risk. So, as a result of research, it turned out, for example, that the individual probability of death of residents is on average 10-8 per year.

Critical risk, depending on the degree assigned to it, is characterized as a negative outcome of any event in which efficiency/profit is at an extremely low level. Often, when faced with such risks, companies not only do not get the expected results, but remain in a difficult financial situation.

Catastrophic risk in the first case is a consequence of natural phenomena of a destructive nature. They can be either a spontaneous or a natural phenomenon for a given area. Depending on this, the degree of risk will vary. Thus, due to constant typhoons, many enterprises in Japan are destroyed, and this has a detrimental effect on the development of the country’s entire industry as a whole.

In the second case, i.e. from the point of view of the profitability of the enterprise, catastrophic risk is considered as a threat entailing its partial or complete bankruptcy.

Catastrophic risk also includes systemic risk to some extent. The latter is characterized by extremely unfavorable consequences that threaten the financial stability of the entire company.

Hazard identification

The danger is often potential, that is, hidden. Hazard identification consists of detecting and establishing characteristics of a quantitative, spatial, temporal and other nature, without which it is impossible to develop and implement operational and preventive measures that contribute to the normal functioning of the technical system and improving the quality of life.

The identification process allows us to identify the range of hazards, the likelihood of their occurrence, spatial localization (coordinates), the scale of damage and a number of other parameters necessary to solve a particular problem.

Hazard identification involves the use of the following methods:

Engineering identifies hazards that have a probabilistic nature of origin.
The expert identifies failures and looks for the reasons for their origin. This requires the creation of a special expert commission consisting of different experts who give opinions.
Sociological. In this case, the danger is determined based on a study of the opinions of the population (social group).
The registration uses information about the counting of any events, resource costs, number of victims, etc.
Organoleptic. For analysis, only the information that was received by the human senses (vision, touch, smell, taste, etc.) is taken. An example would be a visual inspection of products or equipment, as well as an auditory determination of the clarity of the engine.

Occupational Safety and Health

Based on structural characteristics, risks can be classified according to different criteria.

Based on the cause (nature) of damage, which determines the nature and mechanism of occurrence of damage, which is very important for the analysis of any risk, the following risks can be distinguished.

A. Natural risks caused by natural disasters (floods, earthquakes, storms, climate disasters, etc.).

B. Technical risks caused by the consequences of the functioning of technical systems and/or their violations (fires, accidents, errors in design estimates).

B. Risks associated with the human factor. These are risks associated with erroneous or negligent actions of personnel that lead to the occurrence of emergencies.

D. Social risks, which mean the risks of the occurrence of such negative social phenomena as crime, violation of the safety of objects, unfavorable social external effects, etc.

Risk classification

Each undesirable event can occur in relation to a specific victim - an object of risk. The ratio of risk objects and undesirable events allows us to distinguish between individual, technical, environmental, social and economic risks. Each type of it determines its characteristic sources and risk factors.

Classification of risks by objects

Type of risk	Object of risk	Source of risk	Undesirable event
Individual	Human	Human living conditions	Illness, injury, death
Technical	Technical systems and objects	Technical imperfection, violation of rules for operating technical systems	Accident, explosion, fire, destruction
Ecological	Ecological systems	Anthropogenic interference in the natural environment, man-made emergencies	Man-made environmental disasters, natural disasters
Social	Social groups	Emergencies, decreased living standards	Group injuries, diseases, loss of life, increased mortality
Economic	Material resources	Increased danger of production or the natural environment	Increased security costs, damage from insufficient security

Based on the number of people exposed to danger, two types of risk are distinguished: individual (a measure of the possibility of negative consequences for the health of one person) and collective (the likelihood of injury or death of two or more people). This risk is assessed by the number of deaths as a result of the action of a certain hazardous factor on the population of people under consideration.

Depending on the implementation situation, voluntary and forced (professional) risks are possible. The first relates to a person's personal life. Its examples are non-professional mountaineering and parachute jumping, that is, activities that a person engages in for his own pleasure, to improve comfort, and to increase prestige. Involuntary risk is associated with the need to perform professional duties in certain conditions. Firefighters, rescuers, infectious disease doctors, etc. are susceptible to it. Voluntary risk is higher than professional risk and is limited to the person at risk.

In relation to the situation of decision-making under conditions of uncertainty, a distinction is made between motivated (reasonable) and unmotivated (unreasonable) risk. In case of industrial accidents, fires, in order to save people affected by accidents and fires, a person has to take risks. The validity of such a risk is determined by the need to provide assistance to injured people and the desire to save expensive equipment or enterprise structures from destruction. An unmotivated risk is one caused by people’s reluctance to comply with safety requirements, use personal protective equipment, etc.

When performing a comprehensive risk analysis, it is very important to consider how typical the risk in question is for a given object and/or situation. Based on the typicality of negative consequences, fundamental and sporadic risks can be distinguished. Fundamental is a regular risk that is inherent in a given object and/or situation, as well as based on natural or social laws. The relevant events are also random, but the exposure to risk is quite large. Such risks include, in particular, the risks of car accidents or hail damage to crops. Sporadic is an irregular risk caused by rare events and force majeure circumstances, occurring with a very low probability. An example is the destruction of property caused by a meteorite.

To manage risk, fundamental risks should be considered first, and sporadic risks only to the extent that they seem important.

Depending on the place of occurrence, risks are distinguished internal and external. Internal risks are associated with the organization of work of a given enterprise or the activities of a particular person. In other words, these are risks that a person can influence. Examples include equipment breakdown, failure to follow safety rules, unhealthy lifestyle, etc. External risks are those that are determined by external circumstances. Examples include the impact of environmental degradation on health, natural disasters, etc. A person must take into account both types of risks, but if he can manage the internal ones, then he can only take the external ones into account.

Classification according to the degree of dependence of damage on the initial event involves the identification of two types of risk - primary and secondary. Primary risk is the risk directly attributable to the adverse initiating event; secondary is caused by the consequences of the initial event. An example of such an initiating event is an earthquake. The destruction of structures (in particular, a dam) will correspond to the primary risk, and the consequences of flooding caused by the destruction of this dam will correspond to the secondary one.

The risk may last for a limited time. Based on the time factor, we can distinguish perpetual risks, which have no time limits, and urgent risks. The latter, in turn, can be long-term or short-term. A person living in an earthquake-prone area or working in hazardous conditions (electrician, fireman, etc.) is at long-term risk. It should be noted that people are more likely to underestimate a high level of risk if they are exposed to it for a long time.

If the risk develops over time, then this aspect must be taken into account. From the point of view of the dependence of the magnitude of risk on time, static and dynamic risks can be distinguished. The magnitude of static risks does not depend on time. An example is the risk of earthquakes, which may depend in some way on time, but it has not yet been possible to identify this dependence. The magnitude of dynamic risks changes over time. For example, as equipment wear increases, the risk of accidents increases.

When forming the right risk management policy, a very important question is how much time is needed to identify and eliminate the negative consequences of risks. Based on the duration of identification and elimination of negative consequences, risks with short-term and long-term identification of consequences can be distinguished. Most risks belong to the first group: damage is usually detected immediately or within several months. These are, for example, the risks of fires. However, in some cases, identification of damage may occur after a long period of time—up to several decades.

As an example, consider the situation with the use of asbestos in construction. Several decades ago, it was widely used in construction, as it is non-flammable and is a good heat insulator. However, it later turned out that asbestos dust is a carcinogenic substance that causes fibrous compaction of lung tissue. Another example of risks with long-term identification of negative consequences are accidents at radiation hazardous facilities.

An important criterion for risk classification is the degree of prevalence of a given risk. It determines how many objects are at risk. From this point of view, massive and unique risks can be identified. The first are typical for a large number of objects of the same type, for example, the risks of car accidents. Even if the risk is small, they are faced with it quite often. Unique risks occur only in individual objects, for example, nuclear risks. As a rule, these are significant risks. Procedures and methods for managing these types of risks will be fundamentally different.

The issue of information support is fundamental in risk management, since its solution is ensured by the risk management process. The degree of predictability, or predictability, is an important characteristic of risk in terms of procedures and methods for managing this risk. According to this criterion, risk factors can be divided into two groups: predictable (predictable) risks that can be foreseen, but it is impossible to predict the moment of their manifestation; unpredictable (unpredictable) risks about which nothing is yet known.

Unpredictability can be associated either with a complete or partial lack of information, in particular, on a unique object, or with the fundamental impossibility of a quantitative or qualitative forecast, for example, when assessing the degree of danger of some biotechnological research.

Contents of economic risk

The risk characteristic is of Italian origin and represents a danger or obstacle that was, to a certain extent, foreseeable. In other words, this is uncertainty that, due to certain events, was difficult or impossible to foresee.

Many sciences tried to establish and study the concept of risk, such as disaster theory, psychology, philosophy, medicine, etc. Moreover, each of them took as a basis its own subject of research and used its own approaches and methods. This is where the multidimensionality of this phenomenon lies.

Free interaction of market entities and dynamically developing competition led to the fact that economic risks were recognized as an objectively necessary category, entailing significant adjustments to the amount of not only business income, but also wages.

Investment risks. Classification

At the global level, all investment risks are divided into systemic and private (non-systemic). These two large sections consist of several subsections:

Systemic risks

Systemic risk is an investment risk that applies entirely to the entire market. Touching the market, it inevitably affects all the companies that make up it. Systemic risk can be divided into several components and thus talk about systemic risks. You can reduce the level of systemic risks by diversifying your investments. That is, you need to “diversify” your investments as much as possible with different options:

investing in assets of different countries - Japan, USA, Australia, Russia, Germany, China;
deposits in various currencies - pounds sterling, rubles, francs, dollars, yen, euros. In this case, the European shares fund can be denominated in dollars, but the final return will be recalculated taking into account changes in the euro/dollar exchange rate;
investing in securities and assets of different classes - stocks, gold, real estate, bonds, money market assets. For example, gold often rises during crises, so adding it often helps reduce losses when stocks fall;
acquisition of shares of companies of various levels of capitalization, from small organizations to the largest corporations. Market practice shows that at different periods of time both small and large companies can be more successful;
investing in shares of companies from different fields of activity - oil, electricity, gas, mechanical engineering, etc. Although the price of the asset itself (such as oil) is unpredictable, a business can remain profitable even if the cost of raw materials falls.

Currency risk

Investment risk of the currency type arises when purchasing foreign currency. Most readers live in Russia and spend money in rubles. Therefore, an increase or decrease in the ruble exchange rate against a foreign currency may trigger income or losses. A strategy popular in the late 90s—buying dollars—is noticeably inferior to inflation in the long run:

When the ruble exchange rate strengthens, the level of profitability of shares of foreign companies (in rubles) falls, and when it weakens, it increases. The weakness of the ruble exchange rate is beneficial for foreign investors, since it directly affects the reduction in the cost of Russian assets. Over the past 20 years, the ruble has weakened against the dollar by almost 10 times. But you should not confuse simply buying dollars with investing in this currency - these are completely different concepts.

Interest rate risk

The profitability of certain investments is affected by fluctuations in interest rates. In the Russian Federation, the standard is the key rate of the Central Bank of Russia - this is the interest rate on the loan at which it provides funds to other banks.

Changes in the key rate greatly affect the securities market. It is often lowered during periods of economic stagnation, in an attempt to increase borrowing for business development. Thus, in the United States, the rate became almost zero in the crisis year of 2009. This process is often accompanied by active purchases of shares, and holders of long-term coupon bonds can receive increased income either at the previous (i.e., higher relative to the new rate) coupon, or sell the bond at a profit, since the price of bonds rises when the rate falls. Rate increases are used in times of crisis to suppress inflation—in Russia, the last sharp rate increase occurred in December 2014 against the backdrop of ruble devaluation. In the United States, the period of the maximum rate occurred in the early 80s.

Another example. Let's say there is a 10-year US bond with an interest rate of 8% per annum that is trading at par. Its profitability thus turns out to be 1.0810 = 2.159 or 115.9%. It looks great, but the bond has a very low credit rating that puts it at 40% chance of default. Then the risk-adjusted return is 0.6 × 2.159 + 0.4 × 0 = 1.29 or only 2.6% per year. At the dividend level of large reliable stocks or their index fund.

Inflation risk

This investment risk arises due to the excess of the money supply over the commodity supply. The main consequences may be a depreciation of the company's cash capital, as well as a drop in the profitability of the enterprise.

This risk, however, is contradictory in nature, since depending on the increase or decrease in the level of inflation, enterprises may have both the possibility of losing income and receiving additional income. For example, stocks are quickly indexed to inflation - after all, companies usually produce goods that increase in price with inflation.

Liquidity risk

This type of investment risk arises when an investor is unable to quickly and profitably sell existing assets, or to do so without significant losses. I wrote an article about liquidity here.

Highly liquid assets have a large number of potential buyers. In contrast to low-liquidity ones, sales transactions of which can last for weeks or even months. An example here would be real estate. Selling it will require a lot of time, spent on a multi-stage bureaucratic mechanism, and it will be possible to quickly find a buyer only if the market value is greatly reduced. Liquidity risk may affect an individual company, but for the main players it is close to the liquidity of the market as a whole. The American market is the most liquid.

The level of liquidity of certain securities depends on the difference between the cost of their purchase and sale, that is, the size of the financial spread. The easiest way to check the liquidity of a security is to check the trading volume (the lower it is, the less liquid the security is). Such specialized Russian resources as finam.ru, rbc.ru, moex.com will help you determine the trading volume of certain shares. In the latter case, the trading volume is depicted as red and green bars at the bottom of the quotes:

Random risks

Random investment risks include natural disasters, coups d'état and revolutions, military and political conflicts, that is, all unexpected events that are often close to catastrophic in their consequences. In the classification of N. Taleb’s book, such events are called “Black Swan”.

Market risk

This type of risk is based on changes in the value of the asset. To assess riskiness, the concept of volatility is used - the level of price fluctuation of an asset on the market. In this case, the average statistical value of the object is calculated and it is shown how far market values deviate from it. For these calculations, the standard deviation formula and beta coefficient are used.

With small price fluctuations, the asset is not considered risky. On the contrary, a heavily fallen asset has a high risk, which W. Buffett disagrees with - after all, if a well-known stock has become very cheap, then the time has come to buy it. In other words, as the price falls, the stock (and especially the stock fund, where there is no risk of bankruptcy) becomes less and less risky for its new owner. It's a rare company that can ignore the market as a whole - in 2008, very few American manufacturers were able to avoid losses.

Risks of portfolios of US stocks and bonds:

Non-systemic risks

These investment risks are diversifiable, i.e. they are typical for individual industries and companies.

Operational risk

The emergence of operational risk is due to transactions with assets carried out on the market. In most cases, banks, brokers, or management companies are responsible for such transactions. Operational risks arise when contractual relations are violated, as well as when fraudulent activities are carried out by the above-mentioned persons and organizations. For example, in the fall of 2020, a brokerage license was revoked for manipulating the stock quotes of Live Office. Six months earlier, I found myself in a similar situation. In such a situation, everyone suffers losses—at least in terms of their reputation.

Business risk

Financial dangers of this type arise in organizations, mainly due to poor quality and ineffective management of managers. If the previous risk can be called external, then here we are talking about internal risk. Making certain mistakes in organizing the company's work can cause a decrease in the value of its shares on the securities market, as well as a quantitative drop in the level of sales. There are a huge number of examples here - for example, when a company, in order to diversify its business, tries to invest money in other areas and suffers a loss. Or this risk befell many sellers of traditional goods at the end of the last century, when they were unable to see the prospects of online shopping in time and rebuild their business.

Credit risk

Companies often have a variety of debt obligations that they are required to pay—interest on loans and bonds, debts to suppliers, and others. Credit risks arise when an organization is unable to pay these obligations. A gradual increase in the company's debt may soon lead to default and further bankruptcy of the enterprise. In particular, the massive bankruptcy of Russian banks in 2014-16 was not least caused by credit risk - due to the devaluation of the ruble, the burden on foreign currency loans sharply increased, and sanctions prevented cheap loans to correct the situation.

You can check an organization's creditworthiness by qualitatively analyzing its financial statements, or by checking its financial condition on specialized rating analytical resources such as Fitch, S&P, Moody's. A detailed article on rating agencies can be found here.

On methods for assessing economic risks

To determine the level of risk, you need to do the following:

identify possible solutions to the problem;
determine the potential consequences that the implementation of the decision may lead to;
carry out an integral risk assessment in terms of quantitative and qualitative aspects.

There are several risk assessment methods designed to implement the above measures in combination. But, despite this, the general trend of assessing danger in two directions remains. It's about the level of risk and the risk of time.

The first determines the ratio of the scale of expected losses and the volume of fixed assets of the organization, as well as the likelihood that these losses will occur.

Any method for assessing the level of risk takes the variability of the consequences of a particular decision as an initial parameter.

Variability is the number of fluctuations that occur in a certain range of values as a result of a deviation from a characteristic average value.

The main postulate of the risk level is the following definition: a greater value of variability implies a higher level of project risk.

Another factor that greatly influences risk is time. That is why economic danger is often referred to as an “increasing function of time,” that is, the longer the decision taken is implemented, the higher the level of risk.

A little theory about risk management

Introduction to Risk Management

I decided to address the topic of risk management for several reasons:

I recently developed a methodology and procedure for risk management in the company where I work (custom software development, outsourcing) - accordingly, a lot of materials were searched and studied, the information from which was then structured and compiled into a separate document, which is now used
risk management itself is one of the key activities on the project: in my opinion, one of the most difficult, but at the same time interesting (you can benefit from every risk and event)
As experience in software development companies shows, very little time is allocated to risk management, or they begin to manage them only when they become problems (which, you see, is quite late). I hope that the information collected here will encourage those interested in further studying the topic and implementing appropriate practices in their work

However, it is worth remembering the following: risk management in any area of human activity, in my opinion, is still only an applied discipline that provides general and practical recommendations. You will have to look for answers to all questions in each specific situation yourself - so you should not see the risk management process as some kind of panacea for all ills, or as an immediate and radical improvement in the development process. However, despite this, I believe risk management is an essential part of a good project management process.

Definition of risk

There are a huge number of definitions of risks and all of them, in principle, are well known and intuitively understandable.
I will give here just a few quotes that I remember. Risks are schedule delays and cost overruns waiting to happen (by Peter Kulik) Risk is the possibility of suffering loss (SEI, Dorofee 96)

You should also understand the main difference between the concept of risk and the concept of problem:

risk is some event that may
happen in the future and
may
lead to certain losses (decreased product quality, budget overruns, delays or complete failure of the project)
a problem is an event that already
happened. Risks turn into problems if you don't deal with them

Some terms and definitions

Risk – some event or condition that can positively or negatively affect the outcome of the project (plan, quality, cost, volume of implemented functionality)
Likelihood of a risk is the likelihood that a risk will work. It is one of the risk attributes and can be measured in integers from 1 to 4 (where 1 is a very low probability, 4 is a high probability)
Risk Impact (Impact) - indicates the magnitude of positive or negative consequences for the project if the risk is triggered. It is one of the risk attributes and can be measured in integers from 1 to 4 (where 1 is a small influence, 4 is a blocking influence). May also be called "loss"
Risk Exposure – product of probability and risk impact ( Risk Exposure = Likelihood x Impact
)
Mitigate (unfortunately, could not adequately translate) - develop strategies and an action plan to reduce the likelihood and/or impact of risk to some acceptable level (for example, you can use the risk matrix, which will be discussed later)
Mitigation strategy - an action plan aimed at reducing the probability and/or impact of a risk to an acceptable level (risk mitigation plan)
Contingency – an approach aimed at minimizing the impact of a risk after it has occurred
Contingency plan - a plan aimed at reducing the impact of a risk (consequences of a risk) after the risk has occurred

It is necessary to distinguish between the concepts of Mitigation and Contingency - the first refers to risks, the second to problems.
Implement a mitigation plan - reduce either the likelihood or impact of a risk when/if it occurs; implement a contingency plan - reduce the consequences of an already occurring risk. For the same risk, both plans can be developed, but in most cases - only one (here you need to decide what is more important - to prevent the risk from triggering, or to minimize losses when it triggers). Also, when developing a mitigation plan, they are often guided either only by a strategy to reduce the impact or only by a strategy to reduce the likelihood of a risk (which allows for savings - why direct efforts to reduce the impact of a risk if its probability is also reduced).

Risk management process

Below are the steps I typically highlight in the risk management process.

risk identification
risk analysis
risk planning
risk resolution
tracking and modification of risk data (parameters and/or plans and strategies)

Where to begin?

Where does the risk management process on a project begin? According to the theory - with the identification of risk(s)
. It is necessary to create a list of risks that would most fully reflect the picture of risks and potential problems on the project. It should be remembered, however, that even the largest list will never be complete - something will always be missed.

Analysis

The result of this stage is a qualitative and quantitative risk assessment, which can be carried out in the following areas:

risk assessment - determining the values of the Likelihood and Impact attributes
risk classification – a grouping of risks based on any characteristics (for example, by type of risk they can be divided into “Quality”, “Management”, “Hardware”, “Software”, etc.)
risk prioritization – setting priorities. In practice, prioritization is done on the basis of the risk matrix, which I spoke about above

Likelihood\Impact	Small =1	Medium=2	Critical=3	Blocking=4
Very likely=4	4	8	12	16
High =3	3	6	9	12
Medium =2	2	4	6	8
Very low probability =1	1	2	3	4

With this definition, the magnitude of the risk is the simplest way to quantify the risk. In practice, it makes sense to monitor and manage risks that are on or above the main diagonal of this matrix (that is, with risk magnitude values greater than or equal to 4 or 6).

After analyzing the risk, we can compile the Top 10 Risk List by arranging the risks in descending order of risk value and selecting the first ten. It should be remembered that selecting more risks can turn risk management into a very cumbersome process that will be too expensive and ineffective.

Planning

The main task of planning is to answer the question of how we will handle each of the risks. The following options are possible:

risk research (research) - conducting further research into the risk for its detail and more accurate planning
acceptance of risk (accept) - we accept the risk and are ready to live with its consequences
avoidance of risk (avoid) - we assume that the risk will never become a reality
transfer of risk (transfer) - transfer of risk and responsibility for it to another team, another manager (possibly the company’s management), another person

Directly for risk management, a mitigation strategy (actions that we take to reduce the probability and/or impact of a risk to some acceptable level, if we have chosen this strategy) and a contigency plan (an action plan in case the risk works) must be developed.

Risk resolution

At this stage, the risk is actually resolved after it has worked. That is, the corresponding contingency plan is being executed. The task of the stage is to carry it out in the most efficient way, and also to collect and analyze information about this risk for the next stage.

Monitoring and modification of risk data

The following goals are pursued at this stage:

risk status monitoring
monitoring the status of mitigation strategy and contingency plan
monitoring project metrics that are linked to action plans
identify and notify all interested parties that a trigger for a particular action plan has been triggered

Since the situation on the project is constantly changing, it is necessary to constantly monitor changes in risk parameters, adjusting the “Top 10 Risk List”:

identification of new risks that were not taken into account before
change in quantitative assessments of risks (return to the analysis stage, Top 10 Risk List may change significantly)
determining whether the change in quantitative estimates (if any) was the result of the implementation of certain action plans (mitigation strategy or contingency plan). If the magnitude of the risk decreases, then, most likely, the mitigation strategy is being implemented successfully, but do not delude yourself too much on this score
determination of methods and methods for correcting action plans taking into account certain changes, transition to planning

Conclusion

A key aspect of the risk management process should be periodic repetition of these processes, preferably consistent with the duration of development cycles and work processes. It can be recommended to conduct a risk assessment once every 1-2 weeks, depending on the size of the project (in some very large projects the frequency can be increased to a month, but I would not do more than that). I would also like to recommend saving the history of changes to the list of risks and their parameters (at least the Top 10 Risk List) - in the future this will give us the necessary statistical data.

P.S

I would like to note that the information given above is an excerpt from a large, official and extremely formalized risk management procedure that I created for the company where I work.
Some formal stages are omitted (for example, risk management planning, control); for the given stages, a description of their essence is given, which helps to understand them, but leaves a certain freedom of choice and flexibility when applied to various projects. However, it is possible to identify ways for further development of the article

detailing the stages (input and output documents, key activities and responsibilities of performers)
proposals for the format of documents that can be used in the process
discussion of the most common risks and strategies for resolving them (the so-called Risk Assessment document)

I invite all interested parties to communicate on this interesting topic.

useful links

MSF Risk Management Discipline v.1.1 - www.microsoft.com/downloads/details.aspx?FamilyID=6c2f2c7e-ddbd-448c-a218-074d88240942&displaylang=en (https://www.microsoft.com/Rus/Download.aspx? file=/Msdn/Msf/MSF_risks_mngt_rus.doc)
'Continuous Risk Management at NASA' - satc.gsfc.nasa.gov/support/ASM_FEB99/crm_at_nasa.html PMBok - www.pmi.org/Marketplace/Pages/ProductDetail.aspx? GMProduct=00100035801

Risk Management @ SEI - www.sei.cmu.edu/risk

SWEBOK (Guide to the SoftWare Engineering Body Of Knowledge) 2004 (Iron Man) - www.swebok.org

Just interesting sketches on project management - jchyip.blogspot.com/2008/12/lean-it-in-sketches.html