Risk management is an important responsibility to managing directors and supervisory directors. It is called ’risk management’ in sophisticated governance jargon. Risk management is a prominent agenda item to supervisory boards. What is it exactly? As so often, it is no more than a fancy term for something we all know. You do not let your five-year-old son drive the car. Your two-year-old daughter is not allowed to take the cake out of the hot oven. You notice that the company you work with has already been making a loss for a few years. You look for another job before it goes completely wrong. These are three examples of risk management. So you have already been a risk manager yourself for years.

An internationally accepted description of risk management is the process of identifying, analyzing, and controlling the risks in order to realize the objectives of the organization. That is quite a mouthful. Applied to your five-year-old son: one of the family’s objectives is to promote good health for him and the other family members. Giving him the car keys and putting him behind the wheel is not beneficial to this objective. So you do not do it.

Risks versus chances
In business, risk management is not only avoiding risks. It is also finding chances and using those chances. Sometimes, you consciously also have to take risks to this effect. Calculated risks are what we call them. So missing a chance is also a risk. That is interesting. If you keep sitting in a corner with your arms crossed, you do not take irresponsible risks. Are you doing the right thing? Nope. In business, you also need guts. Otherwise, nothing happens and the competitors pass you by left and right. Supervisory directors have to realize this. So they cannot make their management board powerless.

So with regard to risk management in a company, it is important to properly separate the roles and responsibilities of the management board and the supervisory board. The management board is responsible for the risk management, not the supervisory board. The supervisory board has to see to it that there is a proper risk management system. This means that the management board has to report to the supervisory board and that the supervisory directors regularly have to ask critical questions. Monitoring the risk management consequently does not mean that, as supervisory board, you always are obstructive.

It does not hurt to regularly scrutinize the risk management in a strategy meeting. A useful tool for this purpose is a so-called SWOT analysis. Together you list the strong sides of the company, the weak sides, the opportunities, and the external threats (Strengths, Weaknesses, Opportunities, Threats).

Operational versus financial risks
It is also useful to make a distinction between operational risks and financial risks. Operational risks concern matters that can go wrong in the performance of the work. An example is forgetting to make a backup of the computer files. Oops! All data gone! Financial risks concern for instance inadequate accounts receivable management. One works hard in the organization, but money is not coming in. Oops! Bankrupt!

In summary: risk management is being careful, continuing in the right direction, and staying strong!

Do you have a question about corporate governance yourself? Please e-mail it to governance@vaneps.com and perhaps your question will be discussed in the next column