A Russian corporation may find it useful to refer to experience of other countries and enterprises in order to make an efficient system of risk management. That is what we are going to speak about in this material.

Western managers began to think and speak about risks much earlier than our Russian ones. Herewith, the following things are in the basis of the approach of western companies. The main objective of any company is not to avoid risks but to anticipate them in order to manage them for own profit. With the course of time, when a year comes after a year, and a crisis after a crisis, the minds of western managers begin to believe strongly that a risk is a more complex and systemic phenomenon than it was previously considered. The effective procedure of risk management allows the corporate governance to foresee risks in any business and take the considered decisions concerning the ways of risk management. Both the company management as a whole and risk management in particular are directed for better understanding of risks by the company management, which are necessary to achieve the set objectives. This means that risk management in the company should be built in such a way that every employee could undertake the risks, connected with the provision of the profitability risk and the company competitiveness. Therefore, the objective of risk-management is not to eliminate risks but to learn to detect and take into account such possible events, which can negatively affect the company in the future. It is necessary to remember that risk management is not only protection from possible threats, but also taking risks, which will promote the implementation of innovations and business development.


Here is how Andrew Holmes, the director of subdivision of risk management of the audit giant “PriceWaterHouseKupers” describes it. “It is necessary to understand that the awareness of the risk appetite by the company management is only the beginning of progressive thinking on the way to the effective risk-management. Next, it is necessary to develop and implement special procedures into the company management practice (which means to formalize the process), with the help of which it will be possible to describe risks, monitor and control them. There is a high probability of originating of a number of unfortunate situations without formalization of risk management. Formalization of risk management process, in which there is a place for every employee of the organization, is an essential element of the risk management integration system.[1]».


It is important to take into account the company needs at the development and implementation of the stated procedures. When managing risks, a lot of companies suffer from two extremities under the risk management. The first extremity is the absence of any process at all, which usually leads to the origination of inconsistency at work, unskilled decisions, mistakes, shock, unpleasant surprises and, correspondingly, to the problems in risk management. Another extremity is connected with the fact that the risk control procedures make the corner-stone, which is a formality. In this case the companies spend a lot of efforts and time trying to keep the procedures of risk management more than doing something real.


We shall remind one more time that the basis of western risk-management approach is a principle that the objective of any company is not to avoid risks but to anticipate them in order to manage them for own profit. The objective is true, but still life has proven a dozen of times that such true theoretic principles are often forgotten when it comes to practice, the risks are underestimated, the most important risks at the specific period of time are not paid much attention, while the company management  treats other risks seriously and tries to “cure” them, spending a lot of money where it is easier to accept such risks. And the consequences of unsuccessful risk management can affect negatively both, persons engaged in the organization business (for example, its managers and employees), and the status in economics (at the local and nationwide levels). Besides, the nature of risks, which stand in front of companies, is more complicated, than the nature of risks of person’s everyday life. Company risks refer to the strategic and financial business aspects.


The company management may also meet with risks, related to the implementation of a particular project or programs.


Failure of American companies Enron, WorldCom and the auditing company Andersen showed in due time what can a company expect, which cannot manage the risks efficiently[2]. We remind that shares of the company Enron were a desired object for investment for a long time.


After the company had to avow about the losses, disguised at the below-line balance accounts, the ball of problems became to dissolve gradually.


First of all, it was a high-profile scandal in the history of USA, which revealed a grand misrepresentation in financial records. The continuation of the scandal followed, when it had been found that its authority assured its employees to invest their retirement savings into the company shares. It was reasoned by explanations that according to the prognosis of the financial analysts and top management that the shares would grow from one year to the next. When the cost of shares decreased dramatically a lot of employees of the company lost all their savings for retirement. The authority of Enron could successfully get rid of their share of the sinking company and received millions of dollars.


Herewith, the described above scandal involved some other companies. For example the auditing firm Andersen was also involved into these discreditable practices of Enron. The auditing firm had a solid reputation and possessed a strong brand before the scandal. But contrary to the companies, which sell goods, business of the auditor was built on the trust of clients. The company became a participant of judicial precedent and could not recover any more. The clients started leaving it one by one, the company went into bankruptcy, thus, it suffered because of so called reputational risks.


There are more topical examples in front of us. These are the first crisis portents, Fannie Mae and Freddi Mac, as well as Lehmon Brothers and the leading national underwriter in USA, the AIG company, which received 180 mlrd. Dollars from the state in exchange for control of the enterprise. Hundreds of banks went bankruptcy during the crisis in the USA. And it appears that it is not the end. The news on bad reporting are heard every day. There are periodic rumors on possible loud bankruptcy as well as M&A deals.  

Despite correct approaches to the risk management, western companies often go bankruptcy because of the incorrectly built system of risk management, and because not much attention is paid to the risk assessment, and that the risk management system has wrong priorities.


Risk, according to one definition includes some degree of uncertainty. If we could be sure that this or that event takes place for sure, then the events would not be connected with risks. Unfortunately, the majority of ordinary people and modern managers now suffer from inability to understand the ratio of risk and uncertainty. Sometimes the reason is in the way of provision of information on statistics and risks. The words “safe” and “dangerous”, “progressive» and “not safe» are used by journalists without thinking much on the effects of their words, for example, on the reputation of the company they write about. Mass media is one of the reasons. The ability of the manager to understand risks mainly depends upon his understanding of the probability, otherwise, he gets trapped. By the way, such entrapments are described by a famous scientist Gerd Gigenzer[3]. Among these entrapments there is, for example, an illusion difinedness (when the manager blindly believes the statistic data); risk ignorance; communication mistakes (sometimes the manager may understand the information in a wrong way); misty thinking (inability of the manager to get the necessary information); subjective probability (the value of probability is based on the manager judgments, without taking statistics into account); transitional probability (one event is connected with the other, one risk is connected with the other, the manager may fail to understand) etc. Roughly speaking, these and the like mistakes of managers can influence the financial condition of the company, which are important elements of risk-management. John Allen Paulos, a professor in Mathematics, a presidential scholar of the Temple University in Philadelphia, the author of the book “Innumeracy: Mathematical Illiteracy” thinks that many people cannot have a quantitative thinking, which means that they cannot operate such fundamental notions as numbers and probability.


He confirms, that faulty perception of big figures and probability leads to the fact that people misconceive the importance of originating risks.


The basic elements of risk-management according to E. Holmes are the following: risk detection, quantitative risk assessment, strategy selection for the risk management, risk management and monitoring. These elements rest upon four basic principles of risk management evaluation of risk management frames, evaluation of risk tolerance, creation of risk culture, regulation of risk management process. According to the given approach, the process of risk management should finally help both elaboration of the correct managerial decisions, and risk-taking.


But despite of this true theoretic background, the crisis still continues. And one may say, that it to a large extent due to the outcome of underestimated risks at all levels of business and economics as a whole.


A onesided static approach to the risk management should be mentioned here. Theoreticians and practicians of risk management think much about the fact that conception of risks and their consequence should «sit in the lead” of every employee of the company — from the average executives to top managers, about the corporative culture of risk management. But there are few real evaluations on how changeable the risks are in time; and the level of perception as well. Western authors also speak about the assessment methods and risk management. However, the stages are shown in the reduced way.

[1]    Andrew Holmes “Risk-Management”, M.: Eksmo, 2007.

[2]    Andrew Holmes “Risk-Management”, M.: Eksmo, 2007.

[3]    Gigenzer, G. «Reckoning With Risk: Learning to Live With Uncertainty», London: Allen, The Penguin Press, 2002.