Business confidence is at an all-time low after the events of 2008. More than ever, companies need a reliable view into the risks they face.

This can only be achieved with a complete picture of the business – something that financial institutions have not ensured in recent times, either by not having the right systems in place, or not implementing them effectively.

But is it possible to actually measure the levels of risk that a company faces? If so, what is the process and why are firms struggling so much to get to grips with it?

Risk and reward

An accurate assessment of risk is crucial in providing executives with the insight needed to securely and effectively direct their company. A good risk management strategy allows them to predict and quantify the risk involved in the day to day execution of business tasks, including the impact of external factors, such as a key client going into receivership.

Far from being a theoretical exercise in forecasting the future, this knowledge allows a company to respond decisively and effectively if such a scenario were to develop.


With the right systems in place, a company can develop a clear risk management strategy. But a clear, transparent view of business performance is needed first. To implement a risk management strategy organisations need to quantify and organise risk based on relevant and accurate data from around the company.

A fundamental principal of risk management is to constantly ask “what if?”: What if the launch of a new product is delayed by supply issues? What if shrinking demand drags down profit margins? What if that key client goes out of business?

But before an accurate assessment of potential circumstances can be performed, managers need to know what is already happening across the business.

Gaining a complete picture

One of the problems prolonging the credit crisis in the financial markets is a lack of complete information about companies’ full exposure to bad debt. The complexity of the securitisation process for those seeking a simple idea of a financial organisation’s balance of liabilities can be compared to trying to make sense of a scene viewed through frosted glass. Debt has been scattered across a number of different locations and moulded into a number of different forms. A true picture is not known yet, and the atmosphere of uncertainty and distrust that this has fostered has bled the market of the liquidity it needs to function.

A similar issue affects many large companies seeking to gain an accurate view of risk. The data needed to calculate this has to be collected from around the organisation, but this is often difficult because information is usually held in multiple incompatible reporting systems in different formats across the business.

As the typical company grows, it begins to form separate departments dedicated to particular parts of the business, often significantly increasing the business’s complexity and creating silos of data – and information. Separate research, administrative and marketing units may appear, usually operating autonomously – each making its own decisions and each with its own IT department. This mass of disparate information sources leads to major reporting problems. Even basic reporting, on a weekly or monthly basis, can become a struggle.

The problem often lies with the information management processes businesses employ to organise and deliver performance data to managers for analysis. Typically, a company’s IT department spends time building a “data warehouse” or repository to stage the data to feed into the business intelligence tools used for this analysis. This provides a temporary solution, but if the business changes or if managers need new or additional information about the company, the development cycle must be repeated to accommodate the changes. This can add weeks or months to the time needed to fulfil a request for specific performance data. As a result, decision-makers suffer through slow, inconsistent information delivery – the exact opposite of why they created a business intelligence initiative in the first place. So in response, managers often go around the IT solution and build more spreadsheets themselves in order to get their answers faster. This further compounds the problem.

To overcome this difficulty, companies need to focus on implementing an information management infrastructure that can adapt quickly and flexibly to incorporate changes in the business and feed this information back to managers. Such a solution can deliver more accurate, consistent and reliable information faster for the purpose of assessing risk.

Once an organised view of information from within the company is in place, managers then have the clarity they need to gauge the performance of the different parts of the business. They can start making sense of risk, quantifying it and developing a comprehensive risk management strategy.

Modelling risk

Once current performance is known, questions about “what if?” can be asked to begin tackling the challenge of constructing a company-wide view of risk. When information on business activities within an organisation has been assembled, managers can use this to run test scenarios based on the company’s business model to see how different parts of the business are likely to respond to a specific change.

For example, managers can model the impact rising supply costs would have. This test can draw upon previous historic data about demand, productivity and profit margins in order to determine a reliable forecast of the immediate effects on revenues as well as other related variables such as market share and competitiveness.

By running predictions like this, which focus on scenarios involving a company’s business model, risk levels can be measured and defined, based on the extent to which areas of the business are potentially affected.

If a particular product range, which constitutes a significant proportion of the company’s profits, is shown to be at risk from fluctuations in supply costs, for example, decisions can be made on how to reduce such reliance on this aspect of the business. Crucially, for the purposes of implementing a risk management strategy, basing the predictions on previous performance data allows for a quantified approach to risk assessment that is accurate for the business.

Whilst the testing scenarios described above involve altering variables in order to gain a picture of the knock on effects this might have across the business in real life, the same applications can be applied to monitor the real performance of the business on an ongoing basis.

With a better idea of the factors likely to have a significant impact on the company, managers can use these systems to identify more easily changes and developments such as decreasing demand or rising costs that influence business performance. By spotting changes sooner, they have more time to be able to coordinate a response, and can reference the test scenario results in order to make a better informed decision on how best to act.

Fine tuning

It should be re-emphasised that the process of assembling a risk management strategy is not merely a theoretical undertaking that is isolated from the running of the business on a day-to-day basis. By seeking to gain a more thorough understanding of the way a company is held together and balanced, the methods of risk analysis can help identify areas within the business that can be improved and strengthened. An analysis of company-wide performance data can highlight inefficiencies within the business, such as areas of poor productivity, or outlets in markets where demand is below average.

By implementing a risk management strategy based on organising and analysing performance information, businesses are able to give themselves a solid foundation to mitigate risk in the future. Once the balance of risk around the company has been determined, changes can be made to future-proof the business, such as removing an over-reliance on the profits from a potentially volatile market. As well as reorganising the business to respond in a more agile way to different market conditions in the future, managers are able to make informed changes to optimise the performance of the business as it currently stands, with immediate results.

Taking control

With the right information at hand, businesses can take control, strengthening their present activities and protecting themselves against potential difficulties in the future.

If the current difficulties in the markets provide a warning of the consequences of a collective lack of certainty, surely they can also be taken as a lesson in the potential rewards that informed, responsive businesses stand to gain. The insight an effective risk management strategy and clear business intelligence provides allows executives to take a decisive approach based on an accurate understanding of the balance of their company’s performance and its assets.

The crisis in the global markets will take time to resolve, and the list of casualties will undoubtedly continue to grow. But those companies that are able to weather the current storm can draw useful lessons in the importance of preparing themselves fully for future eventualities. With greater insight, next time they will be able to detect the signs of failure earlier and take appropriate, decisive action earlier.

Cliff Longman is chief technology officer at business intelligence specialists Kalido.