Risk Management Approach Used in Non-Financial Corporations

All over the world, companies have to face new challenges, opportunities and risks because of globalization, intense competition, new technology improvement and market structures changes.

As financial institutions before, non-financial corporations have just realized that risk management is becoming essential and be part of the good financial health of firms. Non-financial corporations core business involves the production of goods and services to sell them on the market, it doesn’t deal with financial processes like financial assets or liabilities. For instance, non-financial institutions could be retailers, manufacturers, business service providers. These companies are threaten by a wide range of strategic, business, credit, market and operational risks and they try to deal with them thanks to governance structures, risk measurement, management processes and risk transfer strategies. These risks have an influence on the companies health. In fact, they can generate financial loss and damage a company’s brand. But, risk management improve financial performance through identification, anticipation, reporting, management and control. Moreover, when significant firms confront economic issues due to risks, the whole economy can be affects. For instance, GDP may decrease, price stability may be alter and the rate of unemployment may increase.

In this essay we will describe what risks companies have to deal with? Moreover, what kind of process they set up to manage them ? We will exemplified these questions with the Microsoft’s case study.

First of all, when companies want to deal with risks management, they have to define these risks to anticipate and control them. Authors have different point of views regarding their repartition.

Hopkin argue that risks are divided into three categories. The first one is hazard (or pure) risks, this category has always negative outcomes and have to be mitigate by the company with adequate security procedures such as segregation of financial duties. The second category is control (or uncertainty) risks, for the author, companies have an aversion for them and they have to manage them. For instance, when companies make projects, there is an uncertainty about the delivery of the project on time. The last category of risks is opportunity (or speculative) risks. They are taken with the intention of obtaining positive outcomes but this is not assured. Hopkin (2014) argues that enterprises have to embrace these risks. In opposite, Lam recognize seven major types of risks. Strategic risk, business risk, market risk, credit risk, liquidity risk, operational risk, and compliance risk. In my opinion, the business risk classification of Wolke (2017) is the more detailed and consistent, he classifies them into two large categories : financial risks and performance risks. Then, he divides them into five subcategories depending on their type. They are many debates about risks repartition, but the most important issue is that an organization adopt the risk classification system that is most suitable for its own circumstances.

Save your time!
We can take care of your essay

• Proper editing and formatting
• Free revision, title page, and bibliography
• Flexible prices and money-back guarantee

Place Order

Secondly, companies follow some processes and use tools in order to deal with risks. There are several risk management standards and frameworks but they all have similarities. Lam (2014) argues that to face risks, companies firstly have to do an identification and assessment of them. They can use a risk mapping which join risk severity and frequency. Risk’s position on the map indicate if the risk is well-managed, managed or poor managed to companies. Then, quantification and reporting of risks is a crucial step too. Finally, they have to manage and control these risks depending on the company’s objectives and the type of risk. Hopkin (2014) is in accordance with Lam (2014) regarding the Risk Management Process, he follows the same step: risk assessment, risk reporting, risk treatment, residual risk reporting and monitoring. Organizations have to establish themselves their own method for risk analysis. Actually, individualized risk management method is more relevant and useful for companies (Hori, Sakurai, Syalim, 2009). Microsoft Corporation has to deal with risks in a changing landscape of attacks and exposures. Firstly, Scott Lange, the former director of risk management, identified a dozen broad categories of risks such as financial, reputational, technological… in order to create a complete inventory of the organization’s risk. Secondly, they started using risk maps developed by the senior management Mr. Lange and Jean-Francois Heitz the Microsoft’s treasurer. This risk map allows Microsoft to know which risk could be a threat and has to be managed as a priority. Moreover, an other tool is used to help the company facing risks, it is the risk grid which is very easy to use and to understand by the employees. It matches elements of the risk management process as the first column and the other columns indicated the current process for managing that risk, the ideal process, and what actions are required to move toward the goal. Then, the firm has created an Intranet to improve the communication about risk between the employees, this tool permits them to save time and be more connected to the risk management staff. Based on Microsoft’s presentation (2019), nowadays the company manages risks thanks to the Information Risk Management Council which follows a Risk Decision Matrix. In accordance to Hori, Sakurai and Syalim (2009) this matrix identifies which stakeholder is the most appropriate to make the decision and to manage the risk depending on his category and level.

The research philosophy represents the way in which data will be collected, analyzed and used into the research. I choose to use positivism because it highlights objective knowledge and supports hard and measurable data that match with my quantitative approach.

Moreover, there are three approaches : deduction, induction and abduction. The deduction goes from theories to data, in the opposite the induction goes from data to theories and the abduction try to collect enough information to formulate solid enough theories. We have chosen the deductive approach because we based our analysis on theories through the desktop research in order to collect data.

There are three major methods to do research : quantitative, qualitative and mixed method. A quantitative study is realized as a survey or a questionnaire which give us quantifiable results in the form of numbers, variables, objects. Quantitative analysis is used to make comparisons, measure, test hypotheses. On the contrary, the qualitative study’s goal is to understand and analyze the behavior and the characteristics of a group of people which is a representative’s sample of the studied’s population. The collect data takes the form of words such as descriptions, opinions, feelings from interview transcript, field notes or audiovisual material (Walliman, 2011). The mixed method combines these two kind of research. In my opinion, it is more suitable for this topic to use a quantitative research method in order to collect data and evaluate the efficiency of the risk management process into Microsoft.

We can collect two types of datas : primary data and secondary data. Primary data is gather by the researcher from his own researches and experiments. In the opposite, secondary data already exist and has been collected by researchers through other purpose and is used for another research question. In my opinion, secondary data is the most appropriate for my essay. This kind of data is very useful because it is easily accessible and free of charge. I exploited academic researches and textbooks in order to do my essay. Finally, I did a desktop research which gather data from existing resources.