Risk-oriented enterprise policy: basic aspects

Размещено на http://www.allbest.ru/

RISK-ORIENTED ENTERPRISE POLICY: BASIC ASPECTS

HERASYMENKO Olena

PhD in Economics,

Senior Research Fellow,

Bohdan Khmelnytsky National University of Cherkasy,

Cherkasy, Ukraine

ГЕРАСИМЕНКО Олена Михайлівна

к.е.н., старший науковий співробітник науково-дослідної частини,

Черкаський національний університет імені Богдана

Хмельницького, м. Черкаси, Україна

ПОЛІТИКА РИЗИК-ОРІЄНТОВАНОГО УПРАВЛІННЯ ПІДПРИЄМСТВОМ: БАЗОВІ АСПЕКТИ

Проблема. В основі національної безпеки, зокрема її економічної складової, повинен міститися ефективний механізм управління ризиками підприємств. З метою вирішення проблеми дієвих процесів забезпечення економічної безпеки на макрорівні є доцільним більш глибоке вивчення досвіду в сфері управління ризиками підприємств, що є невід'ємною складовою менеджменту економічної безпеки провідних зарубіжних компаній. Сучасні нетипові для України обставини провадження економічної діяльності зумовлюють актуальність вирішення проблеми розробки нетрадиційної методології управління ризиками та її інтеграції у комплексну систему економічної безпеки підприємств. Глобалізація та інтеграція провокують зростання рівня конкуренції, точність оцінки ризиків вимагає врахування усе більшої кількості параметрів, тому апробовані світовим досвідом інструменти діагностики не дають точних прогнозів. Тому створення ефективних механізмів забезпечення економічної безпеки на мікро, мезорівні та макрорівнях є нагальною потребою для розвитку економіки. Топ-менеджмент вітчизняних підприємств завжди мав гостру потребу у побудові ефективної ризик-орієнтованої системи економічної безпеки. Донедавна підприємства застосовували у боротьбі з ризиками два інструменти - страхування та регулятивні норми (на рівні підприємства - норми безпеки, регламенти, інструкції). На сьогодні таких заходів недостатньо: постійно змінюються, ускладняються умови ведення бізнесу, зростає репутаційний ризик, зростає корпоративна відповідальність керівництва за прийняття управлінських рішень. Все це є наслідками неефективної політики управління ризиками сучасних підприємств, внаслідок якої останні можуть потрапити до категорій банкрутів і змушені будуть піти з ринку.

enterprise management risk

The article deals with the risk-oriented approach to management in the system of economic security of the enterprise. A number of basic principles and policy aspects of a risk-based approach to enterprise management based on international risk management standards are proposed. The general information on the basics of enterprise risk, the difficulties involved in determining risk readiness, and the components of the process of determining risk readiness are explored. In the article, the author discloses the distribution and reporting of information on risk readiness by all structural units of the enterprise, the procedure and the process of informing external parties about the willingness to take risk. It also raises the issue of promoting and rewarding the risk-oriented approach, eliminating conflicts of interest and risk culture, which are integral to the successful process of implementing and operating a risk-oriented approach.

Key words: risk-oriented approach, economic security, policy, enterprise management, risks, stakeholders

Introduction. The basis of national security, in particular its economic component, should contain an effective mechanism for managing the risks of enterprises as leading subjects of economic activity of the economic system of the state. In order to solve the problem of effective processes of ensuring economic security at the macro level, it is advisable to study more deeply the experience in the field of enterprise risk management, which is an integral part of the economic security management of leading foreign companies. The current atypical circumstances for Ukraine to conduct economic activity determine the urgency of solving the problem of developing an unconventional methodology for risk management and its integration into a comprehensive system of economic security of enterprises. Globalization and integration provoke increased levels of competition, the accuracy of risk assessment requires more and more parameters to be taken into account, so diagnostic tools tested in the world do not provide accurate forecasts. Therefore, the creation of effective mechanisms for ensuring economic security at the micro, meso and macro levels is an urgent need for economic development.

At present, there is no conceptual approach to managing the economic security system from the standpoint of counteracting risks, and accordingly, there are no developed paradigms for solving management tasks related to the mechanism of effective implementation of risk management. Top management of domestic enterprises has always had an urgent need to build an effective risk- oriented economic security system. Until recently, enterprises used two tools in risk management - insurance and regulatory standards (at the enterprise level - safety standards, regulations, instructions). To date, such measures are not enough: they are constantly changing, complicating business conditions, increasing reputation risk, increasing corporate responsibility of management for making managerial decisions. All of these are the consequences of an ineffective risk management policy for modern businesses, which can cause them to fall into bankruptcy categories and be forced to leave the market. The liquidation of business is one of the biggest threats to the economic security of Ukraine, which, in turn, largely determines the level of national security of the state. Therefore, economically safe business development with minimal risks is an important task at the state level, and its solution should start at the level of top-management of enterprises to implement the practice of economic security management using a risk-oriented approach.

Literature review. Today, the issue of risk-oriented approach to management in ensuring the economic security of the enterprise has not been fully considered. A number of domestic researchers have dealt with individual issues in the risk-oriented approach, but financial institutions, banks and insurance companies have been the subject of research. The application of this approach to companies in the real sector of the economy has remained out of the limelight of researchers. Yes, V.V. Begun and E.P. Buravlev [1] investigates the issues of risk-oriented approach, world trends in its development in management and management and considers ways of its initiation in Ukraine, as well as introduction in the insurance business. Osinskaya OV in [2] an attempt was made to investigate the issue of implementing a risk-oriented approach in the field of business management, where the author points out this approach as a new stage in the path of large-scale introduction in our country of fundamental principles of risk management. Utkina OV [3] considers in his writings the foreign experience of counteracting the legalization of criminal proceeds using a risk-oriented approach in the banking sector. A number of authors such as Glushchenko OO [4], Egoricheva SB [5], Andriychenko Zh.O. [6] investigate the problem of risk-oriented approach in counteracting the legalization of criminal incomes.

The purpose of the article has been disclosure of the essence of risk-oriented management of the enterprise in order to ensure the economic security and stability of the whole company.

Results and discussion. The development and integration / implementation of the risk management process mainly falls within the scope of responsibilities of the Risk Director, the Economic Security Professional, the business line managers, the economic security / risk management department / department, and the responsibilities of other services / departments / audit / control departments at the enterprise.

The principles outlined below are relevant to any business entity, in almost every stage of its development, and in any country. However, their practical implementation may vary depending on regional and national factors, as well as the size, nature and complexity of the institution. However, any business entity must be able to understand the principles and their practical implications for the business. Each enterprise should seek to develop its own practical mechanisms for adhering to these principles and be able to demonstrate to third parties both its actions in this direction and their effectiveness.

An entity must determine its willingness to accept different types and levels of risk, taking into account the organizational ability to manage such risks. A comprehensive understanding of risk preparedness at different levels should determine the balance between risk and return, capital allocation, product pricing, and incentive mechanisms and reward structures for employees, top management. The business strategy should be developed and constantly aligned with the risk- oriented approach to management in the process of ensuring the economic security of the enterprise.

The willingness to take risk as an integral part of ensuring the economic security of an enterprise and choosing its business strategy should determine the highest level of management. The level of risk that top management is willing to take can be associated not only with the desired level and likelihood of earning profit, but also with the pursuit of other business goals such as market share, innovation, reputation and more. However, in the end, the ratio between risk and income is the clearest and most useful way of expressing your willingness to take risk.

The willingness to take a risk (the other side of which is risk avoidance) is the willingness to agree to a particular risky project in exchange for a defined return. The difficulty in risk readiness is to measure / evaluate the risk itself. Risk readiness / risk propensity should be expressed in what level of risk can be accepted. However, the measurements / units of risk - although more objective and consistent - are still far from perfect. They are particularly difficult to use when comparing different "types of risk" (for example, market risk, credit risk, liquidity risk, operational risk), or when combined to evaluate and compare complex activities. In view of these factors, it is really difficult to be willing to accept risk taking and is highly reliable.

However, risk readiness is one of the few variables that can be controlled by an enterprise (as opposed to market conditions, legislation, and other external factors). Therefore, willingness to take risks is one of the most important factors that determine the success (or failure) of any organization.

Strategic goals, objectives and incentives should be set in such a way and at a level that can be achieved in a stable business environment and without exceeding the maximum risks that the enterprise is prepared to take. Once the risk readiness level has been established, it should be reviewed on a regular basis (more often than once a year, if necessary), in the light of changes in the business environment and in accordance with the evolving risk assessment and understanding situation. Top management must demonstrate a clear understanding of the relationship between risk and profitability, meaning that the pursuit of higher levels of profitability is usually associated with higher levels of risk and the potential for significant losses.

A well-developed risk assessment system is required to enable top management to identify different types of risks and to obtain an assessment of the level of such risks associated with different business strategies. Where quantification is not possible, mechanisms should be developed for a clear, comprehensive qualitative description of risks.

To the extent that the risk assessment capabilities allow, the willingness to take the risk should be expressed in the standard units of risk used by the entity. This facilitates the communication of decision-making information to lower levels of the organization and a consistent distribution of risk-readiness among business lines, products, types of risk, etc. However, as some areas of risk metric activity may be lacking, willingness to accept risk should be expressed in qualitative terms.

Once the risk readiness is set at the top management level, it must be distributed and balanced at lower levels - for individual business areas and units, different products, branches in different regions, and for different types of risk. This process, also called cascading, involves a comprehensive consideration of the dependencies of risk - interconnections and differences - that need to be addressed. Although in practice it is difficult to achieve accuracy in this process, it nevertheless needs to be given maximum attention and to give the most accurate definition.

The Board of Directors is also responsible for ensuring that the enterprise has clearly informed all external stakeholders for whom such information matters (investors, regulators, partners, suppliers, consumers) about its willingness to take risks.

Businesses should reward and encourage employees and executives on the basis of long-term, risk-adjusted value-added for the organization. The profitability of business units and any estimates of financial profitability should be adjusted to reflect the value of the risks involved. Behavioral incentives affect risk management at every level of the organization - from a board member or senior executive who directs business activities to specific markets, products, customer segments, and business practices, to the trade / sales office / host individual risk-taking decisions on behalf of the enterprise in any transaction. As practice shows, excessive emphasis on short-term profit without risk and long-term financial implications at all levels of the enterprise is a fatal mistake in risk management and economic security.

The impact of remuneration and incentives / incentive mechanisms is less noticeable but equally important at the level of control functions, including the risk management function. The main problem here is the lack of a generally accepted and transparent methodology for assessing the contribution of these functions to the “final practical result” (ie profitability). In spite of this problem, providing appropriate incentives for control functions, including risk management, is absolutely essential to ensuring that these functions are performed in the best and best interests of the institution.

Preventing any form of conflict of interest is an absolute requirement of a proper risk-oriented approach to management. A proper process of eliminating potential conflicts of interest for all new members of the Board of Directors, senior officials of the executive body and employees should be established at the enterprise. The separation of responsibilities, the independence of control functions from revenue-generating functions, and the appropriate containment and counterbalancing mechanisms at all levels of the organization must be implemented and maintained at all times. Issues of conflict of interest (or simultaneous responsibilities to different parties where the interests of one stakeholder are contrary to the interests of others) are closely linked to the incentives that affect decision-makers. Conflict of interest prevention is achieved through the introduction of key containment and counterbalancing mechanisms. Perhaps the most important of these is the delineation of any decision to take risk from risk assessment and control, that is, these functions must be independent. The main component of the practical implementation of the principle of independence is organizational structuring at all levels.

Employees of risk-taking services (ie, revenue generators) should exercise caution about the risks and operate within the established risk standards, but should not have any risk control responsibilities over their own business decisions. Similarly, effective risk-oriented management assumes that functions such as profit and loss assessment, risk assessment and reporting, and financial performance, and compliance with the rules and procedures, cannot remain solely within the competence of risk-taking agents. These activities should be conducted by independent entities - including financial reporting and product control, risk control and auditing - that cannot gain something or lose something by distorting risk assessment decisions. The reverse is also true, that is, employees performing risk control functions should not be involved in risk-taking activities as this would compromise their position of independence and impartiality. The existence of an independent risk management function also means that for all types of risk-taking activities, there are numerous levels of risk assessment - the first at the level of the risk-taking function, the second at the level of the independent risk-management function, and the third "line of protection" at levels of independent internal audit. This kind of multi-level vision of risks not only serves as a measure of operational security, protecting against conflicts of interest, human factors, incompleteness of information or fraud, but also promotes transparency and improved communication.

All aspects of the enterprise management system should be periodically reviewed by an external independent body or bodies. This will prevent conflicts of interest specific to the enterprise, and will ensure that market risk management, sectors, geographical regions, and other external factors in which the organization operates are appropriate. It will also promote consistency and consistency between the internal rules and procedures adopted by the company and its public statements.

Businesses need to constantly develop a culture of risk understanding, recognizing the importance of risk management and bearing personal responsibility for identifying and managing risks. In addition to implementing proper rules, procedures and structures, a risk culture plays a key role in the success of risk management and organization. Building a risk-based culture requires recognition - at all levels and by all members of the organization - of individual responsibilities and responsibilities in identifying and managing risks. It also requires constant open dialogue and revision / adjustment of business goals, evaluation processes and employee incentives. It is a long and difficult process, but its effect is long-term and far-sighted. As with the determination of risk readiness and risk assessment, the risk culture should extend to all business units and areas of the organization, and cover all relevant risks, both financial and non-financial.

Establishing a proper organizational structure, based on the principle of independence and with the elimination of all conflicts of interest at all levels of the enterprise, which does not eliminate the need to define clear areas of responsibility. The members of the Board of Directors, senior executive officers, departments and individual employees should be clearly aware of the scope of their responsibilities and the consequences of late or improper performance of their duties. Disclosure and transparency create the best environment for accountability. They must be ensured through formal requirements and daily informal interaction within the enterprise, as well as between the enterprise and its external stakeholders - investors, clients, regulators and business partners. The Board of Directors and senior management should promote disclosure and transparency by giving a personal example, in approved policies and procedures, and through any other communication channel.

Even the most extensive efforts to regulate, enforce binding principles and set specific rules cannot exhaustively cover all situations and necessary behaviors that would ensure proper risk management. In situations where other principles are lacking, it is still necessary to call for honesty, honesty, justice and concern for the interests of others. Key individuals involved in the process of implementing effective risk-based management to ensure the economic security of the enterprise should also set and set a personal example of the highest ethical standards of conduct.

A positive risk culture is expressed in a variety of everyday behavioral patterns:

* Employees of the organization are generally aware of the risks and carefully consider aspects of risk in their day-to-day work.

• Organizations have a respect and appreciation for the role played by the specialized risk management function, the desire to support, learn from, and learn from its work.

• Openness and willingness to disclose and discuss risk-related information and challenge established views and assumptions.

• All levels of the organization feel responsible and adhere to the principles of good risk management in a collaborative spirit that promotes not only top-down control but also bottom-up engagement by employees.

• The risk function is considered by others to be a function that supports and contributes to the success of the business, rather than a function that only controls and imposes restrictions.

• The methodology and risk assessment is consistent and appropriately integrated across all lines of business and risk.

• There is adequate coordination between risk and finance functions as part of a proper risk- adjusted profitability framework for business planning and incentive structuring.

• There is a proper balance between quantitative and qualitative risk assessment - employees seek quantification - but they understand the limitations involved, including the assumptions, data availability and capabilities of the systems.

Good risk management requires highly effective communication, including training, feedback, reporting and involvement in a constructive risk dialogue. For proper risk management, communication about them is no less important than risk assessment and control. The role of risk managers and all persons involved in the risk management process should include a significant responsibility for communicating risk information to all interested employees within the enterprise.

Effective communication on risk issues is in many ways another component of a comprehensive risk culture. However, it addresses many aspects of risk management (very specific and sometimes formal) that should be considered as a separate principle.

Communication involves training, feedback, reporting and involvement in a meaningful risk dialogue. For proper risk management, risk communication is no less important than risk assessment and control. The role of risk managers and all persons involved in the risk management process should include a significant responsibility for communicating risk information to all interested employees within the enterprise.

Each business must be assigned a senior executive responsible for all aspects of risk management and all types of risk - as a rule, such officer is, for example, the Risk Officer. The organizational hierarchy and the distribution of executive powers should reflect the importance of the Risk Director and the risk management function, which should be on par with the revenue-generating functions. In every organization, the risk management function must have the proper status, authority and resources. The characteristics of an effective Risk Director include:

- independence from any direction of business activity;

- Membership of the Management Board / Executive Body that has a direct impact on the organization's strategy definition;

- the ability to challenge and potentially veto the Board's risk-related decisions;

- direct accountability to the Chief Executive Officer (Chairman of the Board); recent research indicates that direct accountability to the Board of Directors / Supervisory Board has significant benefits and strengthens the position of the Risk Director.

- financial remuneration comparable to the level of importance in the organization.

The financial and technological resources that the risk management function possesses are also an indicator of the importance of this function. These resources should be weighed against the complexity and importance of the role played by the risk management function.

The enterprise must develop a deep understanding of the knowledge, skills and experience necessary for all employees involved in the risk-oriented management process to successfully fulfill their functional responsibilities. These competencies should be clearly stated and systematically evaluated upon hiring, including testing or certification requirements. In general, all risk assessment professionals should be competent in economics, finance theory, mathematics and statistics, as well as information technology. Most risk management managers must also have exceptional writing and oral communication skills.

Personnel requirements should not be limited to academic education alone and, in most cases, should include a component of hands-on business experience. If the available candidates do not have the necessary skills or work experience, specialized trainings should be organized that can fill in the missing knowledge and skills. Experience in risk management should be supplemented (to the maximum extent possible) by experience in other units or experience in performing other functional responsibilities. It is particularly useful to provide risk managers with the knowledge and experience of functional risk-taking responsibilities, as well as product, customer and market knowledge over which they will exercise independent risk control. Risk managers must also have exceptional writing and verbal communication skills.

Conclusions

A risk-oriented approach to managing economic structures in various modifications will find use in all industries without exception, will allow to modernize the systems of management of economic entities of all types of economic activity, and therefore, will have a positive effect on the strategic development of national economic sectors and the level of national security. . Risk-oriented management will help control the level of economic security of business entities, as well as create new risk management tools with predefined properties, based on the data on the probability of their occurrence and the amount of probable losses for enterprises from their operation. Thus, the proposed policy of risk-oriented management in the system of economic security will become the core of the effective work of the enterprise and its sustainable development.

References (in language original)

1. Бєгун В.В., Буравльов Є.П. Ризик орієнтований підхід та страхова справа. Техногенно- екологічна безпека та цивільний захист. 2010. Вип. 1. С. 38-48.

2. Осинська О. В. Впровадження ризик орієнтованого підходу у сферу управління господарською діяльністю. Часопис Київського університету права. 2015. № 2. С. 182-184.

3. Уткіна О. В. Зарубіжний досвід протидії легалізації злочинних доходів із застосуванням ризик-орієнтованого підходу в банківському секторі. Вісник Університету банківської справи. 2017. № 2 (29). С. 34-38.

4. Глущенко О. О., Семеген І. Б. Антилегалізаційний фінансовий моніторинг: ризик- орієнтований підхід: монографія. К.: УБС НБУ, 2014. 386 с.

5. Єгоричева С. Б. Ризик-орієнтований нагляд у системі фінансового моніторингу. Науковий вісник Полтавського університету економіки і торгівлі. 2016. №3(75). С. 126-131.

6. Andriichenko Zh. Modern status of the risk-based approach implementation in Ukraine antimoneylaundering system. Proceedings of the training: Innovative educational technology: European experience and Its Application in training in Economics and Management. Poland: WSBiP, 2017. Р. 5-8.

References

1. Biehun V.V., Buravlov Ye.P. (2010). Risk oriented approach and insurance. Tekhnohenno- ekolohichna bezpeka ta tsyvilnyi zakhyst [Technogenic-ecological safety and civil protection], 1, 38-48.

2. Osynska O.V. (2015). Introduction of risk oriented approach in the field of business management. Chasopys Kyivskoho universytetuprava [Journal of the Kyiv University of Law], 2, 182-184.

3. Utkina O.V. (2017). Foreign experience in counteracting the legalization of criminal proceeds using a risk-oriented approach in the banking sector. Visnyk Universytetu bankivskoi spravy [Bulletin of the University of Banking]. № 2 (29). pp. 34-38.

4. Hlushchenko O.O. (2014). Antylehalizatsiinyi finansovyi monitorynh: ryzyk-oriientovanyi pidkhid: monohrafiya [Anti-organizational financial monitoring: a risk-oriented approach: a monograph]. Kyiv: UBS NBU, 386 (in Ukr.).

5. Yehorycheva S. B. (2016). Risk-oriented supervision in the financial monitoring system. Naukovyi visnyk Poltavskoho universytetu ekonomiky i torhivli [Scientific Bulletin of Poltava University of Economics and Trade], 3 (75), 126-131.

6. Andriichenko Zh. (2017). Modern status of the risk-based approach implementation in Ukraine antimoneylaundering system. Proceedings of the training: Innovative educational technology: European experience and Its Application in training in Economics and Management. Poland: WSBiP, 5-8.

Размещено на Allbest.ru