case study on risk management in business

What are You Looking for?

• Agricultural
• Art and Design
• Business and Financial
• Construction and Manual Labor
• Engineering and Technical
• Information Technology
• Media and Communication
• Protective Services
• Science and Research
• Service Industry
• Social and Human Services
• Transportation and Logistics

Case Studies of Successful Risk Management

Introduction, risk management.

Risk management involves identifying, assessing, and mitigating risks to minimize their impact on an organization. It aims to protect assets, ensure operational continuity, and support strategic goals. By proactively addressing potential threats, organizations can reduce the likelihood of adverse events and enhance their resilience.

Importance of Successful Risk Management

Successful risk management is crucial for any organization. It helps prevent financial losses, safeguard reputations, and ensure regulatory compliance. Effective risk management supports decision-making by providing insights into potential threats and opportunities. It enables organizations to respond swiftly to unexpected challenges, maintaining stability and operational efficiency.

Introducing Case Studies in Risk Management

Case studies are valuable tools for understanding successful risk management practices. They offer real-world examples of how organizations identify and address risks. By examining these cases, businesses can learn from others’ experiences and apply similar strategies. Case studies highlight practical applications of risk management theories and provide insights into effective risk mitigation techniques. In this session, we will explore case studies that demonstrate successful risk management in action. These examples will illustrate how organizations tackle various risks and implement strategies to ensure their continued success.

Case Study 1: Apple Inc.

Overview of apple’s successful risk management strategies.

Apple Inc. has implemented effective risk management strategies to navigate its complex global operations. The company faces various risks, including supply chain disruptions, cybersecurity threats, and regulatory compliance. Apple’s approach to risk management involves comprehensive planning and proactive measures. By addressing these risks, Apple maintains its market leadership and ensures operational stability.

Key Risks Identified by Apple

Apple identifies several key risks that could impact its business. Supply chain disruptions pose a significant risk, especially given Apple’s reliance on global suppliers. The company also faces cybersecurity threats, with potential risks to its data and customer information. Regulatory compliance is another critical area, as Apple operates in multiple jurisdictions with varying regulations. Market competition and technological changes add further complexity to its risk landscape.

How Apple Mitigated These Risks Effectively

Apple employs several strategies to mitigate these risks effectively. To address supply chain disruptions, Apple diversifies its supplier base and establishes strong relationships with key partners. The company also invests in supply chain visibility and flexibility, enabling it to adapt quickly to changes. For cybersecurity threats, Apple implements robust security measures, including encryption and multi-factor authentication. The company continuously monitors its systems for vulnerabilities and conducts regular security audits. This proactive approach helps protect sensitive data and maintain customer trust. In terms of regulatory compliance, Apple closely monitors regulatory changes in all operating regions. The company maintains a dedicated team to ensure compliance with local and international laws. This team also works on adjusting policies and practices to meet evolving regulatory requirements. Apple also invests heavily in research and development to stay ahead of technological changes and market competition. By innovating and adapting its product offerings, Apple reduces the risk of obsolescence and maintains its competitive edge. Apple’s risk management strategies effectively address key risks such as supply chain disruptions, cybersecurity threats, and regulatory compliance. Through diversification, robust security measures, regulatory vigilance, and continuous innovation, Apple manages to stay resilient in a dynamic global environment. These strategies help Apple maintain its market position and operational excellence, setting a benchmark for successful risk management practices.

Read: Balancing Customer Service as a Bank Manager

Case Study 2: Toyota

Examination of toyota’s risk management practices.

Toyota’s risk management practices have become a benchmark in the automotive industry. The company employs a comprehensive risk management framework to handle various risks. Toyota integrates risk assessment into its corporate strategy, focusing on both internal and external factors. The company uses a centralized risk management team to oversee global operations. This team identifies potential risks and develops mitigation strategies. Toyota also emphasizes continuous improvement and learning from past experiences. They use advanced technologies to monitor and manage risks effectively. By incorporating risk management into every aspect of their operations, Toyota ensures resilience and adaptability in a rapidly changing environment.

Major Risk Event Faced by Toyota

One major risk event Toyota faced was the 2010 vehicle recall crisis. The company recalled millions of vehicles due to safety issues with accelerator pedals and braking systems. This recall impacted Toyota’s reputation and financial performance significantly. The crisis emerged from reports of unintended acceleration, which raised concerns about vehicle safety. The widespread recall affected not only Toyota’s brand image but also its customer trust. The event highlighted the critical need for robust risk management practices in addressing safety issues. It posed significant challenges to Toyota’s operational and reputational stability.

Evaluation of Toyota’s Response and Recovery Strategies

Toyota’s response to the recall crisis was swift and comprehensive. The company initiated a large-scale recall to address the safety concerns promptly. They worked closely with regulatory agencies to ensure compliance and transparency. Toyota also implemented improved quality control measures to prevent future issues. The company increased its focus on customer communication and support during the crisis. They launched a public relations campaign to restore consumer trust and confidence. Additionally, Toyota invested in enhancing its risk assessment processes and crisis response strategies. These efforts helped the company recover its reputation and rebuild customer trust. Toyota’s proactive and transparent approach demonstrated their commitment to addressing and managing risks effectively. Their response and recovery strategies contributed to long-term resilience and stability in the face of significant challenges.

Read: Interview Tips for Bank Branch Manager Positions

Case Study 3: Amazon

Overview of amazon’s risk management framework.

Amazon employs a comprehensive risk assessment framework to navigate its vast and complex operations. This framework integrates risk identification, assessment, and mitigation strategies. Amazon’s approach involves a combination of proactive and reactive measures. The company uses data-driven insights to anticipate and address potential risks. Key components include robust cybersecurity measures, supply chain management , and compliance with regulations. Amazon’s risk assessment practices are designed to protect its global operations and maintain business continuity.

Case Study: Supply Chain Disruptions

A notable risk scenario faced by Amazon was the disruption of its supply chain during the COVID-19 pandemic. The pandemic caused significant challenges in logistics and inventory management. Amazon experienced delays in order fulfillment, increased shipping times, and shortages of essential products. To address these challenges, Amazon implemented several risk assessment strategies. First, the company increased its inventory levels to buffer against supply chain interruptions. Amazon also diversified its supplier base to reduce dependence on any single source. The company invested in advanced forecasting tools to better predict demand and manage stock levels. Additionally, Amazon expanded its logistics network, including increasing warehouse capacity and adding new delivery routes. These measures helped Amazon adapt to the rapidly changing conditions and mitigate the impact of the disruption.

Analyzing the Impact of Effective Risk Management on Amazon’s Success

Effective risk assessment played a crucial role in Amazon’s ability to handle the supply chain disruption. By swiftly implementing risk mitigation strategies, Amazon maintained customer trust and satisfaction. The company’s proactive approach to increasing inventory and diversifying suppliers minimized the negative effects on its operations. The expansion of its logistics network allowed Amazon to continue fulfilling orders despite significant challenges. This resilience contributed to maintaining its market position and customer loyalty. The ability to adapt quickly and efficiently in the face of disruptions showcased Amazon’s robust risk management capabilities. Overall, Amazon’s successful management of the supply chain crisis highlighted the importance of a well-structured risk assessment framework. The company’s actions ensured continuity in its operations and reinforced its reputation as a reliable retailer. Effective risk assessment not only helped Amazon navigate the immediate challenges but also positioned it for long-term success. Amazon’s risk assessment framework is comprehensive, incorporating proactive and reactive measures to address various risks. The case study of supply chain disruptions during the COVID-19 pandemic illustrates the company’s ability to handle significant challenges effectively. By implementing strategic risk assessment practices, Amazon maintained its operational efficiency and customer trust. The success of these initiatives underscores the value of a robust risk management framework in achieving long-term business success.

Read: Investment Banking Exit Opportunities Explained

Transform Your Career Today

Unlock a personalized career strategy that drives real results. Get tailored advice and a roadmap designed just for you.

Key Factors in Successful Risk Management

Common elements in successful risk management case studies.

Successful risk assessment case studies reveal several common elements. Each case highlights the importance of a structured risk management framework. Key elements include thorough risk identification, comprehensive risk assessment, and effective mitigation strategies. Organizations that succeed in managing risks typically use these practices to address potential issues before they escalate. One common element is the establishment of clear risk management policies. These policies guide decision-making and ensure that risk management is integrated into all aspects of the organization. Effective communication of these policies to all employees is also crucial for successful risk management. Another element is the use of advanced risk management tools and techniques. Successful organizations often employ sophisticated software and methodologies to assess and manage risks. They continuously monitor risks and adjust their strategies based on new information and changing conditions.

Role of Leadership in Risk Management

Leadership plays a pivotal role in successful risk management. Leaders set the tone for how risk assessment is approached within an organization. They must champion risk management initiatives and ensure that resources are allocated appropriately. Effective leaders actively promote a culture of risk awareness. They encourage open communication about risks and foster an environment where employees feel comfortable reporting potential issues. Leaders also play a critical role in making informed decisions based on risk assessments and mitigation strategies. Leadership is essential for driving the implementation of risk assessment strategies. Leaders must ensure that risk assessment practices are not only planned but also executed effectively. Their involvement in overseeing and reviewing risk assessment processes helps maintain accountability and ensures that the strategies are achieving their intended outcomes.

Importance of Proactive Risk Assessment and Planning

Proactive risk assessment and planning are vital components of successful risk management. Identifying potential risks before they occur allows organizations to prepare and implement mitigation strategies in advance. This proactive approach minimizes the impact of risks and enhances overall resilience. Effective risk management involves regularly updating risk assessments and planning based on new information and emerging threats. Organizations that anticipate risks and develop contingency plans are better equipped to handle unexpected challenges. Proactive planning helps in adapting strategies quickly and effectively when risks materialize. Additionally, proactive risk assessment encourages continuous improvement. Organizations that regularly review and refine their risk assessment processes can better address future risks. This iterative approach ensures that risk assessment strategies remain relevant and effective over time. In short, successful risk assessment case studies share common elements such as structured frameworks and advanced tools. Leadership is crucial in promoting a culture of risk awareness and ensuring effective execution of strategies. Proactive risk assessment and planning are essential for minimizing risk impact and enhancing organizational resilience.

Read: How to Choose the Right Investment Banking Firm

Challenges in Risk Management

Potential obstacles to effective risk management.

Effective risk management can face several obstacles that organizations must address to ensure success. One significant obstacle is a lack of data. Incomplete or inaccurate data can hinder the ability to identify and assess risks accurately. Organizations must invest in robust data collection and analysis systems to overcome this challenge. Another obstacle is resistance to change. Employees and stakeholders may be resistant to new risk management processes or tools. To address this, organizations should focus on clear communication and training to build acceptance and understanding. Limited resources can also impede effective risk management. Budget constraints or a shortage of skilled personnel can affect the implementation of comprehensive risk management strategies. Organizations should prioritize risk management within their budgets and seek external expertise when necessary.

The Dynamic Nature of Risks

Today’s business environment presents a dynamic landscape of risks. Rapid technological advancements, changing regulations, and global economic fluctuations continually introduce new risks. This dynamic nature means that risk management strategies must be agile and adaptable. For example, the rise of cyber threats has introduced new challenges in managing data security risks. Organizations must continuously update their cybersecurity measures to address evolving threats. Similarly, global trade uncertainties can impact supply chain risks, requiring businesses to adjust their strategies frequently. The rapid pace of change in the business environment means that risk assessment cannot be static. Organizations must regularly review and update their risk assessment strategies to keep pace with new and emerging risks.

Strategies for Overcoming Challenges in Risk Management

To overcome the challenges in risk assessment, organizations can adopt several effective strategies. First, investing in advanced riskassessment technologies can enhance data accuracy and analysis capabilities. Tools like predictive analytics and artificial intelligence can help identify and assess risks more effectively. Second, fostering a culture of risk awareness is crucial. Encouraging open communication about risks and involving employees in risk assessment processes can reduce resistance to change. Regular training and awareness programs can help employees understand and embrace risk management practices. Third, building flexibility into risk assessment strategies allows organizations to adapt to changing conditions. Implementing a dynamic risk assessment framework enables businesses to respond quickly to new risks and adjust strategies as needed. This flexibility is essential for managing risks in today’s fast-paced environment. Finally, leveraging external expertise can address resource limitations. Engaging consultants or partnering with risk assessment firms can provide additional support and insights. These external resources can help organizations implement best practices and overcome internal constraints. Addressing obstacles to effective risk assessment requires a proactive approach. Understanding the dynamic nature of risks and implementing strategies to overcome challenges can enhance an organization’s risk assessment capabilities. By investing in technology, fostering a risk-aware culture, and maintaining flexibility, businesses can navigate the complexities of today’s risk environment successfully.

Best Practices in Risk Management

Industry best practices in risk management.

Effective risk assessment relies on adopting industry best practices to address potential threats. Organizations across various sectors use proven strategies to successfully manage risks. Implementing comprehensive risk assessment processes and establishing clear risk policies are fundamental practices. Regular training and communication ensure employees understand their roles in risk assessment. Additionally, developing and continuously reviewing robust contingency plans prepares organizations for unforeseen challenges. Sharing these practices across industries enhances overall risk assessment standards and offers valuable insights for improvement.

The Role of Technology in Enhancing Risk Management

Technology significantly enhances risk assessment capabilities by providing real-time data and analytical insights. Advanced tools such as artificial intelligence, machine learning, and data analytics help identify patterns and predict potential risks. Predictive analytics, for example, forecasts future risks based on historical data and current trends, enabling proactive risk mitigation. Risk assessment software integrates various data sources, offering a comprehensive view of risk exposure and facilitating informed decision-making. Cybersecurity tools also play a crucial role by monitoring networks, detecting vulnerabilities, and responding to potential breaches, ensuring data security and integrity. Automation tools streamline risk assessment processes, reducing manual errors and increasing efficiency.

Successful Risk Management Techniques Used by Top Organizations

Successful risk assessment techniques from leading organizations illustrate the effectiveness of various strategies. General Electric (GE) employs a risk assessment framework that integrates advanced analytics and real-time data monitoring. This approach allows GE to use predictive analytics for assessing operational risks and implementing preventive measures, effectively managing risks across its global operations. JPMorgan Chase utilizes comprehensive risk management practices, including advanced technology for monitoring financial risks. The bank’s use of machine learning algorithms to analyze transaction data helps detect fraudulent activities and prevent financial losses. Procter & Gamble (P&G) implements a multi-layered risk assessment strategy, including regular risk assessments and contingency planning. The company leverages data-driven insights to anticipate supply chain disruptions and develop response plans, maintaining operational stability. Amazon uses technology to enhance its logistics and supply chain management. Real-time tracking systems and predictive analytics optimize inventory management, reducing operational risks and ensuring smooth operations. Adopting industry best practices, leveraging technology, and learning from successful case studies strengthen risk management strategies. These approaches enhance the ability to manage risks effectively and ensure operational resilience. By embracing proven techniques and advanced tools, organizations can navigate uncertainties and achieve long-term success.

The Importance of Successful Risk Management

Successful risk management is crucial for organizational stability and growth. It helps identify potential threats and mitigate their impact. Effective risk management protects a company’s reputation and financial health. It enables organizations to respond proactively to emerging risks. By managing risks well, companies can ensure resilience and long-term success.

Key Takeaways from the Case Studies

Case studies of successful risk management highlight several key points. Toyota’s handling of the 2010 recall crisis demonstrates the value of a swift, transparent response. The company’s proactive measures and improved quality controls showcase the importance of learning from past issues. Another case study might illustrate how effective risk management strategies can prevent operational disruptions and protect brand reputation. These examples underline the need for comprehensive risk assessment and robust response plans.

Encouraging Organizations to Prioritize Risk Management

Organizations should prioritize risk assessment to achieve long-term success. Developing a strong risk management framework helps in anticipating and addressing potential threats. Investing in risk assessment tools and processes safeguards against unexpected challenges. Effective risk assessment not only protects assets but also enhances operational efficiency.

Global Opportunities for Risk Managers

Future of Risk Management in Finance

Common Misconceptions About Risk Management

Differences Between Financial and Business Risk Managers

Leave a reply cancel reply.

Your email address will not be published. Required fields are marked *

Your Name *

Email Address *

Save my name, email, and website in this browser for the next time I comment.

Submit Comment

Enterprise Risk Management Case Studies: Heroes and Zeros

By Andy Marker | April 7, 2021

• Share on Facebook
• Share on LinkedIn

Link copied

We’ve compiled more than 20 case studies of enterprise risk management programs that illustrate how companies can prevent significant losses yet take risks with more confidence.   

Included on this page, you’ll find case studies and examples by industry , case studies of major risk scenarios (and company responses), and examples of ERM successes and failures .

Enterprise Risk Management Examples and Case Studies

With enterprise risk management (ERM) , companies assess potential risks that could derail strategic objectives and implement measures to minimize or avoid those risks. You can analyze examples (or case studies) of enterprise risk management to better understand the concept and how to properly execute it.

The collection of examples and case studies on this page illustrates common risk management scenarios by industry, principle, and degree of success. For a basic overview of enterprise risk management, including major types of risks, how to develop policies, and how to identify key risk indicators (KRIs), read “ Enterprise Risk Management 101: Programs, Frameworks, and Advice from Experts .”

Enterprise Risk Management Framework Examples

An enterprise risk management framework is a system by which you assess and mitigate potential risks. The framework varies by industry, but most include roles and responsibilities, a methodology for risk identification, a risk appetite statement, risk prioritization, mitigation strategies, and monitoring and reporting.

To learn more about enterprise risk management and find examples of different frameworks, read our “ Ultimate Guide to Enterprise Risk Management .”

Enterprise Risk Management Examples and Case Studies by Industry

Though every firm faces unique risks, those in the same industry often share similar risks. By understanding industry-wide common risks, you can create and implement response plans that offer your firm a competitive advantage.

Enterprise Risk Management Example in Banking

Toronto-headquartered TD Bank organizes its risk management around two pillars: a risk management framework and risk appetite statement. The enterprise risk framework defines the risks the bank faces and lays out risk management practices to identify, assess, and control risk. The risk appetite statement outlines the bank’s willingness to take on risk to achieve its growth objectives. Both pillars are overseen by the risk committee of the company’s board of directors.  

Risk management frameworks were an important part of the International Organization for Standardization’s 31000 standard when it was first written in 2009 and have been updated since then. The standards provide universal guidelines for risk management programs.  

Risk management frameworks also resulted from the efforts of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The group was formed to fight corporate fraud and included risk management as a dimension. 

Once TD completes the ERM framework, the bank moves onto the risk appetite statement. 

The bank, which built a large U.S. presence through major acquisitions, determined that it will only take on risks that meet the following three criteria:

• The risk fits the company’s strategy, and TD can understand and manage those risks. 
• The risk does not render the bank vulnerable to significant loss from a single risk.
• The risk does not expose the company to potential harm to its brand and reputation. 

Some of the major risks the bank faces include strategic risk, credit risk, market risk, liquidity risk, operational risk, insurance risk, capital adequacy risk, regulator risk, and reputation risk. Managers detail these categories in a risk inventory. 

The risk framework and appetite statement, which are tracked on a dashboard against metrics such as capital adequacy and credit risk, are reviewed annually. 

TD uses a three lines of defense (3LOD) strategy, an approach widely favored by ERM experts, to guard against risk. The three lines are as follows:

• A business unit and corporate policies that create controls, as well as manage and monitor risk
• Standards and governance that provide oversight and review of risks and compliance with the risk appetite and framework 
• Internal audits that provide independent checks and verification that risk-management procedures are effective

Enterprise Risk Management Example in Pharmaceuticals

Drug companies’ risks include threats around product quality and safety, regulatory action, and consumer trust. To avoid these risks, ERM experts emphasize the importance of making sure that strategic goals do not conflict. 

For Britain’s GlaxoSmithKline, such a conflict led to a breakdown in risk management, among other issues. In the early 2000s, the company was striving to increase sales and profitability while also ensuring safe and effective medicines. One risk the company faced was a failure to meet current good manufacturing practices (CGMP) at its plant in Cidra, Puerto Rico. 

CGMP includes implementing oversight and controls of manufacturing, as well as managing the risk and confirming the safety of raw materials and finished drug products. Noncompliance with CGMP can result in escalating consequences, ranging from warnings to recalls to criminal prosecution. 

GSK’s unit pleaded guilty and paid $750 million in 2010 to resolve U.S. charges related to drugs made at the Cidra plant, which the company later closed. A fired GSK quality manager alerted regulators and filed a whistleblower lawsuit in 2004. In announcing the consent decree, the U.S. Department of Justice said the plant had a history of bacterial contamination and multiple drugs created there in the early 2000s violated safety standards.

According to the whistleblower, GSK’s ERM process failed in several respects to act on signs of non-compliance with CGMP. The company received warning letters from the U.S. Food and Drug Administration in 2001 about the plant’s practices, but did not resolve the issues. 

Additionally, the company didn’t act on the quality manager’s compliance report, which advised GSK to close the plant for two weeks to fix the problems and notify the FDA. According to court filings, plant staff merely skimmed rejected products and sold them on the black market. They also scraped by hand the inside of an antibiotic tank to get more product and, in so doing, introduced bacteria into the product.

Enterprise Risk Management Example in Consumer Packaged Goods

Mars Inc., an international candy and food company, developed an ERM process. The company piloted and deployed the initiative through workshops with geographic, product, and functional teams from 2003 to 2012. 

Driven by a desire to frame risk as an opportunity and to work within the company’s decentralized structure, Mars created a process that asked participants to identify potential risks and vote on which had the highest probability. The teams listed risk mitigation steps, then ranked and color-coded them according to probability of success. 

Larry Warner, a Mars risk officer at the time, illustrated this process in a case study . An initiative to increase direct-to-consumer shipments by 12 percent was colored green, indicating a 75 percent or greater probability of achievement. The initiative to bring a new plant online by the end of Q3 was coded red, meaning less than a 50 percent probability of success. 

The company’s results were hurt by a surprise at an operating unit that resulted from a so-coded red risk identified in a unit workshop. Executives had agreed that some red risk profile was to be expected, but they decided that when a unit encountered a red issue, it must be communicated upward when first identified. This became a rule. 

This process led to the creation of an ERM dashboard that listed initiatives in priority order, with the profile of each risk faced in the quarter, the risk profile trend, and a comment column for a year-end view. 

According to Warner, the key factors of success for ERM at Mars are as follows:

• The initiative focused on achieving operational and strategic objectives rather than compliance, which refers to adhering to established rules and regulations.
• The program evolved, often based on requests from business units, and incorporated continuous improvement. 
• The ERM team did not overpromise. It set realistic objectives.
• The ERM team periodically surveyed business units, management teams, and board advisers.

Enterprise Risk Management Example in Retail

Walmart is the world’s biggest retailer. As such, the company understands that its risk makeup is complex, given the geographic spread of its operations and its large number of stores, vast supply chain, and high profile as an employer and buyer of goods. 

In the 1990s, the company sought a simplified strategy for assessing risk and created an enterprise risk management plan with five steps founded on these four questions:

• What are the risks?
• What are we going to do about them?
• How will we know if we are raising or decreasing risk?
• How will we show shareholder value?

The process follows these five steps:

• Risk Identification: Senior Walmart leaders meet in workshops to identify risks, which are then plotted on a graph of probability vs. impact. Doing so helps to prioritize the biggest risks. The executives then look at seven risk categories (both internal and external): legal/regulatory, political, business environment, strategic, operational, financial, and integrity. Many ERM pros use risk registers to evaluate and determine the priority of risks. You can download templates that help correlate risk probability and potential impact in “ Free Risk Register Templates .”
• Risk Mitigation: Teams that include operational staff in the relevant area meet. They use existing inventory procedures to address the risks and determine if the procedures are effective.
• Action Planning: A project team identifies and implements next steps over the several months to follow.
• Performance Metrics: The group develops metrics to measure the impact of the changes. They also look at trends of actual performance compared to goal over time.
• Return on Investment and Shareholder Value: In this step, the group assesses the changes’ impact on sales and expenses to determine if the moves improved shareholder value and ROI.

To develop your own risk management planning, you can download a customizable template in “ Risk Management Plan Templates .”

Enterprise Risk Management Example in Agriculture

United Grain Growers (UGG), a Canadian grain distributor that now is part of Glencore Ltd., was hailed as an ERM innovator and became the subject of business school case studies for its enterprise risk management program. This initiative addressed the risks associated with weather for its business. Crop volume drove UGG’s revenue and profits. 

In the late 1990s, UGG identified its major unaddressed risks. Using almost a century of data, risk analysts found that extreme weather events occurred 10 times as frequently as previously believed. The company worked with its insurance broker and the Swiss Re Group on a solution that added grain-volume risk (resulting from weather fluctuations) to its other insured risks, such as property and liability, in an integrated program. 

The result was insurance that protected grain-handling earnings, which comprised half of UGG’s gross profits. The greater financial stability significantly enhanced the firm’s ability to achieve its strategic objectives. 

Since then, the number and types of instruments to manage weather-related risks has multiplied rapidly. For example, over-the-counter derivatives, such as futures and options, began trading in 1997. The Chicago Mercantile Exchange now offers weather futures contracts on 12 U.S. and international cities. 

Weather derivatives are linked to climate factors such as rainfall or temperature, and they hedge different kinds of risks than do insurance. These risks are much more common (e.g., a cooler-than-normal summer) than the earthquakes and floods that insurance typically covers. And the holders of derivatives do not have to incur any damage to collect on them.

These weather-linked instruments have found a wider audience than anticipated, including retailers that worry about freak storms decimating Christmas sales, amusement park operators fearing rainy summers will keep crowds away, and energy companies needing to hedge demand for heating and cooling.

This area of ERM continues to evolve because weather and crop insurance are not enough to address all the risks that agriculture faces. Arbol, Inc. estimates that more than $1 trillion of agricultural risk is uninsured. As such, it is launching a blockchain-based platform that offers contracts (customized by location and risk parameters) with payouts based on weather data. These contracts can cover risks associated with niche crops and small growing areas.

Enterprise Risk Management Example in Insurance

Switzerland’s Zurich Insurance Group understands that risk is inherent for insurers and seeks to practice disciplined risk-taking, within a predetermined risk tolerance. 

The global insurer’s enterprise risk management framework aims to protect capital, liquidity, earnings, and reputation. Governance serves as the basis for risk management, and the framework lays out responsibilities for taking, managing, monitoring, and reporting risks. 

The company uses a proprietary process called Total Risk Profiling (TRP) to monitor internal and external risks to its strategy and financial plan. TRP assesses risk on the basis of severity and probability, and helps define and implement mitigating moves. 

Zurich’s risk appetite sets parameters for its tolerance within the goal of maintaining enough capital to achieve an AA rating from rating agencies. For this, the company uses its own Zurich economic capital model, referred to as Z-ECM. The model quantifies risk tolerance with a metric that assesses risk profile vs. risk tolerance. 

To maintain the AA rating, the company aims to hold capital between 100 and 120 percent of capital at risk. Above 140 percent is considered overcapitalized (therefore at risk of throttling growth), and under 90 percent is below risk tolerance (meaning the risk is too high). On either side of 100 to 120 percent (90 to 100 percent and 120 to 140 percent), the insurer considers taking mitigating action. 

Zurich’s assessment of risk and the nature of those risks play a major role in determining how much capital regulators require the business to hold. A popular tool to assess risk is the risk matrix, and you can find a variety of templates in “ Free, Customizable Risk Matrix Templates .”

In 2020, Zurich found that its biggest exposures were market risk, such as falling asset valuations and interest-rate risk; insurance risk, such as big payouts for covered customer losses, which it hedges through diversification and reinsurance; credit risk in assets it holds and receivables; and operational risks, such as internal process failures and external fraud.

Enterprise Risk Management Example in Technology

Financial software maker Intuit has strengthened its enterprise risk management through evolution, according to a case study by former Chief Risk Officer Janet Nasburg. 

The program is founded on the following five core principles:

• Use a common risk framework across the enterprise.
• Assess risks on an ongoing basis.
• Focus on the most important risks.
• Clearly define accountability for risk management.
• Commit to continuous improvement of performance measurement and monitoring. 

ERM programs grow according to a maturity model, and as capability rises, the shareholder value from risk management becomes more visible and important. 

The maturity phases include the following:

• Ad hoc risk management addresses a specific problem when it arises.
• Targeted or initial risk management approaches risks with multiple understandings of what constitutes risk and management occurs in silos. 
• Integrated or repeatable risk management puts in place an organization-wide framework for risk assessment and response. 
• Intelligent or managed risk management coordinates risk management across the business, using common tools. 
• Risk leadership incorporates risk management into strategic decision-making. 

Intuit emphasizes using key risk indicators (KRIs) to understand risks, along with key performance indicators (KPIs) to gauge the effectiveness of risk management. 

Early in its ERM journey, Intuit measured performance on risk management process participation and risk assessment impact. For participation, the targeted rate was 80 percent of executive management and business-line leaders. This helped benchmark risk awareness and current risk management, at a time when ERM at the company was not mature.

Conduct an annual risk assessment at corporate and business-line levels to plot risks, so the most likely and most impactful risks are graphed in the upper-right quadrant. Doing so focuses attention on these risks and helps business leaders understand the risk’s impact on performance toward strategic objectives. 

In the company’s second phase of ERM, Intuit turned its attention to building risk management capacity and sought to ensure that risk management activities addressed the most important risks. The company evaluated performance using color-coded status symbols (red, yellow, green) to indicate risk trend and progress on risk mitigation measures.

In its third phase, Intuit moved to actively monitoring the most important risks and ensuring that leaders modified their strategies to manage risks and take advantage of opportunities. An executive dashboard uses KRIs, KPIs, an overall risk rating, and red-yellow-green coding. The board of directors regularly reviews this dashboard.

Over this evolution, the company has moved from narrow, tactical risk management to holistic, strategic, and long-term ERM.

Enterprise Risk Management Case Studies by Principle

ERM veterans agree that in addition to KPIs and KRIs, other principles are equally important to follow. Below, you’ll find examples of enterprise risk management programs by principles.

ERM Principle #1: Make Sure Your Program Aligns with Your Values

Raytheon Case Study U.S. defense contractor Raytheon states that its highest priority is delivering on its commitment to provide ethical business practices and abide by anti-corruption laws.

Raytheon backs up this statement through its ERM program. Among other measures, the company performs an annual risk assessment for each function, including the anti-corruption group under the Chief Ethics and Compliance Officer. In addition, Raytheon asks 70 of its sites to perform an anti-corruption self-assessment each year to identify gaps and risks. From there, a compliance team tracks improvement actions. 

Every quarter, the company surveys 600 staff members who may face higher anti-corruption risks, such as the potential for bribes. The survey asks them to report any potential issues in the past quarter.

Also on a quarterly basis, the finance and internal controls teams review higher-risk profile payments, such as donations and gratuities to confirm accuracy and compliance. Oversight and compliance teams add other checks, and they update a risk-based audit plan continuously.

ERM Principle #2: Embrace Diversity to Reduce Risk

State Street Global Advisors Case Study In 2016, the asset management firm State Street Global Advisors introduced measures to increase gender diversity in its leadership as a way of reducing portfolio risk, among other goals. 

The company relied on research that showed that companies with more women senior managers had a better return on equity, reduced volatility, and fewer governance problems such as corruption and fraud. 

Among the initiatives was a campaign to influence companies where State Street had invested, in order to increase female membership on their boards. State Street also developed an investment product that tracks the performance of companies with the highest level of senior female leadership relative to peers in their sector. 

In 2020, the company announced some of the results of its effort. Among the 1,384 companies targeted by the firm, 681 added at least one female director.

ERM Principle #3: Do Not Overlook Resource Risks

Infosys Case Study India-based technology consulting company Infosys, which employees more than 240,000 people, has long recognized the risk of water shortages to its operations. 

India’s rapidly growing population and development has increased the risk of water scarcity. A 2020 report by the World Wide Fund for Nature said 30 cities in India faced the risk of severe water scarcity over the next three decades. 

Infosys has dozens of facilities in India and considers water to be a significant short-term risk. At its campuses, the company uses the water for cooking, drinking, cleaning, restrooms, landscaping, and cooling. Water shortages could halt Infosys operations and prevent it from completing customer projects and reaching its performance objectives. 

In an enterprise risk assessment example, Infosys’ ERM team conducts corporate water-risk assessments while sustainability teams produce detailed water-risk assessments for individual locations, according to a report by the World Business Council for Sustainable Development .

The company uses the COSO ERM framework to respond to the risks and decide whether to accept, avoid, reduce, or share these risks. The company uses root-cause analysis (which focuses on identifying underlying causes rather than symptoms) and the site assessments to plan steps to reduce risks. 

Infosys has implemented various water conservation measures, such as water-efficient fixtures and water recycling, rainwater collection and use, recharging aquifers, underground reservoirs to hold five days of water supply at locations, and smart-meter usage monitoring. Infosys’ ERM team tracks metrics for per-capita water consumption, along with rainfall data, availability and cost of water by tanker trucks, and water usage from external suppliers. 

In the 2020 fiscal year, the company reported a nearly 64 percent drop in per-capita water consumption by its workforce from the 2008 fiscal year. 

The business advantages of this risk management include an ability to open locations where water shortages may preclude competitors, and being able to maintain operations during water scarcity, protecting profitability.

ERM Principle #4: Fight Silos for Stronger Enterprise Risk Management

U.S. Government Case Study The terrorist attacks of September 11, 2001, revealed that the U.S. government’s then-current approach to managing intelligence was not adequate to address the threats — and, by extension, so was the government’s risk management procedure. Since the Cold War, sensitive information had been managed on a “need to know” basis that resulted in data silos. 

In the case of 9/11, this meant that different parts of the government knew some relevant intelligence that could have helped prevent the attacks. But no one had the opportunity to put the information together and see the whole picture. A congressional commission determined there were 10 lost operational opportunities to derail the plot. Silos existed between law enforcement and intelligence, as well as between and within agencies. 

After the attacks, the government moved toward greater information sharing and collaboration. Based on a task force’s recommendations, data moved from a centralized network to a distributed model, and social networking tools now allow colleagues throughout the government to connect. Staff began working across agency lines more often.

Enterprise Risk Management Examples by Scenario

While some scenarios are too unlikely to receive high-priority status, low-probability risks are still worth running through the ERM process. Robust risk management creates a culture and response capacity that better positions a company to deal with a crisis.

In the following enterprise risk examples, you will find scenarios and details of how organizations manage the risks they face.

Scenario: ERM and the Global Pandemic While most businesses do not have the resources to do in-depth ERM planning for the rare occurrence of a global pandemic, companies with a risk-aware culture will be at an advantage if a pandemic does hit. 

These businesses already have processes in place to escalate trouble signs for immediate attention and an ERM team or leader monitoring the threat environment. A strong ERM function gives clear and effective guidance that helps the company respond.

A report by Vodafone found that companies identified as “future ready” fared better in the COVID-19 pandemic. The attributes of future-ready businesses have a lot in common with those of companies that excel at ERM. These include viewing change as an opportunity; having detailed business strategies that are documented, funded, and measured; working to understand the forces that shape their environments; having roadmaps in place for technological transformation; and being able to react more quickly than competitors. 

Only about 20 percent of companies in the Vodafone study met the definition of “future ready.” But 54 percent of these firms had a fully developed and tested business continuity plan, compared to 30 percent of all businesses. And 82 percent felt their continuity plans worked well during the COVID-19 crisis. Nearly 50 percent of all businesses reported decreased profits, while 30 percent of future-ready organizations saw profits rise. 

Scenario: ERM and the Economic Crisis  The 2008 economic crisis in the United States resulted from the domino effect of rising interest rates, a collapse in housing prices, and a dramatic increase in foreclosures among mortgage borrowers with poor creditworthiness. This led to bank failures, a credit crunch, and layoffs, and the U.S. government had to rescue banks and other financial institutions to stabilize the financial system.

Some commentators said these events revealed the shortcomings of ERM because it did not prevent the banks’ mistakes or collapse. But Sim Segal, an ERM consultant and director of Columbia University’s ERM master’s degree program, analyzed how banks performed on 10 key ERM criteria. 

Segal says a risk-management program that incorporates all 10 criteria has these characteristics: 

• Risk management has an enterprise-wide scope.
• The program includes all risk categories: financial, operational, and strategic. 
• The focus is on the most important risks, not all possible risks. 
• Risk management is integrated across risk types.
• Aggregated metrics show risk exposure and appetite across the enterprise.
• Risk management incorporates decision-making, not just reporting.
• The effort balances risk and return management.
• There is a process for disclosure of risk.
• The program measures risk in terms of potential impact on company value.
• The focus of risk management is on the primary stakeholder, such as shareholders, rather than regulators or rating agencies.

In his book Corporate Value of Enterprise Risk Management , Segal concluded that most banks did not actually use ERM practices, which contributed to the financial crisis. He scored banks as failing on nine of the 10 criteria, only giving them a passing grade for focusing on the most important risks. 

Scenario: ERM and Technology Risk  The story of retailer Target’s failed expansion to Canada, where it shut down 133 loss-making stores in 2015, has been well documented. But one dimension that analysts have sometimes overlooked was Target’s handling of technology risk. 

A case study by Canadian Business magazine traced some of the biggest issues to software and data-quality problems that dramatically undermined the Canadian launch. 

As with other forms of ERM, technology risk management requires companies to ask what could go wrong, what the consequences would be, how they might prevent the risks, and how they should deal with the consequences. 

But with its technology plan for Canada, Target did not heed risk warning signs. 

In the United States, Target had custom systems for ordering products from vendors, processing items at warehouses, and distributing merchandise to stores quickly. But that software would need customization to work with the Canadian dollar, metric system, and French-language characters. 

Target decided to go with new ERP software on an aggressive two-year timeline. As Target began ordering products for the Canadian stores in 2012, problems arose. Some items did not fit into shipping containers or on store shelves, and information needed for customs agents to clear imported items was not correct in Target's system. 

Target found that its supply chain software data was full of errors. Product dimensions were in inches, not centimeters; height and width measurements were mixed up. An internal investigation showed that only about 30 percent of the data was accurate. 

In an attempt to fix these errors, Target merchandisers spent a week double-checking with vendors up to 80 data points for each of the retailer’s 75,000 products. They discovered that the dummy data entered into the software during setup had not been altered. To make any corrections, employees had to send the new information to an office in India where staff would enter it into the system. 

As the launch approached, the technology errors left the company vulnerable to stockouts, few people understood how the system worked, and the point-of-sale checkout system did not function correctly. Soon after stores opened in 2013, consumers began complaining about empty shelves. Meanwhile, Target Canada distribution centers overflowed due to excess ordering based on poor data fed into forecasting software. 

The rushed launch compounded problems because it did not allow the company enough time to find solutions or alternative technology. While the retailer fixed some issues by the end of 2014, it was too late. Target Canada filed for bankruptcy protection in early 2015. 

Scenario: ERM and Cybersecurity System hacks and data theft are major worries for companies. But as a relatively new field, cyber-risk management faces unique hurdles.

For example, risk managers and information security officers have difficulty quantifying the likelihood and business impact of a cybersecurity attack. The rise of cloud-based software exposes companies to third-party risks that make these projections even more difficult to calculate. 

As the field evolves, risk managers say it’s important for IT security officers to look beyond technical issues, such as the need to patch a vulnerability, and instead look more broadly at business impacts to make a cost benefit analysis of risk mitigation. Frameworks such as the Risk Management Framework for Information Systems and Organizations by the National Institute of Standards and Technology can help.  

Health insurer Aetna considers cybersecurity threats as a part of operational risk within its ERM framework and calculates a daily risk score, adjusted with changes in the cyberthreat landscape. 

Aetna studies threats from external actors by working through information sharing and analysis centers for the financial services and health industries. Aetna staff reverse-engineers malware to determine controls. The company says this type of activity helps ensure the resiliency of its business processes and greatly improves its ability to help protect member information.

For internal threats, Aetna uses models that compare current user behavior to past behavior and identify anomalies. (The company says it was the first organization to do this at scale across the enterprise.) Aetna gives staff permissions to networks and data based on what they need to perform their job. This segmentation restricts access to raw data and strengthens governance. 

Another risk initiative scans outgoing employee emails for code patterns, such as credit card or Social Security numbers. The system flags the email, and a security officer assesses it before the email is released.

Examples of Poor Enterprise Risk Management

Case studies of failed enterprise risk management often highlight mistakes that managers could and should have spotted — and corrected — before a full-blown crisis erupted. The focus of these examples is often on determining why that did not happen. 

ERM Case Study: General Motors

In 2014, General Motors recalled the first of what would become 29 million cars due to faulty ignition switches and paid compensation for 124 related deaths. GM knew of the problem for at least 10 years but did not act, the automaker later acknowledged. The company entered a deferred prosecution agreement and paid a $900 million penalty. 

Pointing to the length of time the company failed to disclose the safety problem, ERM specialists say it shows the problem did not reside with a single department. “Rather, it reflects a failure to properly manage risk,” wrote Steve Minsky, a writer on ERM and CEO of an ERM software company, in Risk Management magazine. 

“ERM is designed to keep all parties across the organization, from the front lines to the board to regulators, apprised of these kinds of problems as they become evident. Unfortunately, GM failed to implement such a program, ultimately leading to a tragic and costly scandal,” Minsky said.

Also in the auto sector, an enterprise risk management case study of Toyota looked at its problems with unintended acceleration of vehicles from 2002 to 2009. Several studies, including a case study by Carnegie Mellon University Professor Phil Koopman , blamed poor software design and company culture. A whistleblower later revealed a coverup by Toyota. The company paid more than $2.5 billion in fines and settlements.

ERM Case Study: Lululemon

In 2013, following customer complaints that its black yoga pants were too sheer, the athletic apparel maker recalled 17 percent of its inventory at a cost of $67 million. The company had previously identified risks related to fabric supply and quality. The CEO said the issue was inadequate testing. 

Analysts raised concerns about the company’s controls, including oversight of factories and product quality. A case study by Stanford University professors noted that Lululemon’s episode illustrated a common disconnect between identifying risks and being prepared to manage them when they materialize. Lululemon’s reporting and analysis of risks was also inadequate, especially as related to social media. In addition, the case study highlighted the need for a system to escalate risk-related issues to the board. 

ERM Case Study: Kodak 

Once an iconic brand, the photo film company failed for decades to act on the threat that digital photography posed to its business and eventually filed for bankruptcy in 2012. The company’s own research in 1981 found that digital photos could ultimately replace Kodak’s film technology and estimated it had 10 years to prepare. 

Unfortunately, Kodak did not prepare and stayed locked into the film paradigm. The board reinforced this course when in 1989 it chose as CEO a candidate who came from the film business over an executive interested in digital technology. 

Had the company acknowledged the risks and employed ERM strategies, it might have pursued a variety of strategies to remain successful. The company’s rival, Fuji Film, took the money it made from film and invested in new initiatives, some of which paid off. Kodak, on the other hand, kept investing in the old core business.

Case Studies of Successful Enterprise Risk Management

Successful enterprise risk management usually requires strong performance in multiple dimensions, and is therefore more likely to occur in organizations where ERM has matured. The following examples of enterprise risk management can be considered success stories. 

ERM Case Study: Statoil 

A major global oil producer, Statoil of Norway stands out for the way it practices ERM by looking at both downside risk and upside potential. Taking risks is vital in a business that depends on finding new oil reserves. 

According to a case study, the company developed its own framework founded on two basic goals: creating value and avoiding accidents.

The company aims to understand risks thoroughly, and unlike many ERM programs, Statoil maps risks on both the downside and upside. It graphs risk on probability vs. impact on pre-tax earnings, and it examines each risk from both positive and negative perspectives. 

For example, the case study cites a risk that the company assessed as having a 5 percent probability of a somewhat better-than-expected outcome but a 10 percent probability of a significant loss relative to forecast. In this case, the downside risk was greater than the upside potential.

ERM Case Study: Lego 

The Danish toy maker’s ERM evolved over the following four phases, according to a case study by one of the chief architects of its program:

• Traditional management of financial, operational, and other risks. Strategic risk management joined the ERM program in 2006. 
• The company added Monte Carlo simulations in 2008 to model financial performance volatility so that budgeting and financial processes could incorporate risk management. The technique is used in budget simulations, to assess risk in its credit portfolio, and to consolidate risk exposure. 
• Active risk and opportunity planning is part of making a business case for new projects before final decisions.
• The company prepares for uncertainty so that long-term strategies remain relevant and resilient under different scenarios. 

As part of its scenario modeling, Lego developed its PAPA (park, adapt, prepare, act) model. 

• Park: The company parks risks that occur slowly and have a low probability of happening, meaning it does not forget nor actively deal with them.
• Adapt: This response is for risks that evolve slowly and are certain or highly probable to occur. For example, a risk in this category is the changing nature of play and the evolution of buying power in different parts of the world. In this phase, the company adjusts, monitors the trend, and follows developments.
• Prepare: This category includes risks that have a low probability of occurring — but when they do, they emerge rapidly. These risks go into the ERM risk database with contingency plans, early warning indicators, and mitigation measures in place.
• Act: These are high-probability, fast-moving risks that must be acted upon to maintain strategy. For example, developments around connectivity, mobile devices, and online activity are in this category because of the rapid pace of change and the influence on the way children play. 

Lego views risk management as a way to better equip itself to take risks than its competitors. In the case study, the writer likens this approach to the need for the fastest race cars to have the best brakes and steering to achieve top speeds.

ERM Case Study: University of California 

The University of California, one of the biggest U.S. public university systems, introduced a new view of risk to its workforce when it implemented enterprise risk management in 2005. Previously, the function was merely seen as a compliance requirement.

ERM became a way to support the university’s mission of education and research, drawing on collaboration of the system’s employees across departments. “Our philosophy is, ‘Everyone is a risk manager,’” Erike Young, deputy director of ERM told Treasury and Risk magazine. “Anyone who’s in a management position technically manages some type of risk.”

The university faces a diverse set of risks, including cybersecurity, hospital liability, reduced government financial support, and earthquakes.  

The ERM department had to overhaul systems to create a unified view of risk because its information and processes were not linked. Software enabled both an organizational picture of risk and highly detailed drilldowns on individual risks. Risk managers also developed tools for risk assessment, risk ranking, and risk modeling. 

Better risk management has provided more than $100 million in annual cost savings and nearly $500 million in cost avoidance, according to UC officials. 

UC drives ERM with risk management departments at each of its 10 locations and leverages university subject matter experts to form multidisciplinary workgroups that develop process improvements.

APQC, a standards quality organization, recognized UC as a top global ERM practice organization, and the university system has won other awards. The university says in 2010 it was the first nonfinancial organization to win credit-rating agency recognition of its ERM program.

Examples of How Technology Is Transforming Enterprise Risk Management

Business intelligence software has propelled major progress in enterprise risk management because the technology enables risk managers to bring their information together, analyze it, and forecast how risk scenarios would impact their business.

ERM organizations are using computing and data-handling advancements such as blockchain for new innovations in strengthening risk management. Following are case studies of a few examples.

ERM Case Study: Bank of New York Mellon 

In 2021, the bank joined with Google Cloud to use machine learning and artificial intelligence to predict and reduce the risk that transactions in the $22 trillion U.S. Treasury market will fail to settle. Settlement failure means a buyer and seller do not exchange cash and securities by the close of business on the scheduled date. 

The party that fails to settle is assessed a daily financial penalty, and a high level of settlement failures can indicate market liquidity problems and rising risk. BNY says that, on average, about 2 percent of transactions fail to settle.

The bank trained models with millions of trades to consider every factor that could result in settlement failure. The service uses market-wide intraday trading metrics, trading velocity, scarcity indicators, volume, the number of trades settled per hour, seasonality, issuance patterns, and other signals. 

The bank said it predicts about 40 percent of settlement failures with 90 percent accuracy. But it also cautioned against overconfidence in the technology as the model continues to improve. 

AI-driven forecasting reduces risk for BNY clients in the Treasury market and saves costs. For example, a predictive view of settlement risks helps bond dealers more accurately manage their liquidity buffers, avoid penalties, optimize their funding sources, and offset the risks of failed settlements. In the long run, such forecasting tools could improve the health of the financial market. 

ERM Case Study: PwC

Consulting company PwC has leveraged a vast information storehouse known as a data lake to help its customers manage risk from suppliers.

A data lake stores both structured or unstructured information, meaning data in highly organized, standardized formats as well as unstandardized data. This means that everything from raw audio to credit card numbers can live in a data lake. 

Using techniques pioneered in national security, PwC built a risk data lake that integrates information from client companies, public databases, user devices, and industry sources. Algorithms find patterns that can signify unidentified risks.

One of PwC’s first uses of this data lake was a program to help companies uncover risks from their vendors and suppliers. Companies can violate laws, harm their reputations, suffer fraud, and risk their proprietary information by doing business with the wrong vendor. 

Today’s complex global supply chains mean companies may be several degrees removed from the source of this risk, which makes it hard to spot and mitigate. For example, a product made with outlawed child labor could be traded through several intermediaries before it reaches a retailer. 

PwC’s service helps companies recognize risk beyond their primary vendors and continue to monitor that risk over time as more information enters the data lake.

ERM Case Study: Financial Services

As analytics have become a pillar of forecasting and risk management for banks and other financial institutions, a new risk has emerged: model risk . This refers to the risk that machine-learning models will lead users to an unreliable understanding of risk or have unintended consequences.

For example, a 6 percent drop in the value of the British pound over the course of a few minutes in 2016 stemmed from currency trading algorithms that spiralled into a negative loop. A Twitter-reading program began an automated selling of the pound after comments by a French official, and other selling algorithms kicked in once the currency dropped below a certain level.

U.S. banking regulators are so concerned about model risk that the Federal Reserve set up a model validation council in 2012 to assess the models that banks use in running risk simulations for capital adequacy requirements. Regulators in Europe and elsewhere also require model validation.

A form of managing risk from a risk-management tool, model validation is an effort to reduce risk from machine learning. The technology-driven rise in modeling capacity has caused such models to proliferate, and banks can use hundreds of models to assess different risks. 

Model risk management can reduce rising costs for modeling by an estimated 20 to 30 percent by building a validation workflow, prioritizing models that are most important to business decisions, and implementing automation for testing and other tasks, according to McKinsey.

Streamline Your Enterprise Risk Management Efforts with Real-Time Work Management in Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

Case Study: Companies Excelling in Risk Management

In this article

In the modern business landscape, navigating uncertainties and pitfalls is essential for sustainable growth and longevity. Effective risk management emerges as a shield against potential threats – and it also unlocks opportunities for innovation and advancement. In this article, we will explore risk management and its significance and criteria for excellence. We will also examine case studies of two companies that have excelled in this domain. Through these insights, we aim to glean valuable lessons and best practices. As such, businesses across diverse industries can fortify their risk management frameworks.

The Significance of Risk Management

Risk management is vital for the sustenance and prosperity of companies, regardless of their size or industry. At its core, it is the identification, assessment and mitigation of potential risks that may impede organisational objectives or lead to adverse outcomes. Having a robust risk management approach means businesses can safeguard their assets, reputation and bottom line. 

The statistics are somewhat alarming. According to research , 69% of executives are not confident with their current risk management policies and practices. What’s more, only 36% of organisations have a formal enterprise risk management (ERM) programme. 

Proactive risk management isn’t just a defensive measure; rather, it is necessary for sustainability and growth. With 62% of organisations experiencing a critical risk event in the last three years, it is important to be proactive. By identifying and addressing potential risks, organisations can become more resilient to external shocks and internal disruptions. This means they’re better able to survive through difficult times and maintain operational continuity. Moreover, a proactive stance enables companies to seize strategic advantages. It allows them to innovate, expand into new markets and capitalise on emerging trends with confidence.

Criteria for Excellence in Risk Management

Achieving excellence in risk management means adhering to several key criteria:  

• Ability to Identify Risks: Exceptional risk management begins with identifying potential risks comprehensively. This involves a thorough understanding of both internal and external factors that could impact the organisation. It includes market volatility, regulatory changes, cybersecurity threats and operational vulnerabilities.
• Assessment of Risks: Once identified, risks must be assessed to gauge their potential impact and likelihood of occurrence. This involves using risk assessment methodologies like quantitative analysis, scenario planning and risk heat mapping, to prioritise risks based on their severity and urgency.
• Mitigation Strategies and Control Measures: Effective risk management relies on proactive mitigation strategies to minimise the likelihood of risk occurrence and mitigate its potential impact. This may involve implementing control measures, diversifying risk exposure, investing in risk transfer mechanisms such as insurance and enhancing resilience through business continuity planning.
• Adaptability to Change: Organisations need to be ready to adapt to emerging risks and changing circumstances. This requires a culture of continuous learning and improvement. This means lessons are learned from past experiences to enhance risk management practices and anticipate future challenges.
• Leadership Commitment: Effective leaders demonstrate a clear understanding of the importance of risk management. They know how to allocate adequate resources, support and incentives to prioritise risk management initiatives.
• Strong Risk Culture: A strong risk culture permeates every level of the organisation. This involves a mindset where risk management is viewed as everyone’s responsibility.
• Robust Risk Management Frameworks: Finally, excellence in risk management requires robust frameworks and processes to guide risk identification, assessment and mitigation efforts. This includes defining clear roles and responsibilities, implementing effective governance structures and leveraging technology and data analytics to enhance risk visibility and decision-making.

Company A: Case Study in Risk Management Excellence

Now, let’s take a look at a case study that highlights risk management excellence in practice.

ApexTech Solutions is a company known for its exemplary risk management practices. Founded in 2005 by visionary entrepreneur Sarah Lawson, ApexTech began as a small start-up in the tech industry. It specialises in software development and IT consulting services. 

Over the years, under Lawson’s leadership, the company expanded its offerings and diversified into various sectors, including cybersecurity solutions, cloud computing and artificial intelligence. Today, ApexTech is a prominent player in the global technology market, serving clients ranging from small businesses to Fortune 500 companies.

Risk management strategies and successes

ApexTech’s journey to risk management excellence can be attributed to several key strategies and initiatives:

• Comprehensive Risk Assessment: ApexTech conducts regular and thorough risk assessments to identify potential threats and vulnerabilities across its operations.
• Investment in Technology and Innovation: ApexTech prioritises investments in cutting-edge technologies such as AI-driven analytics, predictive modelling and threat intelligence solutions.
• Customer-Centric Approach: ApexTech tailors its risk management solutions to meet specific needs and preferences. This fosters trust and long-term partnerships.
• Cybersecurity Measures: ApexTech has made cybersecurity a top priority. The company employs a multi-layered approach to cybersecurity to mitigate the risk of cyberattacks.
• Continual Improvement and Adaptation: ApexTech fosters a culture of continual improvement and adaptation. The company encourages feedback and collaboration among employees at all levels so they can identify areas for improvement and implement solutions to mitigate risks effectively.

By proactively identifying and addressing operational risks, such as supply chain disruptions and regulatory compliance challenges, ApexTech has maintained operational continuity and minimised potential disruptions to its business operations.

ApexTech Solutions serves as a compelling example of a company that has excelled in risk management excellence by embracing proactive strategies, leveraging advanced technologies and fostering a culture of innovation and adaptation. 

Company B: Case Study in Risk Management Excellence

TerraSafe Pharmaceuticals is a renowned company in the pharmaceutical industry, dedicated to developing and manufacturing innovative medications to improve global health outcomes. Established in 1998 by Dr Elena Chen, TerraSafe initially focused on the production of generic drugs to address critical healthcare needs. 

Over the years, the company has expanded its portfolio to include novel biopharmaceuticals and speciality medications.

TerraSafe Pharmaceuticals has a holistic approach to identifying, assessing and mitigating risks across its operations:

• Rigorous Quality Assurance Standards: TerraSafe prioritises stringent quality assurance measures throughout the drug development and manufacturing process. This ensures product safety, efficacy and compliance with regulatory requirements.
• Investment in Research and Development (R&D): TerraSafe allocates significant resources to research and development initiatives. These are aimed at advancing scientific knowledge and discovering breakthrough therapies. With its culture of innovation and collaboration, the company mitigates the risk of product obsolescence.
• Regulatory Compliance and Risk Monitoring: TerraSafe maintains a dedicated regulatory affairs department. This team stays abreast of evolving regulatory requirements and industry standards. They monitor regulatory changes proactively and engage with regulatory authorities to ensure timely compliance with applicable laws and standards. This reduces the risk of non-compliance penalties and legal disputes.
• Supply Chain Resilience: TerraSafe works closely with its suppliers and logistics partners to assess and mitigate supply chain risks like raw material shortages, transportation disruptions and geopolitical instability. It implements contingency planning and diversification of sourcing strategies.
• Focus on Patient Safety and Ethical Practices: The company adheres to stringent ethical guidelines and clinical trial protocols to protect patient welfare and maintain public trust in its products and services.

By investing in R&D and adhering to rigorous quality assurance standards, TerraSafe has successfully developed and commercialised several breakthrough medications that address unmet medical needs and improve patient outcomes. What’s more, the company’s proactive approach to regulatory compliance has facilitated the timely approval and market authorisation of its products in key global markets. This has enabled the company to expand its geographic footprint and reach new patient populations.

Key Takeaways and Best Practices

Despite being in different industries, both companies share similarities. Both ApexTech and TerraSafe Pharmaceuticals know the importance of proactive risk management. They have procedures in place that work to identify, assess and mitigate risks before they escalate. What’s more, both companies are led by visionary leaders who set the tone for decision-making. They prioritise building a strong risk culture with all employees knowing their role in risk management.

Best practices and strategies employed

• Conducting Regular Risk Assessments: Both companies conduct regular and comprehensive risk assessments to identify potential threats and vulnerabilities across their operations.
• Investing in Training and Education: Both invest in training and education programmes so that employees are equipped with the knowledge and skills necessary to identify and manage risks effectively. Employees at all levels contribute to risk management efforts.
• Collaboration and Communication: Both companies know the importance of collaboration and communication in risk management. They create channels for open dialogue and information sharing. Stakeholders collaborate on risk identification, assessment and mitigation efforts.
• Continual Improvement: Both companies have a culture of continual improvement. They encourage feedback and innovation to adapt to changing circumstances and emerging risks.
• Tailored Risk Management Approaches: Both companies develop customised risk management frameworks and strategies that align with their objectives and priorities.

Emerging Trends in Risk Management

One of the most prominent trends in risk management is the increasing integration of technology into risk management processes. Advanced technologies such as artificial intelligence (AI), machine learning and automation are revolutionising risk assessment, prediction and mitigation. These technologies mean companies can analyse vast amounts of data in real time. This allows them to identify patterns and trends and predict potential risks more accurately.

Data analytics is another key trend reshaping risk management practices. Companies are leveraging big data analytics tools and techniques to gain deeper insights. By analysing historical data and real-time information, they can identify emerging risks, detect anomalies and make more informed risk management decisions.

Cybersecurity risks have become a major concern. Threats such as data breaches, ransomware attacks and phishing scams pose significant risks to companies’ data, operation and reputation. Companies are investing heavily in cybersecurity measures and adopting proactive approaches to protect their digital assets and mitigate cyber risks.

Companies are integrating global risk management into their overall risk management strategy too. They are monitoring global developments, assessing the impact of global risks on their business operations and developing contingency plans.

The Role of Leadership

Leadership plays a pivotal role in shaping organisational culture and driving initiatives that promote risk management excellence. Effective leaders recognise the importance of risk management but also actively champion its integration into the fabric of the organisation. Effective leaders:

• Set the Tone: Leaders set the tone by articulating a clear vision and commitment to risk management from the top down.
• Lead by Example: Leaders demonstrate their own commitment to risk management through their actions and decisions.
• Empower Employees: Leaders empower employees at all levels to actively participate in risk management efforts. They encourage employees to voice their concerns and contribute.
• Provide Resources and Support: Effective leaders invest in training and development programmes to enhance employees’ risk management skills and knowledge.
• Encourage Innovation: Leaders encourage employees to think creatively and experiment with new approaches to risk management.
• Promote Continuous Improvement: Leaders create opportunities for reflection and evaluation to identify areas for improvement and drive learning.

Encouraging a Risk-Aware Culture

For organisations to identify, assess and mitigate risks at all levels effectively, they need to encourage a risk-aware culture. Here are some tips for encouraging a risk-aware culture:

Communication and transparency:

• Encourage open communication channels where employees feel comfortable discussing risks and raising concerns.
• Provide regular updates on the organisation’s risk landscape, including emerging risks and mitigation strategies.
• Foster transparency in decision-making processes, particularly regarding risk-related decisions.

Education and training:

• Provide comprehensive training programmes on risk management principles, processes and tools for employees at all levels.
• Offer specialised training sessions on specific risk areas relevant to employees’ roles and responsibilities.
• Incorporate real-life case studies and examples to illustrate the importance of risk awareness and effective risk management.

Empowerment and ownership:

• Empower employees to take ownership of risk management within their respective areas of expertise.
• Encourage employees to identify and assess risks in their day-to-day activities and propose mitigation strategies.
• Recognise and reward employees who demonstrate proactive risk awareness and contribute to effective risk management practices.

Integration into performance management:

• Include risk management objectives and key performance indicators (KPIs) in employee performance evaluations.
• Link performance bonuses or incentives to successful risk management outcomes and adherence to risk management protocols.
• Provide feedback and coaching to employees on their risk management performance, highlighting areas for improvement and best practices.

Challenges in Risk Management

Challenges in risk management are inevitable, even for companies excelling in this domain. Despite their proactive efforts, all organisations encounter obstacles that can impede their risk management practices. Here are some common challenges and strategies for addressing them:

Complexity and interconnectedness:

• Challenge: The modern business environment is increasingly complex and interconnected, making it challenging for organisations to anticipate and mitigate all potential risks comprehensively.
• Strategy: Implement a holistic risk management approach that considers both internal and external factors impacting the organisation. Create cross-functional collaboration and information sharing to gain a comprehensive understanding of risks across departments and business units.

Rapidly evolving risks:

• Challenge: Risks are constantly evolving due to technological advancements, regulatory changes and global events such as pandemics or geopolitical shifts. Organisations may struggle to keep pace with emerging risks and adapt their risk management strategies accordingly.
• Strategy: Stay informed about emerging trends and developments that may impact the organisation’s risk landscape. Maintain flexibility and agility in risk management processes to respond promptly to new challenges.

Resource constraints:

• Challenge: Limited resources, including budgetary constraints and staffing limitations, can hinder organisations’ ability to invest adequately in risk management initiatives and tools.
• Strategy: Prioritise risk management activities based on their potential impact on organisational objectives and allocate resources accordingly. Leverage technology and automation to streamline risk management processes and maximise efficiency.

Compliance and regulatory burden:

• Challenge: Meeting regulatory requirements and compliance standards can be burdensome and complex.
• Strategy: Stay abreast of regulatory developments and ensure compliance with applicable laws and regulations. Implement robust governance frameworks and internal controls to demonstrate regulatory compliance and mitigate legal and reputational risks. Invest in compliance training and education for employees.

Human factors and behavioural biases:

• Challenge: Human factors such as cognitive biases, organisational politics and resistance to change can undermine effective risk management practices, leading to decision-making errors and oversight of critical risks.
• Strategy: Raise awareness about common cognitive biases and behavioural tendencies that may influence risk perception and decision-making. Create a culture of psychological safety where employees feel comfortable challenging assumptions and raising concerns about potential risks.

Conclusion: Striving for Excellence

In this article, we have explored the importance of effective risk management for businesses. We have delved into the criteria for excellence in risk management, showcasing companies such as ApexTech Solutions and TerraSafe Pharmaceuticals that exemplify these principles through their proactive strategies and robust frameworks.

From embracing technology and fostering a culture of innovation to prioritising regulatory compliance and empowering employees, these companies have demonstrated remarkable achievements in navigating complex risk landscapes and achieving sustainable success.

However, it’s essential to recognise that even companies excelling in risk management face challenges. By acknowledging these and implementing strategies to address them, organisations can enhance their resilience and effectiveness in managing risks over the long term.

Assessing Risk

Study online and gain a full CPD certificate posted out to you the very next working day.

Take a look at this course

About the author

Louise Woffindin

Louise is a writer and translator from Sheffield. Before turning to writing, she worked as a secondary school language teacher. Outside of work, she is a keen runner and also enjoys reading and walking her dog Chaos.

Similar posts

Common Pitfalls in Handling Disciplinaries and How to Avoid Them

Strategies for Supporting Individuals with Dementia in Daily Activities

Hoarding: Best Practices for Safe and Respectful Intervention

An Overview of Employment Law: Rights and Responsibilities

Celebrating our clients and partners.

Table of Contents

Understanding project risk management, definition and explanation of project risk management, 4 key components of project risk management, risk identification, risk assessment, risk response planning, risk monitoring and control, 5 project risk management case studies, gordie howe international bridge project, fujitsu’s early-career project managers, vodafone’s complex technology project, fehmarnbelt project, lend lease project, project risk management at designveloper, how we manage project risks, advancements in project risk management, project risk management: 5 case studies you should not miss.

May 21, 2024

Exploring project risk management, one can see how vital it is in today’s business world. This article from Designveloper, “Project Risk Management: 5 Case Studies You Should Not Miss”, exists in order to shed light on this important component of project management.

We’ll reference some new numbers and facts that highlight the significance of risk management in projects. These data points are based on legit reports and will help create a good basis of understanding on the subject matter.

In addition, we will discuss specific case studies when risk management was successfully applied and when it was not applied in project management. These real world examples are very much important for project managers and teams.

It is also important to keep in mind that each project has associated risks. However through project risk management these risks can be identified, analyzed, prioritized and managed in order to make the project achieve its objectives. Well then, let’s take this journey of understanding together. Watch out for an analysis of the five case studies you must not miss.

Risk management is a very critical component of any project. Risk management is a set of tools that allow determining the potential threats to the success of a project and how to address them. Let’s look at some more recent stats and examples to understand this better.

Statistics show that as high as 70% of all projects are unsuccessful . This high failure rate highlights the need for efficient project risk management. Surprisingly, organizations that do not attach much importance to project risk management face 50% chances of their project failure. This results in huge losses of money and untapped business potential.

Additionally, poor performance leads to approximated 10% loss of every dollar spent on projects. This translates to a loss of $99 for every $1 billion invested. These statistics demonstrate the importance of project risk management in improving project success rates and minimizing waste.

Let us consider a project management example to demonstrate the relevance of the issue discussed above. Consider a new refinery being constructed in the Middle East. The project is entering a key phase: purchasing. Poor risk management could see important decisions surrounding procurement strategy, or the timing of the tendering process result in project failure.

Project risk management in itself is a process that entails the identification of potential threats and their mitigation. It is not reactionary but proactive.

This process begins with the identification of potential risks. These could be any time from budget overruns to delayed deliveries. After the risks are identified they are then analyzed. This involves estimating the probability of each risk event and the potential consequences to the project.

The next stage is risk response planning. This could be in the form of risk reduction, risk shifting or risk acceptance. The goal here is to reduce the impact of risks on the project.

Finally, the process entails identifying and tracking these risks throughout the life of a project. This helps in keeping the project on course and any new risks that might arise are identified and managed.

Let’s dive into the heart of project risk management: its four key components. These pillars form the foundation of any successful risk management strategy. They are risk identification, risk analysis, risk response planning, and risk monitoring and control. Each plays a crucial role in ensuring project success. This section will provide a detailed explanation of each component, backed by data and real-world examples. So, let’s embark on this journey to understand the four key components of project risk management.

Risk identification is the first process in a project risk management process. It’s about proactively identifying risks that might cause a project to fail. This is very important because a recent study has shown that 77% of companies had operational surprises due to unidentified risks.

There are different approaches to risk identification such as brainstorming, Delphi technique, SWOT analysis, checklist analysis, flowchart. These techniques assist project teams in identifying all potential risks.

Risk identification is the second stage of the project risk management process. It is a systematic approach that tries to determine the probability of occurrence and severity of identified risks. This step is very important; it helps to rank the identified risks and assists in the formation of risk response strategies.

Risk assessment involves two key elements: frequency and severity of occurrence. As for risk probability, it estimates the chances of a risk event taking place, and risk impact measures the impact associated with the risk event.

This is the third component of project risk management. It deals with planning the best ways to deal with the risks that have been identified. This step is important since it ensures that the risk does not have a substantial effect on the project.

One of the statistics stated that nearly three-quarters of organizations have an incident response plan and 63 percent of these organizations conduct the plan regularly. This explains why focusing only on risks’ identification and analysis without a plan of action is inadequate.

Risk response planning involves four key strategies: risk acceptance, risk sharing, risk reduction, and risk elimination. Each strategy is selected depending on the nature and potential of the risk.

Risk monitoring and control is the last step of project risk management. It’s about monitoring and controlling the identified risks and making sure that they are being addressed according to the plan.

Furthermore, risk control and management involve managing identified risks, monitoring the remaining risk, identifying new risks, implementing risk strategies, and evaluating their implementation during the project life cycle.

It is now high time to approach the practical side of project risk management. This section provides selected five case studies that explain the need and application of project risk management. Each case study gives an individual approach revealing how risk management can facilitate success of the project. Additionally, these case studies include construction projects, technology groups, among other industries. They show how effective project risk management can be, by allowing organizations to respond to uncertainties and successfully accomplish their project objectives. Let us now examine these case studies and understand the concept of risk in project management.

The Gordie Howe International Bridge is one of the projects that demonstrate the principles of project risk management. This is one of the biggest infrastructure projects in North America which includes the construction of a 6 lane bridge at the busiest commercial border crossing point between the U.S. and Canada.

The project scope can be summarized as: New Port of Entry and Inspection facilities for the Canadian and US governments; Tolls Collection Facilities; Projects and modifications to multiple local bridges and roadways. The project is administered via Windsor-Detroit Bridge Authority, a nonprofit Canadian Crown entity.

Specifically, one of the project challenges associated with the fact that the project was a big one in terms of land size and the community of interests involved in the undertaking. Governance and the CI were fundamental aspects that helped the project team to overcome these challenges.

The PMBOK® Guide is the contractual basis for project management of the project agreement. This dedication to following the best practices for project management does not end with bridge construction: It spreads to all other requirements.

However, the project is making steady progress to the objective of finishing the project in 2024. This case study clearly demonstrates the role of project risk management in achieving success with large and complicated infrastructure projects.

Fujitsu is an international company that deals with the provision of a total information and communication technology system as well as its products and services. The typical way was to employ a few college and school leavers and engage them in a two-year manual management training and development course. Nevertheless, this approach failed in terms of the following.

Firstly, the training was not comprehensive in its coverage of project management and was solely concerned with generic messaging – for example, promoting leadership skills and time management. Secondly it was not effectively reaching out to the need of apprentices. Thirdly the two year time frame was not sufficient to allow for a deep approach to the development of the required project management skills for this job. Finally the retention problems of employees in the train program presented a number of issues.

To tackle these issues, Fujitsu UK adopted a framework based on three dimensions: structured learning, learning from others, and rotation. This framework is designed to operate for the first five years of a participant’s career and is underpinned by the 70-20-10 model for learning and development. Rogers’ model acknowledges that most learning occurs on the job.

The initial training process starts with a three-week formal learning and induction program that includes the initial orientation to the organization and its operations, the fundamentals of project management, and business in general. Lastly, the participants are put on a rotational assignment in the PMO of the program for the first six to eight months.

Vodafone is a multinational mobile telecommunications group that manages telecommunications services in 28 countries across five continents and decided to undertake a highly complex technology project to replace an existing network with a fully managed GLAN in 42 locations. This project was much complex and thus a well grounded approach to risk management was needed.

The project team faced a long period of delay in signing the contract and frequent changes after the contract was signed until the project is baselined. These challenges stretched the time frame of the project and enhanced the project complexity.

In order to mitigate the risks, Vodafone employed PMI standards for their project management structure. This approach included conducting workshops, developing resource and risk management plan and tailoring project documentations as well as conducting regular lesson learned.

Like any other project, the Vodafone GLAN project was not an easy one either but it was completed on time and in some cases ahead of the schedule that the team had anticipated to complete the project. At the first stage 90% of migrated sites were successfully migrated at the first attempt and 100% – at second.

The Fehmarnbelt project is a real-life example of the strategic role of project risk management. It provides information about a mega-project to construct the world’s longest immersed tunnel between Germany and Denmark. It will be a four-lane highway and two-rail electrified tunnel extending for 18 kilometers and it will be buried 40 meters under the Baltic Sea.

This project is managed by Femern A/S which is a Danish government-owned company with construction value over more than €7 billion (£8. 2 billion). It is estimated to provide jobs for 3,000 workers directly in addition to 10,000 in the suppliers. Upon its completion, its travel between Denmark and Germany will be cut to 10 minutes by automobile and 7 minutes by rail.

The Femern risk management functions and controls in particular the role of Risk Manager Bo Nygaard Sørensen then initiated the process and developed some clear key strategic objectives for the project. They formulated a simple, dynamic, and comprehensive risk register to give a more complete risk view of the mega-project. They also created a risk index in order to assess all risks in a consistent and predictable manner, classify them according to their importance, and manage and overcome the risks in an appropriate and timely manner.

Predict! is a risk assessment and analysis tool that came in use by the team, which helps determine the effect of various risks on the cost of the construction of the link and to calculate the risk contingency needed for the project. This way they were able to make decisions on whether an immersed tunnel could be constructed instead of a bridge.

Lend Lease is an international property and infrastructure group that operates in over 20 countries in the world; the company offers a better example of managing project risks. The company has established a complex framework called the Global Minimum Requirements (GMRs) to identify risks to which it is exposed.

The GMRs have scope for the phase of the project before a decision to bid for a job is taken. This framework includes factors related to flooding, heat, biodiversity, land or soil subsidence, water, weathering, infrastructure and insurance.

The GMRs are organized into five main phases in line with the five main development stages of a project. These stages guarantee that vital decisions are made at the ideal time. The stages include governance, investment, design and procurement, establishment, and delivery.

For instance, during the design and procurement stage, the GMRs identify requisite design controls that will prevent environment degradation during design as well as fatal risk elimination during planning and procurement. This approach aids in effective management of risks and delivery of successful projects in Lend Lease.

Let’s take a closer look at what risk management strategies are used here at Designveloper – a top web & software development firm in Vietnam. We also provide a range of other services, so it is essential that we manage risks on all our projects in similar and effective ways. The following part of the paper will try to give a glimpse of how we manage project risk in an exemplary manner using research from recent years and include specific cases.

The following steps explain the risk management process that we use—from the identification of potential risks to managing them: Discovering the risks. We will also mention here how our experience and expertise has helped us in this area.

Risk management as a function in project delivery is well comprehended at Designveloper. Our method of managing the project risk is proactive and systematic, which enables us to predict possible problems and create successful solutions to overcome them.

One of the problems we frequently encounter is the comprehension of our clients’ needs. In most cases, clients come to us with a basic idea or concept. To convert these ideas into particular requirements and feature lists, the business analysts of our company have to collaborate with the client. The whole process is often a time-waster, and having a chance is missed.

To solve this problem, we’ve created a library of features with their own time and cost estimate. This library is based on data of previous projects that we have documented, arranged, and consolidated. At the present time when a client approaches us with a request, we can search for similar features in our library and give an initial quote. This method has considerably cut the period of providing the first estimations to our clients and saving the time for all participants.

This is only one of the techniques we use to mitigate project risks at Designveloper. The focus on effective project risk management has been contributing significantly to our successful operation as a leading company in web and software development in Vietnam. It is a mindset that enables us to convert challenges into opportunities and provide outstanding results for our clients.

In Designveloper, we always aim at enhancing our project risk management actions. Below are a couple examples of the advancements we’ve made.

To reduce the waiting time, we have adopted continuous deployment. This enables us to provide value fast and effectively. We release a minimum feature rather than a big feature. It helps us to collect the input from our customers and keep on improving. What this translates into for our customers is that they start to derive value from the product quickly and that they have near-continuous improvement rather than have to wait for a “perfect” feature.

We also hold regular “sync-up” meetings between teams to keep the information synchronized and transparent from input (requirements) to output (product). Changes are known to all teams and thus teams can prepare to respond in a flexible and best manner.

Some of these developments in project risk management have enabled us to complete projects successfully, and be of an excellent service to our clients. They show our support of the never-ending improving and our capability to turn threats into opportunities. The strength of Designveloper is largely attributed to the fact that we do not just control project risks – we master them.

To conclude, project risk management is an important element of nearly all successful projects. It is all about identification of possible problems and organization necessary measures that will result in the success of the project. The case studies addressed in this article illustrate the significance and implementation of project risk management in different settings and fields. They show what efficient risk management can result in.

We have witnessed the advantages of solid project risk management at Designveloper. The combination of our approach, powered by our track record and professionalism, has enabled us to complete projects that met all client’s requirements. We are not only managing project risks but rather mastering them.

We trust you have found this article helpful in understanding project risk management and its significance in the fast-changing, complicated project environment of today. However, one needs to mind that proper project management is not only about task and resource management but also risk management. And at Designveloper, our team is there to guide you through those risks and to help you realize your project’s objectives.

Also published on

Share post on

Insights worth keeping. Get them weekly.

Get in touch

Simply register below to receive our weekly newsletters with the newest blog posts

Read more topics

• Harvard Business School →
• Faculty & Research →
• July 2008 (Revised January 2012)
• HBS Case Collection

Enterprise Risk Management at Hydro One (A)

• Format: Print
• | Pages: 22

More from the Author

• Winter 2015
• Journal of Applied Corporate Finance

When One Size Doesn't Fit All: Evolving Directions in the Research and Practice of Enterprise Risk Management

• August 2014
• Faculty Research

Enterprise Risk Management at Hydro One (B): How Risky are Smart Meters?

Learning from the kursk submarine rescue failure: the case for pluralistic risk management.

• When One Size Doesn't Fit All: Evolving Directions in the Research and Practice of Enterprise Risk Management  By: Anette Mikes and Robert S. Kaplan
• Enterprise Risk Management at Hydro One (B): How Risky are Smart Meters?  By: Anette Mikes and Amram Migdal
• Learning from the Kursk Submarine Rescue Failure: the Case for Pluralistic Risk Management  By: Anette Mikes and Amram Migdal

The implication of business intelligence in risk management: a case study in agricultural insurance

• Original Article
• Open access
• Published: 22 May 2021
• Volume 3 , pages 155–166, ( 2021 )

Cite this article

You have full access to this open access article

• Mehran Amini 1 ,
• Sara Salimi 2 ,
• Farid Yousefinejad 3 ,
• Mohammad J. Tarokh 4 &
• Sayyed M. Haybatollahi 5  

7410 Accesses

5 Citations

Explore all metrics

The increasing data scales in today’s business sectors coupled with the necessity of risk management raise the importance of business intelligence tools as an integrated solution for the insurance industry. These tools have mostly been used to achieve effective risk management. Although methods of risk management in the insurance industry have been proposed many years ago, the research effort has primarily been focused on predictive analyses. This study aimed to investigate the role of business intelligence as a solution to illustrate its potential in risk management particularly for decision-makers in agricultural insurance. We hypothesized that this would make a preferable decision in uncertain conditions. Sample data from the online transaction process system of Iran agricultural insurance fund were preprocessed in SQL server. Multidimensional online analytical processing architecture was analyzed using Targit business intelligence tool. Our results identified financial risks that lead to a framework of controlling risk based on business intelligence in the agricultural insurance fund.

Similar content being viewed by others

RETRACTED ARTICLE: A hybrid approach for risk analysis in e-business integrating big data analytics and artificial intelligence

Research on the Application of Data Mining Algorithm in Financial Risk Control Model in the Process of Digital Economy Transformation

Overseas Risk Intelligence Monitoring Based on Computer Modeling

Explore related subjects.

• Artificial Intelligence

Avoid common mistakes on your manuscript.

1 Introduction

Risk management is an effective tool to tackle uncertainties in the probability of an event’s occurrence that challenges decision makings. Many factors associated with risk management including business intelligence (BI) have the potential to be used to reduce such uncertainties. This challenge in decision making, appears to increase together with the expansion of globalization. Easy-to-use technologies for saving data and widespread access to the internet allow researchers and organizations to collect more data (Zhu et al. 2019 ). Because the origin, content, and display methods of most of these data vary and because they relate to diverse settings, such as commercial and financial, the current literature lacks enough findings concerning how these data are modeled and how they contribute to a company’s decision making strategy. Although methods for managing the uncertainties (e.g., managing liquidity related risks) in insurance have been proposed for many years, the research efforts, thus far, have primarily been focused on predicting outcomes based on the given dataset as well as its variables. While business intelligence has always been regarded as the highest priority for investment, companies have complained about the overflow of information and lack of access to the relevant data (Howson 2013 ). Hence, relevant data from companies’ data servers can be analyzed in favor of cost reduction (e.g., time and resources) by different BI algorithms that can also lead to controlling financial risks (Ghosh et al. 2018 ; Chen 2017 ). By implementing the risk management processes, many organizations aim to increase the impact of risk management activities and to build up value for stakeholders (Williams and Heins 1989 ). The necessity of using BI raised from the fact that financial enterprises including insurance companies like any other financial enterprises have analyzable data that can be used to modify knowledge-based risk management. In this study, our research purpose besides an investigative case study and providing an implementable framework was how business intelligence approaches can be used to risk management process using real-world data. This study particularly focused on the implication of BI approaches in improving decision making in agricultural insurance. We, therefore, investigated whether agricultural insurance data pertain to online transactional processing (OLTP) system contain the following elements: complete data of insurers, their properties specifications, locations, amount of paid compensations, reasons of damages, and bank account of insurers in the agricultural bank. However, previous studies have addressed a variety of problems in using BI, from leveraging organizational agility (Cheng et al.  2020 ) to improve decision making in other sectors such as transportation, health, telecommunications, etc. (Ain et al. 2019 ). This study draws on BI approaches (e.g., observation, reporting, and prediction) with a focus on the phases of risk management (e.g., detection analysis and risk control) to demonstrate how BI can improve provided services, preferable managing of uncertainties coupled with improving decision quality based on existing data in the company.

2 Literature review

The term BI was first referred to “an automatic system to disseminate information to the various sections of any industrial, scientific or government organization” (Luhn 1958 ). In recent years, BI has been known as an intended process through which a company can investigate and train to extract information from vast stocks of data to detect an obtainable opportunity while minimizing the threats associated with uncertainty (Cheng et al.  2020 ). Previous studies have shown that the progress of computational intelligence occurs in various fields (Wu et al.  2014 ; Ain et al. 2019 ), in which a survey of the significant areas and perspectives are presented in this section.

2.1 Early warning systems

Various studies have addressed the importance of early warning systems (EWS) as a method to control risk. By testing EWS in practice, in her study, Krstevska ( 2012 ) referred to macroeconomic models with the features of Macedonia’s economy and they proved that EWS is an advantageous solution that can be conducted in BI tools to forecast the risk of a financial crisis. In another study, Flores ( 2009 ) addressed the early warning in insurance utilizing stochastic optimization to find an investment policy for the management of a fund from the perspective of a risk-averse government. Early warning is also discussed for conveying the mechanisms of financial and macroeconomic supervision that regional monetary units can be considered in the BI policies to cultivate existing surveillance tools for improving crisis detection and prevention. In particular, they illustrated that the RMU might be beneficial as a tool for macroeconomic consultation (Castell 2009 ). Some studies argued their method in industrial applications and described a method for identifying logistic risks for small-to-medium size companies (Xie et al.  2009 ). Fuzzy cognitive map (FCM) is a mixed methodology based on neural network and fuzzy logic, which both are in the querying algorithms of the BI. Liu et al. ( 2006 ) developed an intelligent early warning system using fuzzy logic based on an integrated set of software metrics from multiple perspectives to make sponsors, users, project managers and software developers aware of many potential risks as early as possible. It has the potential to improve software development and maintenance to a great extent. Han and Deng ( 2018 ) combined artificial neural networks, fuzzy optimization and time-series econometric models in one unified framework to form a hybrid intelligent early warning system for predicting economic crises. Wang et al. ( 2018 ) proposed a financial crisis early warning monitoring algorithm based on FCM, and evaluated the effect of the algorithm based on the relevant data of listed companies in China; the experimental outcomes showed that the technique is efficient, economical, and timely and can practically reflect the crisis state of financial data.

2.2 Risk-based decision making

Employing computational intelligence for decision-making based on risk in information systems as supporting systems of decision-making has been studied since 1970 (Keen 1978 ; Sprague 1982 ). Some studies have taken advantage of the business intelligence to provide another application for analyzing the loan risk in financial modeling of pulp and paper industry (Warenski 2012 ). Some researchers have specifically addressed the assessment of value and risk in IT investment; by taking the resource-based view of the company and the perspective of the feasible option, they found that IT investments and their timing influence organizational downside risk (Otim et al.  2012 ). Such investments involving a complex series of stakeholders require attention to organizational policies. Some have studied the role of political pluralism in the expansion of commercial banks, especially from the perspective of risk management in India (Olson 1996 ). Industrial decision-making does not merely include multi-stakeholders, but it also includes multi-criteria. Some researchers have provided a risk assessment technique of multiple criteria for analyzing risk in safety by integrating the accepted features of the common failure mode, effects, and criticality analysis technique in the BI tools with taking into account economic variables in terms of risk and to minimize the total safety costs by defining a specific index called total risk priority number (Wu et al.  2014 ). Lakemond et al. ( 2013 ) dealt with a model for considering risk in product development, which is capable of initial assessments of risk and other challenges. Some of the neural networks study applications to assess reliability to reduce the project failure risk. Another application showed the value of artificial neural network models in the projects of public-private partnerships. The application was also used in the banking industry which included employing artificial neural networks to analyze credit cards applications which allow banks to effectively control their risk after the post-2008 bubble (Yazici 2011 ). Some researchers combined neural networks with text mining software to address financial risk management in daily trading. Another application was to use the artificial neural network models, which is one of the main algorithms in BI tools to manage the financial risk of over 7000 small companies in Italy. The results showed that when the method is unconnectedly designed according to size, geographical area, and business sector, the method prediction accuracy is noticeably higher for the smallest sized companies and especially those which are operating in central Italy (Ciampi 2013 ).

2.3 Game-based risk analysis

The role of Nash in offering game theory and studying the competitive strategy is significant (Nash 1950 ). The focus of this field is mainly on industrial risk management. Some researchers studied a complete information game model which examines emerging multi-risks in a project management environment by designing an effective algorithm to deal with the allocation solution based on Nash equilibrium that can also be reflected in the BI based plans, and an experiment is presented to show the usefulness of the proposed game method. The proposed solution methods can be employed to support decision-making in project risk management (Zhao 2009 ). Some extended the game theory models to probabilistic risk analysis in counter-terrorism activities. They carried out a comparative analysis of probabilistic risk analysis methods such as Bayesian networks, decision trees, and game theory that are the main algorithms in BI tools to get insights into the significant differences in assumptions and results. They found that assessing the distribution of potential attacker decisions is a problematic judgment, especially considering the adaptation of the attacker to defender decisions. Intelligent opponent risk analysis is an extension of decision analysis and sequential game theory that can be taken to decompose such judgments (Merrick 2011 ). And some used this theory to model vertical distinction in online advertising and found that a higher revenue can result in lower service prices (Lin et al.  2012 ).

2.4 Credit risk decisions

The basic task of the financial industry in risk management is to study the probability of default. Some researchers offered a scoring model for the Czech banks by means of linear discriminatory analysis, the initial probability of default is calculated through a scoring model in US banks by using linear discriminant analysis. They showed that even though all banks are well organized, there is still a high chance that “a financial crisis” will arise (Gurny 2009 ). Some others utilized the Six Sigma DMAIC methodology to reduce financial risk (Chen et al.  2012 ). Still, some others showed how scorecards can be used to predict the risk management of credit value of large banks (Wu 2010 ). Caracota et al. ( 2010 ) offered a scoring model for (small- and medium-size) enterprises that applied for loans. Some others studied the effectiveness of credit scoring of public enterprises (sponsored by the state) and showed how credit bureau scoring resulted in support for different strategies of risk escape or preference for less risk and greedy investments risks (Poon 2009 ).

2.5 Data mining in enterprise risk management

Data mining has turned into a very popular concept in statistical and artificial intelligence tools as well as plays a pivotal role in the BI tools for the analysis of sets of big data. Among the various risk management related studies, some researchers have applied the data mining tools to the financial affairs of companies, including fraud detection management, credit risk estimation, and performance prediction of the company (Shiri et al.  2012 ). Some argued that data mining in internal fraud renders preferable results compared to a single-variant analysis (Jans et al.  2010 ). Holton ( 2009 ) employed data mining for occupational fraud in auditing which the main focus is on detecting motivational aspects such as employee disgruntlement. Their proposed model predicts whether emails contain disgruntled communications, providing extremely relevant information not otherwise likely to be revealed in a fraud audit. The model can be incorporated into fraud risk analysis systems to improve their ability to detect and deter fraud. In other industries, data mining is employed to better predict the electricity supply cut-off, especially when caused by a storm (Nateghi et al.  2011 ). Some other studied data mining to support risk management in the supply chain; the recognized papers’ insights, gaps and future directions could inspire new investigation procedures with a view to managing the risks in the globalized supply chain environment (Ghadge et al.  2012 ; Shojaei and Haeri 2019 ). Some other studies have been conducted to reduce occupational damage risk using data mining (Murayama et al.  2011 ; Zhu et al. 2019 ).

The aforementioned studies, therefore, support the adaptation and utilization of the BI systems and their capabilities in wider organizational settings including sequential case studies. Although companies have been unsuccessful to capture the advantages of BI systems to their full extent. They mainly are pursuing means to leverage value from the carried out systems (Visinescu et al.  2017 ). However, prior studies do not have any comprehensive solution that discusses the ways related to adoption and utilization of BI system in practical and sequential stages in financial settings such as agricultural insurance, we present a utilitarian and sequential exploratory case study with a limited dataset in the agricultural insurance coupled with a suggested framework, which not only is a universal and reusable abstraction but it also delivers specific functionality that facilitates the development of BI applications, products, and solutions.

3.1 Description of the Iran agricultural insurance system

Iran agricultural insurance fund is the only active insurance company in the agriculture section in Iran. It was established in 1984 by agricultural bank which is one of the governmental banks in Iran. The initial aim of setting up this fund was to support the farmers and ranchers whose products were damaged by pests, diseases, drought, frostbite, and other natural disasters. Cotton and beet were first insured in 1984 as the first agricultural products ever insured, and at the time being, more than 153 products and activities are under insurance. During 30 years its responsibilities had been expanded into some main responsibilities, such as, investigating in any research in terms of increasing and improving agricultural products, holding courses to educate farmers and ranchers, investing in developing the company’s IT sections to become an IT-based system, like updating data servers to collect all relevant datasets such as farmers’ data, their properties location and specifications, paid compensations in each year, etc. (Agricultural insurance fund 2020 ). The historical reports have showed that the capacity of insurance is as follows (which has not fully been materialized due to the voluntary nature of insurance and also a limitation in financial resources): farming products (85 %), garden products (89 %), birds (100 %), products of livestock, aquatics and natural resources (95 %). Some of the indices of agricultural insurance development within the last 10 years (the 10 years ending in the agricultural year 2011–2012, comparative performance) are as follows:

Insurance of farming products; from 2 million hectares to 5.8 million hectares (2.9 times)

Insurance of garden products; from 12,000 hectares to 510,000 hectares (42.5 times)

Livestock insurance; from 2 million animals to 14 million animals (7 times)

As it can be seen from Fig.  1 , the upward trend of agricultural insurance growth among signed contracts is significant. In Fig.  1 the ascending growth trend of insurers number within the last 10 years is shown, which amounts to more than 2 million at the end of the farming year 2011–2012:

Insurers’ number within 10 years (Agricultural insurance fund 2020 )

Table 1 shows the overall figures of premium (including government’s share and insured person’s share) and compensation paid during the 10 farming years 2002–2003 to 2012–2013 (by million Rials).

3.2 Dataset description

The sample dataset contained 7740 insured agricultural lands and 21 numerical and categorical variables of each land, which is taken by the informatics section of agricultural banks from the online transaction processing servers of the agricultural insurance fund in 2013–2014. It consisted of lands that were cultivated by insured landowners with wheat in the Kermanshah region which has 5 branches of agricultural bank: Kozaran district, Shahid Rajaie, Keshavari Blvd, Mahidasht and Kermanshah. The online transaction processing servers of the company are collecting data of contracts, financial transactions, and insurance appraisers’ reports in all Iran agricultural banks in an integrated data center.

The dataset consisted of two types of data: measures and dimensions. (1) The measures were numerical variables, which were organized in a fact table and contained foreign keys of the logical relationships. These variables included: insured ID, contract number, date, tax amount, paid compensation, the total amount of insurance, insurer’s share, insured person’s share, maximum obligation. (2) The dimensions or the system’s key performance indicators (KPIs) were categorical variables and contained primary keys; in our case study dimensions contain five tables, Solar Hijri calendar, Gregorian calendar, insurer profile, the insured person or company profile, insurance contract specifications. These two types of data based on the created database on the fund’s online transactions processing servers shape the data cube scheme (Fig.  2 ). Financial risks in agricultural insurance are generally related to unexpected financial outcomes that can cause many issues such as liquidity risk. A suitable mechanism to manage uncertainty in agricultural insurance must have the ability to accurately detect all kinds of risks by modeling all data in the agricultural insurance online transaction processing (OLTP) servers without impeding the performance of the platform. Therefore, a mechanism of insured individuals clustering through schemed data cube was presented. Using the clustering mechanism, we grouped data points together based on a set of parameters such as their similarities and relations. Despite that insured individuals may have various possessions in different regions, the logical relationships among the tables still have a mechanism to identify the users who have partially similar features. By investigating the created data cube, which was a multidimensional array of all involved variables the financial risk management purposes of the research were asserted.

Data cube scheme and logical relationships

In various relative analytics, we had three primary factors: hindsight, insight, and foresight. At the foresight level, predictive analyses were used to predict the outcomes, by taking the advantage of various machine learning (ML) algorithms (McNellis 2019 ; Ereth and Eckerson 2018 ). BI tools based on collected data can predict the future state of the variables. Two pivotal predicting algorithms in BI are regression and classification, which both are categorized under the same umbrella of supervised ML. The regression algorithm allows evaluating the mapping function of the input variables as numerical or continuous output variables known as measures. The, classification algorithm, on the other hand, attempts to assess the mapping function of the input variables to discrete or categorical output variables known as dimensions. These algorithms can be conducted based on several architects, the main two ones are multidimensional online analytical processing (MOLAP) and relational online analytical processing ROLAP; in the present work, the chosen architecture is MOLAP because it has some merits over ROLAP, such as, better performance in real-time analysis and dealing with a bigger amount of data. Creating MOLAP architecture has various steps (Fig.  3 ). We used SQL server analysis service (SSAS) 2012 to create tables out of OLTP datasets contains 5 dimension tables and 1 fact table represents the measures, then raising an analysis services multidimensional and data mining project in Microsoft visual studio 2010 and connect to the created database in SSAS and transfer all data, next generating data source view from all added tables and data, this is followed by forming logical relationships between fact table (with foreign keys) and dimensional tables (with primary keys), then creating dimensions’ attributes and hierarchies which leads to building data cube based on fact table that contains measures. In the penultimate stage, making a connection string from Targit (business intelligence tool) to the Microsoft visual studio. Finally, the created data cube is available in the Targit environment to make customized queries, comparisons, dashboard system, prediction, etc.

Steps in various platforms to create MOLAP architecture

4.1 The applied MOLAP

Risk management phases, in general, were as follows: risk detection, risk analysis and risk control. According to the results obtained from designing the dimensions and measures existing in the data cube and experts’ comments, some financial risks were identified, which are regarded as the function of financing decisions of the company (Bandaly et al. 2018 ). All the next indicated graphs belong to 2014–2015 were the BI predictions, which were processed by the sample 2012–2013 dataset. Figure 4 shows the analyses and behavior trend of total earning insured amount in each premium issuing branches in the given region (Kermanshah which has 5 branches: Keshavarzi Blvd., Shahid Rajai, Kermanshah, Kozaran, and Mahidasht) during the farming year of 2013–2014 and the predicted year of 2014–2015. In the 2013–2014 graph, axis x represents the amount of money earned by each branch for insuring the farmers’ lands. Graph 2014–2015 is a prediction of the same trend in the next year in which Mahidasht and Kozaran branches would have better financial performance. This foresight is achieved by learning algorithms such as a neural network in the BI software engine depending on the measures of the dataset such as land area, number of bank accounts, insured savings, and insurance fee. Based on these figures’ managers can take actions to prevent the causes of decreasing trends in Kermanshah, Shahid Rajai branches and empowering positive impacts on increasing trends in the other branches. As it can be seen (Fig.  4 ) Kermanshah had better performance although Kozaran and Mahidasht could earn much more insurance fees since they cover vaster farmlands. The reason behind the performance of the Kermanshah branch in comparison to other branches was behind the fact that the manager’s main focus was no longer on acquiring new customers but on retaining old ones. Managers in Keshavarzi Blvd. and Shahid Rajai branches by carrying the same policies in the next year they would run the risk of losing their positions.

Forecasting amount of received money for insurance fee

In another analysis in Fig.  5 , the predicted paid compensation amount in comparison with insurers’ received fee in different branches in the 2014–2015 farming year is shown. Due to the updating of new policies in terms of agricultural insuring tariffs in the share of government in 2014, all the districts except Kozaran would be faced with an increasing trend in the amount of paid compensation in the 2014–2015 farming year. This assessment and prediction are crucial at the beginning of each farming year and should be considered, because the budget of the fund is provided by the annual government budget, therefore the agriculture bank must send the estimated budget to the government for the upcoming farming year. Basically, each branch has its agricultural experts to advise farmers and after every report given by landowners they have to visit the reported land to evaluate the level of damage also farmers can take full advantage from their consultations, for example, the right form of ploughing or plowing a field which is one of the basic instructions of field management that can dramatically reduce the level of damage especially in the fields with a slope of higher than 20 degrees. Kozaran branch is the only branch with a higher insurance fee than the amount of total paid compensation. These figures demonstrate that they could use their experts to keep the level of damage low.

The paid compensation amount and insurers’ received fee prediction in 2014–2015 farming year

Through analysis indicated in Fig.  6 , the trend of the production of each land (x-axis is the name of lands with the lowest damage) compared with the paid compensation amount (y, axis) in the 2014–2015 farming year is predicted. These 19 lands would be the most profitable lands among 7740 lands in the agricultural insurance fund in the region of Kermanshah which paid compensation amount to them is the lowest one, therefore their owners’ performance in controlling relevant risks is noticeable. From the marketing point of view and saving financial resources, finding lands with low damage level is essential because by investigating the reasons behind it, experts in the ministry of agriculture can encourage other farmers to follow those models and solutions to reduce the damage, consequently, the paid compensation amount would be decreased as well. Besides general risk management mechanisms such as adopting cropping techniques pest management systems, fertilization, irrigation that are considered in most of the land there are two extra common techniques among these 19 fields which are the owners not only used resistant variables (this is a crucial factor in farming because many farmers are using their product in each year as the next year seed which this can cause reduce the next year’s product more than 5 % in each year) but also they employed crop rotation strategy which can naturally build up soil fertility, crop yield, reduce soil erosion. Through BI customized queries drill down into the data cube entities finding differences and the reasons for managers in each branch is applicable. Being aware of the reasons behind each damage can solve or reduce it for upcoming farming years.

Profitable insured lands

Based on the principles of financial risk management, the agricultural insurance fund financial analysis process includes four steps: collecting financial data, providing financial balance sheets, providing financial ratios and creating financial measures based on the fund’s strategies (Agricultural insurance fund 2020 ). As you can see in Fig.  7 , by employing business intelligence various algorithms the mentioned four steps financial processes are achievable through designing an analytical database and an appropriate data cube. Based on the financial records in the sample dataset of 2013–2014, the financial variables in 2014–2015 are predicted. High dependence on the government’s resources, high damage in products, and absence of participation on the part of the private sector, heightens the importance of management, financial risk analysis, and extraction of meaningful trends out of transactional data of the fund. The government’s share in the 2014–2015 farming year would be increased by 4 % as compared to 2013–2014. Upon the occurrence of minor damage in 2013–2014 (indicated by 2014 in Fig.  6 ), the amount of paid compensation would be increased by 24 times as compared to the previous year which can cause obvious liquidity risk. Since the outsourcing of financial risk is not possible for agricultural insurance fund in such farming years (e.g., with a high level of damage), the compensation should be paid through consultation with the government, which often is accompanied by payment deferment, absence of appropriate approaches for similar risky events for the following years. Failing in predicting financial outcomes would cause serious financial risks furthermore high dependence of agricultural insurance fund on the government budget can make fund fails in meeting its obligations unless the decision-makers could have an insight of the upcoming outcomes based on their existing data sets which are feasible by employing business intelligence approaches.

Predicted financial measures for 2014–2015 by analyzing 2013–2014 financial records

4.2 A framework of BI in relationship with risk management

As a foundation for developing applications whereby business intelligence developers can define a specific platform to prepare a groundwork for a data-driven company, frameworks have an undeniable role to play. For the sake of having a comprehensive framework, every database must be taken into account through which analyzing them the developers can achieve beneficial outputs and results for the next layer; the first layer of the framework (Fig.  8 ) is dedicated to all potential databases that could give the feeds for the customized queries in the interface layer, for example, the rate of rainfall in a particular area has unquestionable impacts on dry farming. In the integration layer, all valid datasets are extracted; data cleaning and cleansing, which aims to pass only proper data to the target is one of the actions in the transform step; in the last step of ETL through loading all created data marts are gathered to feed the data warehouse; data warehouse (DW) as the data provider of the BI algorithms is conducted by loading data marts in the analysis layer. In the application layers, all outputs of implementing BI based on multidimensional online analytical processing architecture are available, such as online analytical processing (OLAP), data cube, data management, key performance indicators monitoring, business process management. In the interface layer, all elements of our BI arsenal can be seen, which early warning system is the most important one that quite stands out and leads the whole framework to the knowledge layer with regard to controlling uncertainties and risk management.

The framework of BI system in agricultural insurance

5 Discussion

The scope of this paper focused on the implication of business intelligence as a solution to illustrate its potential in risk management particularly for decision-makers in agricultural insurance. Through multidimensional online analytical processing architect, we carried out series of predictions in terms of financial measures (numerical variables) for 2014–2015 farming year by analyzing a limited sample of financial and operational records consists of insured lands were cultivated with wheat in 2013–2014 in Kermanshah region and its 5 branches.

As risk analysis attempts at assessing an underlying true risk with quantified uncertainty limits (Goerlandt and Reniers 2018 ); indeed business intelligence solutions can determine how likely specific outcomes are if some aspects of the system are not precisely known. The presented BI system predicted the government’s share in the 2014–2015 farming year would be increased by 4 % compared to 2013–2014. Our results showed that upon the occurrence of minor damage in 2013–2014 (Fig.  6 ) the amount of paid compensation increased by 24 times compared to the previous year which can cause obvious liquidity risk. The relationship between a financial enterprise liquidity risk and its performance has been also shown by the previous studies (Pac et al. 2018 ). This is a vital analysis of the risk perspective since the outsourcing of financial risk is not possible for agricultural insurance fund in farming years with a high level of damage therefore, compensation should be paid through consultation with the government, which often is accompanied by payment deferment as well as the absence of appropriate approaches for similar risky events for the following years. Failing in predicting financial outcomes would cause serious financial risks; furthermore, high dependence of agricultural insurance fund on the government budget can make fund fails in meeting its obligations; hence, an implication of the aforementioned prescriptive analytic would be to allow agricultural insurance to use collected data from OLTP, contracts, climate parameters, etc., to predict future possible outcomes by employing proposed MOLAP architecture along with the customized framework suggested by the current study.

Furthermore, improved decision excellence is the pivotal expected upside of implementing BI systems. Specifically, common decision making methods in the Iran agricultural insurance fund as for: command, consult, vote, consensus (i.e., talk until reaching an agreement) can be replaced by BI algorithms to help agricultural insurance to become an insights-driven organization even when there is a paucity of relevant data. Take for instance, predicting 19 lands that would be the most profitable lands among 7740 records in the agricultural insurance fund in the given region is a good example of defining future strategies because their owners’ performance in controlling relevant risks is noticeable; therefore, by investigating the reasons behind it, experts in the ministry of agriculture can encourage other farmers to follow those models and solutions to reduce the damage, consequently, the paid compensation amount would be decreased as well.

This study had some limitations that need to be mentioned. Since we used real data from the online transactional processing of the fund, we couldn’t show all the possible results. The granted permission for receiving sample dataset was only for the 2013–2014 farming year, whereas at least 15 years of data is collected in the fund servers which can lead to more accurate results and a wide range of problems in terms of fraud detection, human resource management, etc., can be covered and analyzed. Furthermore, because of the insured persons, personals, insurance appraisers’ private privacy data, our ability to show the results was another important limitation.

6 Conclusions

To handle financial risk management numerous companies are struggling with becoming data-driven businesses. A financial enterprise like agricultural insurance is one of these enterprises that face financial risks through business intelligence analysis. Considering the nature of agriculture as an industry with unique conditions we can witness uncertainty in its sections and experts in these fields are dealing with the most uncertain factors therefore, altering the obsolete strategies in terms of being a data-driven company for agricultural insurance fund has to be categorized as a high priority goal. A practical contribution of this research was to demonstrate the benefits of business intelligence solutions regarding financial uncertainties. We showed employing business intelligence can dramatically decrease imprecise estimations caused countless uncertainties in agricultural insurance. In this experimental case study, we strove to illustrate the BI approaches to indicate three levels of analytics (e.g., hindsight, insight, foresight) which can lead to risk management’s stages (e.g., detection, analysis, control). The results of the analytical model of BI revealed four possible predictions to tackle financial risks. We also proposed a framework of BI system in agricultural insurance with the main focus on financial and operational risk management through which minor modifications can be employed in various financial enterprises.

Agricultural insurancefund (2020) Agricultural Insurance Fund, History and Responsibilities. In:Agriculture Bank Web Page. http://www.sbkiran.ir/about/tasks

Ain N, Vaia G, Delone WH (2019) Two decades of research on business intelligence system adoption, utilization and success – a systematic literature review. Decis Support Syst 125(April):113113. https://doi.org/10.1016/j.dss.2019.113113

Article   Google Scholar  

Bandaly D, Shanker L, Şatır A (2018) Integrated financial and operational risk management of foreign exchange risk, input commodity price risk and demand uncertainty. IFAC-PapersOnLine 51(11):957–962. https://doi.org/10.1016/j.ifacol.2018.08.484

Caracota RC, Dimitriu M, Dinu MR (2010) Building a scoring model for small and medium enterprises. Theoret Appl Econ 17(9):117–128

Google Scholar  

Castell MRF, Dacuycuy LB (2009) Exploring the use of exchange market pressure and RMU deviation indicator for Early Warning System (EWS) in the ASEAN + 3 region. DLSU Bus Econ Rev 18(2):1–30

Chen CH (2017) Research on business intelligence with data mining applications. Int J Bus Econ Res 6(2):19. https://doi.org/10.11648/j.ijber.20170602.11

Chen YC, Chen SC, Huang MY, Tsai CL (2012) Application of six sigma DMAIC methodology to reduce financial risk: a study of credit card usage in Taiwan. Int J Manag 29:166–176

Cheng C, Zhong H, Cao L (2020) Facilitating speed of internationalization: the roles of business intelligence and organizational agility. J Bus Res 110(January):95–103. https://doi.org/10.1016/j.jbusres.2020.01.003

Ciampi F, Gordini N (2013) Small enterprise default prediction modeling through artificial neural networks: an empirical analysis of italian small enterprises. J Small Bus Manag 51(1):23–45

Ereth J, Eckerson W (2018) AI: The new BI. How algorithms are transforming business intelligence and analytics. Retrieved August, 1, 2019

Flores C (2009) Management of catastrophic risks considering the existence of early warning systems. Scand Actuar J 1:38–62

Article   MathSciNet   Google Scholar  

Ghadge A, Dani S, Kalawsky R (2012) Supply chain risk management: present and future scope. Int J Logist Manag 23(3):313–339

Ghosh P, Som S, Sen S (2018) Business intelligence development by analysing customer sentiment.2018 7th International Conference on Reliability, Infocom Technologies and Optimization: Trends and Future Directions, ICRITO 2018, 287–90. https://doi.org/10.1109/ICRITO.2018.8748517

Goerlandt F, Reniers G (2018) Prediction in a risk analysis context: implications for selecting a risk perspective in practical applications. Saf Sci 101 (October 2017):344–51. https://doi.org/10.1016/j.ssci.2017.09.007

Gurny P, Tichy T (2009) Estimation of future PD of financial institutions on the basis of scoring model. In: 12th International Conference on Finance & Banking: Structural & Regional Impacts of Financial Crises, 215–228

Han Y, Deng Y (2018) A hybrid intelligent model for assessment of critical success factors in high-risk emergency system. J Ambient Intell Humaniz Comput 9(6):1933–1953. https://doi.org/10.1007/s12652-018-0882-4

Holton C (2009) Identifying disgruntled employee systems fraud risk through text mining: a simple solution for a multi-billion dollar problem. Decis Support Syst 46(4):853–864

Howson C (2013)Successful business intelligence: unlock the value of BI & big data, 2nd edn. McGraw-Hill Osborne Media, New York. https://doi.org/10.1036/9780071809191

Jans M, Lybaert N, Vanhoof K (2010) Internal fraud risk reduction: results of a data mining case study. Int J Account Inf Syst 11(1):17–41

Keen PGW, Scott Morton MS (1978) Decision support systems: an organizational perspective. Addison-Wesley, Reading

Krstevska A (2012) Early warning systems: testing in practice. IUP J Financ Risk Manag 9(2):7–22

Lakemond N, Magnusson T, Johansson G et al (2013) Assessing interface challenges in product development projects. Res Technol Manag 56(1):40–48

Lin M, Ke X, Whinston AB (2012) Vertical differentiation and a comparison of online advertising models. J Manag Inf Syst 29(1):195–236

Liu X, Kane G, Bambroo M (2006) An intelligent early warning system for software quality improvement and project management.J Syst Softw 79(11):1552–64. https://doi.org/10.1016/j.jss.2006.01.024

Luhn HP (1958) A business intelligence system. IBM J Res Dev 2(4):314–319. https://doi.org/10.1147/rd.24.0314

McNellis J (2019) You’re likely investing a lot in marketing analytics, but are you getting the right insights? Gartner. https://blogs.gartner.com/jason-mcnellis/2019/11/05/youre-likely-investing-lot-marketing-analytics-getting-right-insights/

Merrick J, Parnell GS (2011) A comparative analysis of PRA and intelligent adversary methods for counterterrorism risk management. Risk Anal 31(9):1488–1510

Murayama S, Okuhara K, Shibata J, Ishii H (2011) Data mining for hazard elimination through text information in accident report. Asia Pac Manag Rev 16(1):65–81

Nash J (1950) Equilibrium points in N-person games. Proc Natl Acad Sci 36(1):48–49

Nateghi R, Guikema SD, Quiring SM (2011) Comparison and validation of statistical methods for predicting power outage durations in the event of hurricanes. Risk Anal 31(12):1897–1906

Olson DL (1996) Decision aids for selection problems. Springer, New York

Otim S, Dow KE, Grover V, Wong JA (2012) The impact of information technology investments on downside risk of the firm: alternative measurement of the business value of IT. J Manag Inf Syst 29(1):159–194

Pac R, Finan B, Pol M, Yi-kai, Chen (2018) Bank liquidity risk and performance 21(1). https://doi.org/10.1142/S0219091518500078

Poon M (2009) From new deal institutions to capital markets: commercial risk scores and the making of subprime mortgage finance. Acc Organ Soc 34(5):654–674

Shiri MM, Amini MT, Raftar MB (2012) Data mining techniques and predicting corporate financial distress. Interdiscip J Contemp Res Bus 3(12):61–68

Shojaei P, Haeri SAS (2019) Development of supply chain risk management approaches for construction projects: a grounded theory approach. Comput Ind Eng 128:837–850. https://doi.org/10.1016/j.cie.2018.11.045

Sprague RHJ, Carlson ED (1982) Building effective decision support systems. Prentice-Hall, Englewood Cliffs

Visinescu LL, Jones MC, Sidorova A (2017) Improving decision quality: the role of business intelligence. J Comput Inf Syst 57(1):58–66. https://doi.org/10.1080/08874417.2016.1181494

Wang Q, Hui F, Wang X, Ding Q (2018) Research on early warning and monitoring algorithm of financial crisis based on fuzzy cognitive map. Clust Comput 7. https://doi.org/10.1007/s10586-018-2219-7

Warenski L (2012) Relative uncertainty in term loan projection models: what lenders could tell risk managers. J Exp Theor Artif Intell 24(4):501–511

Williams AC, Heins RM (1989) Risk management and insurance. McGraw-Hill, New York

Wu D, Olson DL (2010) Enterprise risk management: coping with model risk in a large bank. J Oper Res Soc 61(2):179–190

Wu D, Dash S-H, Chen (2014) Business intelligence in risk management: some recent progresses. Inf Sci 256:1–7. https://doi.org/10.1016/j.ins.2013.10.008

Xie K, Liu J, Peng H, Chen G, Chen Y (2009) Early-warning management of inner logistics risk in SMEs based on label-card system. Prod Plan Control 20(4):306–319

Yazici M (2011) Combination of discriminant analysis and artificial neural network in the analysis of credit card customers. Eur J Financ Bank Res 4(4):1–10

Zhao L, Jiang Y (2009) A game theoretic optimization model between project risk set and measurement. Int J Inf Technol Decis Mak 8(4):769–786

Zhu X, Jin X, Jia D, Sun N, Wang P (2019) Application of data mining in an intelligent early warning system for rock bursts. Processes 7(2). https://doi.org/10.3390/pr7020055

Download references

Acknowledgements

Authors would thank the “Research and Development” department of the Agricultural insurance fund of Iran for the collaboration by giving access to financial and operational data.

Open access funding provided by Széchenyi István University (SZE).

Author information

Authors and affiliations.

Department of Information Technology, Szechenyi Istvan University, Gyor, Hungary

Mehran Amini

Department of Management, Kurdistan University, Sanandaj, Iran

Sara Salimi

Department of Management, Islamic Azad University, Sanandaj, Iran

Farid Yousefinejad

Department of Industrial Engineering, K. N. Toosi University of Technology, Tehran, Iran

Mohammad J. Tarokh

School of psychology, University of Nottingham, Nottingham, UK

Sayyed M. Haybatollahi

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Mehran Amini .

Additional information

Publisher’s note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Amini, M., Salimi, S., Yousefinejad, F. et al. The implication of business intelligence in risk management: a case study in agricultural insurance. J. of Data, Inf. and Manag. 3 , 155–166 (2021). https://doi.org/10.1007/s42488-021-00050-6

Download citation

Received : 10 February 2020

Accepted : 11 May 2021

Published : 22 May 2021

Issue Date : June 2021

DOI : https://doi.org/10.1007/s42488-021-00050-6

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Business intelligence
• Risk management
• Risk analytics
• Agricultural insurance
• Find a journal
• Publish with us
• Track your research

Strategic risk management at Titan Shipping Company: Lessons from Metallgesellschaft

Having finished his MBA earlier in the summer, Peter returned, as planned, to take over the helm of the family business. The past three months had been devoted to a close examination of the financial picture of both his family and the family business. During this time, he reacquainted himself with the current state of the shipping industry and Titan’s recent performance. Shipping tonnage had become a commodity business with shrinking margins and highly volatile prices. Companies which needed to ship could not depend on having an accurate figure for how much shipping tonnage would cost in the medium and long term. Such volatility was partly due to changes in oil markets, but, regardless of its source, it was hurting the business of Titan and its customers. Historically, Titan’s revenues came mostly from its long-term, loyal customers, but customer loyalty was declining. And Peter empathized with their position: Their business cycles were becoming increasingly short and their own margins thin – they had to ship at the lowest possible cost. Yet, in spite of being an extremely competitive and efficient shipping company, Titan just could not match those rates, since so many of its costs were fixed ahead of time. All of these events and findings were leading him toward a definite conclusion: Titan’s business model needed to be changed. Titan had to offer an innovative value proposition if it were to expand, or even hold on to, its customer base – it needed something to get them locked in. And whatever that turned out to be, it would also have to reduce Titan’s exposure to volatile freight prices so that it could get an improved valuation.

The Case Centre

Cranfield University

Wharley End Beds MK43 0JR, UK Tel +44 (0)1234 750903 Email  [email protected]

Harvard Business School Publishing

60 Harvard Way, Boston MA 02163, USA Tel (800) 545-7685 Tel (617)-783-7600 Fax (617) 783-7666 Email  [email protected]

Asia Pacific Case Center

NUCB Business School

1-3-1 Nishiki Naka Nagoya Aichi, Japan 460-0003 Tel +81 52 20 38 111 Email  [email protected]

IMD retains all proprietary interests in its case studies and notes. Without prior written permission, IMD cases and notes may not be reproduced, used, translated, included in books or other publications, distributed in any form or by any means, stored in a database or in other retrieval systems. For additional copyright information related to case studies, please contact Case Services .

Research Information & Knowledge Hub  for additional information on IMD publications

In addition to traditional venture capital (VC), governmental VC and social impact VC investors have emerged as alternatives to fund entrepreneuria...

In an effort to increase returns and control risk, pension funds are moving away from conventional equities and bonds into alternative investments ...

We study the effects of carbon transition risk on equity prices in the United States and Europe using disclosed carbon intensity data and find a ne...

For years, the sheer size of China’s economy made it an irresistible magnet for foreign investors, with many – including sovereign wealth funds fro...

US President Joe Biden once described the Inflation Reduction Act (IRA) as one of “the most significant laws” ever enacted due to its massive inves...

Singapore-based DBS bank was being shaken by nimble competitors and needed to change fast. CEO Piyush Gupta knew spending big on technology wasn't ...

The co-founding partner at Willowtree Investments underscores the importance of value alignment and trust in fostering successful partnerships

In light of the Swiss Federal government's report following the Credit Suisse debacle, how can the Swiss banking sector regain its reputation for s...

As the world’s largest democracy prepares to overtake China in terms of economic growth, it offers a huge investment opportunity, explains IMD’s Ri...

The payment processing industry in Europe had operated in largely the same way for decades. A standard system of financial processing and clearing ...

• Skip to Content

Advertisement: Certified CEO Program

• Business Basics
• Business IT
• Finance And Risk
• Growing Your Business
• Managing People
• Personal Success
• Meet Some Of Our Contributors
• Business Books
• Purchase Audio Seminar Series
• Certified Manager Program
• Certified CEO Program
• Top CEO Issues
• Business Book Summaries
• Audio Seminar Library
• Business Book Extracts
• Learning Modules
• Video Seminars
• How IIDM CPD Works
• IIDM Knowledge Units
• Certification - CEOs, Senior Executives & Managers
• Approved Certification Courses
• Certified CPD Reporting

Advertisement: Join IIDM

Advertisement: register for newsletter, advertisement: cpd small top, risk management case studies.

Mitigating Risk

As John Curnow inherited $7million of debt when he became CEO of three advertising agencies during the global financial crisis, he has given a lot of thought to risk mitigation. Now, as Founder and Managing Director of Virtual Ad Agency (VAA), his entire business model is based on risk mitigation.

Creative Recovery

Imagine landing a multi-million dollar contract to conduct business in Dubai - then not getting paid for the work you've done. Discover how one entrepreneur is using the lessons learnt from this experience to rebuild his company bigger, better and stronger after a complete collapse.

Under Pressure

What would you do if your bank cancelled your short-term finance facility just as you had landed three new contracts? Now imagine that happening between Christmas and New Year. Welcome to Paul Newbound’s nightmare.

Medals Of Honour

Two Defence Force Academy graduates have been successfully applying their military training to a corporate assault on the project management sector.

Startup Decompression

An innovative R&D start-up is fighting a classic battle that faces most brilliant youngsters: turning intellectual property into a cash-flowing business.

Sweet Harvest

Setting out to challenge a dominant market player became a whole lot harder when a new fruit-processing business ran into cashflow problems.

Armor-Plated Business

A Sydney inventor uses technology to strengthen his glass and mentors to reinforce his management weaknesses.

The Case For Safety

The cost of not maintaining a safe workplace can be injured workers and criminal action against directors.

How To Make Good Ideas Pay

A New Zealand research commercialiser says the new-idea business is all about experience, contacts and patent defence.

Keeping The Thief From Your Door

Police can no longer cope with theft from workplaces. Two experts tell how to avoid the problem in the first place.

Work Safety Begins Before The Work Starts

When Des Walters won a contract to provide dive services for a major construction project, he knew his company's reputation would depend on keeping workers safe.

Featured Article 1

A fresh approach to leading today's sales teams.

7 Types Of Self-care That Every Business Leader Should Be Mindful Of

Featured Articles

Why Tapping Into The Power Of A Growth Mindset Boosts Performance

Six Steps To Less Stress And More Balance

• Terms of Use
• Advertise With Us
• Testimonials

Copyright © 2024 International Institute of Directors and Managers ABN 26 112 140 299. All rights reserved.

• SUGGESTED TOPICS
• The Magazine
• Newsletters
• Managing Yourself
• Managing Teams
• Work-life Balance
• The Big Idea
• Data & Visuals
• Case Selections
• HBR Learning
• Topic Feeds
• Account Settings
• Email Preferences

Risk management

• Change management
• Competitive strategy
• Corporate strategy
• Customer strategy

The Power of “Risktakes”

• Vineet Nayar
• August 18, 2010

Strategy as Active Waiting

• Donald Sull
• From the September 2005 Issue

The Benefits of Thinking the Unthinkable

• Rita Gunther McGrath
• Rita McGrath
• July 07, 2010

Bet on One Big Idea—or Diversify?

• Toby E. Stuart
• From the November 2013 Issue

Bringing the Environment Down to Earth

• Forest L. Reinhardt
• From the July–August 1999 Issue

How Much Do Companies Really Worry About Climate Change?

• Andrew Winston
• March 04, 2014

A Case for Group Risk-Taking

• Karen Firestone
• July 10, 2014

Living in a Radical State of Uncertainty

• Bruce Nussbaum
• March 23, 2011

Where to Focus Your Company's Limited Cybersecurity Budget

• May 23, 2023

Leaning Your Way to Disaster

• Michael D. Watkins
• May 06, 2010

Innovation: Who Else Is Doing It?

• Rosabeth Moss Kanter
• June 21, 2010

When Crowds Aren’t Wise

• Cass R. Sunstein
• From the September 2006 Issue

The Latest Supply Chain Disruption: Plastics

• Bindiya Vakil
• March 26, 2021

How Pharma Can Fix Its Reputation and Its Business at the Same Time

• Damiano de Felice
• February 03, 2017

What Organizations Need to Survive a Pandemic

• Nitin Nohria
• January 30, 2020

The New World of Risk

• Adi Ignatius
• From the May–June 2018 Issue

MBAs Are More Self-Serving Than Other CEOs

• Danny Miller
• Nicole Torres
• From the December 2016 Issue

Why the Yale Model of Investing Doesn’t Work for Everybody

• April 09, 2010

The CEO Who Led a Turnaround Wearing a Helmet

• Robert I. Sutton
• November 22, 2013

How To Measure Your Company's Risk in a Downturn

• Robert S. Kaplan
• December 19, 2008

The End of the Chevron Doctrine Is Bad for Business

• Larry Downes
• Blair Levin
• September 13, 2024

Boards Need a New Approach to Technology

• Tarun Khanna
• Mary C. Beckerle
• Nabil Y. Sakkab
• From the September–October 2024 Issue

3 Common Archetypes of Employees Who Commit Fraud

• Kelly Richmond Pope
• Vairam Arunachalam
• August 15, 2024

When Cyberattacks Are Inevitable, Focus on Cyber Resilience

• Keri Pearlson
• July 18, 2024

How to Assess True Macroeconomic Risk

• Philipp Carlsson-Szlezak
• Paul Swartz
• From the July–August 2024 Issue

4 Types of Gen AI Risk and How to Mitigate Them

• Lazaros Goutas
• May 31, 2024

Make Decisions with a VC Mindset

• Ilya A. Strebulaev
• From the May–June 2024 Issue

Why Playing It Safe Is the Riskiest Strategic Choice

• Steve Dennis
• March 28, 2024

Bring Human Values to AI

• Jacob Abernethy
• François Candelon
• Theodoros Evgeniou
• Abhishek Gupta
• Yves Lostanlen
• From the March–April 2024 Issue

Why Data Breaches Spiked in 2023

• Stuart Madnick
• February 19, 2024

How to Vet a Corporate Intelligence Vendor

• Maria Robson-Morrow
• Katherine Tucker
• Paul R. Kolbe
• January 19, 2024

4 Questions to Assess the Trustworthiness of Your Company’s GenAI

• Shalene Gupta
• January 18, 2024

How to Red Team a Gen AI Model

• Andrew Burt
• January 04, 2024

2023: A Strange, Tumultuous Year in Sustainability

• December 28, 2023

Your Company Will Need Remote Work as Extreme Weather Gets Worse

• Erik Brynjolfsson
• Sebastian Steffen
• November 15, 2023

How to Capitalize on Generative AI

• Andrew McAfee
• Daniel Rock
• From the November–December 2023 Issue

What's Your Gen AI Strategy?

• Paul Leonardi
• Iavor Bojinov
• November 01, 2023

Smaller Companies Must Embrace Risk Management

• Ariane Chapelle
• September 08, 2023

Generative AI-nxiety

• Reid Blackman
• August 14, 2023

How a Federal Ban on Ransomware Payments Could Help CISOs

• Gary Barlet
• August 04, 2023

Enaam Food Products Limited: Employees Provident Fund

• Fazal Jawad Seyyed
• Salman Khan
• Hafsa Ashfaq
• December 01, 2018

Breaking the Buck

• Robert C. Pozen
• Elizabeth M. Leonard
• May 18, 2010

Boards That Lead: When to Take Charge, When to Partner, and When to Stay Out of the Way

• Michael Useem
• Dennis Carey
• December 10, 2013

The Rise and Fall of AIG

• Stephen Sapp
• January 27, 2012

Telangana Graduates' MLC Elections 2021: Handling Known and Unknown Uncertainties

• Vijaya Sunder M
• Vinodini Saihjpal
• Geetika Shah
• January 17, 2023

Merck: Managing Vioxx (B)

• Robert Simons
• Kathryn Rosenberg
• Natalie Kindred
• April 20, 2009

Carbon Credit Negotiation (A)

• Denis Leclerc
• Rockwell Michael
• Brian Scott
• June 20, 2024
• John R. Wells
• Benjamin Weinstock
• July 25, 2019

Shocks, Crises, and False Alarms: How to Assess True Macroeconomic Risk

• July 09, 2024

Corporate Social Responsibility at CANTV

• Maria H. Jaen
• Patricia Marquez
• February 01, 2007

Komatsu Ltd.: Project G's Globalization

• Christopher A. Bartlett
• October 03, 1997

Amyris Biotechnologies: Commercializing Biofuel

• Gary P. Pisano
• Alison Berkley Wagonfeld
• February 25, 2010

Media Markets Down South: Goldman Sachs' Investment in Grupo Clarín

• Rafael Di Tella
• Jose Liberti
• Sarah McAra
• July 21, 2017

V-Cola: General Instructions

• Ian I. Larkin
• Hallam Movius
• March 22, 2012

Repsol and YPF (A): A Perfect Marriage?

• Katherine Casey
• Sheila Melvin
• April 12, 2017

Forecasting Climate Risks: Aviva's Climate Calculus

• Peter Tufano
• September 12, 2023

Analyzing Standard Costs, Technical Note

• V.G. Narayanan
• November 07, 1995

Parker Brothers (B)

• John F. Cady
• March 01, 1980
• Kirk Bowman
• James Lattin
• Claire Magat Raffaelli
• February 23, 2010

Sweet Hereafter Summary: Reasoning from Personal Perspective

• Sandra J. Sucher
• February 13, 2007

Popular Topics

Partner center.

• Business Essentials
• Leadership & Management
• Credential of Leadership, Impact, and Management in Business (CLIMB)
• Entrepreneurship & Innovation
• Digital Transformation
• Finance & Accounting
• Business in Society
• For Organizations
• Support Portal
• Media Coverage
• Founding Donors
• Leadership Team

• Harvard Business School →
• HBS Online →
• Business Insights →

Business Insights

Harvard Business School Online's Business Insights Blog provides the career insights you need to achieve your goals and gain confidence in your business skills.

• Career Development
• Communication
• Decision-Making
• Earning Your MBA
• Negotiation
• News & Events
• Productivity
• Staff Spotlight
• Student Profiles
• Work-Life Balance
• AI Essentials for Business
• Alternative Investments
• Business Analytics
• Business Strategy
• Business and Climate Change
• Creating Brand Value
• Design Thinking and Innovation
• Digital Marketing Strategy
• Disruptive Strategy
• Economics for Managers
• Entrepreneurship Essentials
• Financial Accounting
• Global Business
• Launching Tech Ventures
• Leadership Principles
• Leadership, Ethics, and Corporate Accountability
• Leading Change and Organizational Renewal
• Leading with Finance
• Management Essentials
• Negotiation Mastery
• Organizational Leadership
• Power and Influence for Positive Impact
• Strategy Execution
• Sustainable Business Strategy
• Sustainable Investing
• Winning with Digital Platforms

What Is Risk Management & Why Is It Important?

• 24 Oct 2023

Businesses can’t operate without risk. Economic, technological, environmental, and competitive factors introduce obstacles that companies must not only manage but overcome.

According to PwC’s Global Risk Survey , organizations that embrace strategic risk management are five times more likely to deliver stakeholder confidence and better business outcomes and two times more likely to expect faster revenue growth.

If you want to enhance your job performance and identify and mitigate risk more effectively, here’s a breakdown of what risk management is and why it’s important.

Access your free e-book today.

What Is Risk Management?

Risk management is the systematic process of identifying, assessing, and mitigating threats or uncertainties that can affect your organization. It involves analyzing risks’ likelihood and impact, developing strategies to minimize harm, and monitoring measures’ effectiveness.

“Competing successfully in any industry involves some level of risk,” says Harvard Business School Professor Robert Simons, who teaches the online course Strategy Execution . “But high-performing businesses with high-pressure cultures are especially vulnerable. As a manager, you need to know how and why these risks arise and how to avoid them.”

According to Strategy Execution , strategic risk has three main causes:

• Pressures due to growth: This is often caused by an accelerated rate of expansion that makes staffing or industry knowledge gaps more harmful to your business.
• Pressures due to culture: While entrepreneurial risk-taking can come with rewards, executive resistance and internal competition can cause problems.
• Pressures due to information management: Since information is key to effective leadership , gaps in performance measures can result in decentralized decision-making.

These pressures can lead to several types of risk that you must manage or mitigate to avoid reputational, financial, or strategic failures. However, risks aren’t always obvious.

“I think one of the challenges firms face is the ability to properly identify their risks,” says HBS Professor Eugene Soltes in Strategy Execution .

Therefore, it’s crucial to pinpoint unexpected events or conditions that could significantly impede your organization’s business strategy .

Related: Business Strategy vs. Strategy Execution: Which Course Is Right for Me?

According to Strategy Execution , strategic risk comprises:

• Operations risk: This occurs when internal operational errors interrupt your products or services’ flow. For example, shipping tainted products can negatively affect food distribution companies.
• Asset impairment risk: When your company’s assets lose a significant portion of their current value because of a decreased likelihood of receiving future cash flows . For instance, losing property assets, like a manufacturing plant, due to a natural disaster.
• Competitive risk: Changes in the competitive environment can interrupt your organization’s ability to create value and differentiate its offerings—eventually leading to a significant loss in revenue.
• Franchise risk: When your organization’s value erodes because stakeholders lose confidence in its objectives. This primarily results from failing to control any of the strategic risk sources listed above.

Understanding these risks is essential to ensuring your organization’s long-term success. Here’s a deeper dive into why risk management is important.

4 Reasons Why Risk Management Is Important

1. protects organization’s reputation.

In many cases, effective risk management proactively protects your organization from incidents that can affect its reputation.

“Franchise risk is a concern for all businesses,“ Simons says in Strategy Execution . “However, it's especially pressing for businesses whose reputations depend on the trust of key constituents.”

For example, airlines are particularly susceptible to franchise risk because of unforeseen events, such as flight delays and cancellations caused by weather or mechanical failure. While such incidents are considered operational risks, they can be incredibly damaging.

In 2016, Delta Airlines experienced a national computer outage, resulting in over 2,000 flight cancellations. Delta not only lost an estimated $150 million but took a hit to its reputation as a reliable airline that prided itself on “canceling cancellations.”

While Delta bounced back, the incident illustrates how mitigating operational errors can make or break your organization.

2. Minimizes Losses

Most businesses create risk management teams to avoid major financial losses. Yet, various risks can still impact their bottom lines.

A Vault Platform study found that dealing with workplace misconduct cost U.S. businesses over $20 billion in 2021. In addition, Soltes says in Strategy Execution that corporate fines for misconduct have risen 40-fold in the U.S. over the last 20 years.

One way to mitigate financial losses related to employee misconduct is by implementing internal controls. According to Strategy Execution , internal controls are the policies and procedures designed to ensure reliable accounting information and safeguard company assets.

“Managers use internal controls to limit the opportunities employees have to expose the business to risk,” Simons says in the course.

One company that could have benefited from implementing internal controls is Volkswagen (VW). In 2015, VW whistle-blowers revealed that the company’s engineers deliberately manipulated diesel vehicles’ emissions data to make them appear more environmentally friendly.

This led to severe consequences, including regulatory penalties, expensive vehicle recalls, and legal settlements—all of which resulted in significant financial losses. By 2018, U.S. authorities had extracted $25 billion in fines, penalties, civil damages, and restitution from the company.

Had VW maintained more rigorous internal controls to ensure transparency, compliance, and proper oversight of its engineering practices, perhaps it could have detected—or even averted—the situation.

Related: What Are Business Ethics & Why Are They Important?

3. Encourages Innovation and Growth

Risk management isn’t just about avoiding negative outcomes. It can also be the catalyst that drives your organization’s innovation and growth.

“Risks may not be pleasant to think about, but they’re inevitable if you want to push your business to innovate and remain competitive,” Simons says in Strategy Execution .

According to PwC , 83 percent of companies’ business strategies focus on growth, despite risks and mixed economic signals. In Strategy Execution , Simons notes that competitive risk is a challenge you must constantly monitor and address.

“Any firm operating in a competitive market must focus its attention on changes in the external environment that could impair its ability to create value for its customers,” Simons says.

This requires incorporating boundary systems —explicit statements that define and communicate risks to avoid—to ensure internal controls don’t extinguish innovation.

“Boundary systems are essential levers in businesses to give people freedom,” Simons says. “In such circumstances, you don’t want to stifle innovation or entrepreneurial behavior by telling people how to do their jobs. And if you want to remain competitive, you’ll need to innovate and adapt.”

Netflix is an example of how risk management can inspire innovation. In the early 2000s, the company was primarily known for its DVD-by-mail rental service. With growing competition from video rental stores, Netflix went against the grain and introduced its streaming service. This changed the market, resulting in a booming industry nearly a decade later.

Netflix’s innovation didn’t stop there. Once the steaming services market became highly competitive, the company shifted once again to gain a competitive edge. It ventured into producing original content, which ultimately helped differentiate its platform and attract additional subscribers.

By offering more freedom within internal controls, you can encourage innovation and constant growth.

4. Enhances Decision-Making

Risk management also provides a structured framework for decision-making. This can be beneficial if your business is inclined toward risks that are difficult to manage.

By pulling data from existing control systems to develop hypothetical scenarios, you can discuss and debate strategies’ efficacy before executing them.

“Interactive control systems are the formal information systems managers use to personally involve themselves in the decision activities of subordinates,” Simons says in Strategy Execution . “Decision activities that relate to and impact strategic uncertainties.”

JPMorgan Chase, one of the most prominent financial institutions in the world, is particularly susceptible to cyber risks because it compiles vast amounts of sensitive customer data . According to PwC , cybersecurity is the number one business risk on managers’ minds, with 78 percent worried about more frequent or broader cyber attacks.

Using data science techniques like machine learning algorithms enables JPMorgan Chase’s leadership not only to detect and prevent cyber attacks but address and mitigate risk.

Start Managing Your Organization's Risk

Risk management is essential to business. While some risk is inevitable, your ability to identify and mitigate it can benefit your organization.

But you can’t plan for everything. According to the Harvard Business Review , some risks are so remote that no one could have imagined them. Some result from a perfect storm of incidents, while others materialize rapidly and on enormous scales.

By taking an online strategy course , you can build the knowledge and skills to identify strategic risks and ensure they don’t undermine your business. For example, through an interactive learning experience, Strategy Execution enables you to draw insights from real-world business examples and better understand how to approach risk management.

Do you want to mitigate your organization’s risks? Explore Strategy Execution —one of our online strategy courses —and download our free strategy e-book to gain the insights to build a successful strategy.

About the Author

The Business Case for Enterprise Risk Management

While it may be easy enough for risk professionals to appreciate the benefits that ERM can bring in driving robust risk management processes within an organization, it may be trickier to put the case for ERM investment to senior management, boards, or business owners. If you’re tasked with justifying ERM as a business performance driver, with a view to implementing an ERM solution, here are some key considerations that might just help to strengthen your case:

• Get people thinking about business risks and their implications

The risk landscape is constantly evolving and traditional approaches to risk management lack the agility to adapt to unforeseen or emerging risks. What type of risks affects or could affect the business and what would happen if these risks aren’t managed? Questions around the impact of the current economic environment and legislative changes on the business, how the business is performing compared to its key competitors, and what events could damage the business’ reputation or market position will help you to articulate the value of ERM.

• Do your homework – prepare a comprehensive ‘argument’ for ERM

With the buy-in of senior management in mind, it can be worthwhile to set out and explain exactly what modern enterprise-wide risk management is and rather than presenting a complex ERM model and methodology, provide a clear outline of why it is necessary, the business objectives it can address and the value propositions for respective stakeholders and decision-makers.

What exactly can be achieved by raising the profile of risk management and implementing an ERM approach within your organization? Business objectives may include:

• Encouraging a risk-aware culture
• The ability to identify and effectively treat risks that can be detrimental, whilst identifying and seizing opportunities as they arise
• Building a center of excellence for risk management
• Standardizing risk evaluation
• Embedding risk management within strategic decision-making, business planning, and day-to-day activity
• ERM – persistence pays off

Through your own research and/or prior experience, you will likely appreciate that effective risk management can help reduce operational surprises and mitigate losses, improve awareness of risks and enhance internal controls, promote a ‘healthy’ risk culture and ensure an aligned, consistent approach across the organization. But how do you get leadership buy-in?

“We must consistently, convincingly, and relentlessly articulate the value of ERM. We must lead by example, ensuring the needs of the business come first,” emphasizes Sam Elwell in ‘Making the Investment Case for ERM’ published in Enterprise Risk, the official magazine of the Institute of Risk Management. “To get from a blank slate to an effective and trusted ERM function, one-word springs to mind – persistence.”

Key ERM Benefits at-a-glance:

• The ability to balance risk versus reward – some risks pose opportunities
• Improved shareholder value and governance
• Maximized scope for business success
• Reduced operational losses and costs
• Aligned risk appetite, tolerance, and strategy
• Optimized resource allocation based on prioritized risks
• Enhanced decision-making
• Improved risk awareness and better risk responses
• Develop risk policies, processes, and procedures

In putting the case for ERM, it may be useful to scope out the roles and responsibilities of each party involved in risk management within your organization. Depending on the scale and nature of the enterprise, they may include business owners or board members, audit and risk functions, senior management, risk owners, and in some organizations, depending on risk culture, all employees.

Some may find it beneficial to promote a center of excellence for risk management – a risk management function dedicated to devising and enforcing risk management policies and procedures for the organization. A team who will co-ordinate, review and consolidate risk reporting, whilst monitoring the approach to risk management and its effectiveness.

It may also be useful to define and share your organization’s risk appetite statement, risk tolerance limits, criteria for risk assessment and prioritization, plus risk identification, analysis, reporting, and monitoring procedures.

• Use case studies to strengthen your case

Perhaps you can use the experiences of other organizations within your sector to demonstrate the value of ERM? Or, as suggests Elwell, you could create your own case study: ‘Select a risk with upside potential… Pick sensibly. You need to deliver tangible, positive outcomes. Use risk appetite as a green light, not a red. Focus attention on a small set of critical KRIs and KPIs which affect strategic objectives. Block out background noise and focus the business on what the business wants.

“Before you know it you have created your own case study where ERM has delivered tangible value, quickly, with little investment. The case study involves your business and better still, you. Leadership sees ERM in a positive light and trusts you to deliver value. You secure the investment in technology and talent and can expand your approach across the full risk profile.”

• Countering cost objections

If your end-game is to get leadership buy-in to ERM software investment, be prepared to justify your position. Try to calculate the true costs of common risks to your business, factoring in where possible issues such as downtime, work missed, legal expenses, mitigation costs. How disruptive and costly would a major incident be, for instance?

Quantifying the cost of risks is difficult, but a cost/benefit analysis can aid decision-making. Ultimately, if reducing the frequency of events and the impact (cost) of those that do occur is greater than the cost of investing in the software itself, then the case is clearer still.

More homework – consider the ERM software solutions available on the marketplace that best suit your business requirements. Be ready to detail how they will be able to solve your risk, governance, and compliance challenges, save on time and resources, and address current administrative pain points.

Time-to-value is always important, so perhaps also think about cloud rather than on-premise deployment, so you can be up and running with ERM software sooner, benefiting from the functionality and attaining ROI.

Best-in-class ERM software

Sophisticated technology underpins ERM and supports business performance.

If you are keen to discover how ERM software can drive business performance within your organization, learn more about the technology behind leading-edge risk management,  Project Risk Manager .

Share This, Choose Your Platform!

Related posts.

U.S. Army Successfully Combats Project Risks with Riskonnect’s Active Risk Manager

5 Project Management Risks and What You Can Do About Them

Elbit America Achieves Mission Success with Riskonnect’s Active Risk Manager

• Case Study on Strong Risk Management Network
• Yorkshire Building Society – Case Study
• Case Study: How Schlumberger Revamped Its Risk...

Review our cookie policy

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.

Privacy Overview

Human Powered Approach

We offer world-class expertise with trusted teams, purpose-built to help you meet your goals.

We are always looking for consultants to join our team

• Application Development & Integrations
• Artificial Intelligence & Machine Learning
• Cybersecurity
• Data Science & Analytics
• Enterprise Applications
• Enterprise Agility, Product, & Program Delivery
• QA, Engineering & Testing
• Specialized Government Solutions
• Accounting & Advisory
• Business Optimization & Program Management
• Risk & Compliance
• Specialty Financial Applications
• Clinical Operations
• Clinical Data Sciences
• Quality & Regulatory Compliance
• Internal Careers
• Partnerships
• Consultant Advocate Program
• Case Studies
• Whitepapers

Risk Management in Banking: Case Studies

These case studies involving risk management in banking demonstrate how to handle complex situations successfully. Learn more today.

Share this:

Risk Management in banking comes with a significant number of challenges, as banks must stay compliant with endlessly changing rules while making transactions seamless for customers. Eliassen Group is known for our considerable risk and compliance experience in the financial services industry, and we can support teams that must respond to Matters Requiring Attention (MRAs) and other regulatory actions. For proof, look no further than these recent case studies for two top 25 global banks.

Case Study #1: Deployment of Enterprise-Wide Risk Management Framework and Supporting Capabilities

To respond to regulatory actions and MRAs, this global bank needed to deploy an enhanced enterprise-level Risk Management Framework and supporting capabilities across all Front-Line Units with requirements that impacted all lines of business. This would be a daunting task for any company. Luckily, the client had worked with Eliassen Group in the past, and they knew that we could help them embed sustainable, repeatable controls into the client's processes.

We led the deployment of key Risk Management Framework process, system, and policy components across one of the lines of business. Not only did we meet immediate deadlines and go beyond expectations, but aspects of our approach were also adopted by all business groups across the enterprise. During the engagement, we successfully transitioned the program to new executive and workstream leadership as the client made broad organizational changes.

"We focus on helping our clients implement and execute their risk management program, which is why they continue to reach out to us when they need help," said Bill Gienke, Managing Director at Eliassen Group. "I am especially proud of how we collaborated with this client to prioritize and deliver a complex program that met evolving regulatory and internal requirements."

Case Study #2: End-to-End High Risk Client Review via the Enhanced Due Diligence Process To Meet Regulatory Requirements

A second global bank asked Eliassen Group for support with a different but equally difficult scenario – regulators required their wealth management division to improve its Enhanced Due Diligence (EDD) reviews of high-risk customers. After working with Eliassen Group on key risk and compliance initiatives, the client knew that Eliassen Group had financial crimes experience and could help stand up a team to work on the backlog of reviews, train team members, handle quality assurance of risk assessments, make decisions to retain or exit customers, and build a sustainable business as usual process.

Eliassen Group made a powerful impact – the client upgraded their internal audit rating of the Anti-Money Laundering (AML) within their Investment Division for the first time in several years. In addition, we achieved a 99% Quality Control pass rate, and we were recognized as a role model for other teams.

"We are in the business of becoming that trusted strategic partner building client relationships to stand the test of time because when our clients win, we all win," said Jay Gentile, Principal, Client Solutions, at Eliassen Group. "Our progressive delivery models are designed to ensure consistent, repeatable, and sustainable results across processes and teams."

Our in-depth knowledge and willingness to collaborate so we can ultimately train your team to stay on top of regulations help us stand out. Interested in hearing more? Contact us today.

When Companies Lose Their Way: Find It Again in 3 Steps (Part 2)

Top 5 Pillars of Highly-Effective Managed File Transfer Strategies

How do you prepare for the interview "dance".

Breadcrumbs Section. Click here to navigate to respective pages.

Risk Management in Organisations

DOI link for Risk Management in Organisations

Get Citation

Risk management is vital to organisational success, from government down to small businesses, and the discipline has developed rapidly over the last decade. Learning lessons from the good and bad practice of others is a key feature of this book, which includes multiple illustrative examples of risk management practice, in addition to detailed case studies.

Combining both theory and practice, the early chapters compare the ISO 31000 and COSO Enterprise Risk Management frameworks and the relevant regulatory regimes in both Europe and the United States. The core of the book is three highly detailed case studies of risk management in the manufacturing (Akzo Nobel), retail (Tesco), and public sectors (Birmingham City Council). Using the lessons learned from the case studies, together with material from elsewhere, the author then outlines four lessons for risk managers that can be used in any organisation seeking to develop a truly enterprise-wide risk management system.

This completely revised edition contains updates on regulations and practice, together with new chapters covering technology risk and COVID-19, which are major risks faced by all organisations today. As such the book is essential reading for risk management professionals and postgraduate and executive learners.

TABLE OF CONTENTS

Chapter 1 | 3  pages, introduction to this book, chapter 2 | 17  pages, risk and governance, chapter 3 | 19  pages, international standards for risk and enterprise management, chapter 4 | 17  pages, risk management in theory and practice, chapter 5 | 18  pages, managing technology risk, chapter 6 | 34  pages, enterprise risk management in manufacturing, chapter 7 | 48  pages, risk management in retail, chapter 8 | 37  pages, risk management in the public sector, chapter 9 | 18  pages, best practice risk management, chapter 10 | 11  pages, a risk management perspective on covid-19.

• Privacy Policy
• Terms & Conditions
• Cookie Policy
• Taylor & Francis Online
• Taylor & Francis Group
• Students/Researchers
• Librarians/Institutions

Connect with us

Registered in England & Wales No. 3099067 5 Howick Place | London | SW1P 1WG © 2024 Informa UK Limited

Our systems are now restored following recent technical disruption, and we’re working hard to catch up on publishing. We apologise for the inconvenience caused. Find out more: https://www.cambridge.org/universitypress/about-us/news-and-blogs/cambridge-university-press-publishing-update-following-technical-disruption

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings .

Login Alert

• > Financial Enterprise Risk Management
• > Case Studies

Book contents

• Frontmatter
• 1 An Introduction to Enterprise Risk Management
• 2 Types of Financial Institution
• 3 Stakeholders
• 4 The Internal Environment
• 5 The External Environment
• 6 Process Overview
• 7 Definitions of Risk
• 8 Risk Identification
• 9 Some Useful Statistics
• 10 Statistical Distributions
• 11 Modelling Techniques
• 12 Extreme Value Theory
• 13 Modelling Time Series
• 14 Quantifying Particular Risks
• 15 Risk Assessment
• 16 Responses to Risk
• 17 Continuous Considerations
• 18 Economic Capital
• 19 Risk Frameworks
• 20 Case Studies
• 21 Solutions to Questions

20 - Case Studies

Published online by Cambridge University Press:  12 August 2017

Introduction

One way to help understand enterprise risk management is to use case studies. These can illustrate the issues faced in real organisations, and the causes of a range of risk management failures. It is, unfortunately, the failures that make up the majority of case studies. This is mainly because no-one ever hears about many successful risk management initiatives. If an investment banker fails to make increasingly desperate trades because it is impossible to hide any resulting losses in a hidden trading account, then the good design of the risk management protocols will attract little attention; however, the absence of such protocols and the bankruptcy of the banker's employer will make the news and can give valuable insights into how things should not be done.

The majority of the case studies here relate to financial institutions, since these are the ones that can be related most closely to the principles in this book. However, some non-financial examples are also included, since they highlight risk management issues that face all organisations, not just those in the financial services sector.

The information for this chapter is distilled from a number of books on the various episodes described. I recommend that you read these books, not only to understand risk management more fully but also because the stories are often compelling in themselves.

The 2008 Global Financial Crisis

The 2008 global financial crisis had repercussions that still persist. The problems in the United States housing market spread to the real estate market in Europe, and to the banks with exposures to this market. Governments bailed out banks, cut spending and borrowed heavily. As of 2016, interest rates around the world are still low, and sustained economic growth seems elusive.

The financial crisis was characterised by a lack of liquidity – particularly funding liquidity – and a corresponding fall in the creditworthiness of firms and governments. Whilst the popular view is that the crisis is the fault of ‘the bankers’, it is important to understand both the background to the crisis and the particular risk management failures that caused it.

Causes of the Crisis

The Role of China

A key role in the build-up to the crisis was played by China. Over the last few decades, the Chinese economy has grown very quickly. Much of this growth has been driven by exports to theWest.

Access options

Save book to kindle.

To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle .

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service .

• Case Studies
• Paul Sweeting , University of Kent, Canterbury
• Book: Financial Enterprise Risk Management
• Online publication: 12 August 2017
• Chapter DOI: https://doi.org/10.1017/9781316882214.021

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox .

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive .

GRC 20/20 Research, LLC

Governance, Risk Management & Compliance Research

Enter your search term below

Search for products only.

The Titanic: A Case Study in Flawed Risk Management

How Poor Risk Management Sunk the Unsinkable, and Lessons Learned in Identifying Blind Spots in the Modern Threatscape

The story of the Titanic is one of the most infamous disasters in history. Yet, beyond the tragic loss of life, it serves as a compelling analogy for understanding and managing risk in today’s business environment. The ship’s demise was not due to a single failure, but rather a combination of risks — external and internal — that collectively brought about the disaster. As organizations strive to navigate the complex waters of today’s risk landscape, there is much to learn from how various factors contributed to the sinking of the Titanic.

From Luxury to Lifeboats: The Titanic’s Missteps in Risk Mitigation

Consider the following lessons the Titanic teaches about . . .

[The rest of this blog can be read on the Mitratech blog, where GRC 20/20’s Michael Rasmussen is a Guest Blogger]

Share this:

• Click to email a link to a friend (Opens in new window)
• Click to print (Opens in new window)
• Click to share on LinkedIn (Opens in new window)
• Click to share on Twitter (Opens in new window)
• Click to share on Facebook (Opens in new window)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

• The Titanic: A Case Study in Flawed Risk Management

How Poor Risk Management Sunk the Unsinkable, and Lessons Learned in Identifying Blind Spots in the Modern Threatscape

The story of the Titanic is one of the most infamous disasters in history. Yet, beyond the tragic loss of life, it serves as a compelling analogy for understanding and managing risk in today’s business environment. The ship’s demise was not due to a single failure, but rather a combination of risks — external and internal — that collectively brought about the disaster. As organizations strive to navigate the complex waters of today’s risk landscape, there is much to learn from how various factors contributed to the sinking of the Titanic.

From Luxury to Lifeboats: The Titanic’s Missteps in Risk Mitigation

Consider the following lessons the Titanic teaches about:

Overconfidence and Misjudged Resilience

In 1912, Captain E.J. Smith made a statement that encapsulated the hubris surrounding the Titanic. He famously remarked, “I never saw a wreck and never have been wrecked, nor was I ever in a predicament that threatened to end in a disaster. I cannot conceive of any vital disaster happening to this vessel.” This overconfidence was echoed by the media, which claimed the Titanic was “unsinkable.” This misplaced confidence — whether in the ship’s design, the crew’s capabilities, or external factors — mirrors a dangerous mindset in many modern organizations. Executives can become overconfident in their strategies, technologies, or market positions, blinding them to real and evolving risks. This overconfidence often manifests in ignoring warnings, failing to prepare for the worst, or downplaying potential threats. Are your executives too confident in the organization’s ability to weather storms?

External Risk Factors: Unseen Dangers Lurking in the Distance

In early 1912, tidal forces caused by unusual lunar activity brought more hazards into the Atlantic shipping lanes than were typically present. While this was an external risk, it went unaddressed by the crew. Similarly, businesses today face external risk factors — economic shifts, political changes, environmental disruptions, third-party risk, or technological advancements like AI — that may introduce unforeseen dangers into their operational landscapes. Failure to recognize and adapt to external risks can be catastrophic. The key is constant vigilance and the ability to anticipate how such factors could alter the organization’s risk profile. Are there external factors influencing your business that may be slipping under the radar?

Pressure to Perform: Speed Over Safety

There was significant pressure on the Titanic to make a quick and impressive voyage across the Atlantic, showcasing its speed and power. This relentless drive toward performance at all costs is something many organizations today can relate to. Often, businesses prioritize growth and speed over risk management, pushing the limits of their capacity without considering the consequences. But how often are we driving our businesses faster than we can effectively manage risk? By prioritizing immediate gains, companies may unintentionally set themselves up for long-term damage. Sometimes, slowing down to assess and address risks can be the most prudent strategy.

Health, Safety, and Preparedness

The Titanic was grossly under-equipped when it came to safety measures. Despite having time to abandon the ship, there weren’t enough lifeboats to accommodate all passengers. This illustrates a failure in resource management—there was an awareness of the need for safety measures, but not enough was invested in them. In today’s business terms, this speaks to the need for adequate resources and preparedness in the face of risks. Whether it’s cyber security, employee safety, or financial reserves, organizations need to ensure they have the necessary safety nets in place. Does your business have the right reserves and contingency plans to steer through turbulent times?

Infrastructure Weaknesses

The Boiler Fire and Fragile Rivets. When the Titanic set sail, it had an out-of-control boiler fire that was quietly weakening the ship’s structure. Additionally, the iron used in the rivets holding the ship’s seams together was of inferior quality, making the vessel more susceptible to damage. These infrastructure risks are akin to supply chain and operational weaknesses that businesses face today. Often, cracks within the organization’s foundation may not be immediately visible but can magnify under stress. Weak links in the supply chain, outdated technology, or poor-quality products can all contribute to a larger disaster if left unaddressed. Are there hidden weaknesses in your organization’s infrastructure?

Overlooked Warnings: A Breakdown in Oversight

The Titanic was bombarded with telegraphs warning of icebergs ahead. However, one response from the ship’s crew was, “Shut up, we are tired of hearing about it.” This dismissal of critical information parallels modern failures in communication and oversight. Today, many organizations implement advanced GRC (Governance, Risk, and Compliance) systems to provide a comprehensive view of risks. But if employees don’t have access to the data they need, or if risk messages are ignored or downplayed, these systems fail to protect the business. Just like the crew’s failure to access binoculars—because the crew member with the key had been reassigned—organizations may invest in the best technology but fail to empower their employees with the tools and data they need.

Navigating Risk: Is Your Business Equipped?

When the Titanic hit the iceberg, its rudder and propeller were too small for a ship of its size, making it difficult to navigate quickly enough to avoid the collision. Likewise, organizations need the right tools, resources, and agility to navigate the risks they face. The Titanic was designed to stay afloat with four compartments flooded, but it brushed against the iceberg in such a way that six compartments flooded, sinking the ship. This speaks to the cumulative effect of risks — individually, they might be manageable, but together they create a disaster.

Charting Safer Waters in a Multi-Faceted Risk Environment: The Need for Enterprise Visibility

In business, risk is rarely isolated. One event can trigger others, leading to a cascade of failures. Does your organization have the flexibility and tools needed to adapt and steer in response to evolving threats?

The Titanic disaster was a result of multiple risks — overconfidence, external factors, insufficient safety measures, infrastructure weaknesses, ignored warnings, and poor navigation — interacting together. Each risk on its own may not have caused the disaster, but together they led to tragedy.

Modern organizations need a holistic, enterprise-wide view of their risks and how they interconnect. It’s not enough to manage risks in silos; businesses must understand how one risk can influence another. A failure to do so means you’re navigating the complexities of today’s world blindly.

Just as addressing any one or two risks on the Titanic could have prevented disaster, addressing and understanding interconnected risks in your business can help avert failure. Do you have the enterprise visibility across risks, relationships, and their impacts on your objectives?

The Titanic’s tragic sinking serves as a powerful reminder of what can happen when risks are not fully understood or addressed. Today’s organizations face an equally complex and multi-faceted risk environment. To avoid their own “icebergs,” businesses need to continuously monitor, assess, and mitigate risk across all areas — from external factors to internal operations.

By learning from the past, we can better prepare for the future. Let the Titanic be a warning: even the most unsinkable organizations can go down if they ignore the risks beneath the surface.

[ View source .]

Related Posts

• 5 Reasons to Invest in Enterprise Risk Management Software
• ‘Tis the season for better cyber hygiene: navigating IT risk management in 2024
• Aligning your cyber risk management program with your company’s bottom line

Latest Posts

• 7 Tips for Effective Background Screening of Hourly Employees

See more »

Refine your interests »

Written by:

PUBLISH YOUR CONTENT ON JD SUPRA NOW

• Increased visibility
• Actionable analytics
• Ongoing guidance

Published In:

Mitratech holdings, inc on:.

"My best business intelligence, in one easy email…"

• General & Introductory Industrial Engineering
• Industrial Engineering / Project Management

Project Management Case Studies, 6th Edition

ISBN: 978-1-119-82199-1

Digital Evaluation Copy

Harold Kerzner

The latest edition in the gold standard of project management case study collections

As a critical part of any successful, competitive business, project management sits at the intersection of several functional areas. And in the newly revised Sixth Edition of Project Management Case Studies , world-renowned project management professional Dr. Harold Kerzner delivers practical and in-depth coverage of project management in industries as varied as automotive, healthcare, government, manufacturing, communications, construction, chemical, aerospace, and more.

The latest edition of this bestselling book acts as the perfect supplement to any project management textbook or as an aid in the preparation for the PMP certification exam. The author includes new topics, like risk management, information sharing, scope changes, crisis dashboards, and innovation.

The Sixth Edition includes ten new case studies and a wide array of updates to existing cases to meet today’s industry standards and reflect the unique challenges facing modern project management professionals. This new edition:

• Features 10 new case studies from LEGO, NorthStar, Berlin Brandenburg Airport, and more
• Includes over 100 case studies drawn from real companies illustrating successful and poor implementation of project management
• Provides coverage of broad areas of project management as well as focused content on the automotive, healthcare, government, manufacturing, communications, construction, chemical, and aerospace industries
• Offers new topics including risk management, information sharing, scope changes, crisis dashboards, and innovation

Perfect for students taking courses on project management during their undergraduate degrees and at the graduate level as part of an MBA or graduate engineering program, Project Management Case Studies is also an indispensable resource for consulting and training companies who work with other professionals.

Harold Kerzner, PhD, is Senior Executive Director for Project, Program and Portfolio Management at the International Institute of Learning, Inc. (IIL). Dr. Kerzner’s impact on the project management industry inspired IIL to establish the Kerzner International Project Manager of the Year Award. IIL also donated $1M to the Project Management Institute Educational Foundation (PMIEF) to establish the Dr. Harold Kerzner Scholarship Fund.

• | Resources
• | Guide: Fraud Risk Management: What It Is and How the Process Works

span]:text-green font-bold text-4xl md:text-77 xl:text-[4.5vw] 2xl:text-120"> Resources

Guide: fraud risk management: what it is and how the process works.

• September 18, 2024

Fraud has evolved to be more sophisticated and prevalent than ever before. According to the Federal Trade Commission, consumers lost over $10 billion to fraud in 2023. As consumer technologies continue to advance, fraudsters have evolved to committing highly elevated and organized cybercrime. Companies need to prioritize detecting and preventing internal and external fraud attacks to keep their customers’ information safe and protect their businesses from financial losses. 

Conducting a fraud risk assessment is the first step any company can take to proactively mitigate fraud, regardless of industry. In this article, we’ll cover the key elements of fraud risk assessments, including what they are, how they work, and why they are essential to any fraud protection strategy. 

What Is a Fraud Risk Assessment and How Does It Work?

The goal of a fraud risk assessment is to identify a company’s exposure and vulnerabilities to fraudulent activity. The assessment is always customized to the organization’s industry, functional requirements, and risk tolerance. Leaders of each department should conduct their own risk assessments to determine likelihood of fraud. Risk assessments should be updated regularly to reflect changes in fraud trends and the evolving business environment.  

A fraud risk assessment should address five key areas of opportunity for fraud: 

• Financial Reporting :  Intentional misrepresentation of financial information, such as overstating revenues or understating expenses and losses
• Misappropriation of Assets :  Impacting company assets through means such as larceny, embezzlement, and fraudulent disbursements
• Illegal Acts & Corruption :  Violation of laws and regulations, bribery, or the illicit use of intelligence, intellectual property, etc.
• Non-Financial Reporting : Intentional misrepresentation of performance metrics or operational reporting
• Regulatory Compliance : How a company complies with regulatory requirements and standards

Assessing Your Fraud Risk

While the process will vary depending on the organization’s size, industry, and who’s conducting the assessment, below are five key steps that any company can take to conduct their own fraud risk assessment. 

1.  Identify Risks  Identify where fraud can occur across the organization, whether internally or externally, and collect detailed information about weaknesses in operational processes, tools, or employee habits. This will highlight what’s missing in your fraud management strategy so you can adjust accordingly. 

2. Analyze Risks  Analyze the likelihood of fraud occurring as well as the severity of how that fraudulent activity will impact the organization. Determining the consequences of fraud will give you an idea of what fraud protection strategies should be prioritized to prevent financial or reputational losses. 

3. Respond to Risks  Take action to mitigate the risk of fraudulent behavior, whether by restructuring operational processes, reevaluating common business practices, or eliminating services that have more risk than they are worth.

4. Monitor Risks  Monitoring risks is crucial to preventing fraudulent activity, especially as fraudsters continue to evolve their skills and take advantage of digital services. It’s essential to adapt and adjust your fraud prevention plan whenever necessary to ensure detection of fraud at all levels of the business.

5. Report Risks  Report your findings in your fraud risk assessment so that the company can implement controls wherever they’re lacking. Ensure that whoever conducts the assessment remains objective and can suggest solutions to mitigate fraud risks in a way that’s clear and measurable.

Why You Need a Fraud Risk Assessment

By conducting a risk assessment, your organization can use the knowledge gained from the evaluation to employ controls that prevent fraudulent behavior, both internally and externally. This will help you prevent unnecessary financial losses while protecting your customers from data theft. Investing in fraud risk management will give consumers the confidence to do business with you long-term, leading to happier customers and an improved reputation. 

Be proactive about mitigating fraudulent behavior by partnering with an expert in fraud protection . Download our Fraud Risk Management guide below.

Recent Posts

Case Study: Saving Money on Concession Expenses for the Top Vacation Rental Marketplace

Enhance Customer Experience During Contact With AI and Automation

Case Study: Driving Accurate and Efficient Customer Experience Post-Interaction

Pardon Our Interruption

As you were browsing something about your browser made us think you were a bot. There are a few reasons this might happen:

• You've disabled JavaScript in your web browser.
• You're a power user moving through this website with super-human speed.
• You've disabled cookies in your web browser.
• A third-party browser plugin, such as Ghostery or NoScript, is preventing JavaScript from running. Additional information is available in this support article .

To regain access, please make sure that cookies and JavaScript are enabled before reloading the page.

Working together, we can reimagine medicine to improve and extend people’s lives.

Ethics, Risks & Compliance Manager, ACC

About the role.

Major Accountabilities:

• Work in close collaboration with ACC Ethics, Risk & Compliance Head and representatives from other Functions.
• Collaborate as a Business Partner to implement a risk-based approach in their projects and initiatives while ensuring compliance with internal and external guidelines.
• Lead and manage ERC processes, initiatives and projects in ACC; establishing project scope, objectives, and deliverables; create comprehensive work plans and implement these project plans.
• Prepares status reports and presentations with project/initiatives progress, using data analytics and presentation for senior management; ensuring that evidence and documents are complete, current, and stored appropriately.
• Reporting of technical complaints / adverse events / special case scenarios related to Novartis products within 24 hours of receipt
• Ensure adherence to local ERC standards by aligning with internal policies and guidelines, relevant external legislations, and using internal tools and platforms such as the Code of Ethics, Conflict of Interest, Speak Up, Doing Business Ethically, and the BeSure platform.
• Deliver proactive risk management strategies specifically targeting ERC-related matters.
• Develop a training plan for the ERC program that aligns with both global and local needs and resources.
• Develop mitigation plans for activities, initiatives, and risk areas under the RAM process, and lead remediation efforts for areas outside of RAM, including internal audits, global monitoring or local reviews.
• Design and implement culture and learning initiatives like campaigns, engagement activities, case studies, risk-based workshops, and learnings, as outlined in the ERC Program.

Minimum Requirements:

Work Experience:

• Complete graduation in Legal, Business, Auditor or correlated areas
• Consolidated knowledge in Ethics, Compliance and Risk Management
• Experience in Project Management
• Experience in the pharmaceutical/healthcare sector is a plus
• Languages: Fluency in Spanish and English

Imagine what you could do at Novartis!

Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network

Why Novartis: Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting and inspiring each other. Combining to achieve breakthroughs that change patients’ lives. Ready to create a brighter future together? https://www.novartis.com/about/strategy/people-and-culture

Join our Novartis Network: Not the right Novartis role for you? Sign up to our talent community to stay connected and learn about suitable career opportunities as soon as they come up: https://talentnetwork.novartis.com/network

Benefits and Rewards: Read our handbook to learn about all the ways we’ll help you thrive personally and professionally: https://www.novartis.com/careers/benefits-rewards

Novartis is committed to building an outstanding, inclusive work environment and diverse teams' representative of the patients and communities we serve.