Enterprise Risk FAQs

What is risk?

The possibility of suffering harm. In business, risk is the possibility of experiencing a financial loss.

What is a risk factor?

An action or event that can cause harm. In business, a risk factor is a business practice or condition that can cause financial loss. For example:

  • A method used for bid estimation. If you operate with a lousy method, you will get jobs that lose money.
  • A procedure to track small tools and equipment. If you track tools poorly, they will disappear causing you additional expense.

What is risk mitigation?

Lowering risk by implementing risk controls. In business, risk mitigation is lowering the possibility of financial loss by changing business practices or conditions.

What is Enterprise Risk Management (ERM)?

A process for managing a business by focusing on risk control that is comprised of the following steps:

  1. Risk Identification – Identification of risk exposures
  2. Risk Analysis – Risk Analysis of risk and development of risk control recommendations
  3. Risk Response – Establishment of an action plan to implement risk controls
  4. Risk Control – Implementation of measures to mitigate risk
  5. Risk Monitoring – Verification that risk is controlled

Why is risk control important to me?

Your level of control over risk determines your profitability and likelihood for long term success.

Are all companies exposed to risk?

Yes. Every company has risk exposures.

What are these exposures to risk?

In layman terms, an exposure to risk is: a condition or a way of operating that could hurt your company:

  • A “condition” is usually uncontrollable, such as heavy rains.
  • A “way of operating” is entirely controllable since the power is in your hands.

Are all risk factors of equal importance?

No. For example, poor estimating can completely bankrupt a company, whereas losing tools will simply cost you money. Importance is crucial to understanding risk.

How does risk impact a company?

Companies thrive when all factors of risk are well controlled, thus resulting in a low level of risk. Companies fail if important factors of risk are not well controlled; high risk makes the company susceptible to loss.

How can risk be measured in a business?

By identifying all the important risk factors, determining the individual importance of each, establishing a measurement guide to remove subjectivity, and methodically assessing the level of risk for each factor.

How can the risk in one business be compared to the risk in others?

Companies within each industry have similar risk factors; therefore the range of risk amongst industry members can be normalized and then compared using a mathematical model.