The purpose of enterprise risk management. Risk management in your enterprise. Enterprise Risk Management Service

Risk management is the processes involved in identifying, analyzing risks and making decisions that include maximizing the positive and minimizing the negative consequences of the occurrence of risk events.

The project risk management process typically includes the following procedures:

1. Planning risk management - the choice of approaches and planning of risk management activities for the project.

2. Risk identification - identifying risks that could affect the project and documenting their characteristics.

3. Qualitative risk assessment - a qualitative analysis of risks and the conditions for their occurrence in order to determine their impact on the success of the project.

4. Quantitative assessment - quantitative analysis of the likelihood and impact of the consequences of risks on the project.

5. Risk response planning - defining procedures and methods to mitigate the negative consequences of risk events and use the potential benefits.

6. Monitoring and control of risks - monitoring risks, identifying remaining risks, implementing the project risk management plan and evaluating the effectiveness of actions to minimize risks.

All of these procedures interact with each other as well as with other procedures. Each procedure is performed at least once in every project.

The risk management system can ensure the fulfillment of a variety of management objectives of an organization. She can act as the basis of the whole management activities, on its basis the management strategy and control system are built.

The risk management system involves a comprehensive analysis of the totality of existing risks, their identification, assessment and development of control mechanisms. The requirement of a systematic approach assumes maximum coverage of all types of risk.

RISK MANAGEMENT METHODS

Under the conditions of the action of various external and internal risk factors, various methods of risk reduction can be used, affecting certain aspects of the enterprise's activities.

The variety of used in entrepreneurial activity risk management methods can be divided into 4 groups.

Risk management methods:

1) risk aversion techniques;

2) risk localization methods;

3) risk diversification methods;

4) risk compensation methods.

Let us consider in more detail the methods of risk management as methods of risk aversion.

Risk avoidance methods are the most common in business practice, they are used by entrepreneurs who prefer to act with confidence.

Evasion methods from risk are divided into:

· Rejection of unreliable partners, i.e. striving to work only with reliable, trusted partners, not expanding the circle of partners; refusal to participate in projects related to the need to expand the circle of partners, refusal of investment and innovative projects the confidence in the feasibility or effectiveness of which is questionable;

· Rejection of risky projects, i.e. rejection of innovative and other projects, the feasibility or effectiveness of which is questionable;

· Risk insurance, the main method of risk reduction, insurance of probable losses serves not only as reliable protection against unsuccessful decisions, but also increases the responsibility of decision-makers, forcing them to take the development and decision-making more seriously, and regularly carry out protective measures in accordance with insurance contracts. True, it is difficult to use the insurance mechanism when mastering new products or new technologies, since Insurance companies do not have sufficient data in such cases to carry out calculations;

· Search for guarantors, thus. when looking for guarantors, as with insurance, the goal is to transfer the risk to a third party. The functions of the guarantor can be performed by various entities (various funds, government agencies, enterprises), while it is necessary to observe the principle of equal mutual utility, i.e. the desired guarantor can be interested in a unique service, joint implementation project;

Risk localization methods are used in rare cases when it is possible to quite clearly identify the risks and the sources of their occurrence. Having singled out the economically most dangerous stages or areas of activity into separate structural units, you can make them more controllable and reduce the level of risk. These localization methods include:

The creation of venture capital enterprises involves the creation of a small subsidiary as an independent legal entity for high-tech (risky) projects. The risky part of the project is localized in the subsidiary, while the possibility of using the scientific and technical potential of the parent company remains;

· Creation of special structural divisions (with a separate balance sheet) to carry out risky projects;

· Conclusion of agreements on joint activities for the implementation of risky projects.

Risk diversification methods are in the distribution of the overall risk and are subdivided into:

· Distribution of responsibility between the project participants. When distributing work between project participants, it is necessary to clearly delineate the areas of activity and responsibility of each participant, as well as the conditions for the transfer of work and responsibility from one participant to another and legally fix this in contracts. There should be no stages, operations or works with vague or ambiguous responsibilities;

Diversification of activities and economic zones is an increase in the number of technologies used, an expansion of the range of products or services provided, an orientation towards various social groups consumers, to enterprises in different regions;

· Diversification of sales and supplies, i.e. work simultaneously in several markets, when losses in one market can be offset by successes in other markets, distribution of supplies among many consumers, striving for an equal distribution of shares of each counterparty. We can also diversify the purchase of raw materials and materials, which involves interaction with many suppliers, allowing us to weaken the dependence of the enterprise on its "environment". In the event of a supply disruption for various reasons, the enterprise will painlessly switch to work with another supplier of a similar product;

Diversification of investments is a preference for the implementation of several relatively small projects in terms of investments than the implementation of one large investment project, requiring the use of all the resources and reserves of the enterprise, leaving no room for maneuver.

· Distribution of risk over time (by stages of work), i.e. it is necessary to distribute and record the risk over time during the implementation of the project. This improves the observability and controllability of the project stages and makes it relatively easy to adjust them if necessary.

Risk compensation methods associated with the creation of mechanisms for the prevention of danger.

Risk compensation methods are more time consuming and require extensive preliminary analytical work for their effective application:

· Strategic planning of activities, as a method of risk compensation, gives a positive effect if the development of a strategy covers all areas of the enterprise. Stages of work on strategic planning can remove most of the uncertainty, make it possible to predict the appearance of bottlenecks in the implementation of projects, identify sources of risks in advance and develop compensatory measures, a plan for the use of reserves;

· Forecasting the external situation, i.e. periodic development of scenarios for the development and assessment of the future state of the economic environment for project participants, forecasting the behavior of partners and the actions of competitors; general economic forecasting;

· Monitoring of the socio-economic and regulatory environment involves tracking current information about the relevant processes. There is a need for widespread use of informatization - the acquisition and constant updating of systems of regulatory and reference information, connection to commercial information networks, conducting our own forecasting and analytical studies, and attracting consultants. The data obtained will make it possible to catch trends in the development of relationships between business entities, give time to prepare for regulatory innovations, provide an opportunity to take appropriate measures to compensate for losses from new business rules and adjust operational and strategic plans;

· Creation of a system of reserves this method is close to insurance, but concentrated within the enterprise. The company creates safety stocks of raw materials, materials, components, reserve funds Money, plans are developed for their use in crisis situations, free capacities are not used. The development of financial strategy to manage their assets and liabilities with the organization of their optimal structure and sufficient liquidity of the invested funds.

· Staff training and instruction.

Heuristics is a set of logical techniques and methodological rules of theoretical research and finding the truth. In other words, these are rules and techniques for solving particularly complex problems.

Of course, heuristics are less reliable and less certain than mathematical calculations. However, it makes it possible to obtain a very definite solution.

Risk management has its own system of heuristic rules and techniques for making decisions under risk conditions.

Basic rules of risk management:

1. You cannot risk more than your own capital can afford.

2. It is necessary to think about the consequences of the risk.

3. You can not risk a lot for the sake of little.

4. A positive decision is taken only when there is no doubt.

5. If in doubt, negative decisions are made.

6. Do not think that there is always only one solution. Perhaps there are others.

The implementation of the first rule means that before deciding on a risky capital investment, the financial manager must:

Determine the maximum possible amount of loss for this risk;

Compare it with the amount of injected capital;

Compare it with all your own financial resources and determine whether the loss of this capital will lead to the bankruptcy of this investor.

The implementation of the second rule requires that the financial manager, knowing the maximum possible amount of loss, would determine what it can lead to, what the probability of risk is, and make a decision to refuse the risk (i.e. from the event), take the risk on his own responsibility, or transfer of risk to responsibility of another person.

The effect of the third rule is especially pronounced in the transfer of risk, i.e. with insurance. In this case, it means that the financial manager must determine and choose an acceptable ratio for him between the insurance premium and the sum insured.

The insurance premium is the payment of the policyholder to the insurer for the insured risk. The sum insured is sum of money for which are insured material values, responsibility, life and health of the insured.

The risk should not be withheld, i.e. the investor should not take the risk if the loss is relatively large compared to the savings on the premium.

The implementation of the remaining rules means that in a situation for which there is only one solution (positive or negative), you must first try to find other solutions. Perhaps they really exist. If the analysis shows that there are no other solutions, then they act according to the rule "counting for the worst", i.e. if in doubt, make a negative decision.

The modern business world is dynamic. After two years between the periods (2014-2015), the features of a new reality are gradually emerging for the prospects for business development in Russia. In the conditions of a shrinking market and a weak ruble, enterprises are forced to form and develop their export potential in every possible way, which will require an additional restructuring of management. In this regard, the risk management system, which one way or another will have to be created by enterprises, can become a resource of attractiveness for investors and a factor of success in foreign and domestic markets.

The essence of risk management

This article echoes the materials of the article on the topic of organizational aspects. Risk management is proposed to be understood as a set of targeted procedures for identifying, assessing and reducing risk to the values ​​established by a strategic choice, assuming a multi-stage implementation process. The economic goal of management is to reduce or compensate for damage to the organization in the event of adverse consequences of decisions.

In conditions of uncertainty of the economic activity of an enterprise, risk management is a complex of regulation of strategic, tactical, project and operational-production relations. An integrated approach has a number of advantages (the corresponding diagram is placed below), and from the standpoint of management functions, almost the entire arsenal of management tools is involved, including components financial management, logistics, economics, accounting, sales, etc. The complex of procedures is aimed at:

• forecasting risk events and their identification;
• justification for risk aversion;
• justification of risk acceptability;
• minimization of risk using the available range of tools;
• elimination of the causes and consequences of risk events;
• adaptation of companies that survived the crisis period to new business conditions;
• bankruptcy protection.

Outline of the Benefits of an Integrated Risk Management Approach

Uncertainty of activity is weakly correlated with the scale of activity. Indeed, the regular management that can be deployed in large enterprises gives a significant head start in comparison with the empirical methods of management in small business. But, firstly, the cost of management rises sharply, and secondly, the very number of risk factors becomes much larger. Therefore, it can be argued with confidence that one of the conditions for the success of the activity is the implementation of anti-risk measures by the management of the business, regardless of its size. Another question is, how systemic is risk management?

The objects of management are the actual risk, economic relations accompanying probable unfavorable events and risky investments. The subjects of management can be considered both in the broad and in the narrow sense of the word. From a common position, they are all members of the organization's team, including managers and employees. In a narrow sense, subjects are specially authorized managers, employees and divisions of the company. The goals and objectives of risk management are related to the stages of business development and its passage through the stages of the life cycle. The scheme for changing the composition of management goals at the stages of the organization's activities and the corresponding tasks are shown in the diagram below.

Dynamics of goals and composition of risk management tasks by stages of company development

Concept and content of risk management systems

The risk management system (RMS) as a set of interrelated elements, on the one hand, contains two subsystems: managing and controlled. In addition, the RMS acts as a component of a higher rank system - general corporate management and is guided by the prescriptions of the organization's strategy. On the other hand, the system includes a technological management complex and a complex of organizational tools and structures. Pay attention to the diagram "RMS Buildings" presented below. It displays the main elements of the risk management system.

Scheme "RMS building" in the relationship of technological and organizational aspects

The enterprise risk management system is an element of the mechanism internal control and risk management, which is part of general corporate governance, a technological tool and tools that ensure the effectiveness of risk management. This system provides the organizational prerequisites, principles and structures for the design, implementation and improvement of business processes of risk management of the organization. Thus, the RMS creates the infrastructure for risk management on a regular basis.

Ensuring the minimization of the level of uncertainty regarding the achievability of the tasks set for the management, the development and practical development of risk management processes is the main goal of the RMS. Under these objectives, the results are considered to be achieved according to the development strategy, in the programs of the tactical and operational levels. The RMS serves the regulated management of the assessed risks, as well as maintaining the company's integral risk at the level of the preferred acceptable risk. A diagram of the relationship of integrated risk management with stakeholders is provided below.

A scheme for resolving a conflict between leading business persons through integrated risk management

The risk management system, especially in large companies is called the corporate risk management system (CRMS). In addition to the simple expansion of the abbreviation, this, as a rule, entails increased requirements for the level of regulation of activities within the system. From the standpoint of solving the main tasks in the CRMS, the following stages are consistently performed.

1. RMS diagnostics at the level of business units and the whole company.
2. Development of the main CRMS structures (organizational, informational, financial, etc.).
3. Creation of regulatory and methodological support for CRMS.
4. Structuring databases on identified risks and existing risk events.
5. Development of mechanisms for monitoring and reporting events that have occurred.
6. Revealing, identification and assessment of risks, drawing up a plan for their minimization and compensation.
7. Formation of a risk map.
8. Integration of the card update procedure into the business planning process.
9. Analysis and assessment of the facts of response to risk events.

Risk management standardization specifics

Risk management systems at domestic enterprises are built on the basis of Western standards, which are rather poorly adapted to our realities. I am not considering the experience of banks and insurance companies here. It seems that in this sector of the economy the point of no return has been passed and the rates of development of risk management and the RMS supporting them can be considered satisfactory. Interested in what Russian companies, primarily in the manufacturing sector, can rely on in order to quickly increase their risk management potential? To do this, you need to touch on the history of the development of a systemic approach to risk management in the world and in our country.

A diagram of the world history of the development of standards in the field of risk management

The composition of the current national and international standards in the field of risk management

Above is a diagram of the history of standardization and the composition of the current standards in the field of risk management in the world. Obviously, in order to Russian enterprise satisfied the needs of investors and aroused confidence in the international arena, the approach to building the CRMS should be at least close to world standards. And to meet the requirements of the exchange trading platforms, international and Russian corporate law, the system itself must be transparent and understandable for a competent stakeholder.

The COSO ERM Risk Management Model is not a standard and is a deep methodological development. Therefore, it is difficult to ignore the COSO cube and not emphasize its basic postulates. Below are two diagrams that provide an overview of the concept. In the model:

• defined the basic concepts of the internal control system;
• the main components of the risk management process are described in detail;
• an integrated model of risk management in a cubic visual form is presented;
• the principles of this management system have been developed;
• the functions and responsibilities of the participants in the risk management process are formulated;
• the actual control process is described;
• recommendations were given to external and internal stakeholders in ensuring the successful functioning of the RMS in companies.

Core Components of the COSO ERM Risk Management Model

The company always remains alone with its risks and takes up defense against threats and consequences of their implementation at internal borders. Regulatory bodies also take their place at the “distant approaches to the front of hostilities”. And the support of the regulators is certainly needed by the business. Another thing is that domestic standards are "tracing paper" from Western counterparts. It should be understood that the real practice of the general mass of firms in developed countries has gone far ahead due to a longer history and a different level of management culture. Nevertheless, as a basis, the resources provided by the regulators are useful for starting the CRMS implementation.

Scheme of the composition of regulators that determine the requirements for the RMS

Algorithm for building a CRMS in a company

We remember the axiom that management and its components are in tandem with the company's strategy. It defines the principles of management and the main focus points. The specificity of risk management is that the local strategy for dealing with risks is subject to major adjustments in the middle of the management process. To build an RMS, the company's experience in the practical application of financial and economic theory, tax and civil law, external asset regulatory and standards.

Internal and external supports for building RMS in the company

The construction of a risk management system according to the model proposed below is based on the experience of Russian companies with a focus on the COSO methodology. This model implies the following stages of the algorithm.

1. Analysis of the environment. First of all, the elements are analyzed external environment(activities of the Central Bank of the Russian Federation, the State Duma, the Ministry of Finance, the Federal Tax Service, etc.), business environment, market conditions, business resources. All this creates external risk factors.
2. Establishing the customer's risk management processes. The success of the CRMS implementation depends on this. Very often in Russian companies the customer is financial service, which is associated with the dominant role financial risks the functioning of the company. The customer in some cases is general director, and it is especially valuable if his initiatives are supported by the position of the main shareholders.
3. Determination of the organizational structure of the control subsystem. The system can be controlled by a dedicated specialist or supervisor a separate subdivision, which coordinates various areas: risky investments, insurance operations, venture investments. This organizational structure is called the concentrated model. The second option for organizing an RMS can be a distributed risk management model.
4. Development of regulatory documentation for the system: risk management policy, provisions (concepts) on risk management, risk declarations. The policy serves as the main CRMS document; it is publicly available on the corporate portal.
5. Development and adjustment of the corporate risk map. Here, measures are cyclically implemented to identify, identify and assess the company's risks.
6. Developing a risk management strategy. In the strategy, in addition to the principles of choosing methods for dealing with risks, mechanisms for their financing, a special place is occupied by indicators of the effectiveness of the RMS and the distribution of areas of responsibility between the management company and business units.
7. The actual implementation of the risk minimization and compensation program.
8. Development of a process for operational risk management.
9. Regular audit of CRMS.
10. Implementation of procedures for informing about changes in the CRMS.
11. Creation and development of control and monitoring systems.
12. Implementation of procedures for storing and archiving information generated in the system.

RMS implementation principles

The principles of the RMS functioning in the company also determine the processes of its implementation and development. These principles are subject to observance by managers responsible for the implementation of system procedures by specialists and all employees of the company.

1. The principle of goal orientation. The goals are spelled out in the company's strategic documents: development strategies, strategic action plan, corporate maps, business plans.
2. The principle of balancing risks and rewards. The RMS should promote a balance between risk and profitability (profitability) of the business, taking into account the requirements of legislative acts and the provisions of internal regulations.
3. The principle of accounting for uncertainty. Uncertainty is present in any business activity and is an integral part of the decisions made in the company. RMS serves to systematize information about sources (factors) of uncertainty and helps to reduce it.
4. The principle of consistency. A systematic approach allows you to timely and fully identify, identify and assess risks, reduce their negative consequences or compensate for the impact on performance.
5. The principle of quality information. The RMS requires timely, secure and accurate information to function. When making decisions, however, it is necessary to take into account the limitations and assumptions of the sources of information, the possible subjectivity of the position of experts and the peculiarities of the methods used for assessing and modeling risk situations.
6. The principle of assigning responsibility for risk management. The concept of "owner of risk" is introduced, this status is assigned to one of the company's managers. He is given responsibility for the appropriate management procedures within the conferred powers and functional composition.
7. The principle of efficiency. RMS should provide a reasonable and economically sound combination of management effectiveness and costs of its organization and production.
8. The principle of continuity. RMS operates in conditions of regularity (cyclicity) of the main processes and their continuity. The processes of the system originate at the time of the development of the company's strategy and cover all areas of its activity.
9. Integration principle. The decision-making system at all levels of management should include the subject area of ​​the RMS. Decisions are developed and approved taking into account the circumstances and the likelihood of adverse consequences associated with their adoption.
10. Expansion principle. RMS involves the identification, assessment and settlement of all possible threats to activities, not being limited only to financial and insured risks. For the last three principles, diagrams of their main elements are presented below.

The composition of the procedures of the RMS continuity principle

Diagram of the main elements of the RMS extensibility principle

Company assessment for risk management

What should a company do if it is just thinking about introducing an RMS or if the elements of the system are already present, but it is not clear how and in what direction to move on? Experts recommend in this case to analyze the risk management system at the enterprise in order to determine its strengths and weaknesses and ways of further development.

It would be very useful for current and potential stakeholders in the company's activities and in investing in it to learn about the real state of affairs from the position of regular risk management. In 2015, the KPMG Consulting Group conducted a study "The Practice of Risk Management in Russia", in which 48 respondents were asked about RMS diagnostics. The results of the responses are presented in the diagram below.

Results of a survey of 48 Russian companies on RMS diagnostics.

Introduction ……. ……………………………………………………………

Chapter 1. Theoretical aspects risk management ............................

1.1 Essence, content and ............................................ .................................

1.2. Techniques and methods of risk management ........................................... .........

1.3. Enterprise Risk Management Process .......................................

Chapter 2. Risks in the Company's activities (for example, OJSC Megafon.) ……………………………………………………………… ..

2.1. General characteristics of the enterprise ............................................. ...........

2.2 Analysis of the business environment and the enterprise market .........................................

2.3.Analysis of entrepreneurial risks in the Megafon Company ..........

2.4. Legal support of the project ............................................. ....................

Chapter 3. Proposals to improve the risk management system at the enterprise ....................................... ......................................

3.1. Ways to minimize the risks of an enterprise in the market ...............................

3.2. Improving risk management technology by creating a program targeted activities on risk management ......................

3.3 Business rationale for Proposed Activities ................

3.4. Computer support of the project ............................................... ......

Conclusion................................................. .................................................. ..

List of used literature ............................................... .........

Applications

Introduction

At market economy producers, sellers, buyers act in a competitive environment on their own, that is, at their own peril and risk. Their financial, future, therefore, is unpredictable and little predictable. Risk is inherent in any form of human activity, which is associated with many conditions and factors that affect the positive outcome of decisions made by people.

There is no entrepreneurship without risk. As a rule, the highest profit comes from high-risk market transactions. However, everything needs a measure. The risk must be calculated to the maximum acceptable limit... As you know, all market assessments are multivariate. It is important not to be afraid of mistakes in your market activities, since no one is immune from them, and most importantly, do not repeat mistakes, constantly adjust the system of actions from the standpoint of maximum profit. Historical experience shows that the risk of not receiving the intended results is especially manifested in the generality of commodity-money relations, competition between participants in economic turnover. Therefore, with the emergence and development of capitalist relations, various risk theories appear, and the classics of economic theory pay great attention to the study of risk problems in economic activity.

The manager is designed to provide additional opportunities to mitigate sharp turns in the market. the main objective management, especially for the conditions of today's Russia, to ensure that in the worst case scenario, it could only be about a slight decrease in profits, but in no case there was a question of bankruptcy. Therefore, special attention is paid to the continuous improvement of risk management and risk management. Risk management is a system of risk assessment, risk management and financial relations arising in the course of a business.

The degree and magnitude of the risk can actually be influenced through the financial mechanism, which is carried out using the techniques of strategy and financial management. This kind of risk management mechanism is risk management. Risk management is based on the organization of work to identify and reduce risk.

Risk can be managed using a variety of measures that allow to predict the occurrence of a risk event to a certain extent and take timely measures to reduce the degree of risk.

Problem consists in the fact that the uncertainty of the economic situation, the uncertainty of conditions, changes in the political and economic situation and prospects forcing the entrepreneur to take the risk of these conditions. The greater the uncertainty of the economic situation when making a decision, the higher the degree of risk. It follows that urgency of the problem consists in the fact that, regardless of the stability of the socio-political and economic situation, changes in the external and internal environment of the activities of any organization leads to the emergence of risks that must be managed for the successful achievement of goals.

The purpose the thesis project is the analysis of the risk management system in the activities of the enterprise and the development of methods to minimize them.

This goal predetermined the formulation and solution of a number of interrelated tasks:

Consider the existing concept of risks, the reasons for its occurrence;

Investigate the market activity of the enterprise;

Analyze the business environment of the enterprise;

Identify the main risks of the enterprise;

Propose measures to minimize the risks of the enterprise;

An object research - the company OJSC "Megafon"

Item research is the process of risk management in a company.

The structure of the thesis project consists of an introduction, three chapters, a conclusion, a list of references and applications.

The first chapter presents the definition of risk in theory and practice, the reasons for its occurrence and classification. In the second, the main indicators of the production and economic activity of the enterprise and the nature of the risks in the operation of the enterprise are considered. The third chapter examines the main directions of the enterprise, the methods used to minimize risk and improve the risk management system at the enterprise.

When writing the graduation project, methods of risk management, forecasting of performance results, modeling were used on the basis of such developments of domestic economists as G.V. Chernova. and Kudryavtseva A.A., Fomicheva A.N., Stoyanova E.G., Lapusta M.G. and foreign scientists Barton T, Shenkir U. and others.

Practical relevance the diploma project is the identification of the impact of risks on the activities of the enterprise, coordinated and systemic risk management in the company Megafon (Kaluga).

ChapterI... Theoretical aspects of risk management

1.1 Essence, content and types of risks

Risk is an action (deed, deed) performed under the conditions of choice (in a situation of choice in the hope of a happy outcome), when in case of failure there is a possibility (degree of danger) to be in a worse position than before the choice (than in the case of failure to perform this action ).

By their nature, risk is divided into three types:

1. When at the disposal of the subject making a choice from several alternatives, there are objective probabilities of obtaining the intended result. These are probabilities that do not directly depend on a given firm: inflation rate, competition, statistical studies, etc.

2. When the probabilities of the expected result can be obtained only on the basis of subjective assessments, i.e. the subject deals with subjective probabilities. Subject probabilities directly characterize a given firm: production potential, level of subject and technological specialization, labor organization, etc.

3. When the subject in the process of choosing and implementing an alternative has both objective and subjective probabilities.

Thanks to these modifications of risk, the subject makes a choice and strives to realize it. As a result, the risk exists both at the stage of choosing a solution and at the stage of its implementation.

Risk is more fully defined as an activity associated with overcoming uncertainty in a situation of inevitable choice, in the process of which it is possible to quantitatively and qualitatively assess the likelihood of achieving the intended result, failure and deviation from the goal.

From the last definition, one can single out the main elements that will constitute the essence of the concept of "risk".

1. Possibility of deviation from the intended goal for the sake of which the chosen alternative was carried out (deviations of both negative and positive properties).

2. The likelihood of achieving the desired result.

3. Lack of confidence in achieving the set goal.

4. Possibility of material, moral and other losses associated with the implementation of the alternative chosen in conditions of uncertainty.

Acceptance of a project associated with risk involves identifying and comparing possible losses and income. If the risk is not backed up by calculations, then it mostly ends in failure and is accompanied by certain losses. To cope with the negative phenomena associated with risk, it is necessary to identify: the main features and sources of its occurrence, its most important types, the permissible level of risk, risk measurement methods, risk reduction methods.

The main features of risk are: inconsistency, alternativeness and uncertainty.

Such a feature as inconsistency in risk leads to a clash of objectively existing risky actions with their subjective assessment. Since along with initiatives, innovative ideas, the introduction of new promising activities that accelerate technological progress and affect public opinion and the spiritual atmosphere of society, there are conservatism, dogmatism, subjectivism, etc.

Alternativeity implies the need to choose from two or more possible options for decisions, directions, actions. If there is no choice, then there is no risky situation, and, consequently, no risk.

Uncertainty is the incompleteness or inaccuracy of information about the conditions for the implementation of a project (solution). The existence of risk is directly related to the presence of uncertainty, which is heterogeneous in its form of manifestation and content.

According to the source of occurrence, the risk is classified as an economic activity associated with a person's personality and caused by natural factors.

In an era of economic and financial crisis risk management is the most pressing problem facing Russian industrial companies. The processes of globalization are becoming another source of economic risks, therefore, the use of the fundamentals of risk management in management will contribute to the achievement of the goals and objectives of chemical companies, although, of course, it will not reduce the likelihood of various kinds of risks to zero.

The introduction of a risk management system at enterprises makes it possible to:

• identify possible risks at all stages of activity;
• predict, compare and analyze emerging risks;
• develop the necessary management strategy and complex decision-making to minimize and eliminate risks;
• create the conditions necessary for the implementation of the developed activities;
• monitor the operation of the risk management system;
• analyze and control the results obtained.

The peculiarities of risk management include: the need for the management of companies to have anticipatory thinking, intuition and foresight of the situation; the possibility of formalizing the risk management system; the ability to respond quickly and identify ways to improve the functioning of the organization, reduce the likelihood of an undesirable course of events.

Comprehensive risk management system ERM (Enterprise Risk Management) in many foreign companies, for example, in the USA, is already used quite widely, since the owners of large world companies have already made sure in practice that the old management methods do not correspond to modern market conditions and are unable to ensure the successful development of their business.

The application of risk management presupposes a clear distribution of responsibility and authority among all structural units... The functions of senior management include the appointment of those responsible for the implementation of the necessary risk management procedures at all levels. Such decisions must comply with strategic goals and the objectives of the company and not to violate the terms of the current legislation. At the same time, it is necessary to correctly distribute among the performers the measure to identify risks and the functions of control over the created risk situation.

Risk management as a key tool to improve performance

Risk management is one of the key tools for improving the effectiveness of enterprise management programs, which they can use to reduce product life cycle costs and mitigate or avoid potential problems that could hinder the success of the enterprise.

Achieving the goals of the enterprise requires specific ideas about the main type of activity, production technologies, as well as the study of the main types of risks. Prevention of risks and reduction of losses from impact leads to sustainable development of the enterprise. The process by which the activities of an enterprise are directed and coordinated in terms of the effectiveness of risk management and constitutes risk management. Risk management is the process of identifying the losses that an organization faces in the course of its main activity and the extent of their impact, and choosing the most appropriate method for managing each individual type of risk.

In another view, risk management is a systematic process in which risks are assessed and analyzed to reduce or eliminate their consequences, as well as to achieve goals.

Based on the foregoing, it can be concluded that risk management to ensure the viability and efficiency of an enterprise is a cyclical and continuous process that coordinates and directs the main activities. It is advisable to do this by identifying, controlling and reducing the impact of all types of risks, including monitoring, contacts and consultations aimed at meeting the needs of the population, without prejudice to the ability of future generations to meet their own needs. Risk assessment leads to the stability of the enterprise, contributing to its sustainable development. Risk management - a contribution to sustainable development, is an essential factor in maintaining and increasing the stable operation of the enterprise. Active risk management is critical to the governance process, towards confirming that risks are being handled at the appropriate level.

Planning and implementing risk management includes the following steps:

• Management of risks;
• identification of risks and the degree of their impact on business processes;
• application of qualitative and quantitative risk analysis;
• development and implementation of risk response plans and their implementation;
• monitoring of risks and management processes;
• the relationship between risk management and performance;
• assessment of the overall risk management process.

Methodology (program) for continuous risk management

In order to facilitate risk management activities, the enterprise needs to develop a methodology (program) for continuous risk management (CCM). MNUR is a theoretically significant program aimed at developing project management mechanisms with best practice processes, methods and tools for enterprise risk management. It provides conditions for active decision-making, constant risk assessment, determining the significance and level of influence of risks on management decisions, and implementing a strategy to combat them. In addition, progress can also be made in the scope of the project, the enterprise budget, the timing of its implementation, etc. Figure 1 clearly illustrates the methodology for the continuous risk management process.

Rice. 1. Continuous risk management process

The performance management process acts as an auxiliary tool for obtaining information necessary for the developed risk management mechanism. Adverse trends should be analyzed and their impact on this mechanism assessed. Appropriate actions of the control mechanism should be taken for those areas of activity that are defined as basic in the business processes of the enterprise. Corrective actions can include reallocation of resources (funds, personnel and changes in production schedule) or activation of a planned risk mitigation strategy. Severe cases, unfavorable trends and key indicators can also be accounted for when using this mechanism.

It is important that this mechanism emphasizes the need to reassess the identified risks that systematically affect the activities of the enterprise. As the system goes through life cycle development, in this case most of the information will become available for assessing the degree of risk. If the magnitude of the risk changes significantly, the approaches to its treatment should be adjusted.

Overall, this progressive approach to risk management is critical to the overall management process and ensures that risk metrics are handled efficiently and at the appropriate level.

Development of an enterprise risk management program

Consider the risk management policy that should be applied in the enterprise. The developed mechanism (program) should be aimed at effective and continuous risk management. Thus, early, accurate and continuous identification and assessment of risks is encouraged, and the creation of information transparent reporting on risks, planning measures to reduce and prevent changes in external and internal conditions will have a positive impact on the program.

This mechanism, including relationships with counterparties and contractors, should perform the functions of identifying risks and monitoring them. For its implementation, it is necessary to have some kind of plan in the form of a set of guidance documents developed for specific areas activities. This plan sets out guidelines for the implementation of the LRMD in a specific time frame. It does not affect the conduct of other activities throughout the enterprise, but rather can provide management with leadership in risk management.

The risk management process must meet a number of requirements: it must be flexible, proactive, and must also work towards ensuring the conditions for effective decision-making. Risk management will influence risks by:

• encouraging risk identification;
• decriminalization;
• identifying active risks (constantly assessing what can go wrong);
• identifying opportunities (constantly assessing the likelihood of favorable or timely occurrences);
• assessing the likelihood and severity of exposure for each identified risk;
• determination of appropriate courses of action to reduce the possible significant impact of risks on the enterprise;
• developing action plans or steps to mitigate the impact of any risk that requires mitigation;
• conducting continuous monitoring of the emergence of risks with a minor degree of impact at the present time, which may change over time;
• production and dissemination of reliable and timely information;
• facilitating communication between all stakeholders of the program.

The risk management process will be flexible, taking into account the circumstances of each risk. The basic risk management strategy is designed to identify the critical areas of risk events, both technical and non-technical, and take the necessary steps to deal with them ahead of time before they have a significant impact on the enterprise, causing significant costs, product quality or productivity.

Let us consider in more detail the functional elements that are components of the risk management process: identification (detection), analysis, planning and response, as well as monitoring and management. Each functional element will be discussed below.

1. Identification

• Data review (i.e. earned value, critical path analysis, complex scheduling, Monte Carlo analysis, budgeting, defect analysis and trend analysis, etc.);
• Consideration of the submitted forms of risk identification;
• Conduct and assess risk using brainstorming, individual or group peer review
• Carrying out independent evaluation identified risks
• Enter the risk into the risk register

1. Risk identification / analysis tools and techniques to be used include:

• Interview Methods for Risk Determination
• Fault tree analysis
• Historical data
• Lessons learned
• Risk Accounting - Checklist
• Individual or group expert judgment
• Detailed analysis of work breakdown structure, resource exploration and scheduling

1. Analysis

• Conducting a likelihood assessment - each risk will be assigned a high, medium or low likelihood of occurrence
• Creation of risk categories - the identified risks should be associated with one or more of the following risk categories (for example, costs, timing, technical, software, process, etc.)
• Assess the impact of risks - assess the impact of each risk depending on the identified risk categories
• Determination of risk severity - assign probabilities and impacts to the rating in each of the risk categories
• Determine when the risk event is likely to occur

1. Planning and response

• Risk Priorities
• Risk analysis
• Appoint a person responsible for the occurrence of the risk
• Define an appropriate risk management strategy
• Develop an appropriate risk response plan
• Provide an overview of priorities and determine its level in reporting

1. Supervision and control

• Define reporting formats
• Determine the survey form and frequency of occurrence for all risk classes
• Risk report based on triggers and categories
• Conducting a risk assessment
• Submission of monthly risk reports

For effective risk management at the enterprise, we consider it expedient to create a risk management department. The main responsibilities of this structural unit, including for personnel and other users (including employees, consultants and contractors), in order to successfully implement the risk management strategy and processes are shown in Table. one.

Table 1 - Risk Management Department Roles and Responsibilities

Roles	Assigned responsibilities
Program Director (DP)	supervision over the risks of the department's activities. Risk monitoring and risk response plans. Approval of the funding decision for the risk response plans. Monitoring management decisions.
Project Manager	assistance in controlling the risk of management activities Assist in establishing organizational authority for all risk management activities. Timely response to funding risk.
Clerk	facilitating the implementation of risk management (the employee is not responsible for identifying risks, or the success of individual risk response plans). The need to encourage proactive decision-making in defining appropriate risk responses for risk “owners” and department managers. Administering and maintaining stakeholder commitment, risk management process Ensuring regular coordination and exchange of information on risk between all stakeholders, Risk management in the registered risk register (database). Development of knowledge of personnel and contractors in the field of risk management activities.
Secretary	the functions of the secretary are performed by an employee of the risk department or they alternate between all employees. Features include: Planning and coordination of meetings; Preparation of the meeting agenda, risk assessment packages, and meeting minutes. Obtaining and tracking the status of the proposed types of risk. Perform an initial assessment of the proposed risks to determine the most important. Expert in the subject area of ​​risk analysis at the request of the Chairman of the Board of Directors. Facilitate analysis by members of the Board of Directors, who will decide whether risk mitigation is necessary. Regular coordination and communication of the risk of information exchange with all stakeholders,
Department Director (DO)	appointing risk owners in their area of ​​responsibility and / or competence. Active employee encouragement Tracking the integration of risk management efforts in their areas of responsibility. Selection and approval of a risk response strategy. This includes approving resources (e.g. owner risk) for further risk analysis and / or compiling more detailed plan responding to risks if necessary. Approval of all tasks. Assign resources for the risk management response contained in the detailed plan.
Individual member of the Office of Governance (IHI) program	identification of risks. Access to risk management data Identification of possible risks from data using a standard identification form, if necessary Drawing up and implementing a risk response plan Determining the time and all costs associated with the implementation of the risk response plan
Risk owner / Responsible person	attendance at meetings of the risk management department. Reviewing and / or providing relevant data, such as critical path analysis, project / data management support tools, defect analysis, auditing, and the possibility of adverse trends Participation in the development of response plans Risk status report and effectiveness of risk response plans Work to identify the means of responding to risks by any additional or residual risk.
Complex brigade (KB)	identification and provision of information about the risks that may arise as a result of the activities of the design bureau. Participate in the planning of any risk in accordance with this program. This planning requires coordination with the Risk Department, which, acting as management, can facilitate the acquisition of resources to respond to risks. Progress and Results Report on Risk Response.
Quality control	monitoring and reviewing the RCM when updating or changing the plan Responsibility to maintain quality documentation practices and risk management processes

Risk management functions are to organize interaction with existing divisions of the organizational structure. CPIs are generated for functional areas that are critical to the successful implementation of the objectives. All functional departments or business processes not covered by the CB are assessed and reviewed by DP, PM, and employees to ensure adequate behavior in relation to the occurrence of risk. Risk identification is the process of determining which events may affect the operations of an enterprise and documenting their characteristics. It is important to note that risk identification is an iterative process. The first iteration is a preliminary assessment and risk check of the team, as needed, with a risk identifier. The second iteration includes presentation, viewing and discussion. The risk management process includes three separate stages of risk characterization: identification, assessment and adjustment, and confirmation.

A graphic representation of the risk identification process is shown in Fig. 2.

Rice. 2. Block diagram of the risk identification algorithm

As a result of its implementation, a set of measures can be developed to assess the operational risks of the enterprise, the integral risk, the quantitative assessment of which is based on comprehensive analysis financial and accounting reporting, and assessment of integral risk based on all levels of enterprise responsibility.

Conclusion

Risk management at chemical enterprises must be carried out within the framework of a systemic and process approach, taking into account the specifics of the industry, using modern effective management methods and production organizations, as well as using risk management tools. The risk management system of the activities of a chemical enterprise must necessarily take into account the safety requirements established government bodies authorities, and ensure the safety and health of personnel associated with a hazardous technological facility. For the purpose of effective risk management of an enterprise, an integrated risk management system is needed, which consists in an integrated approach to assessing the maximum number of risk factors for an enterprise's activities carried out in a dynamic economic environment. The author believes that the development of the above-described set of measures will accompany an increase in the level of management and risk assessment in industrial organizations.

The activities of any enterprise are inextricably linked to the concept of "risk": the bank in which you keep your funds may go bankrupt, the business partner with whom the deal is concluded may turn out to be dishonest, and the employee hired may be incompetent. Do not forget about natural disasters, computer viruses, economic crises and other phenomena that can damage the company. However, risks can be managed in the same way as manufacturing or purchasing processes.

In order for a company to make informed decisions in the face of uncertainty, it must develop a risk management policy. It should be regulated by a special internal document - a risk management program. As a rule, it includes the following sections:

• definition of the concept of "risk" adopted at the enterprise;
• risk management objectives;
• classification and detailed description of the main types of risks that the company may face;
• risk management system.

The risk management policy must be approved and adopted by senior management or shareholders. Let's take a closer look at all sections of this document.

Definition of "risk"

Each financial manager has his own understanding of risk, methods of assessing it and how to determine its size. IN explanatory dictionary of the Russian language by S. Ozhegov, it is defined as “a possible danger; acting at random in the hope of a happy outcome. "

• Personal opinion

  Yuri Kostin,

  Risk is the inability to predict the occurrence of an event and its consequences.

  It should be noted that the concept is interpreted differently depending on the scope of its circulation. For mathematicians, risk is a distribution function of a random variable, for insurers it is an insurance object, the size of the possible insurance compensation associated with the insurance object. For investors, this is the uncertainty associated with the value of the investment at the end of the period, the probability of not reaching the goal, etc.

Risk management objectives

Depending on the field of activity, business environment, development strategy and other factors, the company may face different kinds risks. Nevertheless, there are common goals that should be facilitated by an efficiently organized management process.

Typically, the main goal that companies pursue when creating a risk management system is to increase operational efficiency, reduce losses and maximize income. According to Yuri Kostin, the main goal is the most efficient use of capital and maximum income. Director of the Russian Institute of Directors 1 Igor Belikov believes that one of the main goals is to increase the sustainability of the company's development, to reduce the likelihood of losing part or all of the company's value.

• How does the presence of a risk management system affect the terms of a company's lending?
• Alexander Brychkin, Deputy Head of the Credit Department of JSCB Evrofinance (Moscow)
• The presence of the system is undoubtedly taken into account when considering the issue of granting him a loan, but it affects the value of the interest rate indirectly, through the assessment of the results of the work of this system.
• To assess the effectiveness of the system, the bank analyzes, in particular, the following aspects of the activity of a potential borrower:
• . total amount suppliers and buyers, the ability to switch to work with other counterparties, the level of diversification of purchases and sales;
• ... the credit policy of the enterprise, including the level of overdue receivables;
• ... the potential impact of changes in foreign exchange rates on financial condition and the results of the borrower;
• ... availability of insurance covering the risks of loss or damage to property of the enterprise or others, the amount of such insurance;
• ... the riskiness of the company's financial investments;
• ... the borrower's inventory management policy.
• All of these factors affect the level of credit risk. Accordingly, the more effective the management system, the lower the credit risk of the bank and the lower the interest rate on the issued loan can be.

Classification of the main types of risk

To achieve the above objectives, it is necessary to disclose in detail the essence of the main types of risks faced by the organization. The author offers the following classification: credit, market, liquidity risks, operational, legal.

Credit risk

They mean probable losses associated with the refusal or inability of the counterparty to fully or partially fulfill its credit obligations. By trusting someone with its funds, the organization assumes the credit risk. For example, a customer may not be able to pay for goods after they have been delivered. The amount of damage resulting from the occurrence of a risk event is defined as the value of all uncovered obligations of the counterparty to the company in monetary terms, including possible costs associated with the return of its debt.

Market risks

They characterize possible losses resulting from changes in market conditions. They are associated with fluctuations in prices in commodity markets and exchange rates of currencies, rates for stock markets etc. For example, a company has entered into a contract for the supply of goods to a buyer through certain time and fixed the delivery price in the contract. When the deadline for the fulfillment of obligations under the contract approached, the buyer refused to fulfill the terms of the transaction. By this time, the market price for this product had dropped significantly, as a result, due to the sale of goods at a lower price to another buyer, the company suffered losses.

Market risks are most susceptible to volatile assets (goods, cash, securities, etc.), since their value largely depends on the prevailing market prices.

Liquidity risks

Liquidity risks - the likelihood of a loss due to a lack of funds in the required time frame and, as a result, the inability of the company to fulfill its obligations. The onset of such a risky event may entail fines, penalties, damage to the business reputation of the company, up to and including declaring it bankrupt. For example, an organization must settle its accounts payable within two weeks, but due to a delay in payment for shipped products, it does not have cash. Obviously, the creditors will impose penalties on the company.

As a rule, liquidity risk arises due to unprofessional management of cash flows, receivables and payables.

Operational risks

They mean potential losses of the company caused by mistakes or unprofessional (illegal) actions of personnel, as well as equipment malfunctions. An example is the risk of releasing defective products as a result of a violation technological process... According to the risk manager of RUSAL-UK Denis Kamyshev, the so-called force majeure (for example, the impact of natural disasters) should also be referred to the operational risks of an industrial organization.

The Basel Committee on Banking Supervision 2 characterizes operational risk as “the risk of direct or indirect losses due to ineffective or disrupted internal processes, the actions of people and systems”.

Legal risks

They represent possible losses as a result of changes in legislation, tax system, etc. Legal risk may arise due to the inconsistency of the internal documents of the company (customers and contractors) with existing legal norms and requirements. For example, a transaction will be invalidated if the agreement between the organizations is executed in violation of legal rules and regulations.

Principles for managing various types of risks

General principles

Risk management begins with identifying and assessing all possible threats that a company faces in the course of its activities. Then the search for alternatives is carried out, that is, less risky options for carrying out activities with the possibility of obtaining the same income are considered. At the same time, it is necessary to compare the costs of implementing a less risky transaction and the amount of risk that can be reduced. In other words, it shouldn't happen that the organization avoided the risk of losing $ 100,000 by spending $ 200,000 on it.

Expert opinion

Yuri Kostin, Risk Manager of the Corporate Finance Department of Sibneft OJSC (Moscow)

In practice, there are many different classifications risks. In addition to credit, market, operational, legal and others, strategic and informational ones are often distinguished.

Strategic risks represent a risk of losses due to the uncertainty arising from the company's long-term strategic decisions.

Information risks are understood as the likelihood of damage as a result of the loss of information relevant to the company.

Once the risks have been identified and assessed, management must decide whether to accept or avoid them. Acceptance implies that the company assumes responsibility for its own prevention and remediation. Management can also avoid risks, that is, either avoid the activities associated with them, or insure them.

The decision to accept or evade largely depends on the strategy implemented by the company .. According to the head of the risk management department of OJSC Magnitogorsk Iron and Steel Works Igor Tarasov,“Risk management is not so much the development of measures to counteract risk factors, but rather a change in the system of making managerial decisions in the organization”.

• Personal experience

  Yuri Kostin

  Most companies aim to make risk management a subsidiary function. The most common activities of a management unit are identifying and ranking them. Less common integrated management, for example, the development of an enterprise strategy taking into account the risk-reward ratio.

Credit risk management

When managing credit risks, the company pre-determines the acceptable amount of losses that it can afford (loss limit). In the event that a particular transaction is characterized by the risk of losses, the amount of which exceeds the established limit, it is rejected. Thus, the organization regulates the level of risk for the transactions carried out.

It is assumed that the probability of default on the part of several buyers (borrowers) is rather low, therefore, the volume of losses per client is considered as the main indicator. In world practice, the maximum amount of credit risk per client varies within 15-25% of the company's equity capital. Each organization chooses this value for itself, depending on the attitude to risk. If the company has a large number of clients, then a limit is set for the value of the transaction, below which the company considers it inappropriate to manage the risk.

After determining the maximum acceptable size credit risk per client, it is necessary to assess the likelihood of failure by each specific buyer (borrower) of their obligations. This can be done by analyzing internal factors affecting the client's creditworthiness, such as stability of cash flows, equity capital, credit history, quality of management, etc. The risk manager assigns a certain weight to each of the above factors (assessment of the significance of the indicator in percent) and a score (qualitative assessment). Based on the results of credit analysis, a summary rating table is compiled, in which each counterparty is assigned a risk class (credit rating).

Example 1

All factors are divided into internal and external. The score of a group of factors is determined as the sum of the products of the assessments of the factors and their weights. Thus, the score of qualitative factors is determined as follows: 8x0.25 + 4x0.15 + 1x0.5 + 3x0.2 + 5x0.15 = 4.2. The qualitative factors are assigned a weight of 55%.

The score and weight of quantitative, sectoral and country factors are determined in a similar way.

The final score is the sum of the assessments of external and internal factors.

The risk class is established based on the calculated final score of the client's assessment. Each company develops its own scale, in which the final score corresponds to a certain risk class. In this case, for the final score from 10 to 12 units, it corresponds to 4, from 12 to 14 - 5, etc.

Then, based on each risk class, the size of the credit limits is determined, which can vary from the maximum possible to zero.

Thus, a certain amount of the limit corresponds to a certain risk class. The higher the risk class, the lower the probability of default on the part of the buyer and the higher the credit limit will be set for him.

Personal experience

Andrey Novitsky, Risk Manager of the Risk Management and Insurance Department of Aeroflot

Evaluation of the effectiveness of credit risk management at Aeroflot is based on two key indicators:

• the ratio of the volume of losses from brokering agents to the revenue received from the sale of air transportation agents (loss / profit);
• the ratio of the credit risk assumed by the company to the revenue received from the sale of air transportation agents (risk / profit).

In this case, the dynamics of the risk / profit indicator shows the change in potential losses, loss / profit - the actual ones.

Based on the strategy implemented in the market, the company determines for itself an acceptable ratio of losses (risk) to income received. If the volume of losses exceeds the level set by the company or the dynamics of loss / profit deteriorates, then measures are taken to reduce the overall risk and losses, and in relation to the group of counterparties with the highest credit risk.

The main tool for reducing credit risk was the use of bank guarantees when organizing the sale of air transportation through the agent network. That is, the bank guarantees the fulfillment of part of the obligations assumed by the counterparty. This approach allowed us both to significantly reduce credit risk and losses, and to provide our counterparties with a convenient tool for carrying out mutual settlements, since there is no need to divert significant funds from the turnover to make prepayments, which, as a result, stimulates the sale of air transportation.

Rating table

Client	Points	Weight, %
Internal factors	5,1
Qualitative
Market credit history	8	25
Share in the ryanka	4	15
Availability of guarantees or collateral	1	25
Shareholder support	3	20
Quality of management	5	15
Total	4,2	55
Quantitative
Liquidity	7	25
Adequacy of equity capital	8	30
Profitability	4	20
Stability of cash flows	5	25
Total	6,2	45
External factors	6,76
Industry
The state of the competitive environment	8	60
Business cycle phase	9	40
total	8,4	60
Country
Country credit rating	5	30
Government regulation / support	4	70
Total	4,3	40
Final score	11,86
	Risk class4

To effectively manage credit risks, it is not enough to set credit limits for clients - it is necessary to regularly monitor the client's creditworthiness, periodically adjust the rating tables and revise the established limits. It is advisable to do this once a quarter or upon the occurrence of any significant event that may directly or indirectly affect the client's creditworthiness.

Market risk management

Market risks, like credit risks, are managed using a system of limits. In other words, when selling products, forming a foreign exchange or investment portfolio, the probable maximum losses should not exceed the established limits.

When determining the limits, the maximum allowable one-time loss is taken as a basis, which will not entail disruption of the normal activities of the company. The amount of possible losses for a specific asset of the company ( finished products, currency portfolios, investment portfolios, etc.) subject to the influence of market risk can be determined both on the basis of “historical” analysis and by expert estimates.

When managing market risks, you can set the following types of limits:

• for the amount of a transaction for the purchase or sale of products, if it is concluded on such conditions that the result of its implementation depends on fluctuations in market prices;
• on the size of the currency component of assets, which reduce the likelihood of losses in the event of a change in the exchange rate of any currency;
• on the aggregate size of the company's own investment portfolio.

Example 2

The final size of the limit is adjusted by senior management based on the development strategy, availability of free cash and the company's attitude to risk.

It is also necessary to regularly conduct so-called stress tests, that is, to simulate the consequences of the most unfavorable events. For example, the situation of a significant increase in prices for raw materials and materials is simulated and the consequences of such growth for the enterprise are analyzed, conclusions are drawn and appropriate measures are developed.

Liquidity risk management

The basis of management is the analysis of the planned cash flows of the company. Data on the timing and amount of receipts and payments when drawing up a cash flow budget is adjusted taking into account the identified risks. For example, when identifying cash gaps, the organization's management should eliminate them by reallocating cash flows or plan to obtain a short-term loan or loan to cover such gaps.

Operational Risk Management

Operational risks are inextricably linked with the activities of the enterprise, and they are usually managed by the heads of structural divisions. For example, the head of a production unit monitors the deterioration of equipment and determines the necessary measures to prevent failures associated with equipment failure. According to Andrey Novitsky, the risk management service cannot and should not completely replace the part of the work that is actually carried out by other structural divisions of the company in the course of their daily activities. A risk manager not only manages risks himself, but also helps other managers in this.

• Personal experience

  Mikhail Rogov, risk manager of the RusPromAvto automotive holding (Moscow), member of GARP (Global Association of Risk Professionals), member of the Board of the Russian branch of PRMIA (The Professional Risk Managers International Association), Ph.D. econom. Sciences, Associate Professor

  Unlike investment and banking institutions in industrial and trade enterprises operational risks prevail. Risk management is managed by the CEO and CFO, Chief Accountant, and with the gradual growth of the company, the functions of managing them are distributed between the security services, the legal department, control and audit services or the internal audit department. In any case, risk management issues should be controlled by top managers, CFO or representatives of the owner.

  Management principles operational risks are similar to the methods of managing other types: the choice of the control criterion, their identification and measurement, as well as the implementation of measures to optimize them. In the process of analyzing operational risks, "probability trees" can be used, that is, detailed scenarios of possible outcomes of events, which help to calculate quantitative risk assessments.

  Signals must be monitored to manage operational risks. Such signals can also be office notes about a complicated situation in any area, about frequent breakdowns of various units of the same machine, indicating a high probability of its failure.

Legal risk management

It is based on the formalization of the process of legal registration and support of the company's activities. In order to minimize legal risks, any business processes subject to them (for example, the conclusion of a supply contract) must undergo a mandatory legal review.

To minimize them when carrying out a large number of identical operations, it is advisable to use standard forms of documents developed by the legal department.

• Personal experience

  Mikhail Rogov

  One of the tasks of a risk manager in the process of managing any risks is to monitor their concentration. So, to manage legal risks, you should monthly request from the legal department a register of unresolved legal cases, claims and problems with an indication of the "issue price". Thus, the manager will not only have information about problems, but also data on possible losses due to untimely resolution of these problems. To reduce legal risks, the company needs a well-functioning procedure for passing documents (approval and approval), as well as the separation of powers of responsible employees.

Risk management organizations

According to Igor Tarasov, the success of the program largely depends on correct organization services for risk management and delineation of powers for the assessment, management and control of risks between departments. Realize efficient management described above should be a special unit or employee (risk manager). The responsibilities of the risk management division include:

• development of a detailed risk management plan;
• collection of information about the risks to which the organization is exposed, their assessment and ranking, as well as informing the management about them;
• advising the company's divisions on risk management issues.

An important point is the delineation of the powers of the risk manager and the top management of the company or business owners. As a rule, powers are divided depending on the amount of the most probable losses in the event of a risk event or the size of the limit. For example, a limit not exceeding $ 10,000 can be approved by the risk manager, and a limit above this amount by the CFO.

To ensure the continuity of business processes in the absence or inadequacy of a certain limit in the risk management program, it is necessary to prescribe the powers of the relevant persons (as well as persons replacing them in case of absence) to approve the exceeding of the limits, the time frame for responding to the request for exceeding the limits, the corresponding form. applications, etc.

It is also necessary to determine the place of the risk management unit in organizational structure enterprises and the principles of its interaction with other departments.

When starting to develop a risk management policy, you need to be prepared for painstaking and complex work, in the process of which you will have to closely interact with various structural divisions of the company. Therefore, managers of all services must have a good understanding of the goals of developing a risk management system.

"Creation of a risk management system will ensure business stability and maximize profits"

Interview with the Head of the Crisis and Risk Analysis Department of Norilsk Nickel Shamil Kurmashov

- In my opinion, it should identify and analyze possible problems enterprises, as well as determine in which area to look for ways to solve them (mathematics, economics, logic). Its main tasks are to provide leadership with an objective and complete information on its business positioning, development of effective management solutions aimed at preventing a crisis or minimizing the impact of risk factors, which is implemented in the corporate risk management system. - What tasks does the risk manager solve?

- Why is the risk management system being developed?

- The main goal is to ensure the optimal balance for shareholders and investors between maximizing profits and long-term business stability. I believe that in order to achieve this goal, the principles of complexity, continuity and integration should form the basis of the risk management system.

The principle of complexity implies the interaction of all divisions of the company in the process of identifying and assessing risks in the areas of activity. At the same time, the transfer of management functions to a unit whose risks are controlled can neutralize the positive effect of the introduction of procedures for managing them. For example, the sales department should not set limits on customer credits. This situation creates a lot of opportunities for abuse and is similar to the one when a person asks for permission from himself and gives it to himself.

An equally important principle of the enterprise risk management system is continuity, that is, constant monitoring and control of enterprise risks. This is necessary because the conditions in which the company operates are constantly changing, new risks appear, which also require careful analysis and control.

It is also necessary to observe the principle of integration, that is, to assess the company's integral risk - to give a balanced assessment of the impact on the business of the entire range of risks, ranging from a likely decrease in product prices and ending with possible damage from technological accidents. Its presence may be indicated by the instability of the key performance indicators of the organization: profit, cash flow, etc. This principle allows us to take into account the relationship of individual risks. As practice shows, the identification of such links between risks makes it possible to form a more balanced assessment of the situation and, accordingly, to optimize the need for the amount of funds necessary to ensure a balanced continuous operation of the company.

In addition, management is usually interested in how much, for example, the cash flow from operating activities may decrease compared to the annual plan and what needs to be done to eliminate the negative effect. To answer this question, you need to assess all the risks of the company and, first of all, the integral one.

- What steps are required to build a risk management system?

- Based on the experience of our company, I can highlight the following stages.

First, by analyzing the business processes of the organization, risks should be identified and reflected on a special map 3. When analyzing business processes, it is important to take into account the production specifics, the uniqueness of auxiliary and support industries, as well as the geographical location of the company's divisions, since these factors significantly affect the nature of the risks.

Secondly, it is necessary to create and implement a system of ongoing risk monitoring based on a system of operational risk indicators in the context of all areas of the company's activities.

Third, it is necessary to develop principles for assessing and predicting risks and test them for reliability using the back-testing method, which is as follows. The developed principles of assessment and forecasting are applied to real historical data, and the results obtained are compared with real events in the company. Based on this comparison, a conclusion is made about the adequacy of the system.

Fourthly, risk management systems are being developed to prevent their occurrence. Crisis scenarios are created - an algorithm for the actions of units in crisis situations. I would like to point out that risk management and crisis management should not be confused. If risk is the possibility of an event occurring, then a crisis is the result of an event that has already taken place.

And finally, fifthly, it is necessary to monitor how the economic activity of the enterprise, taking into account the introduction of the risk management system, corresponds to the strategic goals determined by the management of the enterprise (to bring the parameters of the economic policy in accordance with the adopted strategy).

As a result, employees who are involved in creating a risk management system must develop a clear risk management policy that will ensure transparency, sustainability and business continuity.

Interviewed by Alexander Afanasyev

__________________________________________
1 The non-profit partnership Russian Institute of Directors was established in November 2001 by leading Russian issuers. The founders of the partnership were OJSC SUAL-HOLDING, OJSC Mining and Metallurgical Company Norilsk Nickel, OJSC United Machine-Building Plants (Uralmash-Izhora Group), OJSC Surgutneftegaz, OJSC NK YUKOS. The goal of the institute is to develop and implement classification and professional standards activities of corporate directors, to form an effective Russian model of corporate governance. - Note. edition.
2 Basel Commitee on Banking Supervision is an advisory body created in 1975 and uniting representatives of banking supervisors and central banks of thirteen developed countries. - Note. edition.