Implementing Risk Management Program

Prima Industries Ltd. was a medium-sized Indian company operating in a mature market for about a decade. It had fully functional departments like, operations, quality assurance/quality control, product development, sales and marketing, engineering and maintenance, warehousing and distribution, and finance and IT. The company had business units in various sites, some own and some leased. The company used state-of-the-art process plant with modern equipment. Sometimes Prima hired or leased equipment. It availed various services from a number of contractors in the areas of transport, maintenance, storage, wholesale distribution, advertising, accounting and audit. In the wake of liberalization of Indian markets and increasing competition, the company was exposed to various risks arising from changing technology, vibrant markets and uncertain external environment. In this context, the board and executive management planned to develop and implement a risk management program through out the organization. The board wanted a risk management program that could identify and monitor the organization's risks and assure the board and stakeholders that prudent and diligent measures were in place to minimize liabilities to the company arising from various risks. Prima approached the development and implementation of the risk management program in five stages. Stage 1: All the employees were informed about the objectives/goals of the risk management program. A risk advisor was hired to develop the company's risk profile. He interviewed managers and employees from various departments to get a wide-ranging view of the organization's risk exposures and other weak spots or pitfalls in its present risk control system. The advisor, at this stage, mainly concentrated on preparing a 'risk register' listing various business and operational risks. All these risks were documented after being ranked depending on their severity. Stage 2: A risk management steering committee (it was planned that once the risk management system was in place the steering committee would be in charge of its operation) comprising relevant personnel was set up to establish priorities for the risks listed in the risk register. These risks where prioritized based on qualitative assessment and rating scores. The risk prioritizing involved the following steps. Each risk was assigned a weight (score) by the committee in terms of their relative importance to the company. The weighted average score of each risk exposure was calculated. The cost associated with each risk exposure to the organization was calculated. The cost-benefit of each risk response was calculated. Then a relative priority is assigned. Stage 3: A future action plan for managing the organization's risk was devised depending on the risk priorities and cost-benefits of various risk responses. The list of necessary tasks, schedules, resources and costs required to implement the risk management plan was prepared. Stage 4: The implementation of the risk management program was left to the managers of

the business units. Every unit was given a list of risk management tasks. The audit team studied the progress and submitted its findings to the relevant units to enable them to know where they stood in implementing the risk management program. Stage 5: A reporting system was put in place to monitor and communicate the progress of the risk management process to various parties involved in it. The managers of the units where informed immediately about any product defect, litigation or schedule creep. The quarterly performance reports were submitted to the top management with the loss, risk and audit results related to all the departments/business units. Within a year, risk management had become an integral process at Prima. The board was satisfied with the effectiveness of the risk management program in achieving its goals. At a board meeting, the chairman, after seeing a financial report incorporating the risk management reports said, "now I am convinced that our organization is fully equipped to respond to any risk in a way that minimizes the liabilities to the company."