Why risk aggregation is essential in a world of growing uncertainty!
Today’s market and competitive playing field are creating major challenges for many companies. While the COVID-19 pandemic is slowly easing up, its long-term economic impact remains unclear. In addition, the emergence of major geopolitical risks has revealed how vulnerable the economy truly is. Supply chains have been disrupted, and the availability of basic raw materials for critical value-added chains is suddenly in question.
How much risk can your company handle?
Companies are currently facing a level of uncertainty never seen before and will need to respond accordingly in their strategic alignment and operations management. But can they bounce back to take on these future challenges?
All companies must ask themselves: How high is their total risk situation and risk-bearing capacity? Do they have the financial means to cover risks without putting their own existence in jeopardy? Are they resilient enough to be successful and competitive in the market?
These questions illustrate how important risk aggregation and risk-bearing capacity are when making strategic business decisions. In addition, both topics are growing more relevant from a regulatory standpoint as well. They are the central pillars of IDW 340, the new auditing standard from the Institute of Public Auditors in Germany. It requires companies to be aware of their total risk situation and risk-bearing capacity in order to determine what level of risk they can handle without putting their own existence in danger.
Both aspects – ensuring leeway in corporate decision-making and securing their own existence – show how relevant risk aggregation and risk-bearing capacity are for the future development of companies.
Risk management in times of crisis: The importance of risk aggregation and risk-bearing capacity
The COVID-19 pandemic and other geopolitical crises have revealed major weaknesses in how many companies manage risks. Although the World Economic Forum has regularly warned about the risks of pandemics and geopolitical developments in its annual global risk reports, they have only played a minor role, if any, in the risk management process. Yet it is these global developments with their countless interdependencies that have had major effects on the current risk situation and the future success of companies.
Due to today’s grave developments and their potential economic effects, aggregating risks and analyzing a company’s specific risk-bearing capabilities has moved into the spotlight. After all, without a systematic aggregation of individual risks in light of their interdependencies and the overall risk-bearing capacity, it is impossible to make a fact-based assessment if the company’s existence is in jeopardy or it has the finances to cover its total risk. There is also no real benefit-risk analysis, a basic principle for making business decisions amidst uncertainty.
Concepts for risk aggregation and risk-bearing capacity are essential for success
Aside from the clear business benefits of concepts for risk aggregation and risk-bearing capacity, the new edition of IDW PS 340 has tightened the requirements for its design and verifiability. These requirements have set the framework for calculating risk-bearing capacity and aggregating risks while leaving companies the leeway to design specific concepts for their needs.
In order to analyze their risk-bearing capability, companies first need to create an aggregated risk portfolio that has been compiled and evaluated as realistically as possible. Yet many have their work cut out for them, especially with regard to risk quantification and aggregation, which require a common methodology and suitable criteria for a systematic evaluation and aggregation. The interdependencies among the individual risks also need to be taken into account to recognize any compounding or compensating effects. Having an aggregation methodology makes it possible to compare the total risk situation to the criteria for risk-bearing capacity. The underlying rules of the evaluation methodology must be consistent with the respective risk-bearing capacity.
To analyze the risk-bearing capacity, companies must be able to link it to logical, measurable criteria, such as equity, liquidity or ratings. The liquidity-based approach is generally used to calculate risk-bearing capacity.
The concept of analyzing risk-bearing capacity must be adapted to the individual company. One example is the time frame, which clarifies the definition of risk-bearing capacity and coincides with the company’s planning horizon. It is also necessary to tailor the analysis to the specific company, industry and current economic situation and verify the validity of these criteria on a regular basis.
IDW PS 340 n.F. explicitly requires executives to be involved in making decisions regarding the company’s risk-bearing capacity, thereby, closing the loop, and strengthening the role of risk management in enterprise management.
Stronger integration of risk management and enterprise management
To foster a tighter integration with enterprise management, companies must extend the scope of their enterprise risk management so that political, environmental, health and supply-chain risks across the globe can play a stronger role in the analysis. This is necessary to allow for a fast, targeted, consistent response following the analysis of each identified risk.
Linking primarily subjective risk assessments to objective data from internal and external sources is necessary for successful enterprise management. Creating risk scenarios and running risk simulations lay the foundation for developing strategies and plans to survive future crises. The implementation of well-founded concepts for risk aggregation and risk-bearing capacity are essential to build a tight integration between risk management and enterprise management.
GRC software: Making risk information transparent and available to determine the total risk situation
The concepts of risk aggregation, risk-bearing capacity and the continual observation of the current risk situation require an innovative software solution such as BIC Enterprise Risk, which brings all relevant risk information together to create a complete view of the risk situation. Companies gain the insight they need to analyze their individual risk-bearing capacity and build the framework for business decision-making to be competitive in a market marked by great uncertainty.
The available risk information is processed transparently in BIC Enterprise Risk and aggregated based on risk scenarios through simulation and stress tests to determine the total risk situation. Using consistent evaluation methods, companies can compare total risk to their risk-bearing capacity. Decision-makers throughout the enterprise receive all relevant risk information from an integrated, complete risk management solution and have the ability to respond quickly and consequently to arising challenges during times of crisis.
Get to know our risk management software BIC GRC
Join our webinar “How Much Risk Can Your Company Handle?” to learn more about risk aggregation and risk-bearing capacity from our GRC experts and see a real-world implementation live in our tool. Get to know BIC Enterprise Risk, our professional, prebuilt risk management solution that fulfills all leading standards out of the box.
How much risk can your company handle?
Discover the effective way to aggregate and simulate risks with BIC Enterprise Risk. (webinar in german)
BIC Enterprise Risk
BIC Enterprise Risk is our intuitive, fast-to-implement standardized solution that fulfills leading standards.
Value-based governance, risk and compliance management for your company's success
A professional GRC strategy builds the foundation for successful business management. BIC supports you with a unique combination of the latest technology, an intuitive user interface and fast implementation. That makes working with the BIC GRC Solutions so easy - in all GRC areas.