This document discusses deploying risk management in small and medium enterprises (SMEs). It defines risk and outlines the types of risks facing SMEs, including credit, operational, market, liquidity, legal, and compliance risks. It also describes enterprise risk management (ERM), which deals with risks and opportunities affecting value creation. The key components of an ERM framework include risk assessment, risk response, control activities, information and communication, and monitoring. Implementing ERM can help SMEs align strategy with risk appetite, reduce losses, improve overall risk ratings, and facilitate long-term survival.

1. DEPLOYING RISK MANAGEMENT IN
SME MANAGEMENT
Sikiru SALAMI ACA, ACSI
ICANPROFESSIONAL YAHOOGROUP
Entrepreneurship Seminar

2. OPENING QUOTE:

3. ■ And the struggling pharmaceutical SME failed
■ How a fledgling Audit Firm put its owners in BIG
TROUBLE
CASE STUDIES ON RISK
MGT FAILURES

4. Why Small Businesses Crumble So Soon

5. What is it about RISK?
Risk as a cause – e.g. fire, theft, fraud
Risk as a likelihood – probability of occurrence
Risk as an object – the objects that constitute the risk, e.g.,
factory, aircraft, ship, young male drivers
Risk as an action – taking a risk by doing something or not
doing something
Risk is a condition in which there is a possibility of an
adverse deviation from a desired outcome that is expected
 Risk is all pervasive of all human endeavour

6. SCARED OF RISK?

7. RISKS FACING SMALL BUSINESSES

8. TYPES OF RISK
 Credit Risk: The risk of loss arising from loan default or unpaid
account receivables
 Operational Risk: The risk of loss resulting from inadequate or failed
policy, processes and systems or from external events
 Market Risk: The risk of loss resulting from adverse movements
in the market prices, interest rate, equities, commodities, or
currencies.
 Liquidity Risk: The risk of loss to an entity arising from its
inability to meet its obligations as they fall due.
 Legal Risk: The risk of loss arising from inability to enforce a
contract against a counterparty, or unfavourable legal
proceedings.
 Compliance Risk: The Risk of loss arising from breach of
regulatory requirements
 Strategic Risk, Reputational Risk etc.

9. TYPES OF RISK (cont’d)

10. Enterprise Risk Management (ERM)
ERM deals with risks and opportunities affecting value creation or
preservation
ERM “is a process, effected by an entity’s board
of directors, management and other personnel,
applied in strategy setting and across the
enterprise, designed to identify potential events
that may affect the entity, and manage risk to be
within its risk appetite, to provide reasonable
assurance regarding the achievement of entity
objectives.”
Source: COSO Enterprise Risk Management– Integrated Framework. 2004. COSO.

11. COMPONENTS OF ERM FRAMEWORK

12. Benefits of ERM Implementation
 Aligning risk appetite and strategy
 Enhancing risk response decisions
 Reducing operational surprises and losses
Improving overall risk rating
 Improving deployment of capital
Complying with regulatory changes
Improving shareholder value
Facilitating long term survival

13. Risk Assessment Process
Identify relevant business objectives.
 Identify events that could affect the achievement
of objectives.
 Determine risk tolerance.
Assess inherent likelihood and impact of risks.
Evaluate the portfolio of risks and determine risk
responses.
Assess residual likelihood and impact of risks.

14. Risk Assessment (Cont’d)
Risks are analyzed, considering likelihood and impact,
as a basis for determining how they should be
managed
Risks are assessed on an inherent and a residual
basis.
RISK MAP
“Risk = (Probability of event occurring) X (impact of event occurring)”
5 LOW MED HIGH EXT EXT
4 LOW MED HIGH HIGH EXT
3 LOW MED MED HIGH HIGH
2 LOW LOW MED MED MED
1 LOW LOW LOW LOW LOW
LIKELIHOOD 1 2 3 4 5
CONSEQUENCE
L x C
Score 0 - 5 = Low
Score 6 - 10 = Medium
Score 12 - 16 = High
Score 20 - 25 = Extreme

15. Risk Response Actions
Accept = monitor
or
Avoid = eliminate (get out of the situation)
▪ Mitigate = institute controls
▪ Share = partner with someone (e.g. insurance)
▪ Residual risk (unmitigated risk)

16. Business Continuity Planning (BCP)
BCP is a roadmap for continuing operations under adverse
conditions such as fire incident, server crash etc.
Important documents should be duly protected with a back up
facility and kept in an offsite facility.

17. KSF for an Effective ERM Implementation

18. Implementation Challenges

19. Concluding Quote
“For firms to succeed in this increasingly global
and competitive marketplace, risk management
must become a state of mind. A systematic and
proactive enterprise-wide approach to managing
risks is essential to making risk management an
integral part of the company’s DNA”
-NURAG SAKSENA –CRO, Freddie Mac
“There are risks and costs to a programme of
action; but they are far less than the long
range risks and costs of comfortable
inaction”
-John F. Kennedy