Title: The Negative effect of Poor Risk Management on Business

Introduction

Everyone understands the concept of risk; people use it every day and take

chances daily, whether they recognize it or not. When weighing the benefits and

drawbacks of any decision, people are also weighing the risks. Any company and

organization face the possibility of unanticipated, damaging events that could cost them

money or force them to close permanently. Risk management enables businesses to

plan for the unexpected by reducing risks and additional costs before they occur. The

process of recognizing, evaluating, and managing risks to an organization's resources

and earnings is known as risk management. Financial insecurity, legal liability, strategic

management mistakes, incidents, and natural disasters are just some of the challenges

or hazards that could arise. For digitized businesses, according to Cole (2020), IT

security threats and data-related risks, as well as risk management techniques to

mitigate them, have become top priorities. There are common problems with insurance,

claims, and risk in general in every industry, from the small corner store to the large

manufacturer. Buildings can be destroyed by fire, people can slip and fall, car accidents

happen all the time, and faulty goods can cause losses. Understanding risk

management and learning to control liability is more important than ever for an

organization's success.

This paper discusses the issue of inadequate risk management in the workplace.

It is a normal occurrence in a society that has not yet been fully resolved. Furthermore,

this problem is widespread, particularly in the business world, and the world of

manufacturing, as one of the world's economic backbones, requires further investigation

or recognition. This paper would also address the essence of the issue as well as

potential solutions that may have a significant effect on the problem-solving situation

involving inadequate risk management.

History of Risk Management

The future is a challenge for risk managers. Even so, looking back in time can be

instructive and motivational at times. Knowing the past of risk management is a way to

understand its main usage and appreciate more its coexistence in society especially in

the world of business.

Some scholars claim that gaming spawned the first definition of risk

management. People in various ancient cultures played games with dice and bones

thousands of years before Internet users could play online poker. Also, about two

thousand years ago, people played games that developed into chess and checkers.

Dante and Galileo's writings provide some historical evidence that gaming spawned

probability theory, which is significant in risk management. In the 1600s, the renowned

mathematicians' Pascal and Fermat corresponded about games of chance, a

correspondence that is thought to have given rise to modern probability theory.

According to Rhodes in his article "A Brief Summary of the Long History of Risk

Management,” Corporate risk management was a profession long before the term "risk

manager" was coined. In England, for example, the first actuaries worked for a

forerunner of today's life insurance business as early as the 1700s. However, even

earlier examples will likely be found. When people controlled companies, armies, or

whole countries in the past, there were undoubtedly people working to handle risk using

the resources available at the time.

 Besides, according to the study of Dionne (2013), risk assessment research

started after World War II. Risk management has long been synonymous with the use of

market insurance to cover individuals and businesses from multiple accident-related

losses. Also, Other types of risk management emerged as alternatives to market

insurance during the 1950s, when market insurance was prohibitively expensive and

insufficient for protection against pure risk. Derivatives were first used as risk

management instruments in the 1970s, and their use grew steadily in the 1980s as

businesses tightened their financial risk management. In the 1980s, international risk

regulation began, and financial companies developed internal risk management models

and capital estimation formulas to protect against unanticipated risks and minimize

regulatory capital. Concurrently, risk management governance became critical,

integrated risk management was implemented, and chief risk officer roles were

established. Nonetheless, these policies, governance guidelines, and risk management

strategies did not prevent the 2007 financial crisis.

Similarly, Hay-Gibson (2008), the historiography of risk and risk assessment may

be used to assess the subject's background. As a result, the past of risk management in

this study can be traced back approximately 50 years. From the 16th century CE

onwards, evidence is accumulating for the subject's growth. The direction of the creation

of risk management has not been evident in terms of historiographical analysis. Instead,

historical evidence from papers and terminology development shows that risk, as a

social and academic topic, has both expanded and lost touch with some of its roots,

considering such technical and socio-cultural events as the advent of war and the
construction of the backbone of telecommunications and electronic document transfer

known as the Internet.

On the other hand, insurance agents were the first to create a risk management

process. They devised the method to shield their insurance company from financial ruin

by assisting clients in reducing losses and therefore liabilities (payout). Their success

piqued the interest and drew the attention of corporate executives seeking to reduce

their business risks. Russell B. Gallagher is widely regarded as the founder of today's

Risk Management structure, as well as the author of the first risk management books.

The early stages of this phase have since grown into their career sector. The business

program is being supplemented with specialized college courses. Most companies

expect risk managers to have a bachelor's degree, if not an MBA. In its simplest form,

the first step in risk management was to identify, evaluate vulnerability, quantify risk,

and then prevent or reduce the risk.

Risk management was mostly determined by the company owner or corporate

leaders in its early days. Risk avoidance necessitated a thorough understanding of

one's area of business or trade. This necessitated a high level of trust between

ownership and management. In certain cases, the course was trial and error, and the

tuition was profit loss. They had to always keep a finger on the pulse of their business.

A company's risk management decisions could put it on the verge of bankruptcy or put it

out of business entirely. If business owners did not remain informed about market

trends and economic indicators, or if they were too complacent and overconfident, they

would face financial ruin. The fast-shifting prices of goods and services, as well as the

loss of currency value stability as fixed parities became less predictable, ushered in a
revolution in the philosophy of financial risk management in the 1970s. The Capital

Asset Pricing Model (CAPM) is the model that most current theories of portfolio

management are focused on. This was established in the 1950s and 1960s, but only

became well-known during the 1970s revolution (ProcessPolicy.com, “THE HISTORY

OF RISK MANAGEMENT”)

Impact of Risk Management on the Business

A risk management strategy may influence the detection and review of possible

risks that might jeopardize the project, as well as the approaches people can use to

mitigate the risk and the consequences of unavoidable risks.

The impacts of risk on business or corporate priorities and objectives are more

meaningful to the operating entity for certain programs or initiatives. Risks are weighed

against the likelihood of a negative effect on the company's objectives. The use of risk

assessment software for the organization and its components will aid in risk

determination consistency. Even when the solution sets are the same, the risks can be

viewed differently at the enterprise level depending on the criticality of a component to

enterprise success (for example, risk of using commercial communications to support a

military operation and the impact of the enterprise on mission success versus risk of

using commercial communications for peacetime transportation of military equipment).

The study concludes that each risk event is evaluated for its potential effect on

the project. This evaluation usually considers how the event might affect expense,

schedule, or technical performance goals. However, the implications are not limited to

these criteria; political or economic consequences can also need to be considered.

Each risk event's likelihood (chance) of occurring is also evaluated. It is critical to match

the evaluation impact to the decision process when evaluating risk. Risks are usually

measured against expense, schedule, and technical performance goals in program

management. Oversight and enforcement, as well as political implications, can be

included in certain initiatives (MITRE, “Risk Impact Assessment and Prioritization”).

According to Gibson (2013), even before people get to their insurance plans, a

successful risk management plan saves money. Lower operating costs and more

benefits result from increased productivity and fewer losses. Good risk management

can also minimize the people’s risk exposure, resulting in lower premiums or even the

ability to reduce the coverage level. Risk is not anything to be taken lightly. It is not a

specter that might destroy the company at any time. it is a factor in how people run their

business, but it cannot be effectively handled. Risk will potentially help people improve

their company if they use the right risk management approach. Risk can be a very

beneficial aspect of your company. A good risk management policy is about more than

just avoiding catastrophe. Risk management done correctly will help you grow as a

business.

Ten Six (2017) stated that there is also a negative impact on poor risk

management. Poor risk management can have a significant negative effect on the

company. Bad risk management is something people cannot afford, whether it is due to

a delay in project benefits affecting the sales and profit streams, or one of the other

consequences mentioned below:

1. Poor User Adoption - the process of getting the team members to implement

a process, use the resources one person mandated, and adhere to the
 approach is known as user adoption. If they do not, they will get mediocre

outcomes because their colleagues are not following a traditional, best-

practice approach to risk management.

2. Unrealized Benefits - Risks can ruin a project's benefits in an instant, or they

can eat away at them over time due to ineffective management practices. Any

additional administrative activity adds expense and time to the project when

the team is not operating effectively, which affects how easily – if at all – the

benefits are delivered.

3. Late-running Projects - Unexpected threats can cause a project's progress to

be substantially slowed because it takes time to understand, analyze, and

prepare management strategies to monitor, act on, and track them. Delays

may also occur when risk management tasks take longer than anticipated,

pushing other project activities to the back burner.

4. Overspent Budgets - Risk management is not cheap. The cost of coping with

inadequate risk management if a risk materializes and becomes a real

problem for the business, on the other hand, is usually much, much higher.

Budget overruns occur when risks and the measures required to efficiently

manage them are not budgeted for. Overspends are often normal when

danger is not detected at all and the project team needs to scramble to find

funds to address it before the project falls apart.

5. Unhappy Clients - Clients do not want to be a part of something they consider

to be high-risk. They need to know what you're doing to minimize any

possible risks, as well as whether you have a backup plan in place.

 6. Reputational Damage – You do not want to be recognized as the organization

that is always caught off guard. Your clients must have confidence in your

ability to manage risk effectively. This follows on from the previous point:

disappointed customers pose a significant risk to the company's image. A

single negative review may have far-reaching consequences for future work.

7. Project Failure - In the end, failing to properly handle risk will fail the project. It

never finishes or delivers something worthwhile. The business case's goals

are not met, and they have squandered much of the time and money they

have put into the project so far.

Likewise, Oehem et al. stated that risk management is getting a lot of attention

because it is seen to cut costs, shorten timelines, and increase technological efficiency

in new product development programs. There is evidence that risk management

strategies are linked to the remaining two categories of outcome measures (project and

product success) and are linked to the first three categories of outcome measures

directly (improved decision making, program stability, and problem-solving).

Neglecting an impact risk can jeopardize people's or the planet's outcomes; thus,

businesses and investors must view these risks separately from financial risks. The

three data categories under the ‘Risk' impact dimension include a roadmap for

evaluating and minimizing impact risks for businesses and investors. Risk management

is the process of identifying, analyzing, and responding to risk factors that arise

throughout a company's operations. Effective risk management entails trying to

influence potential results as much as possible by behaving proactively rather than

reactively. As a result, good risk management can reduce both the likelihood of a risk

happening and the effects of that risk.

Effects of Poor Risk Management in a Business

Poor risk management has the potential to have a significant negative effect on

an enterprise. Whether it is a project delay or failure to take the appropriate measures to

deal with threats, weak risk management is something that no business, agency, or firm

can afford. When people are unable to handle risks, they will experience project delays

and, in certain cases, failure. It wastes time, does not finish the job, even if it does, it

does not communicate the importance. As a result, time and money have been wasted.

Clients, overall, do not want to get involved in something that carries a high level of

danger. They want to know what is going on and what people doing to mitigate the risks

to the company. When they say risk management, they are saying that it costs money.

However, if the risk proves to be a real problem for the business, the cost of

coping with it would be much greater than expected. Overspending on the budget

occurs when the risk is not detected. As a result, the team attempts to raise funds until

the project runs out of steam. User acceptance is the process of getting the team

members to implement a process, use software, and adhere to best practices. There

would be bad results and a rise in risk control if the office staff does not comply

(FinanceGab.com, 2018).

The discussion of Ronald and Subiyakto (2016) in a research gate, due to the

complex dependencies related to the environment, management, method, process,

resource, and stakeholder factors, any project will inherently have risk. Most project

stakeholders, especially managers, are often unconcerned about it. Apart from agreeing

with the previous viewpoints that place a premium on the planning stage of a project,

people believe that risk management should be a priority during the project

implementation phase in terms of the climate, system, process, and stakeholder

concerns. The planning is concerned with anticipating failure. If an unexpected case is

occurred at the mid or end of the stages, how to handle the situation and repair the

damage. Sometimes, the perfect plan uncovers an unexpected situation.

The Risk Specialists (2017) added that poor risk management can have a

significant negative effect on the company

Below are a few of the most significant impacts of poor risk management:

When risk management activities take longer than anticipated or scheduled, the

project may be postponed. Unforeseen threats may also have a huge effect on project

schedules, delaying projects substantially due to the time required to understand and

analyze them.

 Risk management, like everything else in the industry, is costly. When

risks and the activities that go along with them are not properly budgeted,

budget overruns are common. Overspending can also happen when a risk

is not detected.

 Clients do not want to be a part of something they consider to be high-risk.

They need to know what they are doing to minimize any possible risks, as

well as whether you have a backup plan in place.

  Both above can be due to a lack of user acceptance of risk management

processes in any way. People get bad results if the teams do not

implement a process, use the methods mandated, and adhere to the

technique because they are not operating to a traditional, best practice

way of managing danger.

Similarly, poor risk control costs a lot of money. Emerging threats catch

project managers off balance. And these dangers may develop into problems

that require more time and money to resolve.

Possible Future Solutions

It is important to have solutions to the problem in poor risk management

since any company and business faces the possibility of unanticipated, damaging

events that could cost them money or force them to close permanently. Risk

management enables businesses to plan for the unexpected by reducing risks

and additional costs before they occur.

There are top 10 tips on how to improve risk management, according to

Callister (2019), the following are the tips:

1. Be clear about your remit - Any obligations holes in the company raise the

likelihood of anything going wrong. Ascertain that everyone understands what

aspect of the company they are responsible for, as well as what events and

responsibilities they are responsible for.

2. Identify risks early on – It is never too early to begin considering risk. The

quicker they take action, the less difficult it will be to handle the risk. Many of
 the work processes and organizational culture should include risk

management.

3. Be positive - Not all threats are bad, so do not concentrate only on the

negative aspects. Risks may also be beneficial, providing opportunities and

allowing people to capitalize on a particular event or circumstance.

4. Describe risk appropriately - It is best practice to build a risk ‘string' that

distinguishes between cause and effect as part of the risk evaluation process.

5. Estimate and prioritize risk - Assess and prioritize all identified risks using a

risk matrix. The probability (likelihood) and effect of risk can be used to

determine its magnitude (severity).

6. Take responsibility and ownership - Take responsibility rather than waiting for

someone else to fix a problem if people notice something is wrong, such as a

possible safety concern, alleged fraud, or security breaches. When everybody

is motivated to speak up and take action, risk management works best.

7. Learn from past mistakes - Make use of historical data and anecdotes to learn

from past errors and avoid making them again.

8. Use appropriate strategies to manage risk - Use the 4Ts model to determine

the right risk management strategy. This entails:

Risk transfer is the process of transferring responsibility for a risk to a person,

a company, or a third party. Taking no action to eliminate or minimize risk is

known as tolerating risk (it still needs to be monitored) Treating risk entails

taking steps to minimize the probability of a risk occurring or to lessen the

 effect of risk until it occurs. Terminating risk entails making changes to

procedures or policies to fully remove risk.

9. Document all risks in a risk register – people will be able to see 'the bigger

picture of the entire risk exposure by collecting all risks across the business,

which will increase knowledge sharing and transparency. Remember to keep

track of who is responsible for what and to name a risk owner.

10. Keep monitoring and reviewing - The level of risk the people face shifts over

time, with new threats arising and others becoming less dangerous. People

will be able to respond when the time comes if they are vigilant and

constantly track the exposure.

Also, Risk exists everywhere, and having a risk management plan in place in the

workplace is critical. Not only does this entail all of the above, but it also entails

educating the employees on what constitutes risk, so they know what to look for and

how they can help with risk management.

However, Primo (2013), recommended that in an inherently unpredictable

environment, staying "in control" is a relative term. There is no such thing as a risk-free

company or a risk-free boss. Clarity on what is required of managers and staff workers

would help the business’ culture. There must be clear communication about what

constitutes acceptable conduct and what does not, as well as the acceptable ranges of

deviations from specified goals. Establishing a formal process for handling the business

charters, procedures, orders, and other key policy and procedure documents would be

beneficial.
 Moreover, the primary goal of all risk management, internal control, internal audit,

and other support functions activities is to help the company achieve its goals. The

results of risk assessments are merely predictions. Factors including personal interests,

expertise, recent interactions, and character characteristics of those involved color

these studies significantly. Risk forecasts should provide business managers with a

more balanced view of the future — in other words, they should provide opportunities.

A danger that falls into the top category should take precedence over the others,

and a strategy should be placed in place to avoid, or at the very least minimize these

risks. There is, nevertheless, a catch. If a risk is on a lower rung but has the potential to

cause more financial damage, it should be prioritized. As opposed to the possible

expense of uninsured risk, purchasing insurance help people to pass the risk to

insurance providers at a low cost. If people want to run a long-term company, they need

to have a good reputation. Customer service is crucial to a company's growth. To

ensure the best quality, make sure to test the goods and services. If people just getting

started, make it a rule that buyers with bad credit must pay in advance, which will help

them prevent problems down the road. To do so, people need a system in place that

allows them to spot bad credit risks ahead of time. This is directly related to employee

preparation. If they sell goods and/or services and set high expectations for the

employees, they can be tempted to take excessive risks, which can damage the

company's reputation. Instead, teach the staff to prioritize consistency over quantity.

Investing in an outside risk management team would be a wise decision (Moskowitz,

2020).
 Apparently, according to De-Risk (2019), there are a set of stages in project risk

management – the theory. The following are the stages:

Recognize the dangers: Workshops, brainstorming, and distributing standard

models for team members to complete are also popular strategies for identifying risks.

Examine: Impact is usually expressed in terms of a monetary loss if the risk

exists, or qualitatively using a high/medium/low (HML) type scale. Probability is usually

expressed as a percentage probability of the risk occurring (if no action is taken), but it

may also be assigned to an HML style scale.

Prioritize: This is usually achieved by multiplying the impact and likelihood to get

a 'risk exposure.' As before, this will either be a number or an HML style scale. After

that, risks are usually prioritized from the highest to the lowest risk exposure.

Risk Management Planning entails agreeing on the risk management priorities.

Risk Reduction/Resolution: Breaking down risk mitigation into phases and determining

who will do what, where, and how.

Risk Monitoring: Choosing the governance mechanism for how management can

track risk management plans and ensure that they are carried out, such as holding daily

risk meetings, including risks on the agenda of project meetings, virtual meetings, and

so on.

Conclusion

Risk management is the mechanism by which companies define, evaluate, and

react to threats that may affect their operations. Risk management is the process of

making and implementing decisions that reduce the negative effects of risk on a
company. Risk's negative consequences may be factual and quantifiable, such as

insurance premiums and claims expenses, or subjective and difficult to measure, such

as reputational harm or reduced productivity. A business can protect itself from volatility,

minimize costs, and increase the probability of business continuity and profitability by

concentrating attention on risk and investing the required resources to manage and

mitigate risk. The history of risk management can be traced back decades ago and it is

still important in maintaining the good qualities of a successful business. However, there

is poor risk management that would broadly affect the enterprises. Poor risk

management has the potential to have a significant negative effect on an enterprise.

Whether it is a project delay or failure to take the appropriate measures to deal with

threats, weak risk management is something that no business, agency, or firm can

afford. On the other hand, no problem has no solutions even the poor risk management.

There are ways on improving risk management to guide the company or the business.

Hence, it is possible to have a good and leading future by properly managing risk in a

market or organization.
 Bibliography

Callister, Lynne (2019), “10 Things You Should Do to Improve Risk Management at
Work” https://www.skillcast.com/blog/10-things-you-should-do-to-improve-risk-
management-at-work
Cole Ben, “Risk Management” https://searchcompliance.techtarget.com/definition/risk-
management#:~:text=Risk%20management%20is%20the%20process,errors%2C
%20accidents%20and%20natural%20disasters.
Dionne, Georges (2013), “Risk Management: History, Definition, and Critique”
https://onlinelibrary.wiley.com/doi/abs/10.1111/rmir.12016#:~:text=The%20study
%20of%20risk%20management,various%20losses%20associated%20with
%20accidents
FinancaGab.com (2018), “The Impacts of Poor Risk Management? What Can You Do
About It?” https://www.financegab.com/personal-finance/the-impacts-of-poor-risk-
management-what-can-you-do-about-it/
GIBSON (2013), “3 POSITIVE EFFECTS OF AN EFFECTIVE RISK MANAGEMENT
STRATEGY” https://www.thegibsonedge.com/blog/3-positive-effects-of-an-
effective-risk-management-strategy#:~:text=Greater%20efficiency%20and
%20fewer%20losses,something%20to%20be%20sacred%20of.
Hay-Gibson, Naomi (2008), “A River of Risk: A Diagram of The History and
Historiography of Risk Management” https://core.ac.uk/download/pdf/4147339.pdf
MITRE, “Risk Impact Assessment and Prioritization”
https://www.mitre.org/publications/systems-engineering-guide/acquisition-systems-
engineering/risk-management/risk-impact-assessment-and-prioritization
Moskowitz, Dan (2020), “Top Ways to Manage Business Risks”
https://www.investopedia.com/articles/personal-finance/072315/top-ways-manage-
business-risks.asp
Oehem, Josef, Olechowski, Alison, Kenley, Robert, Ben-Daya, Mohamed (2013),
“Analysis of the effect of risk management practices on the performance of new
product development programs”
https://www.sciencedirect.com/science/article/abs/pii/S0166497213001612
Processpolicy.com “THE HISTORY OF RISK MANAGEMENT”
https://processpolicy.com/history-risk-management.htm
Primo (2013), “10 Ways to improve risk management” https://primo-europe.eu/10-ways-
to-improve-risk-management/
Rhodes, Angus “A Brief Summary of the Long History of Risk Management”
https://blog.ventivtech.com/blog/a-brief-summary-of-the-long-history-of-risk-
management
Ronald Ouma and Subiyakto A’ang (2016), “Why is poor risk management a major
cause of project failure”
https://www.researchgate.net/post/why_is_poor_risk_management_a_major_caus
e_of_project_failure
Re-Desk (2019), “Where Risk Management Fails and How to Fix It” https://www.de-
risk.com/where-risk-management-fails-and-how-to-fix-it/
Ten Six (2017), “7 IMPACTS OF POOR RISK MANAGEMENT (AND WHAT YOU CAN
DO ABOUT THEM)” https://tensix.com/2017/03/7-impacts-of-poor-risk-
management-and-what-you-can-do-about-them/
The Risk Specialists (2017), “The Impact of Poor Risk Management (and what you can
do about it)” http://www.continuancy.co.uk/impact-poor-risk-management-can/