Showing results for 
Search instead for 
Did you mean: 
Showing results for 
Search instead for 
Did you mean: 

Risk management – engage and improve

Community Manager



Risk management is a daily routine, involving key internal counterparts to be efficient. By identifying and investigating your exposures thoroughly, you are likely to find up to 75% of possible impacts divided over the 4-8 largest risk areas.

In this blogpost written by our guest-author Rasmus Schiønning, you will read about the main reasons for doing risk management, the limitation faced by corporates in their current models, daily work on risk management, onboarding risk ambassadors and finally finding the few risks that matters most.


Why Risk management is important
Why corporates invest in risk management is based on the below areas:


 The “current” risk model
Often corporates have risk models and measures, which looks fine on the surface, however have not been maintained or reviewed for a long period. This is partly due to:

  • Older implementation of risk management software (e.g. TMS has specific models which are not applicable/best fit to current risk picture – see VAR vs. CFAR later in this blog)
  • Uncertainty in what/how to measure (e.g. risks are not measured, as no direct data is available)
  • Business areas have evolved, and significance of each business areas might have shifted (e.g. changed product/production)

From my experience several corporates are aware that their risk modelling is adequate, but not always sufficient. The risk models often have historical roots (we have always measured this way and management likes it).
Further the modelling has proven to be the best available with the resources we have (i.e. no time for updating and rolling out new risk models).
Finally quantifying the risks with high confidence, do require good data & modelling, which might not be directly available (i.e. Operational risk - knowing which (critical) spare parts poses the largest risk cannot be found in any economical reporting/ERP).


Risk – important questions & daily discipline
The first questions in evaluating your risk set up, are often:

When was the last time a review of the risk modelling and reporting was done? Was it a year ago or maybe more? 

  • Example - evaluating if the current VAR (Value at Risk) reporting is a good measure compared to CFAR (Cash Flow at Risk) reporting which starts from estimated cash flows. CFAR may in fact be more suitable for measuring the risk at hand.

How sure are we that we have the actual, and most significant risks in our risk strategy? 

  • This question matters, as risks are not static incidents, but something which can arise quickly (e.g. trade conditions (renegotiation of EU trade agreements) or referendums (Brexit))

Secondly, the acceptance of the term “Risk management is a daily discipline” is significant. You cannot be proactive in your risk management based on insufficient data, old models or no resources. It would be like steering without a map.
Unfortunately, some corporates do not set aside enough resources to do a centralized, coordinated effort to mange their risk exposures. With the current workload and standard FTE nominations within Treasury, it is difficult to have time to do proper risk management.


Identifying and communication with risk ambassadors within the company, is important. The change in models are not always well received – I have seen cases where management have asked the Treasurer why the risk reporting had to change. Even with comments like “it has been working until now, right?” Here the Treasurer have a task to educate and inform management and risk ambassadors about risk management and the fact this can/will change over time.

“The few which matters most”
What we know from corporate examples, is, that often 4-6 identified risk areas makes up at least 75% of the corporate risk for the company. That is why finding these risks requires focus and work to identify/map all. Then from risk modelling you can evaluate the possible impact of these few significant risks. Further correlation calculations with other risks can be included to build the proof on importance.
Unfortunately, not all companies have this clarity, thus having a risk strategy covering the 10 most significant risk exposures.


The benefits of doing a detailed risk identification and management, is, the fact that savings are possible. By savings, I mean avoidance of costs - hedging limited risks or buying insurances for improbable exposures, can be eliminated.

Key take aways
Finally, a few points to remember in your risk management. Below a list of elements which will impact your efficiency and risk management:

Organization / Owner

  • Is the risk management approach to centralize or keeping decentral?
  • Is it clear for all, who is responsible for each risk/exposure?
  • Are the risk policies updated and supporting the Treasurer / Business?

Culture / Mindset

  • Is risk observation included in the mindset of our employees/colleagues? If not, then it is difficult to identify risks early / limit exposure efficiently. Start to include a Risk mindset throughout the company
  • Do we have buy-in from business and management? Remember risk management cannot be done efficiently by Treasury alone
  • Common “risk” language is important to share and understand risks across the company

How you manage your risks

  • Knowledge on how to scope, create policy, perform analysis and manage risk is required. Continue to educate yourself and evaluate if you have the risk models and reporting that you need.
    Keeping inherited risk reporting / qualifications (i.e. VAR value for financial risk and Smileys for reputational risks) will limit the ability to compare across areas/silos
  • Do we have the overview of what is measured, and which data do we use to quantify exposures? Can these data be repeated with reasonable effort, to enable proactive behavior in your risk management/strategy?



About the author

Rasmus_Schiønning.jpgRasmus Schiønning is a trusted advisor for large international companies and banks within Treasury, Risk Management, Cash Management and Banking, having more than 20 years of experience across 80+ countries. Helping corporates with a range of tasks including; policy definitions, TR vendor negotiations, business transformations to shared services, bank tendering, TMS selection & implementations and compliance evaluations.