Menu
Global

Choose the language of your country

Menu

Issue 1: Risk Management

Risk management for SMEs

How to make your company storm-proof

“Risk Management means consciously taking risks”

Prof. Dr. Kristian Giesen

Dangers

Small and medium-sized enterprises often do not have early crisis detection – the following dangers are particularly virulent for them.

The potential danger depends strongly on the respective business model and structure of the company. However, there are also some dangers that are equally dangerous for all companies.

These include, above all, cyber attacks and changes in the market environment. For many manufacturing companies, it is particularly business interruptions triggered by problems in global supply chains, for example. Companies that are close to the public are particularly vulnerable to reputational damage, and those with a high level of leverage to changes in interest rates.

The focus of many SMEs is often on the less threatening risks, while “life-threatening” risks are ignored.

Particularly in SMEs, we can observe that the management is more concerned with operational threats and pays little attention to strategic issues. This approach is almost negligent in today’s world; such a company is already in a strategy crisis. In addition, some obvious threats are ignored.

These include, in particular, cyber-attacks; many SMEs assume that you are not in focus, while the exact opposite is the case. Too little attention is also paid to the risk of key personnel – especially in management – failing. In addition, the risk that the bank will call in the loans, causing the company to suffer a “sudden death”, is underestimated.

Corona, inflation, Ukraine war – the danger from zombie companies surviving only on low interest rates and government support.

The rise in key interest rates increases borrowing rates.

Since German companies are on average 70% leveraged, this can have a strong effect on the P&L. In addition, it is possible that we are facing a wave of insolvencies due to the recent crises (financial crisis, debt crisis, Corona).

The underestimated danger posed by correlated risks occurring simultaneously.

Many companies have commendably started to look at their risks in a risk inventory.

This is a relatively simple and effective way to look at individual risks and can avert danger or manage it wisely. However, focusing on individual risks can be deceptive; while a single risk can make for a painful entry in the P&L, it often does not bring the company to its knees. Rather, it is the combined occurrence of multiple risks that causes a business crisis and leads to insolvency. Risk management can implement the consideration of combined risks and thus also calculate an insolvency probability (the company’s own rating).

Risk managers are quickly seen as killjoys, and that carries dangers.

In many companies, risk management is seen as a chore and there is too much focus on meeting legal requirements without appreciating the benefits.

Often, the risk manager is also seen – incorrectly – as the person who exclusively points out potential dangers. However, sensible risk management does not mean minimizing dangers, but rather consciously taking them in order to increase the success of the company. Risk management should pay off and make the company more successful. It can also reduce interest expenses, as banks appreciate it when a company deals with possible dangers.

Recommendations for action

These are the strategies companies should implement to achieve risk competence.

The first step is to shed stability thinking and accept that the world has become very fast-paced and drastic changes come out of nowhere.

You have to prepare for this and it can even generate competitive advantages. In addition, it is important to deal with one’s own risks in a structured way and to adopt methods that allow one to think strategically and keep the company transparent in front of one’s eyes. These methods are sometimes very simple and effective. It is a pity that the German corporate landscape makes too little use of them.

For some companies, there is hardly any time to focus on crises or risks – speed of action is a must.

Speed of response is becoming increasingly important. Corporate crises typically have a gradual course and can be recognized before they manifest themselves in the company’s key figures.

At this stage, there is still enough room for maneuver to initiate simple measures. If liquidity problems are already present, shortly before insolvency, the measures are dramatic and often led by panic. Companies that do not find the necessary time to focus on crises and risks set their priorities wrongly. Analogously, one can imagine a car driver who is more focused on a phone call than on the road.

Organisation

Which departments should deal with the topic of risk.

The topic of risk should clearly be placed with the management, purely out of self-interest.

The management has the central task of making high-quality entrepreneurial decisions. Without risk information, it is impossible to fulfill this task. Legislation (Business Judgement Rule) has even prescribed this view and implemented the Damocles sword “private liability of the management”. In order not to be overburdened, preparatory actions (a large part of the work) should be taken over by controlling or, in the case of larger companies, a separate department should be established for this purpose.

Duty to manage risks – WHO is affected and WHAT must be implemented.

As early as 1998, legislation stipulated through KonTraG that companies must deal with early crisis detection. However, this regulation was interpreted by almost all companies in such a way that it applies exclusively to listed companies and large GmbHs.

On 01.01.2021, the legislator specified with StaRUG that this obligation applies to all (!) corporations.

However, many companies do not act accordingly, which in turn poses a great risk to the private assets of the management. For partnerships, however, early crisis detection is at least equally important; the assets of the owners are directly affected by a crisis.

To do this, one must first understand what risk means. Risk does not mean “danger”, but rather uncertainty about the future: one does not know whether a circumstance will develop well or badly. Every company should define a risk strategy for itself and act accordingly. Often, “risky” behavior is caused by ignorance: one is not aware of the danger one is putting oneself in. This effect is related to the so-called “overconfidence bias”.

Money management for consumers

Read the next article

Be the first to read our next issue – sign up to our newsletter here

"*" indicates required fields

By submitting this form, you agree to receive promotional messages from Aryza about its products and services. You can unsubscribe at any time by clicking on the link at the bottom of our emails.