Primary navigation:

QFINANCE Quick Links
QFINANCE Reference

Home > Financial Risk Management Best Practice > A Holistic Approach to Business Risk Management

Financial Risk Management Best Practice

A Holistic Approach to Business Risk Management

by Terry Carroll

Executive Summary

  • The events of 2008 make it unsurprising that we are preoccupied with financial risk.

  • Financial risk is part of overall business riskbusiness risks have financial consequences.

  • As well as being viewed individually, risks should be viewed holistically.

  • A holistic approach to risk means looking at each risk in the context of others.

  • Managing business risk can be positive and offer opportunities.

  • The credit crunch is an example for all companies, not just banks.

  • There is a simple, clearly defined process for managing business risks.

  • Risk pervades every element of the overall business process.

  • The whole organization should be engaged in the risk management process.


After arguably the greatest credit crisis in history, it is unsurprising that lenders, borrowers, and investors alike have become preoccupied with financial risk. Its magnitude seems to have dwarfed all other business risk considerations. It can be hard to take a pragmatic view when the strictures in the financial markets may have put the corporation at risk, but the correct perspective is for all risk to be captured in a holistic framework.

Apart from the consequences of events in the financial markets, some recent risk considerations have been imposed rather than occurring naturally. Among those that were more prevalent prior to the credit crunch were the issue of corporate manslaughter and the need to comply with burgeoning health and safety regulation.

What seems sometimes to have been overlooked is that all financial risks are business risks (i.e. a risk to the business), and all business risk has financial consequences. There are those, especially in the public sector, who seem preoccupied with budgets and spending, rather than planning. The advent of business process reengineering (BPR) in the 1980s seemed to coincide with downsizing or rightsizing, as companies trimmed or even slashed their budgets.

What BPR and business planning have in common is the need to put the horse in front of the cart. Financial transactions are the consequence of business decisions. Budgets are the consequence of business planning. Cost efficiencies should only arise from BPR where the exercise is to design or redesign the organization to deliver the current strategy in the current markets and circumstances.

In summary, all risks have potential consequences for financial and business continuity. A holistic approach means looking at each risk in the context of others, and of the business and financial risk as a whole.

Risk Is a Natural Consequence of Business

Financial risk is a subset of business risk, which is a consequence of business decisions. You cannot be in business without taking risks. Whether you accept these risks or not is a function of whether your business thinking is proactive or reactive.

No one can eliminate all business or financial risk. Either you don’t have a business, or the premiums you would need to pay to eliminate risk would transcend any prospect of profit.

It could be argued that in the public sector, and with the latter’s growing influence in commerce (for example through public/private partnerships), risk has become an industry in itself. The public sector does not have a profit imperative. If it is decreed that risk shall be actively managed or insured against, the cost is picked up by the taxpayer. The growth of the health and safety industry in the United Kingdom has undoubtedly saddled the taxpayer with burgeoning costs. It has impacted industry in much the same way, but with less chance to pass this on to the customer.

What Is Business Risk?

“Risk is a threat that a company will not achieve its corporate objectives.”1 A typical dictionary definition would be: “Risk is the possibility of suffering harm or loss.” Such a definition characteristically has implicit negative connotations. Here we are talking about a more objective approach, where risk is recognized as part and parcel of enterprise.

The management of risk is fundamentally about ownership and accountability for the management and business processes, and their possible opportunities and consequences.

The process can be characterized by four simple components:

  • evaluation;

  • control;

  • transfer;

  • constructive damage limitation (insurance or hedging).

Managing risk is a continuous process, as opposed to something that you do just once. Starting from strategy, and considered throughout the organizational processes, risk is present and has potential impacts at every step of the way. The trick is in being able to see it in a positive and opportunistic way rather than in a negative light. Ideally, the whole organization should be constructively engaged and empowered in the recognition and management of risk.

Back to Table of contents

Further reading


  • Carroll, Terry, and Mark Webb. The Risk Factor: How to Make Risk Management Work for You in Strategic Planning and Enterprise. Harrogate, UK: Take That Books, 2001.



Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share