Any entrepreneur interested in exporting to a foreign country or importing goods from abroad is inevitably faced with assessing the risk of doing business with both the relevant country and the particular customer or supplier.
Risk assessment is something that should be done by any entity. The process of assessing risk varies from organisation to organisation and industry to industry simply because the context and, therefore, the variables are not the same.
Understanding Risk in International Trade
The International Organization for Standardization publication, Risk Management: Principles and Guidelines, (publication ISO 31000:2009), outlines a basic approach to managing risk. This is the latest version of risk management standards. The world's first risk management standard was published by Standard Australia/New Zealand in 1995, and through subsequent amendments and enhancements, these standards were ultimately incorporated into the ISO standards some 14 years later. The risk management process is outlined in a diagram at the ISO website.
The process of risk assessment starts with the determination of the risk context. This is extremely important because in order to manage risk one needs to know what they are managing and how processes and procedures work. Once the risk context is known it needs to be assessed. Risk assessment typically starts with the identification of risk, an analysis of that risk, and the evaluation of that risk. The last step in the chain is the treatment of risk.
In looking at the figure referred to in the link above, it can be observed that communication and consultation, as well as monitoring and review, are processes inherent in the risk management process. This is because the risk management standard follows an Enterprise Risk Management (ERM) approach, one where all key stakeholders are involved in the risk management process.
Enterprise Risk Management
ERM is the opposite of the silo mentality that quarantines and compartmentalises decision-making processes from other parts of the organisation. For example, sales and marketing decide on terms of payment for export sales without consulting the finance area. The most important thing to remember about risk management is that it is not the person or the department that carries the risk, but the enterprise as a whole! It should be remembered that a person does not work for the department or a manager, they work for the enterprise and, consequently, it is about ERM in the context of managing risk.
The biggest risk to any organisation is humans. We are imperfect beings capable of individual thought and incapable of cloning actions. Whilst individuality is a wonderful human trait that provides diversity and innovation, from a risk management perspective these variables are problematic.
With risk we want to define and contain processes, so we have certainty of outcomes as much as possible. To highlight the differences in humans, why is it that a group of students sitting for the same exam achieve different grades? Or why is it that if a person does the same multiple-choice test twice they do not necessarily get exactly the same answers? In this context, a machine is preferable to a human because the machine will keep repeating the same process exactly the same way it was programmed, good or bad as the case may be, whereas humans are less predictable.
Having said this let me reassure the reader that I am not advocating that computers should run the world. I still fundamentally believe that humans are higher-order beings; we may just need to be a bit more disciplined about what we do to achieve better outcomes.
Risk is omnipresent; it is inherent in every process of everyday life be it private, social or business. Risk is unavoidable, and that is why it is important to manage it, for if you do not manage risk, it manages you—not a good position.
Risk is managed according to the perception of risk. This perception is based on overt or covert knowledge. We know about something, or we suspect something. We then react to these stimuli. Risk acceptance (known as risk appetite) varies from individual to individual and enterprise to enterprise. It is difficult to say this amount of risk is wrong or not as it depends on how people view risk.
We are all different and have varying perspectives on things. Are people who do bungee jumping crazy or just having fun and seeking an adrenalin rush? Some might say it is probably safer if you just have an adrenalin injection. The point is that the bungee jumpers have assessed that risk as being acceptable, and the non-bungee jumpers have not. Neither group is right nor wrong, they are just different in their risk assessment.
Ok, but how does this relate to country risk and customer risk?
Gathering Data to Manage Country and Customer Risk
The assessment of country and customer risk needs to be done not only on the basis of likes and dislikes or preferences, but it must take a more scientific approach. That is, data must be gathered about particular countries and customers in order to make an informed assessment with all key stakeholders to achieve the best outcome for the enterprise with as little bias as possible.
In the next several articles I will draw on data from four publicly available sources and provide examples of how these data may be used to construct a profile of a country. I will also provide some suggestions about researching customer risk.
This article was first published in March 2013 and has been updated to include current information, links and formatting.