Dimensions and insurability of business risks

249 NFT 3/1997 Dimensions and insurability of business risks by Arto Suominen and Janne Engblom, Turku School of Economics and Business Administration The risks of small and medium- sized enterprises constitute complex layers of problems, which take in the whole busi- ness network. Enterprise risks have traditionally been divided into business and accident risks. Business risks comprise a prob- lematic risk group, because re- cognising and in particular eva- luating them is difficult. In addi- tion, e.g. products offered by insurance companies for man- aging them are rare. Arto Suominen This article presents as broad as possible a grouped framework for business risks enti- tled the ”Eight Business Risk Dimensions Analysis”. In addition, we briefly examine the problematics of recognising, evaluating and managing business risks, and focus on the business risk field of four Finnish small and medium-sized enterprises through a case study. Keywords: Business Risk, Risk Man- agement, Insurability of business risks. 1 Introduction Risks and their management solutions in dif- ferent forms exist everywhere. Every deci- sion entails its own risks, due to the either favourable or unfavourable outcomes attached thereto, and it is the latter we consider a risk. Operating is risk-free only when the decision made surely leads to a positive final outcome. In business life, this kind of situation is not in practice possible. The decision-maker always takes a business risk by choosing, according to some criterion, an alternative he thinks will bring the best result. For risk management, a favourable situation is one where the decision maker can, on the available information, eval- uate different alternatives and choose the one that is best for the company. Where one decision-maker stresses safety and secured income, another decision-maker will take a notable risk to gain significant profit. Risk- taking and reaching profit goals are always part and parcel of such situations. Threats to enterprises comprise the busi- ness type and large complexes of problems Janne Engblom 250 attached to the surrounding society, whose management demands new views and experi- ence. The risk solvency of small enterprises is often bad, and the risk management of many would need to be developed. Risk manage- ment must respond to demanding challenges. An entrepreneur has especially to make pro- tective decisions referring to business risks quickly. The entrepreneur needs understand- ing and knowledge of the risks attached to the decision. In this situation, risk management is part of the whole business, not just a separate activity.1 Instead of costs and insurance solu- tions the decision-makers evaluate risks as a whole; risks and risk management are weighed more heavily than before from the perspec- tive of the company’s viability.2 Thus risk management expands to cover both accident and business risks, and in the future no clear line will drawn between these two. Future risk management will develop more than be- fore in the direction of so-called integral risk management.3 Business risks are defined in different ways in literature. Usually business risks mean those attached to normal business activity, like risks caused by the product or its manu- facturing, and attached to marketing, demand and costs. It is characteristic to business risks that when conditions in the environment change, their emphasis may shift very quick- ly. Business risk is a conscious risk taken in order to gain profit. Therefore, the essence of business risk is attached to decision-making - when solutions concerning the enterprise are sought, business risks have to be taken. In business operations, there is always the pos- sibility of either profit or loss, and the degree of risk borne is difficult to evaluate with the means at hand. According to classic business risk classification, such risks are traditionally divided into technical, social, economic and political risks.4 To this classification can be added human risks. In recognising, evaluat- ing and managing its business risks, a compa- ny must bear in mind not only the company itself and its operations, but the whole value chain of suppliers and clients. This article concentrates on this kind of business risks and their recognition. The evaluation of case companies is based on the entrepreneurs´ and other key persons´ own experiences and views in Finland in 1997. 2 Small and medium-sized enterprises in Finland and their risk field This examines the business risks of small and medium-sized enterprises in Finland. In 1994, there were more than 180,000 companies in Finland, of which over 99 per cent were classified as small and medium-sized by EU5 definition. In all, these companies employ 57 per cent of the whole country’s labour force.6 In practice, companies are conscious of busi- ness risks as a threat to the company. This came up clearly in the pre-research that formed the base for this research, in which almost 70 per cent of the small and medium-sized enter- prises that answered perceived business risks a threat to the operation of the company. Only human risks were felt to be an even more common risk threatening the enterprise. It must also be noted that both human risks and interruption risks have business risk charac- teristics. Therefore, in practice, business risks form an even greater threat to enterprises than might first be seen from the statistics. 3 The goals and methods of the research The goal of this article is to describe the business risks and to examine business risks relevant to small and medium-sized enter- prises and the problems attached to recognis- ing, evaluating and managing business risks. The research project utilises entrepreneurs’ views and experiences of different risks and 251 the protective solutions attached thereto. The risk field is examined through four case com- panies. These case companies have been se- lected to make it possible to analyse different lines of business, like industrial activities and services, company resources, sub-contractor relationships, network structures, and issues of internationalisation. The theoretical outline of business risks is based on risk classifications presented by Haller7, Hamilton8, Sadgrove9 and Pentikäin- en & Rantala10, and on views of the compa- ny’s marketing environment11. The theoreti- cal framework is introduced in chapter 4. The ”Eight Business Risk Dimensions Analysis” framework developed by the writers is ap- plied to the recognition and evaluation of business risks. The framework is based on a versatile and modern evaluation of business risks. In the framework model, the enterprise is examined as if under a magnifying glass, and its central operations, management, and production and marketing processes are eval- uated from the perspective of risks and risk management. It is essential is that the enter- prise’s business risk field is connected not only to its operations but also to relational networks important to it. The framework model helps an enterprise not only recognise and evaluate its central business risks better, but also directs the required risk management solutions more effectively to right questions. 4 The theoretical frame of reference for business risks The business risks of an enterprise arise either inside or outside the company. The survey of business risks initiated inside the company is based on examining the core operational proc- esses of the company. The start-up and main- tenance of operations require a reasonable know-how of several processes. Achieving a positive outcome entails efficient use of the company’s factors of production. Where one company manages the whole business proc- ess and succeeds, another may stumble on bad handling of an individual item. It is easy say that a company took too big a risk engag- ing in a certain business. Or that it was not able to deal carefully enough with the cause and effect relations relevant to a particular matter, or showed poor business skills, made the wrong decisions. The management of this process is in itself risk-bearing and the es- sence of business risks begins here. Analysing the risks is naturally connected to both operational processes and the re- source utilisation of the enterprise. Material resources, like raw materials, finished prod- ucts, machines and equipment, buildings etc. have been traditionally examined as targets of accident risks. The accidents that happen, such as machine breakdowns or warehouse fires, may also indirectly act as a business risk in the long run. Although the material losses of a fire can be indemnified, it may be more difficult to compensate for lost market and mend lost reputation as a reliable supplier. The situation becomes a concrete business risk, if the decision turns out to be incorrect and the profit target is not reached. The sur- vey of business risks culminates in decisions made by management: as to which clients are taken, who is chosen to do the work, how work processes are organised etc. The deci- sion-making element is also focused on in business risk examples presented by Pen- tikäinen & Rantala12. They mention as con- crete business risks e.g. misdirected invest- ments and risks attached to choosing person- nel. If an employee that is crucial to the company goes to work for a competitor, it may cause the company serious problems. These non-material resources are essentially important to the operation of the enterprise, particularly in the service sector. The enterprise does not operate in isolation from society, but needs a business support environment. Regardless of the line of busi- 252 ness a complex network of reciprocity, a business operation network, will form around the enterprise. Parts of this network are e.g. competitors, clients, suppliers, government, and subcontractor and contract relations. For instance, subcontractors often cause risks as schedules run late13. The importance of for- eign countries in continuously international- ising business increases constantly. So the survey of business risk should be extended to the most unfamiliar and remote corners of the business operations network. By utilising the network, the enterprise reckons to benefit. There are also many kinds of business risk attached to the network e.g. a major supplier gets in trouble or interrupts necessary deliver- ies. If the enterprise has no system to cover the deliveries, network risks become concrete immediately. The business risks of an enterprise can be thoroughly determined by evaluating both its operational processes and business operation networks. Hood & Jones14 describe different risks as complicated collections, the entirety of which they call a ”risk archipelago”, which as a concept well describes the complex whole. In the basic research setting operational proc- esses and environment networks have been combined. Haller’s15 risk classification sup- ports this idea. Haller sorts the risks of an enterprise to risks caused by action and by conditions. Action risks are attached to the operational processes of the enterprise, which in the figure are expressed as internal risk source factors. Good business skills allow an enterprise to effect these processes reasona- bly well. Haller refers to condition risks as those in the operating environment that in- crease the vulnerability of the enterprise. The problematics attached to the business opera- tion network are in effect the risks themselves that appear in the operating environment, which can be affected in only a very limited way. Discussion on condition risks is often intuitive, because management has insuffi- cient information on these risks, but intuition requires experience16. Different models17of the company’s marketing environment are also suited to the business risk research set- ting. Environment factors are often specified as belonging to either the micro or macro environment. The micro environment com- prises not only the enterprise itself, but also subcontractors and suppliers, different mar- keting channels and clients. The macro envi- ronment includes economic, political, socio- cultural, demographic, technological and physical influencing factors. The theoretical classification and evalua- tion of business risks is also supported by Sadgrove’s modern business risk classifica- tion, which does not make a sharp distinction between accident and business risks. Sadgrove18 examines the company’s risks as ”strategic” and ”operational” risks. Top man- agement makes strategic decisions, while other management levels decide on operational questions. The strategic question clearly takes place inside the defined framework of busi- ness risks. These risks can be caused by e.g. economic and political factors, the operations of clients and competitors, and the adoption of new technology. Operational level risk factors as mentioned by Sadgrove are e.g. late deliveries and defective quality, a clients’ financial difficulties and changing needs, and a competitors’ own individual actions. The enterprise is located in a business oper- ations network, comprised not only of the company itself but also different interest groups like subcontractors, clients, financiers etc. Some other network member’s accident risk can mean even a big risk to one’s own enterprise, in the form of e.g. lost deals or cancelled supplies. In addition to external factors, the company’s own internal risks also create threats to business operations. These risks entail the threats that fall outside acci- dent risks, like failed recruiting, an incorrect production policy decision, scheduling prob- 253 lems etc. Risk management must, at least at the level of recognition, attend to factors in the company’s entire risk field. This gives an overall view of the whole business. For case company interviews, the sources of business risks were divided into the following eight sectors: 1. Personnel 2. Production and products 3. Subcontracting, transportation, purchas- ing and storing 4. Sales, marketing and clients 5. Managing, economics and financing 6. Investments 7.Competitors, trade cycles, foreign coun- tries, financiers 8. Government and other interest groups. 5 The problem of insuring the business risks Traditionally, there has been an important feature linked to business risks in comparison with accident risks: business risks have not traditionally been considered insurable. For instance, Berliner19 ascribes nine require- ments to an insurable risk, and by testing with this we can state that business risk signifi- cantly differs from accident risk. First, it is difficult to estimate business risk by explain- ing the likelihood of accident statistics. Even in theory, no such business risk type exists on which possible accident statistics could lean. The non-recurring nature of business risk events already sets obstacles to compiling statistics, and results in business risk events not being commensurate. The diversity and heterogeneity of business risks make the in- surance situation practically impossible from the mathematical perspective. The magni- tude of a business risk is difficult to estimate by applying the definition of maximum pos- sible loss. Anticipating the time lapse be- tween two consecutive accidents may not be possible in a relevant way, due to the afore- mentioned incommensurability. Let’s take as an example the failure of a company’s marketing campaign. Who de- fines the degree or consequences of failure? In which situations are marketing campaigns carried out? How can failures be compared to previous cases? Risk evaluation must of ne- cessity happen at quite a general level. With expert knowledge, the potential for success or failure of a campaign can be subjectively estimated. When the company in question leaves certain things undone, it is likely that the campaign will not succeed. In estimating business risks, careful thought must be given as to whether they are based on a quantitative or qualitative approach. Insurance companies only provide slight means of protection against business risks. This means that insurers have not really had products to offer for managing business risks. Lowering the insurance premium alone would be difficult, maybe in practice impossible to handle in a reasonable way. Actuarial expec- tation accounting, often used as a basis for insurance premiums, is at least statistically out of the question. The basic problem in insuring business risks is always what kind of risks could possibly be protected by insur- ance, and what kind would fall outside its scope. 6 Recognised business risks: ”Eight Business Risk Dimen- sions Analysis”. Examples in four case companies. The case companies included a number of very different enterprises. Geographically they are situated in Southern and Central Finland. Lines of business varied from the metal in- dustry to services. Personnel varied between 7 and 218. As can be seen in Table 1, the companies’ business risks are strongly at- tached to their line of business and are fo- 254 cused in different ways. For instance, in the metal industry, risks attached to subcontrac- tor relations were felt to be highly significant, and in services, risks originated mainly from personnel and their professional skills and motivation. Key person risks are a significant risk class in every company. Particularly in very small companies, every person is in a way a key person, in which case, the risk is directed at the entrepreneur himself or man- aging director. The interviewees were mostly the case com- panies’ managing directors, but there were also other persons in responsible positions. The position of the interviewee lent a distinc- tive colour to their responses. The entrepre- neur himself has perhaps the most compre- hensive view of the company’s risks. The other interviewees answers focused in a cer- tain way on their own position and special skills. The interviews were carried out using multiple-choice questionnaires20, which also served as a starting point for further discus- sion. In addition to the prepared question- naires presented to the interviewees, they raised their own queries and thus enhanced the range of the questionnaires. Examples of risks significant to enterprises are presented in Table 1. 7 Discussion The research questionnaire, including the eight different dimensions, pointed up some of the most central issues of business risks. The model proved to be relevant and it covered the whole field of business risks reasonably well. For each case company, the risks represented ”a world of their own”; the fine adjustment of business operations can only be achieved by an actor who knows the business well. While the metal industry company emphasises work- ing subcontractor relations and network struc- tures, for the food industry company it is essential to be able to deliver high-quality products at the right time to wholesale dealers that command the market. The analysis also revealed differences in experiencing the risk. Risk must be evaluated using linguistic indi- cators, individual differences showing up in arrangement. The interviewee evaluated the size of a risk on a scale from minor threat, moderate threat, major threat, to dominant threat. And what kind of criteria does the interviewee set when he/she judges that no threat characteristic to business risk is at- tached to a situation? Linguistic terms that define the size of risk emphasise the individ- uality of risk views. This is not only due to semantic factors, but also because the enter- prise has no material based on which to fore- cast even a little precisely e.g. whether and when a key person might move to work for a competitor, or how to estimate the conse- quences of such a move. In estimating the size of a business risk there is always a strong intuitive contribution. Although each enterprise had a different risk profile and was thus individual in that sense, the personnel dimension of business risk was emphasised in all. Regardless of the line of business, the key individuals’ impor- tant contribution was strongly indicated in all companies. For a small enterprise, the conse- quences of losing a key person’s work contri- bution is a particularly serious business risk. Means to manage this type of risk are limited. So enterprises should think most especially about substitute arrangements, and make in- crease the potential to acquire substitute know- how from the company’s relationship net- works. In the literature, risk management is as- sumed to develop towards a comprehensive, integral way of operating.21 Haimes exam- ines risk management as a systematic, com- prehensive process.22 This challenge can be responded to best when the enterprise sys- tematically evaluates all risks and builds a system to manage them. So far, development 255 Table 1. Example risks of case enterprises Metal industry Real estate Plastic mould manufacturing Food industry 1. Personnel exit of key persons lack of solidarity entrepreneur’s pressure of work exit of key persons absence too long working hours lack of work motivation, work experience and education scant utilisation of resources exit of a key person lack of work experience and education 2. Production and products bottlenecks special regulations lack of a quality system quality problems productivity problems special regulations productivity problems cost of production servicing of equipment product quality special regulations quality problems 3. Sub- contracting, transportation, purchasing and storing dependence on 1-2 subcontractors quality of subcontractors lack of written delivery agreements defects in sub- contractors' quality interruptions in raw material supply loss in storage 4. Sales, marketing and clients one-sidedness of client structure inadequacy of production non-utilisation of marketing resources lost clients caused by delivery breaks cost of marketing procedures how well-known company is client gets product late one-sidedness of client structure inadequacy of supply scheduling problems 5. Managing, economics and financing lack of organisation dependence between operations indebtedness contract texts non-utilisation of efficiency parameters lack of organisation and long-term planning minimal use of economics and efficiency small economic resources lack of budgeting defects in information system other operations are dependent on the ADP system 6. Investments too large investments minimal use of follow-up systems defective prepara- tion of investments and minimal use of follow-up systems 7. Competitors, trade cycles, foreign countries, financiers the competitors' strengths unsound competitive situation defective know- ledge of the market business is sensitive to depression interest rate and its changes unsound competi- tive situation unsound competitive situation competitors' investments deceitful action interest rate 8. Government and other interest groups high side-expenses of work limitations caused by working time regulations high side-expenses of work minimal utilisation of consultation services high side-expenses of work stiffness of collective labour agreements high side-expenses of work 256 work in risk management has been directed separately at managing on the one hand acci- dent risks, and on the other hand individual business risks e.g. capital and currency ques- tions, investments, marketing campaigns, quality systems. Modern and efficient risk management requires a more comprehensive view in the future and the application of new means of management. The dimension model that has been used offers facilities to improve company decision-making options. The model can help a company’s business risks to be taken more precisely into account in deci- sion-making than before. References Achrol, R. & Reve, T. & Stern, L. (1983) The Environment of Marketing Channel Dyads: A Framework for Comparative Analysis. Journal of Marketing, Fall 1983, 55-67. Banham, R. & Anderson, K. (1994) Manag- ing Risk in the 21st century. Risk Manage- ment, March 1994, 32-42. Benson, J. (1975) The Interorganizational Network as a Political Economy. Admi- nistrative Science Quartely, June 1975, 229-249. Berliner, B. (1982) Limits of Insurability of Risks. Prentice Hall Inc, Englewood Cliffs. Carter, R. L. & Doherty, N. A. (1989) Hand- book of Risk management. Kluwer-Heer- rap Handbooks, London. Central Statistical Office (1996) Finnish Enterprises, Helsinki. Dickson, G. & Hastings. W. (1989) Corpo- rate Risk Management. Witherby & Co. Ltd, London. Haimes, Y. (1992) Toward a Holistic Ap- proach to Total Risk Management. The Geneva Papers on Risk and Insurance, July 1992, 314-321. Haller, M. (1978) New Dimensions of Risk: Consequences for Management. The Ge- neva Papers on Risk and Insurance, Janvier 1978, 3-15. Hamilton, G. (1996) Risk Management 2000. Studentlitteratur, Lund. Heilmann, W.-R. (1990) Risk Mangement and Insurance. Forensic Engineering, 1990:1-2, 119-133. Hood, C. & Jones, D. (1996) Accident and Design. Contemporary debates in risk management. UCL Press, London. Kloman, F. (1992) Rethinking Risk Manage- ment. The Geneva Papers on Risk and In- surance, July 1992, 299-313. Kotler, P. (1988) Marketing Management. Prentice-Hall, Englewood Cliffs. Pentikäinen, T . & Rantala, J. (1995) Insur- ance Theory. Finnish Insurance Education and Publishing Company Ltd., Jyväskylä. Sadgrove, K. (1996) The Complete Guide to Business Risk management. Gower, Ham- shire, England. Saunders, M. (1996) High-tech companies. Risk at every stage of growth. Risk Man- agement, December 1996, 15-18. Suominen, A. (1994) Yritysten riskienhal- lintakäyttäytyminen ja vakuutuspolitiikka liikkeenjohdon toiminnan osana. Risk Man- agement Behaviour and company policy for insurance – a part of business decision making. Publications of the Turku School of Economics and Business Administra- tion A-5:1994, Turku. Williams, T. (1996) An Integrated Approach to Risk Management. Risk Management, July 1996, 22-32. 257 Noter 1 Kloman 1992, 299-313. 2 Banham & Anderson 1994, 32-42. 3 E.g. Williams 1996, 22-27. 4 E.g. Carter & Doherty 1989. For business risk classification see e.g. Dickson & Hastings 1989, 4; Heilmann 1990, 122. 5 According to the EU definition, companies that employ less than 10 persons are called micro- small enterprises, 10-49 persons small enter- prises, 50-250 persons medium-sized enter- prises, and over 250 persons large enterprises (Central Statistical Office, 1996, 9). 6 Central Statistical Office 1996, 6. 7 Haller 1978, 3-15. 8 Hamilton 1996, 16. 9 Sadgrove 1996, 16-17. 10 Pentikäinen & Rantala 1995, 64. 11 E.g. Kotler 1988, 135; Archol & Reve & Stern 1983, 58; Benson 1975, 229. 12 Pentikäinen & Rantala 1995, 66. 13 Sadgrove 1996, 51. 14 Hood & Jones 1996, 3. 15 Haller 1978, 3-15. 16 Suominen 1994, 14. 17 Kotler 1998, 135; Archol & Reve & Stern 1983, 58; Benson 1975, 229. 18 Sadgrove 1996, 15-17. 19 These requirements are: randomness, maximum possible loss, average loss amount upon occur- rence, average period of time between two loss occurrences, insurance premium, moral hazard, public policy, legal restrictions and cover limits (Berliner 1982, 3-4). 20 The question form asked for estimates on the size of risks from the company’s viewpoint. The chosen fields are divided using the model pre- sented earlier. 21 Haimes 1992, 314-321; Williams 1996, 22-27. 22 Haimes 1992