912-300-7175

Risk Management

What is Risk Management?

Risk management is the process of identifying, assessing and controlling threats to an organization’s capital and earnings. These risks stem from a variety of sources, including financial uncertainties, legal liabilities, technology issues, strategic management errors, accidents and natural disasters.

A successful risk management program helps an organization consider the full range of risks it faces. Risk management also examines the relationship between risks and the cascading impact they could have on an organization’s strategic goals.

Traditional Risk Management vs. Enterprise Risk Managment

Traditional risk management tends to get a bad rap these days compared to enterprise risk management. Both approaches aim to mitigate risks that could harm organizations. Both buy insurance to protect against a range of risks. Both adhere to guidance provided by the major standards bodies. But traditional risk management, experts argue, lacks the mindset and mechanisms required to understand risk as an integral part of enterprise strategy and performance.

The business units might have sophisticated systems in place to manage their various types of risks, Shinkman explained, but the company can still run into trouble by failing to see the relationships among risks or their cumulative impact on operations. Traditional risk management also tends to be reactive rather than proactive.

A successful risk management program helps an organization consider the full range of risks it faces. Risk management also examines the relationship between risks and the cascading impact they could have on an organization’s strategic goals.

A successful risk management program helps an organization consider the full range of risks it faces. Risk management also examines the relationship between risks and the cascading impact they could have on an organization’s strategic goals.

The Risk Management Process

The risk management discipline has published many bodies of knowledge that document what organizations must do to manage risk. One of the best-known sources is the ISO 31000 standard, Risk management — Guidelines, developed by the International Organization for Standardization, a standards body commonly known as ISO.

ISO’s five-step risk management process comprises the following and can be used by any type of entity:
1.Identify the risks.
2.Analyze the likelihood and impact of each one.
3.Prioritize risks based on business objectives.
4.Treat (or respond to) the risk conditions.
5.Monitor results and adjust as necessary.

The steps are straightforward, but risk management committees should not underestimate the work required to complete the process. For starters, it requires a solid understanding of what makes the organization tick. The end goal is to develop the set of processes for identifying the risks the organization faces, the likelihood and impact of these various risks, how each relates to the maximum risk the organization is willing to accept, and what actions should be taken to preserve and enhance organizational value. The following four factors must be present for a negative risk scenario:
1. a valuable asset or resources that could be impacted;
2. a source of threatening action that would act against that asset;
3. a preexisting condition or vulnerability that enables that threat source to act; and
4. some harmful impact that occurs from the threat source exploiting that vulnerability.

Risk by categories. Organizing risks by categories can also be helpful in getting a handle on risk. The guidance cited by Witte from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) uses the following four categories:

  • strategic risk (e.g., reputation, customer relations, technical innovations)
  • financial and reporting risk (e.g., market, tax, credit)
  • compliance and governance risk (e.g., ethics, regulatory, international trade, privacy)
  • operational risk (e.g., IT security and privacy, supply chain, labor issues, natural disasters)

The final task in the risk identification step is for organizations to record their findings in a risk register. It helps track the risks through the subsequent four steps of the risk management process.

Risk Management Standards and Frameworks

As government and industry compliance rules have expanded over the past two decades, regulatory and board-level scrutiny of corporate risk management practices have also increased, making risk analysis, internal audits, risk assessments and other features of risk management a major component of business strategy

4 Strategies to Manage Risks

Risk management teams choose different options to address risks, depending on the likelihood of their occurring and the severity of their impact.

NO RISK

  • A Risk Avoidance strategy implements policies, technology, employee training and other steps designed to eliminate risk.

STRATEGIES FOR GETTING TO ACCEPTABLE RISK

  • A risk reduction strategy implements policies, technology, employee traingin and other steps to reduce risk to an acceptable level.
  • A risk transfer strategy contracts with a third party to bear som or all costs of a risk that may or may not occur.
  • A risk acceptance strategy accepts the risk because its potential to harm the organization is very limited or the cost of mitigating it exceeds the damage it would inflict.

What are the Benefits and Challenges of Risk Management?

Benefits of risk management include the following:

  • increased awareness of risk across the organization
  • more confidence in organizational objectives and goals because risk is factored into strategy;
  • better and more efficient compliance with regulatory and internal compliance mandates because compliance is coordinated;
  • improved operational efficiency through more consistent application of risk processes and control;
  • improved workplace safety and security for employees and customers; and
  • a competitive differentiator in the marketplace.

The following are some of the challenges risk management teams should expect to encounter:

  • Expenditures go up initially, as risk management programs can require expensive software and services.
  • The increased emphasis on governance also requires business units to invest time and money to comply.
  • Reaching consensus on the severity of risk and how to treat it can be a difficult and contentious exercise and sometimes lead to risk analysis paralysis.
  • Demonstrating the value of risk management to executives without being able to give them hard numbers is difficult.

Planning and plotting an ERM course

A comprehensive, all-inclusive enterprise risk management program can avert corporate disasters, save regulations, provide coompetitive advantages and yield intangible rewards.

KEY COMPONENTS

  • Business and technology objectives
  • Risk tolerance vs. strategic goals
  • Corporate culture and governance
  • Compliance and control mechanisms
  • Measuring and reporting procedures

ACTION ITEMS

  • Prioritize business processes
  • Create a heat map of risks
  • Pinpoint unacceptable risks
  • Deploy artificial intelligence
  • Keep stakeholders informed

Why is Risk Management Important?

Risk management has perhaps never been more important than it is now. The risks modern organizations face have grown more complex, fueled by the rapid pace of globalization. New risks are constantly emerging, often related to and generated by the now-pervasive use of digital technology. Climate change has been dubbed a “threat multiplier” by risk experts.

As the world continues to reckon with these crises, companies and their boards of directors are taking a fresh look at their risk management programs. They are reassessing their risk exposure and examining risk processes. They are reconsidering who should be involved in risk management. Companies that currently take a reactive approach to risk management — guarding against past risks and changing practices after a new risk causes harm — are considering the competitive advantages of a more proactive approach. There is heightened interest in supporting sustainability, resiliency and enterprise agility. Companies are also exploring how artificial intelligence technologies and sophisticated governance, risk and compliance (GRC) platforms can improve risk management.

Banks and insurance companies, for example, have long had large risk departments typically headed by a chief risk officer (CRO), a title still relatively uncommon outside of the financial industry. Moreover, the risks that financial services companies face tend to be rooted in numbers and therefore can be quantified and effectively analyzed using known technology and mature methods. Risk scenarios in finance companies can be modeled with some precision.

Risk Appetite vs. Risk Tolerance

If risk appetite represents the official speed limit of 70, risk tolerance is how much faster you can go before likely getting a ticket.

How to Build and Implement a Risk Management Plan

A risk management plan describes how an organization will manage risk. It lays out elements such as the organization’s risk approach, roles and responsibilities of the risk management teams, resources it will use to manage risk, policies and procedures.

1. Communication and consultation- Since raising risk awareness is an essential part of risk management, risk leaders must also develop a communication plan to convey the organization’s risk policies and procedures to employees and relevant parties. This step sets the tone for risk decisions at every level. The audience includes anyone who has an interest in how the organization takes advantage of positive risks and minimizes negative risk.

2. Establishing the context- This step requires defining the organization’s unique risk appetite and risk tolerance — i.e., the amount to which risk can vary from risk appetite. Factors to consider here include business objectives, company culture, regulatory legislation, political environment, etc.

3. Risk identification- This step defines the risk scenarios that could have a positive or negative impact on the organization’s ability to conduct business. As noted above, the resulting list should be recorded in a risk register and kept up to date.

4. Risk analysis- The likelihood and impact of each risk is analyzed to help sort risks. Making a risk heat map can be useful here, as it provides a visual representation of the nature and impact of a company’s risks. An employee calling in sick, for example, is a high-probability event that has little or no impact on most companies. An earthquake, depending on location, is an example of a low-probability risk with high impact. The qualitative approach many organizations use to rate the likelihood and impact of risks might benefit from a more quantitative analysis, Witte said. The FAIR Institute, a professional association that promotes the Factor Analysis of Information Risk framework on cybersecurity risks, has examples of the latter approach.

5. Risk evaluation- Here is where organizations determine how to respond to the risks they face. Techniques include one or more of the following:

  • Risk avoidance: The organization seeks to eliminate, withdraw from or not be involved in the potential risk.
  • Risk mitigation: The organization takes actions to limit or optimize a risk.
  • Risk sharing or transfer: The organization contracts with a third party (e.g., an insurer) to bear some or all costs of a risk that may or may not occur.
  • Risk acceptance: A risk falls within the organization’s risk appetite and tolerance and is accepted without taking action.

6. Risk treatment- This step involves applying the agreed-upon controls and processes and confirming they work as planned.

7. Monitoring and review- Are the controls working as intended? Can they be improved? Monitoring activities should measure key performance indicators and look for key risk indicators that might trigger a change in strategy.

Example of a Color-Coded Heat Map

A risk map offers a visualized, comprehensive view of the likelihood and impact of an organization’s risks. The risks that fall into the green areas of the map require no action or monitoring. Yellow and orange risks require action. Risks that fall into red portions of the map need urgent action.

cheryl
Cheryl Tillery
Agent - PC - Life
Cheryl Tillery was raised on a farm in rural Georgia. She has had her insurance license for over 20 years and has experience is processing Crop Insurance, Property and Casualty, and LIFE insurance. Cheryl is a great asset to the CIMXag team and is looking forward to continuing to serve her community's insurance needs
Joni Smith
Processing - Fiscal Consultant
Joni was raised on her multi-generational family row crop and cattle farm in Ochlocknee, GA. After earning a Bachelor of Science degree in Animal Science from Louisiana Tech University, she came home to Georgia and has served in various capacities of agriculture. Her skills range from livestock production to office management, with strengths in bookkeeping and tax preparation. She loves spending time with her husband and two children, fitness and being outdoors.
Tripp Smith
Consultant - Crop - Cattle
Tripp comes to CIMXag with a lifetime of experience in row crop and cattle production. As a 1999 graduate of Abraham Baldwin Agricultural College, he has created many relationships in Georgia, Florida and Alabama in the farming and ranching communities. Some of his favorite pastimes include working cattle, horses, dogs, bird hunting, and fishing. Tripp and his wife have 2 children that they have raised in the agriculture industry. He is eager to assist his clients in production to their utmost capability.
Rick Craven
CEO - CAO
Rick Craven, the visionary CEO and Partner of CIMXag, has been an entrepreneur and small business owner for more than 30 years. He has worked to build strong companies from the ground up that have served local, national, and international markets. His wealth of experience brings an understanding of the constantly changing challenges and rewards of operating a business. Rick was raised on his family farm in Baxley before moving to Atlanta. In his spare time, he enjoys traveling, cooking, and spending time with his family and dogs. CIMXag is excited to have Rick bring his energy, leadership skills, and determination to serve the agricultural community.
James Galvin
James Galvin
Marketing - Events
James holds a Master's Degree in Agricultural Education from the University of Georgia with an emphasis in Produce Production. Galvin has spent his entire career in Agriculture Education specifically in Youth and Adult Agricultural Programs. He spent a considerable amount of time researching effective practices in Produce Production. He spent the last 17 years as Agriculture Education/Young Farmer Director in Appling County, Georgia. During his pursuit of excellence in all his endeavors, he and several of his students have earned national recognition for their efforts in Community Development-Beach Restoration and Proficiency in Fruit Production and various other disciplines of Agriculture. Galvin is also a proud Veteran. He was born in Washington, DC and has spent his career teaching in Florida and Georgia. Galvin resides in South Georgia with his wife of 42 years. Together they raised three children. They share their lakeside home with their Yorkie, Maggie and their cat, Allie. His hobbies include grilling and serving as the Treasurer for his Church.
Ryan Jacobs
BDM - Consultant
Ryan Jacobs' journey began in Willard, Ohio, where he honed his Midwestern values before venturing south to Georgia. After graduating from Willard High School, he landed in Alpharetta to pursue a Business Administration degree at Georgia State University, graduating in 2003. Fueled by entrepreneurial spirit, Ryan embarked on a career path of buying, building, and selling businesses and real estate. This experience instilled in him a wealth of knowledge and expertise that he now leverages as a business and operations consultant for CIMXag. When not immersed in the world of business, Ryan enjoys life in Ball Ground with his wife and two children.
Megan Branch
Marketing
Megan Branch was raised on her family farm in Cleveland, Ga. She graduated with her Associates Degree of Business from Young Harris College in 2012. After marrying Shane Branch, she moved to Baxley, Ga. She previously worked as a paraprofessional at the local primary school. She now enjoys being at home raising her children. Megan looks forward to serving CIMXag Insurance in Marketing and Events.
Dale Clark
Consultant - Grant Advisor
Dale Clark is a retired educator from Montgomery County with over 40 years of service with 26 of those years in School Administration and Leadership including teaching, counseling, Federal Projects Coordinator, Principal, and Superintendent. Dale is an invaluable asset to the CIMXag family with her experience in writing and evaluating grants, preparing federal and state applications along with developing research projects. Outside of work Dale spends much of her time volunteering and spending time with her family.
John Brock
Agent - Comm/Ag Realestate - CG2505 - PC
John Brock is an agent with CIMXag, specializing in real estate. With over 35 years of experience as a licensed Real Estate agent and broker, John has successfully brokered over 18,000 acres of land. He also holds a State of Georgia Appraisal license and has appraised over 11,000 properties. John‘s background also includes 45 years of farming experience, managing poultry, cattle, and hay operations on his family farm. Last year, he obtained his P&C license and entered the insurance arena. Outside of work, John takes great pride in his three children. Currently, John is working on acquiring other insurance offices with a focus on crop insurance. Additionally, he is managing the administrative work of CIMXag, ensuring the company’s infrastructure keeps up with its rapid growth. John believes that having a comprehensive understanding of the situation, coupled with diligent work, leads to the best outcomes. This philosophy continues to guide his professional endeavors.
Reagan Craven
CFO - Agent - PC
Reagan Craven is a student at Georgia Southern University. She is the daughter of Amy and Rick Craven. She enjoys spending time with family, friends, and her dog Dozer. Reagan is excited to be a part of CIMXag while she continues pursuing her college education.
Scott Prospect
Agent - Organic Specialist - PC
Scott Prospect grew up in Port Orange, FL and graduated from the University of Florida in 2003 with a B.S. degree in Plant Science. Scott has worked with several of the largest organic growers in Florida and .in the leafy green industry developing food safety manuals. Currently Scott lives in Gainesville, FL wife his wife, Tish, and his two girls, Scott is looking forward working for CIMXag and continuing 5to work with and serve growers in the industry.1
Brian Bone
CEO - Benifa - Produce Broker - Consultant
Brian Bone grew up on his family cattle ranch in Sebring, FL. After graduating from Sebring High School, he attended University of Florida. In 2002, he turned professional and played professional golf for 6 years. After his playing career he caddied on the PGA Tour for 3 years. In 2014, he started Valley Produce Co. In 2018, he took over COO of Queen Bee Farms and remains in that capacity today. Brian lives with his five children, ages 5-11, in Sebring on the ranch he grew up on. CIMXag is proud to have Brian join us as a consultant.
Erica Cannon
Agent - Crop Strategist - PC
Erica Cannon grew up in Central Florida on a small family horse farm. She currently has two horses, one who is retried, and the other being her current competition horse. She graduated from University of Central Florida with a Bachelors in Biology, with a focus on plant science and gentics. After college, she was employed by Gowan Seed Company as a Product Development Specialist and has covered North Florida and Georgia for 4 and a half years. Erica will continue to support growers with her field knowledge as an Agent for CIMXag insurance.
Jeffrey Craven Jr
Agent - Rm-Compiliance - CPIA - PC
Jeffrey Craven Jr. grew up in Monroe, Georgia. In 2022, he graduated with his Bachelors Degree from Mercer University. Jeffrey met his wife Drew Craven at Mercer, and they were both involved in several student organizations. Jeffrey now serves as an agent and risk management advisor of CIMXag Insurance. He is a member of many agriculture organizations including the Crop Insurance Professionals Association, the Georgia Agribusiness Council, and the American Coalition for Rural Engagement.
Shane Branch
VP Crop Ins- Agent - PC
Shane Branch is a fourth-generation farmer in Baxley, Georgia. Shane previously worked at Branch Farm Supply, a family-owned feed, seed, and fertilizer dealer. He also farmed over 7,000 acres of row crops for several years alongside his family. The Georgia Peanut Commission recognized Shane as the 2021 Outstanding Georgia Young Peanut Farmer for his farming accomplishments. Since 2018, Shane has served as an officer in the Appling County Young Farmers Association. Shane, his wife Megan, and their two children are lifetime residents of Baxley, Georgia. Shane continues to support Georgia's agriculture community as an agent and advisor of CIMXag Insurance.
Jeff Craven
COO - Agent - PC
Jeff Craven grew up on his family farm in Baxley, Georgia. In 1985, he graduated with a Bachelor of Science in Agriculture from the University of Georgia. After graduating, he served six years in the United States Marine Corps Reserves. In 1995, Jeff became the Vice President and co-owner of Perimeter Landscaping, a role he had for twenty-three years. He is married to Cathy Craven, they have two children Ann Williams and Jeffrey Craven Jr. Jeff is returning to his agriculture roots as President and agent of CIMXag Insurance.