IMPLEMENTATION OF MODERN MULTIDIMENSIONAL

RISK MANAGEMENT IN INDUSTRIAL ENTERPRISE

Assist.Prof. Dr.Ivars Godmanis

RISEBA University of Applied Sciences, Latvia

ABSTRACT

This paper characterizes many aspects and directions of implementation of

modern, multidimensional enterprise risk management in the manufacturing
enterprise in the pharmaceutical industry in Latvia. First time as the basis for this
research was taken the only international risk management standard ISO 31000
-2018.

The multisided risks, eight basic stages in process of implementation of

enterprise risk management (ERM), two opposite directions of ERM operation
and four parts of ERM implementation process have been presented. This research
is concentrated on the second part of EREM implementation process risk
assessment and quantification. The key multisided risks were identified and
prioritized in the manufacturing pharmaceutical enterprise by applying common
metrics method: obtaining evaluations from the two highest levels of management
(Board and senior line managers).

TOP 20 of key risks was created from 64 different risks and the convergence

senior line management was obtained and analyzed. The main conclusion from
the obtained results is that manufacturing enterprises in pharmaceutical industry
have specifics regarding exposure to multisided risks, where the main, key risk is
regulatory risk.
Keywords: risk management, risk appetite,risk dashboard reports

INTRODUCTION

As the result of reaction to the last global crisis, not only commercial banks
but also industrial enterprises have started to pay a serious attention to multisided
(not only financial) character of risks what requires implementation of modern
multisided risk management.

There is no overall accepted definition of enterprise risk and enterprise risk

management (ERM), therefore nowadays every enterprise is trying to form and
implement ERM, what exactly meets its demands and needs.

The only international ERM standard ISO 31000-2018 [1] defines:

helps an entity to meet its business tasks and achieve its objectives by minimizing
unexpected profit deviations and maximizing the value of the business

Implementation of ERM in compliance with ISO 31000:2018 standard is

more established in industrial enterprises in USA and not widespread in Europe
including Latvia.

In this paper author presents first results of the implementation of

multidimensional ERM in the big pharmaceutical manufacturing enterprise in
Latvia with annual turnover more than 100 million EUR.
Main attention is paid to the assessment of multisided risks: their
identification and prioritization by enterprise Board and senior line management
and ranking these risks by applying common metrics.

THEORETICAL APPROACH

Modern risk management is multidimensional [2] because it deals with

multisided risks:
1.Business environment risk
2.Operational Risk
3.Supply chain risk
4. Business Continuity risk
5. Cyber risk
6.Stakeholder risk management.
7. Project, program and portfolio risk management.
8. Reputational risk, etc.

According to ISO 31000-2018 for all mentioned forms of risks the process of
ERM implementation consists of eight basic stages, through which the enterprise
managers (Board, senior line management, operational units) have to go through
to find answers on the following questions:
1. What enterprise is trying to achieve?
(Establishing a risk context)
2. What could affect enterprise in achieving its objectives?
(Risk identification)
3. Which of enterprise parts (things) exposed to risks are most important?
(Risk assessment)
4. What enterprise shall do about the risks?
(Planning risk responses)
5. Haven taken action, did it work?
(Implementing risk responses)
6. Who and with whom in enterprise speaks about risks?
(Communicating about risk)
 7. What has changed after risk impact?
(Reviewing risk process)
8. What has been learned regarding risk impact?
(Learning lessons regarding risk)

ERM generally operates in two main directions:

- -down - from TOP management (Board, etc.), who sets

the enterprise risk appetite and ability to take on risks in value creation process.
monitoring the risk
policy, what provides clear levels of risk appetite (tolerance), establish a link
between risk and compensation policies within the enterprise. Board is

enables

- bottom-up - from operational units, which are maintaining and

operational units are responsible for measuring and managing risks within their

and profits. They are taking daily decisions - which risks to accept and which risks
to avoid. These decisions must be in l

responsible for matching risks in the pricing process, what enables the enterprise
to obtain compensation for the risks it has taken.

The organizational structure of ERM implementation process consists of four

parts [3] (Figure 1.):

Figure 1. The organizational structure of ERM implementation process

 1. Governance structure and policies - who is responsible for supervising
risks and taking critical risk management decision?
2. Risk assessment and quantification - what are the decisions taken in risk
management prior to risk exposure (ex- ante), what is the analytical contribution
to ERM process?
3. Risk management - how to take specific decisions in implementing ERM
to adjust the enterprise's risk and business return profile?
4. Dashboard Reporting and monitoring - how an enterprise is implementing
ERM decisions made after the risks have occurred (ex post), what is the feedback
link?

METHODOLOGY

In this paper we are concentrating on Risk Assessment and quantification part

of ERM process in the manufacturing enterprise in pharmaceutical industry.

There are several basic steps to be made in enterprise risk assessment:

1. Establishing a business context while respecting the company's
organizational objectives, tasks and regulatory requirements.
2. Identifying the key risks that can negatively hit business targets.
3. Assessing the key risks in terms of their probability to appear and
the severity they can cause, by applying common metrics approach.

operational plans.
5. Prioritizing of the key risks for its further analysis, quantification and
mitigation.

We have made research regarding steps 2, 3, 5.

To identify and prioritize multisided key risks in the enterprise we have

created a single list of risks (risk register), that collects information from many
areas measured by common metrics.

Based on the aggregated results of risk register we have prioritized the most
critical risks for the enterprise by ranking them in one common table.

Particular risk place in the ranking is obtained from two main parameters:
- probability - with what a particular risk can occur,
- severity - how much a particular risk can impact,

The common risk index is calculated by multiplying both parameters:

Risk index = Probability * Severity

 Both parameters for each risk are evaluated in the scale from 1 to 5 by:
- Board members of the enterprise,
- Board members plus senior line managers (directors of
all departments of the enterprise).

The final values of key risk indexes have been obtained as the sum of indexes
given by:
- all Board members,
- all Board members and all senior line managers

To identify the key risks in the enterprise we have used one of the most
developed risk model structure, that represents the multisided character of risks -
the Protiviti risk model [4].
Table 1. Protiviti Risk Model

We have taken 64 significant parts of this model as the basis for registering
multisided risks, which can impact the manufacturing enterprise in
pharmaceutical industry. From these 64 parts of risk register we have formed TOP
20 of the main key risks.

RESULTS

The first part of results in identifying and prioritizing risks is obtained from
the answers and evaluations provided by enterprise TOP management - all Board
members (Figure 2.)

Regulatory 71
65
Human Resources 64
63
Product development 63
61
Knowledge capital 58
58
Partnering 57
56
Risks Planning 54
53
Legal risks 49
48
Access and safety 46
46
Customer wants 46
45
Change readiness 43
42

0 10 20 30 40 50 60 70 80
Risk indexes
Figure 2. TOP 20 risk indexes in pharmaceutical enterprise
(identified and prioritized by Board members )

These results clearly show that risks, which can impact the manufacturing
pharmaceutical enterprise, are really multisided:
- environment risks (in what business environment this particular
enterprise is making its business) - regulatory, competitors, legal,
customer wants, technological innovation are by their nature
external risks.
- process risks (how the enterprise is exactly making its business) are
internal risks consisted of:
- operational risks (how the enterprise exactly operates its
business): efficiency, human resources, product development,
capacity, knowledge capital, partnering, customer satisfaction,
- empowerment risks (leadership, change readiness),
- governance risks (succession planning),
- financial risks (credit)
 - information for decision making risks (investment evaluation,
organization structure)

According to modern multisided ERM approach (ISO 31000-2018) all these

mentioned above risk impacts have to be calculated in financial means by
applying the common metrics. However, obtained results show, that the financial
situation in the manufacturing pharmaceutical enterprise is strong and stable,
because the direct financial risks
between TOP 10 risks (at 16th place).

The main key risk in the pharmaceutical enterprise identified and prioritized
regulatory risk. This result clearly characterizes the
specifics of pharmaceutical industry, where the existing pharmaceutical products
have to be time after time reregistered by state agencies and sometimes to be
improved to align with changing regulatory rules and demands in particular
country or countries. For new products the procedure of their registration is even
more complicated and is 100% depending on regulatory decisions. Therefore
regulatory risk to certain extent matches with product development and
succession planning risks, which are also in TOP 10 (see Figure 2.)

operational risks (efficiency, human resources, knowledge capital, capacity),

shows, that Board is concerned about operational situation in the enterprise and
not only about strategic position of the enterprise.

Regulation 155
127
Competitors 121
120
Technological innovation 120
111
Capital availability 103
93
Legal 85
Risks 79
Financial markets 79
78
Budget and Planning 75
74
Catastrofic Loss 67
62
Measurement( operations) 61
56
Financial information 50
30

0 50 100 150 200

Risk indexes
Figure 3. TOP 20 risk indexes in pharmaceutical enterprise
 (identified and prioritized by Board members and senior line management
members- directors of departments)

By adding to enterprise Board the senior line managers (directors of

departments) in the process of identifying and prioritizing multisided risks our
main idea was to find and analyze the differences by significantly widening the
basis of risk evaluators in the enterprise.

The main result is that the key risk in pharmaceutical manufacturing

enterprise is remaining the same regulatory risk in both cases of evaluation.

This fact additionally emphasizes the specifics of pharmaceutical industry,

where the manufacturing enterprises are very much exposed to risks coming
from regulatory decisions in particular country or countries.

line management similarly to

stable, because the direct financial risks (financial markets, credit) have not been
ranked between TOP 10 risks.

However, we have also identified the differences in risk assessment made by

- line managers have ranked the investment assessment risk higher

(2nd place) as Board members (12 th place), what could reflect that
line managers have some thou
investment have contained significant risks, what could happen also
in the future.
-
operational performance factors (efficiency, human resources,
capacity, knowledge capital), which are not even included in TOP
10 by senior line managers.

its efficiency is quite different on these two higher levels of

problems in the
future.
-
risk, much higher (5th place) as Board (20th place).
This shows that line managers, who are much closer to the different
sides of production, sales etc. in the enterprise, are more concern
about the necessity of technological innovation in the enterprise.
The absence or delay in technological innovations could cause
competitors risks, which line managers have ranked higher (3 rd
place) as Board (8th place).
 CONCLUSION

The obtained results clearly show that risks, to which a manufacturing

enterprise can be exposed, are really multisided: external business environment
risks, internal- operational, governance risks and information for decision
making risks.

The obtained results clearly show the specifics of risk exposures in

manufacturing enterprises in pharmaceutical industry, where regulatory
risk regarding the pharmaceutical production is the major key risk.

This is emphasized with the result that regulatory risk is identified and

The obtained result that directs financial risks (credit, liquidity, financial
market) are not ranked between TOP 10 risks is reflecting the strong and stable
financial situation in the particular enterprise.

These two results mentioned above demonstrate some convergence in risk

assessment at two highest management levels in the enterprise.

operational risks,
investment assessment risks, technological innovations risks
Board and senior line managers are signaling that exactly in these directions of

planning with the aim to mitigate the potential risk impacts.

REFERENCES
[1] ISO 31000:2018- Risk management-Guidelines, by Technical
Committee: ISO /TC 262, edition:2, 2018.
[2] David Hillson (edited by), The risk management Handbook- A practical
guide to managing the multiple dimensions of risk, published by, Kogan Page
Limited, 2016.
[3] James Lam, Implementing Enterprise Risk Management, published by
John Wiley Wiley & Sons, Inc., Hoboken, New Jersey, 2017
[4] The Protivity Risk Model An Illustrative Risk Language, Supplement
to Issue of The Bulletin, Vol.3, Protiviti Inc., pp.1-5, 2008