Amazon.com, Inc. - Risk Management
Risk Management Plan of Amazon.com, Inc.
What is a risk?
The potential of a negative consequence as a result of an internal or external event. A negative event can have different forms, for exampe a loss of something valuable as financial wealth or social statues, accident, damages and many others.
What is risk management?
A process to identify, evaluate, asses and understand the risk that a company is facing. The aim of risk management is to avoid or if not possible to at least minimize as much risks as possible.
Why is risk management important for a company?
A risk management plan is important for every company regardless their size or sector, due to it the company gets aware of potential negatives affects and can act to minimize or eliminate risk sources. If risks occur the business' financial condition, operating results, and cash flows be can adversely affected, which will lead to losses in some form for the company. Not being prepared for a negative event could have enormous consequences for the company for example unexpected administrative fine which might lead to insolvency.
Risk management has influence on the daily decision the company makes, as the risk management plan has always been taken into consideration.
What should Amazon.com, Inc. change to improve the quality of the risk management plan?
Why is risk management important for Amazon.com, Inc.?
Risk management is important for every company as already illustrated above. However, it might be even be more important for Amazon.com, Inc. as they are operating only with help of an Internet platform and do not have a physical shops. The internet is a very dynamic environment which provides a lot of risks on a daily basis for a company, for example criminal hackers.
In addition, that Amazon has offices and operates in different countries all over the world the company they have to deal with the different legal and political policy changes.
The risk management plan of Aamzon.com, Inc.
This whole research is based on the Risk Management that Amazon.com, Inc. has published in their annual report of 2013 that can be found under this link. (http://phx.corporate-ir.net/phoenix.zhtml?c=97664&p=irol-reportsannual)
From their introduction it can be derived that they use the COSO method as they define a risk as something negative event that may come up, which is typical for the the COSO method.The risk management plan that Amazon published in their annual plan can be described as a list of all kind of risks they are facing, internal, external, on long-term and short-term.
They publish the risk factors in a same way than other big American internationals like Apple, Inc. or facebook.com, Inc. In my opinion how they do it is too vague as they do not state any risk level. I am not able to notice a logical order how they list the different risks. Repetition can be found all over the plan. Furthermore, found how likely it is that this risk may occur neither which impacts would they have for the company. Next to that, I couldn’t find what they plan or what they are already doing to avoid or minimize the mentioned risks.
What should Amazon.com, Inc. do to improve the quality of their Risk Management plan?
While reading the risk management plan of Amazon.com, Inc. I could see why they are writing them. Obviously because it has to be include in the annual report of the company. However, ERM should serve the company and not only be done to please their shareholders.
Amazon should consider Risk management as an opportunity to protect the company and to encourage the growth of the company. The company’s growth is one of their main objective so I need to safeguard the company from every potential negative effect.
I would suggest to make it easier for an employee to read and to use the plan it should could be useful to divide the plan in different categories. So that an employee from a specific department of the company finds immediately the risk that are relevant for his work. As example, that a member of the compliance department can find all the risk concerning legal risk does not have to read the whole plan and to find out himself what is important for him and what not.
I would advise that Amazon should divide their risk management plan in the following categories, to make the plan easier to read. The framework of the risk management plan could look like this.
1. Operational and organizational
· System failures
· Policy violation
· Health & Safety of the Employees
2. Strategy risks
· Business strategy risks
· Objective risks
3. Financial risks
· Financial reporting risks
· Liquidity risks
· Exchange risks
· Change in laws and regulations
· Differences in law and regulations in new countries
· Changes in technology
· Failure of technology
· Data loss
· Security Branches
· Natural disasters
4. Political and Economical
· Unstable political situations
· Recessions and other economical
· Growth Capacity
· Losses of market shares
The categories do not only add more structure to the ERM plan but also make it easier to avoid repetition, as it is no clearer which risks fits where.
· Evaluate the risks
At the moment, Amazon only states their risks without assessing them. They do not mention how high the probability is and what might occur neither how high the negative affect would be on the company. After the company has evaluated the risk they can decide which risks they have to pay more attention to.
In a table they need to write down the information concerning the risks, what is the risk what how likely is t and how severe are the consequenses for the company. The risk should than be categoried by reason of their level of risk. The level of risk describes how threatening the risk is for the company and due to this level the company should rank or categorize their risks.
To do this Amazon could use this table similar to this one.
After the risks have been prioritize action have to follow to eliminate risk or at least minimize them. For the risk treatment plan the company has to be very precise. For that they need list all the possible action they could undertake to avoid the risk, then they need to choose a few of them considering several factors as for example costs. The next step is to take the decisions: what will be done, who is responsible for it and when has it to be done. It is also important that a person is defined who will monitor the risk treatment so that it will be action double-checked. If necessary further actions that should be undertaken after the first measurements should be definied.
It could be done similar to the example below.
And other tool that a company may use to evaluate the risk that they are facing is the risk analysis matrix. It helps to prioritize the different risks by multiplying the likelihood and the consequences of a risk and give you a level of risk according to which you should prioritize your actions. If a risks scores high the company needs to react immediately.
In my opinion I would be useful for Amazon.com to combine both tools. So to use the tables to define risks and actions and the risk analysis matrix to define the level of risk as this tool is in my eyes more detailed and therefore more appropiated.
Amazon.com, Inc. publishes every year a risk management plan in their annual report however the quality of this plan can be improved. First of all the company needs to realize how important risk management is for their company. Then they should implement a clear structure and use the rrish management tables and the risk analysis matrix.
However Amazon.com, Inc. may already use these or smiliar tools and just not publsh them as 1 of the strategies used by Bezos is to share as less information as possible.