The recent global slow down in world economy, prompted by over-leveraging in many sectors including real estate, has resulted in increased focus on risk and stress on across the real estate industry. Risk management is now top of the agenda for owners, developers, managers, investors, and of course, regulators.
Stricter regulatory requirements, environmental and macro-economy exposure management, catastrophic modelling, data analytics and complex investor requirements are just some of the new era challenges facing the real estate industry.
How does this impact the business? How can they achieve their vision and strategy, while at the same time, ring-fence their operations against risks and modernise/transform their business with a robust, secure and efficient decision-making mechanism?
Six steps to be followed to address the risk management issues in real estate industry.
Step 1: Establish the Context
As a precursor to establishing a risk management strategy, it is important to understand the environment within
which a real estate company is operating. This requires them to consider, among other things:
- The internal context – culture, business structure, reporting lines, resources, capabilities (people and systems);
- The external context – business, political, financial, regulatory environments;
- The legal and compliance framework and the scrutiny of the regulators;
- The requirements of its key alliance partners, including CRT members, key suppliers, key customers and other business partners;
- The actions of its representatives (including employees and third party outsourced service providers);
- The industry framework (to align company objectives with industry standards); and
- Corporate goals and objectives for the company.
Step 2: Identify the risk
Identifying a risk involves asking several questions within each division/business unit:
- what could happen to the division/business unit?
- how would it happen?
- why would it happen?
Step 3: Analyse the Risk
Make qualitative measures of likelihood and consequences of all anticipated risk exposure. Once a risk has been rated in terms of likelihood and consequence, a risk matrix is used to rate the risk. Those risks with a high likelihood and an extreme consequence will attract a significant rating. Each risk is to be analysed in terms of how likely the event is to occur (this can be given a rank of Rare to Almost Certain) and the consequences of each risk’s potential impact on the organisation, ranging from 1 (insignificant) to 5 (catastrophic).
Step 4: Evaluate the Risk
The evaluation process involves the application of risk controls to the risks identified at Step 2. The controls should be agreed upon by a working group on an annual basis to ensure currency and accuracy. Once the control(s) have been determined for the risk, they should be given a rating. The ratings scale has 5 levels; level 1, being a non-existent control to level 5, being a very strong control that is regularly reviewed and that is likely to lower the inherent risk. This rating is to be applied to the inherent risk to determine the residual risk (i.e. the risk that remains after all control mechanisms are considered and applied). The residual risk is then reassessed using the residual risk rating. The residual risk rating should be used to determine future action to be taken for that risk or a group of risks with similar properties.
Step 5: Respond to the Risk
The company must respond to all residual risks, which involves identifying the options available to treat risks, assessing the options and implementing a treatment plan based on the accepted option. The appropriate level of response to a risk will be based on several factors, including resources (human and financial), worst case scenario, versus practical likelihood and return on investment.
Step 6: Monitor the risk
Risk must be monitored to ensure the risk management process is effective. Risk monitoring is a responsibility of the entire Group, albeit with varying levels of responsibility. Where possible, risk monitoring shall form part of the current framework of policy review, audit and compliance processes and shall maintain a regular review in line with this Policy.
These are suggestive steps; a company can implement risk management strategy according to their strength and weakness in various operations.