Risk Management in International Business | Hanna Pihlajarinne

© Waag Society

TAMKjournal | During last year, many Finnish companies have been struggling with challenges in international business. Weak economies and dependence on a single country are both risk items that should not have been a surprise, but still it seems that these risks were not handled properly beforehand. Even the companies have not been able to reduce the risks, they would have been able to reduce the impacts of risk realization. These examples highlight the importance of effective use of risk management practices and tools in international business. It is about simple things, which just need to be done continuously, systematically and early enough.

Download PDF

Risks in international business today

The risk profile of international business differs significantly from companies operating in domestic markets. There are different kinds of risks associated with international business. Risks are more difficult to identify, changes can be more rapid than anticipated and the effects are massive. Dependency in international business is inevitable. Companies can hardly implement international business activities just by themselves; they need different kinds of co-operation with other companies that bring additional input to their risk profile. Co-operating companies always share some amount of risks of the other company (e.g. Camarinha-Matos et.al., 2009).

Consulting companies Aon PLC and EY carried out surveys about what top 10 risks companies fear now. The variety of the risks was broad as it is shown in Table 1.


TOP 10 business risks by Forbes
TOP 10 business risks by EY 
1.Weak economies
  1. Pricing pressure
2.Regulatory risks
  1. Cost cutting and profit pressure
3.Increasing competition
  1. Market risks
4.Damage to reputation
  1. Macroeconomic risks weaker or more volatile world growth outlook
5.Failure to attract top talent
  1. Managing talent and skill shortages
6.Failure to innovate
  1. Expansion of government’s role
7.Business interruption
  1. Regulation and compliance
8.Commodity price risk
  1. Financial austerity or debt crises
9.Cash flow & liquidity risk
  1. Emerging technologies
10.Political risk
  1. Political shocks

Table 1 TOP 10 risks by Aon PCL and EY (www.forbes.com, EY Business Pulse)

The variety of risks shown in the table 1 above describes well the kinds of risks international business is facing today. There are many risks in which companies can manage by implementing activities to eliminate, decrease, transfer or avoid the risk. From Table 1, risks related to innovation, reputation, people, price and cost cutting are examples of this kind of risks. Companies need to know, what risks they can live with, what risks they need to manage and avoid in order to be able to implement their strategy. Effective risk management practices provide answers and means to implement these.

However, Table 1 includes many other risk items that companies cannot control. They need to take risks if they want to be successful in international business. They need to be aware of the risks and their impacts, and implement actions that could help them minimize the impact of these risks on the company. Weak economies, changes in regulations and political shocks are good examples of such risks. Effective risk management practices help in risk identification and assessment, and follow ups. By planning and implementing good actions to mitigate risks, companies could prevent a lot of damage in risks realization. In the event of Finnish companies facing the effect of weak economy and a sudden discontinuity of export to Russia, a major export destination, it is alluring to ask whether they had analysed these as risk items beforehand and whether they had implement any actions to mitigate the risks.

Risk management actions needed

Risk management is about doing simple things, but doing them continuously, systematically and early enough. Risk management should be done in different levels in the company, starting from enterprise risk management into project risk management. Very basic risk management process phases and simple tools can be used to manage risks in international business, by stretching the scope of the actions and using suitable tools for the situation. Risk management process definitions typically include 6 phases: identifying risks, assessing risks, prioritizing them, planning activities for mitigating or avoiding risks, implementing actions and following up the status (Hallikas, 2003).

The First phase, identifying the risks is the most important step. You cannot manage risk without identifying it. The Identification of risks is not a one-time action. It needs to be done continuously and by large representation of the personnel. Risk identification should be a normal part of regular meetings (e.g. project meetings), and the personnel should be motivated to identify and raise the risk level. The more risks are talked about, the more people become aware of them, and the more they are able to identify new risks. In this phase, information gathering techniques like brainstorming, interviews, expert evaluations and further analysis with tools like SWOT, root cause analysis or different diagramming techniques are very useful.

In the Next phase, the identified risks need to be assessed. The definition of risk includes the components of probability and impacts (e.g.Boehm (1989)). When assessing the risk, both components need to be analyzed. As environment changes, the impacts and probabilities of risk also change. Therefore, this is an activity that needs to be done continuously. Different assessment- or simulation tools can be used in the assessment here, but also for example expert evaluation or interviews give good facts for assessment. After the assessment, risks should be prioritized so that the resources are allocated towards the most important risks. One very simple and useful tool for risk prioritisation is risk matrix that combines both probability and impact of the risk.

After these phases, the most dangerous risks would be known and it is then time to make mitigation plan. An effective mitigation plan includes; who owns of the risk, clear description of the actions and the people responsible for them, and the schedule for implementing the actions. The plan is followed up in regular meetings, and the results are monitored. If the actions implemented are not effective as anticipated not taken into, further actions will need to be defined. In an ideal situation, the risk will be eliminated or decreased so that it is dropped from list of most important risks after the actions are implemented.

For successful implementation of these risk management process phases, company needs to build a risk management culture where employees, managers and stakeholders are aware of the value risk management brings to the company and its projects. When risk management is part of the normal working culture, the company is stronger against risks and their impacts. Simple, isn’t it?


Boehm, B. 1989. Tutorial: Software risk management. IEEE Computer Society Press, Washington, D.C.

Camarinha-Matos, L., Afsarmanesh, H., Galeano, N. & Molina, A. 2009. Collaborative Networked Organisations –Concepts and Practice. Computers & Industrial Engineering, 57, (1), 46-60.

EY Business Pulse. 2013. Top 10 Risks and Opportunities in 2013 and Beyond. Insurance Report. Ernest & Young. Retrieved 9.10.2014. http://www.ey.com/Publication/vwLUAssets/Business_Pulse_top_10_risks_and_opportunities_2013-15/$FILE/Business_Pulse_top_10_risks_and_opportunities_2013-15.pdf

Forbes. 2013. “Top 10 risks businesses fear most”. Risk management survey results by Aon Pcl on April 2013. Retrieved 9.10.2014. http://www.forbes.com/pictures/ehmj45fhf/some-risks-impossible-to-insure/

Hallikas, J. 2003. Managing risk in supplier networks: case studies in inter-firm collaboration. University of Lappeenranta. Acta Universitatis Lappeenrantaensis. Doctoral Dissertation.

About the author

Pihlajarinne_HannaHanna Pihlajarinne, D.Sc (Tech) has versatile experience on software development business. She studied implications of profit- and risk- sharing attributes for collaboration performance in software development business in her dissertiation study. She is now teaching a course of risk management in international projects in TAMK International Business program.