Dealer Insights - Nov/Dec 2010 ERM: 5 Steps to Managing Risks
Risks to auto dealerships can take many forms, from an employee who “cooks the books” to a recessionary economy that wilts new car sales. Enterprise risk management (ERM) helps you understand your business’s risks, reduce them and move quickly when problems do arise.
ERM is no guarantee for business success, but it’s a solid approach with widespread application. There are five main steps or cycles.
1. Identify risks
This is essentially a brainstorming exercise in which you identify all risks to your business, both internal and external. Include risks on the financial side, but also consider other threats, such as:
- Competitive dangers — for example, your competitor might adopt a one-price sales philosophy that could put your dealership at a competitive disadvantage.
- Manufacturer complications — at the most extreme, the company could drop a brand of vehicles or even declare bankruptcy. But there are smaller manufacturer-related risks you also should consider.
- Inventory shortages — demand for used hybrids could increase, for instance, and customers might go to another dealership if you can’t obtain late-model hybrids.
- Regulatory compliance demands — are there emerging rules that could cost you significant time and money? Consider, for example, the “red flag” identity theft requirements, which take effect Dec. 31, 2010.
Other risks might include auto theft, IT attacks or crashes, employee fraud, customer fraud, natural disasters, a long-lasting credit crunch or worsening unemployment. As you work through the process, be sure to pinpoint risks that are particular to your dealership.
2. Assess risks
Assess the risks for your business as a whole, not department by department. Often risks are interrelated and must be considered by the dealership overall. For example, if a manufacturer discontinued a brand, lost vehicle sales wouldn’t be the only result. F&I and parts and service also would eventually feel the impact.
Two key questions about each risk are “How likely is this to happen?” and “What’s the potential impact if it does happen?” Take the risk of a hailstorm, for instance. Let’s say hailstorms are frequent in your area. So the probability of this risk becoming reality is “very likely.” And the potential negative impact — damage to all vehicles on your lot — is “high.” Through assessment, you’ll develop a list of key risks such as this example.
3. Develop responses
Once the risks have been assessed, determine how you’ll respond. Ask yourself:
- Can we avoid this risk?
- Can we share the risk (typically through insurance)?
- Can we reduce the risk by implementing policies and procedures?
- Can we accept the risk and take no action?
You might conclude, for example, that the theft of new cars on your premises is a key risk. Can you avoid this risk? Very likely not, because avoiding this risk would probably mean not stocking any vehicles.
Can you share the risk? Yes, insurance may be obtained to cover theft losses, but determine whether the cost of the insurance is less than the likely amount of losses. Are there controls that can be implemented to reduce the risk of new vehicle theft? Undoubtedly; see “Create controls” for some options.
Alternatively, you could decide to do nothing and accept the risk for what it is. But acceptance is generally more appropriate for those risks that have a low chance of materializing and a low potential impact.
4. Create controls
Controls help your dealership contain risks. They take the form of policies — management articulates (typically in writing) what should be done. “Front line” managers then typically determine how the policies will be carried out and translate them into procedures.
Using the auto theft example, you may establish a policy that “new vehicle inventories are to be adequately safeguarded” (what should be done). How that will be accomplished might include procedures such as:
- Installing security features such as lighting, cameras and fences,
- Taking periodic physical counts of the new vehicles and reconciling the counts with your inventory schedules and floor plan, and
- Locking car keys in a secure area and developing sign-out procedures.
Often, controls don’t need to be elaborate or expensive. In this example, a control might be as simple as requiring salespeople to accompany customers on test drives.
Monitoring your controls will help your risk management program stay effective. You’ll want to assess both the design and operation of your controls, and take appropriate action if deficiencies are found.
There are two types of monitoring: Ongoing monitoring is just that — it occurs daily in managing your dealership and through internal controls, such as reviewing vehicle aging reports, taking physical counts and reconciling accounts.
Separate monitoring helps you evaluate the effectiveness of your ongoing monitoring. Examples include periodically reviewing your internal control processes in light of personnel changes and performing internal audits to evaluate whether the control procedures are actually being done.
ERM can help your dealership accomplish its goals — no matter what negatives fall its way — by identifying risks and developing responses that fit your risk appetite. To learn more about ERM or establish an ERM process for your dealership, contact your CPA.