You are on page 1of 20

A project by Wikipedia’s team









Page 1

29/OCTOBER /2015


University Lahore


A project by Wikipedia’s team

First of all we are thankful to Almighty Allah who in spite of all our
weaknesses enabled us for this type of project.
We are also indebted to our teacher “SIR ASIF” for their kind of









opportunity to polish our concealed qualities and skill moreover, their
timely help paved a way for us to complete our work. It was surely
their method of teaching & eagerness for imparting knowledge that
we did not find much difficulty to give in to our thoughts and
information. They motivated us to work hard and to achieve highlevel performance. The development of this project has enabled us to
better understand the contents of the course. We feel highly privilege
Page 2

to ascribe the most and ever burning flame of our gratitude and deep
scene of devotion to MR ASIF who taught us “RISK MANAGEMENT”
with heart and also gave guidelines to this work.
Further on, we are grateful to our parents it is the result of their
prayers that we are succeeded.


A project by Wikipedia’s team

Page 3

We dedicate this project to our highly regarded teacher
Mr. Asif who provided us with all the guidelines to prove
ourselves. We are grateful to him for giving us this
opportunity to explore new dimensions which will help
us in a long run. He guided us and taught us with
different techniques, which enabled us to complete this
project, as well as for unconventional style of teaching
atmosphere within the class, which made the subject
very interesting for us the most important thing is that
the knowledge which we have studied in our subject
was all that same which we observed practically.

What is risk?

A project by Wikipedia’s team
A probability or threat of damage, injury, liability, loss, or any other


occurrence that is caused by external or internal vulnerabilities, and


may be avoided through preemptive action.
The probability that an actual return on an investment will be lower

than the

expected return.
The possibility that something bad or unpleasant (such as an injury or



will happen that may cause something bad or unpleasant to happen a


or thing
(By MerriamWebster)
Business risks are the factors that could prevent or hinder the achievement of organizational
goals and objectives

Definition of risk according to different aspects
The possibility that an actual return on an investment will be lower than the expected return.
A situation where the probability of a variable (such as burning down of a building) is known
Page 4

but when a mode of occurrence or the actual value of the occurrence (whether the fire will
occur at a particular property) is not. A risk is not an uncertainty (where neither the
probability nor the mode of occurrence is known), a peril (cause of loss), or a hazard
(something that makes the occurrence of a peril more likely or more severe).
Securities trading:
The probability of a loss or drop in value.



A project by Wikipedia’s team
Product of the consequence and probability of a hazardous event or
phenomenon. For example, the risk of developing cancer is estimated as the incremental
probability of developing cancer over a lifetime as a result of exposure to potential
carcinogens (cancer-causing substances).

Examples of risk
 A teenager knows that she will be grounded if she chooses to invite friends over after
school instead of doing her homework, but also knows that the likelihood of her
parents finding out she did so is slight. If the teenager chooses to invite her friends
over she is taking a risk of getting in trouble with her parents.
 A 55-year old man wants to quickly increase his retirement fund. In order to do so at a
rapid pace, he must change his investments to those that could either yield higher
results or completely fail, in which case he would lose his retirement. If the man
chooses to move his investments to those in which he could possibly lose his money,
he is a taking a risk.

What is risk management?
Risk management refers to the practice of identifying potential risks in advance, analyzing
them and taking precautionary steps to reduce/curb the risk. The identification, analysis,
assessment, control, and avoidance, minimization, or elimination of unacceptable risks is risk


Page 5

The Risk Management Process involves:
Identify Potential Exposures To Loss
Measure Frequency and Severity
Examine Alternatives
Decide Which Alternatives To Use
Implement The Chosen Techniques
Monitor Results


A project by Wikipedia’s team

Why manage



reasons for managing risk. Here

are some:

Saves resources: people, income, property, assets, time
Protects public image
Protects people from harm
Prevents/reduces legal liability
Protects the environment

Risk management standards
A number of standards have been developed worldwide to help organizations implement risk
management systematically and effectively. These standards



establish a common view on frameworks, processes and


and are generally set by recognized international standards


Page 6

or by industry groups.
ISO 31000 2009 – Risk Management Principles and Guidelines
IRM/Alarm/AIRMIC 2002 – developed in 2002 by the UK’s 3 main risk organizations.
ISO/IEC 31010:2009 - Risk Management - Risk Assessment Techniques
COSO 2004 - Enterprise Risk Management - Integrated Framework

Strategies to manage risk

Avoid it


A project by Wikipedia’s team

Reduce it
Transfer it
Accept it

Each strategy has its own advantages and disadvantages,

and you’ll

probably end up using all four. Sometimes it may be


to avoid a risk, and other times you’ll want to reduce it, transfer it, or simply accept it. Let’s
look at what those terms mean, and how to decide on the right classification to use for each
of your own business risks.
 Avoid the Risk
Sometimes, a risk will be so serious that you simply want to eliminate it, for example by
avoiding the activity altogether, or using a completely different approach. If a particular
type of trading is very risky, you may decide it’s not worth the potential reward, and
abandon it.
The advantage of this strategy is that it’s the most effective way of dealing with a risk. By
stopping the activity that’s causing the potential problems, you eliminate the chance of
incurring losses. But the disadvantage is that you also lose out on any benefits too. Risky
activities can be very profitable, or perhaps have other benefits for your company. So this
strategy is best used as a last resort, when you’ve tried the other strategies and found that
the risk level is still too high.

Page 7

 Reduce the Risk
If you don’t want to abandon the activity altogether, a common approach is to reduce the
risk associated with it. Take steps to make the negative outcome less likely to occur, or to
minimize its impact when it does occur.
With our earlier case, “Key client XYZ Corp is late paying its invoice”, for example, we could
reduce the likelihood by offering an incentive to the client to pay its bills on time. Maybe a
10% discount for early payment, and a penalty for late payment. Dealing with late-paying
customers can be tricky, and we covered it more in our tutorial on managing cash flow more
efficiently, but these are a couple of options. In the same example, we could reduce the
impact by arranging access to a short-term credit facility. That way, even if the client does


A project by Wikipedia’s team
pay late, we don’t run out of money. For more on short-term borrowing


like factoring and lines of credit, see our tutorial on borrowing money to fund a business.
 Transfer the Risk
We’re all familiar with the concept of insurance from our everyday lives, and the same
applies in business. An insurance contract is basically a transfer of risk from one party to
another, with a payment in return.
When you own a home, for example, there’s a big risk of losses from fire, theft, and other
damage. So you can buy a home insurance policy, and transfer that risk to the insurance
company. If anything goes wrong, it’s the insurance company that bears the loss, and in
return for that peace of mind, you pay a premium. When you own a business, you have the
option to transfer many of your risks to an insurance company as well. You can insure your
properties and vehicles, and also take out various types of liability insurance to protect
yourself from lawsuits. We’ll look at insurance in more detail in the next tutorial in the series,
but it’s a good option for dealing with risks that have a large potential impact, as long as you
can find an affordable policy.
 Accept the Risk
As we’ve seen, risk management comes at a price. Avoiding a risk means constricting
your company’s activities and missing out on potential benefits. Reducing a risk can
involve costly new systems or cumbersome processes and controls. And transferring a
Page 8

risk also has a cost, for example an insurance premium.
So in the case of minor risks, it may be best simply to accept them. There’s no sense
investing in a whole new suite of expensive software just to mitigate a risk that wouldn’t
have had a very big impact anyway. For the risks that received a low score for impact and
likelihood, look for a simple, low-cost solution, and if you can’t find one, it may be worth
simply accepting the risk and continuing with business as usual.

Types of risks
Businesses face all kinds of risks, some of which can cause serious loss of profits or even
bankruptcy. The main types of risk to consider are:


A project by Wikipedia’s team

Strategic risk
Compliance risk Financial risk
Operational risk
Reputational risk
Other risks
Strategic risk

It’s the risk that your company’s strategy becomes less effective


your company struggles to reach its goals as a result. It could be


technological changes, a powerful new competitor entering the


shifts in customer demand, spikes in the costs of raw materials, or



number of other large-scale changes. Strategic risks result directly from operating within a
specific industry at a specific time. So shifts in consumer preferences or emerging
technologies that make your product-line obsolete--eight-track, anyone--or other drastic
market forces can put your company in danger. To counteract strategic risks, you’ll need to
put measures in place to constantly solicit feedback so changes will be detected early.
Compliance risk
Risks associated with compliance are those subject to legislative or
bureaucratic rule and regulations, or those associated with best practices


investment purposes. These can include employee protection regulations


those imposed by the Occupational Safety and Health Administration (OSHA), or
environmental concerns like those covered by the Environmental Protection Agency (EPA) or
Page 9

even state and local agencies.
Financial risk

Direct financial risks have to do with how your business handles


That is, which customers do you extend credit to and for how long?

What is

your debt load? Does most of your income come from one or two


who might not be able to pay? Financial risks also take into account


rates and if you do international business, foreign exchange rates.
Operational risk


A project by Wikipedia’s team
Operational risks result from internal failures. That is, your business’s


processes, people or systems fail unexpectedly. Therefore, unlike a
strategic risk or a financial risk, there is no return on operational


Operational risks can also result from unforeseen external events such as transportation
systems breaking down, or a supplier failing to deliver goods.
Reputational risk
There are many different kinds of business, but they all have one thing in common: no
matter which industry you’re in, your reputation is everything.

Loss of

a company’s reputation or community standing might result from


failures, lawsuits or negative publicity. Reputations take time to


but can be lost in a day. In this era of social networking, a negative Twitter posting by a
customer can reduce earnings overnight. According to Matt McGee, a search engine
optimization consultant, “One negative blog post or product review can spread online in a
flash and change the direction of a company.”

Other risk
Other risks are more difficult to categorize. They include risks from the environment, such as
natural disasters. Difficulties in maintaining a trained staff that has up-to-date skills to
operate your business is sometimes called employee risk management. Health and safety
risks not covered by OSHA or state agencies fall into this category as do political and
Page 10

economic instability in countries you import from or export to. Other risks include:
environmental risks, including natural disasters, employee risk management, such as
maintaining sufficient staff numbers and cover, employee safety and up-to-date skills,
political and economic instability in any foreign markets you export goods to, health and
safety risks and commercial risks including the failure of key suppliers or customers.

Strategic risk
Strategic risks can be defined as the uncertainties and untapped opportunities embedded in
your strategic intent and how well they are executed. As such, they are key matters for the


A project by Wikipedia’s team
board and impinge on the whole business, rather than just an isolated unit.
Strategic risk might arise from making poor business decisions, from the substandard
execution of decisions, from inadequate resource allocation, or from a failure to respond well
to changes in the business environment.
Strategic risk relates to risk at the corporate level, and it affects the development and
implementation of an organization’s strategy. An example is the risk resulting from an
incorrect assessment of future market trends when developing the initial strategy. In
developing a strategy, an organization makes an assessment of market conditions today. It
then goes on to forecast the various changes that will occur in the market over a period of
time. For example, a company manufacturing personal computers (PCs) might decide to
adopt a strategy to include the development and introduction of faster and faster operating
speeds. In doing so the company will presumably analyses the current market and decide
that market research indicates that there will be a continuing high demand for faster and
faster PCs. The strategic risk element applies in terms of whether or not that strategic
decision was correct. It is reasonable to say that one example of strategic risk is the risk that
the strategic decision is wrong.

Strategic risk includes risk relating to the long-term

performance of the organization. This includes a range of variables such as the market,
corporate governance and stakeholders. The market is highly variable and can change at
relatively short notice, as can the economic characteristics of the country or countries in
which a given organization is operating The corporate governance risk of the organization
includes risk relating to the reputation of the organization and the ethics with which it
Page 11

operates. Examples include the reputation of the organization and its desire to maintain that
reputation, perhaps at the expense of innovation or new developments. Stakeholder risk
includes the risk associated with the shareholders, business partners, customers and
suppliers. Shareholder attitudes can change quickly if dividends fall.
Some typical examples of strategic risks are listed below.
1. The strategic plan might be incorrect.

Incorrect assumptions may have been made.
The environment may have been incorrectly assessed.
Sufficient resources may not be available.


A project by Wikipedia’s team
2. The original strategic plan may have been correct but internal changes may have
compromised it.

Internal reorganizations may have led to a loss of efficiency.
Required changes in operational processes may not have been introduced.
Planned changes may not have delivered what was required.

3. The original strategic plan may have been correct but external changes may have compromised it.

The external environment may have changed significantly.
New competitors may have emerged.
New competing products may have been released.
Statutory controls may have changed.

The plan might not actually represent where the organization really wants to go Strategic
risks are typically external or affect the most senior management decisions. As such, they
are often missed from many risk registers. Board has a responsibility to make sure all these
types of risks are included in their key strategic discussions.
Strategic risks are those that arise from fundamental decisions that directors take

an organization’s objectives. Essentially, strategic risks are the risks of failing

to achieve these business objectives.
Strategic risk is generally more difficult to manage than operational or change/project risk.
Strategic risk tends to be applicable over a long term and is therefore very much time
dependent. Most operational processes tend to continue without significant change over
Page 12

relatively long periods of time. Many small- to medium-sized change projects are designed
and implemented within a relatively short timescale. They are unlikely to be affected by
long-term changes in the political or economic environment. Strategic risks also tend to be
more complex and difficult to model and assess than operational and change/project risk. It
is relatively simple to analyses attendance records for employees and from that make a
prediction on likely sickness and absenteeism rates through the course of a project. It is
much more difficult to assess the likelihood of occurrence of a significant change in the level
of competition that is characteristic of a given sector. This depends on a whole range of
complex and long-term variables that are very difficult to consider in a form that can be used
for modelling and extrapolation.


A project by Wikipedia’s team
Strategic risk rises due to following business factors and reasons as follow:
 The risk that insiders (employees) won't act in the best interest of the owners
(stockholders) of a firm.
 The risk that business strategy execution will fail.
 The risk that your business strategy will be off the mark. For example, invalid sales
 The risk of a decline in competitive advantage.
 An inability to innovate (failed innovation investments). Some firms struggle to
establish an innovation culture.
 The risk that your technology strategy will fail. For example, that your technology KPI

will fall behind the competition.
The risk of intellectual property loss and liability.
Integrating firms is almost always a high risk activity.
The risks associated with organizational change.
The risks associated with program & project failures. In some industries more than 50%

of projects fail.
 The risk that marketing and sales forecasts and metrics will fall short of expectations.
For example, the risk of new product development failure.
 The risk of operations failures. For example, the risk that logistical problem will cause
orders to be canceled.
 The risk of losing key talent to the competition.
 The risk of an information security incident. Information security incidents can damage
reputation, cause compliance issues and result in the loss of intellectual property.
 The risk that your products, services or corporate execution leads to legal liability

Page 13

 The risk of non-compliance with regulations and law.
 The risk of missing sustainability targets or non-compliance with environment laws and
regulations. Sustainability is increasingly important to reputation. It's a central theme

of the principles and ethics of many firms.
 The risk of bad publicity or negative relationships with employees, customers,
partners, counterparties and regulators. Reputational risk can be a serious threat to
the assets of a firm.
 Risks to the financial health of your firm. For example, the risk that you'll be unable to
raise sufficient capital to fund operations.
 The risk of collapse of the global financial system or the financial system of a country.
 The risk that the political environment will turn hostile to your firm.


A project by Wikipedia’s team
Responsibility for strategic risk management
Strategic risks are determined by board decisions about the objectives and direction of the
organization. Board strategic planning and decision-making processes, therefore, must be
The UK Cadbury report recommends that directors establish a formal schedule of matters
that are reserved for their decision these should include significant acquisitions and
disposals of assets, investments, capital projects and treasury policies.
To take strategic decisions effectively, boards need sufficient information about how the
business is performing, and about relevant aspects of the economic, commercial, and
technological environments. To assess the variety of strategic risks the organization faces,
the board needs to have a wideness of vision; hence governance reports recommend that a
board be balanced in skills, knowledge, and experience.
For example, the severe problems that the UK’s Northern Rock bank faced were not caused
by a lack of formality. Northern Rock’s approach to risk management was traditional for
banking regulations, but its strategy was based on the assumption that it would continually
be able to access the funds it required. In 2007, its funding was disrupted by the global
credit crisis resulting from problems in the US subprime mortgage market, and UK
Government action was required to rescue the bank.

Managing strategic risks
Page 14

According to facts and figures and different researches Strategic risk management is a CEO
and board-level priority. Two thirds (67%) of the surveyed companies say the CEO, board or
board risk committee has oversight when it comes to managing strategic risk. The survey
shows that the vast majority of companies (81%) are now explicitly and actively managing
strategic risks – and the results were quite consistent across all regions and industries.
What’s more, many companies are taking a broader view that doesn’t just focus on the risks
that might cause a particular strategy to fail, but on whatever key risks could affect a
company’s long-term positioning and performance. Companies aren’t just increasing their
focus on managing strategic risks; they are changing how they do it. In fact, nearly all
respondents (94%) have changed their approach to strategic risk management over the past


A project by Wikipedia’s team
three years. The numbers were slightly lower in EMEA (91%) and slightly


in Asia/Pacific (96%). Perhaps the biggest change is that more companies are integrating
strategic risk analysis into their overall business strategy and planning processes. And their
efforts seem to be paying off. The survey results show that 61% of companies now believe
their risk management programs are performing at least reasonably well in supporting the
development and execution of business strategy. The numbers are lower in EMEA (51%) and
slightly higher in the Americas (67%) and Asia/ Pacific (63%). That’s not to say there isn’t
significant room for improvement. According to the overall results, only 13% of companies
rate their risk management programs 5 out of 5 in terms of supporting the development and
execution of strategy, and 40% consider them inadequate. The results are significantly worse
in EMEA, where only 5% rate their risk management programs 5 out of 5 and 49% rate them
Strategic risks are often risks that organizations may have to take in order (certainly) to
expand and even to continue in the long term. For example, the risks connected with
developing a new product may be very significant – the technology may be uncertain, and
the competition facing the organization may severely limit sales. However, the alternative
strategy may be to persist with products in mature markets, the sales of which are static and
ultimately likely to decline
An organization may accept other strategic risks in the short term, but take action to reduce
or eliminate those risks over a longer timeframe. Question 2 in the December 2007 exam
included a good example of this sort of risk, concerning fluctuations in the world supply of a
Page 15

key raw material used by a company in its production. In the scenario, as the problem was
global, the business appeared unable to avoid it, in the short term, by changing supplier.
However, by redesigning its production processes over the longer term, it could reduce or
eliminate its reliance on the material.
Ultimately, some risks should be avoided and some business opportunities should not be
accepted, either because the possible impacts are too great (threats to physical safety, for
example) or because the probability of success is so low that the returns offered are
insufficient to warrant taking the risk. Directors make what are known as ‘go errors’ when
they unwisely pursue opportunities, risks materialize, and losses exceed returns.


A project by Wikipedia’s team
However, directors also need to be aware of the potentially serious
consequences of ‘stop errors’ – not taking opportunities that should have been pursued. A
competitor may take up these opportunities, and the profits made could boost its business.
So a strategic risk could be minimize by keeping an active eye on market scenarios by top
management and take any decision with full mutual understanding and proper research and
by getting expertise of specialists in the market.
In considering strategic risk management, the organization is looking to move from current
position A to desired position B as shown in Figure
Current and
A: current position. This is where the company is now. The position is determined by a
number of factors including market position, size, vulnerability, gearing, asset base and so
on. Point
B: desired position. This is where the company directors want to be in X years' time. Again,
this position can be determined and described using a wide range of variables.
The direct route to B represents the course upon which the company wishes to progress. In
charting this course, the strategic risk manager can appreciate that there will be a range of
both foreseeable and unforeseeable risks impinging upon this course. Some will be large
Page 16

risks; some will be small. Some may occur and some may not. Each one that does occur will
affect the course of progression of the organization from A to B. The organization’s strategy
to get from A to B is really the collective management of these numerous competing risks, as
shown in second Figure.





position A and
position B cannot be accurately determined. They may affect the achievement of the


A project by Wikipedia’s team
strategy more in some areas than in others. Wholly unforeseen events


affect the feasibility of navigate between A and B. The net result is that the company growth
suffers deflections as it attempts to implement the strategy or stay on course. Some risks
have a greater impact than the strategy foresaw. Some have a lesser impact. The net result
is a general divergence or ‘set’ from the desired course, as shown in third Figure below.

In addition, new
strategies may be
formed within the
These may serve to reinforce or deflect the original strategy.
In order to take account of these variations, most strategies allow a variance envelope. This
permits divergence up to a certain limit, after which a warning is sounded. The variance
envelope typically contracts as a function of time. As the company nears desired position B,
the allowable margin of error must diminish, as shown in forth Figure
variance envelope
In forth Figure
the early shifts
Page 17

from course
are acceptable

as they remain within the overall limits of acceptability for the variance envelope. The later
divergences, in this case C3 and D, move outside the limits of acceptability.


A project by Wikipedia’s team


Our learning
There are collection of things which we learned during this kind of project the
first thing which is worth mentioning here that how to coordinate with others
and how much it is necessary for successfulness of any task, our collective
Page 18

learning experience was advantageous we learn a lot of things which we never
have an idea or experienced before and we just read it out theoretically on
books. We learn what is risk exactly its types how much strategic risk and its
management is necessary for corporate and get to know its importance and
worth. By and large, it was a pleasant and useful experience. Adding on, we
learn how to act as a team in a professional way. We all learnt the clarity, roles
and contribution in a group. We learnt how to mutually work as a team. We
further gain knowledge of how time management is important while you are
engage in any sort of activity, how to execute things on time and how to plan


A project by Wikipedia’s team
them so that we can achieve them on time.We also


out that how conflicts can be tackle out during your


and how collective team work is important when you


working in a project. By and large, it will prove fruitful

for all

of us in future.

 Websites › Free Resources › Finance Management Articles

Page 19


A project by Wikipedia’s team

Page 20