FIN 110 NOTES

Chapter I: Introduction Concept of Risk

Definition of Risk
Two categories in which risks are expressed
1. By means of probabilities and expected values
2. Through events or consequences and uncertainties
Risk Is an Event wherein the outcome Is uncertain
Exposes something or someone in danger, harm, liability or loss.
A future event that may effect the mission objective/success of an organization.
Risks exist independently of our perceptions and our knowledge claims, subjective
judgments, about what is at risk and how likely a risk will be realized.
Events and consequences are subject to uncertainties.
Certainty is elusive while uncertainty and risk are pervasive.
Uncertainty is having two potential outcomes for an event or situation
Properties of Risk
I. It accommodates both undesirable and desirable outcomes
-Accommodating both undesirable and desirable outcomes is a requirement for
any definition of risk.
-Consequences
II. It addresses uncertainties instead of probabilities and expected values
-Probability is a common tool to express uncertainty, but the transformation of
knowledge to probabilities is not straightforward
-Uncertainties exist without specifying probabilities
III. It addresses outcome stakes instead of specific consequences
Type of Risk Problems: Simplicity, Complexity, Uncertainty and Ambiguity

Simplicity
o Characterized by situations and problems with low complexity, uncertainties
and ambiguities.
o Examples: car accidents, smoking, and natural disasters etc.
Complexity
o Refers to the difficulty of identifying and quantifying casual links between a
multitude of potential casual agents and specific effects.
o traced back to interactive effects among these candidates (synergisms and
antagonisms), positive and negative feedback loops, long delay periods
between cause and effect, inter-individual variation, intervening variables, and
others
 Uncertainty
o Refers to the difficulty of predicting the occurrence of events and/or their
consequences based on incomplete or invalid data bases, possible changes of
the causal chains and their context conditions, extrapolation methods when
making inferences from experimental results, modeling inaccuracies or
variations in expert judgments.
o Examples : natural disasters (such as earthquakes), possible health effects of
mass pollutants, acts of violence such as terrorism and sabotage
o Models
Can be reduces by improving our knowledge and our models
uncertainty remains fuzzy about the time, the exact location and/or the
persons who will suffer
Ambiguity
o Refers to different views related to:
o The relevance, meaning and implications of the basis for the decision making
(interpretative ambiguity)
o The values to be protected and the priorities to be made (normative ambiguity)
o ambiguity exists on the ground of differences in criteria or norms to interpret
or judge a given situation
Normative Ambiguity
o raises the question about the tolerability of the risk
o Example: genetically modified organisms (GMO) encounter a high level of
opposition in the area of food, but are widely accepted in the area of medical
applications, because they are associated with the hope for great benefits.
Systemic Risks
o These are risks that affect the systems on which the society depends (health,
transportation, environment, telecommunications etc.)
o Are at the cross-roads between natural events, economic, social and
technological developments and policy driven actions both domestic and
the international level
Basic Concepts of Risk Management

Risk Management
o Prevents, reduces or alters the consequences of an uncertain event
o Identifies and explores the consequences related to a hazard or threat

The Evolution of Risk Management: Enterprise Risk Management

Credit Crisis (2008-2009)

o Also known as the global financial crisis.

o The event wherein it threatened large financial institutions towards an

unexpected downfall.
o It also led to drop of prices in the stock market worldwide.

o Caused by risky and complex financial products.

 Enterprises Risk Management (ERM)

o The process wherein risk evaluation is done to help in forming rational

decisions concerning the business transactions and operations of the company.
o How do we evaluate activities in terms of losses and gains within the
firms main goal of value maximization?

Enterprise Risk Management within Firm Goals

o Traditionally, the drive for the firm to maximize value referred to the drive to
maximize stockholders wealth.
o However, most people now believe that firms must satisfy the needs of all the
stakeholdersincluding employees and their families, the public at large,
customers, creditors, the government, and others.

Enterprise Risk Management within Firm Goals

o These newly considered values are the hidden good will values that are
necessary in a companys risk management.
o A firms brand equity entails the value created by a company with a good
reputation and good products.

Maximization of Firms Value for Sustainability

o Sustainability, in a broad sense, is the capacity to maintain a certain process or

state.
o In an ecological context, sustainability can be defined as the ability of an
ecosystem to maintain ecological processes and functions.
o To be sensible, the firm must add a long-term perspective to its goals to
include sustainable value maximization.

How Risk Managers Can Maximize Values

o The individual concerned with the organizations ERM strategy is often given
the position chief risk officer (CRO).
o They are responsible for the risk assessment necessary for every decisions and
actions that the firm might take.
o Their recommended course of action should always bring benefit to the firms
value and goals.
 Risk management process

Objectives of risk management

Risk management starts with a review of all relevant information, particularly from:
Combined Risk Appraisal

o Risk Assessment

A risk assessment is a methodology to determine the nature and extent

of risk
o Concern Assessment

Address affects and changes to the socio-economic environment,

positive or negative, that wholly or partially results from the risks
Based on risk perception studies, economic impact assessments and the
scientific characterization of social responses to the risk source
Judgement

Made in the phase of risk characterization and evaluation

o Aims at making judgement about risk acceptability and/or

tolerability
3 potential outcomes:
Unanimity- all relevant actors agree with how a given risk situation should be
qualified
Situation of conflict- major actors challenge the classification undertaken by others
The degree of controversy is one of the drivers for selecting the
appropriate instruments for risk prevention or risk reduction.
For a systematic analysis of the risk management process, it is advisable
to focus on tolerable risks and those where tolerability is disputed;
Intolerable risks - tolerable but highly disputed risks
risk managers should opt for prevention strategies as a means of replacing the
hazardous activity with another activity, leading to identical and similar benefits. One should
first make sure, however, that the replacement does not introduce more risks or more
uncertainties than the agent it replaces.
Acceptable risks - , it should be left to private actors to initiate additional risk
reduction or to seek insurance for covering potential but acceptable losses
Tolerable risk - tolerable or acceptable,
risk management needs to design and implement actions that make these risks
acceptable over time if this not be feasible, then risk management, aided by
 communication, needs at least to credibly convey the message that major
effort is undertaken to bring these risks closer to being acceptable
Steps of Risk Management
Generic risk management options include
Risk avoidance,
o either selecting a path that does not touch on the risk or taking action in
order to fully eliminate the risk
Risk transfer
o deals with ways of passing the risk on to a third party

Self-retention.
o management option essentially means taking an informed decision to do
nothing about the risk and to take full responsibility both for the decision and
any consequences occurring thereafter
Risk reduction
o can be accomplished by many different means:

Risk reduction
Technical standards and limits- that prescribe the permissible threshold of
concentrations, emissions, take-up or other measures of exposure
Performance standards - for technological and chemical processes, such as minimum
temperatures in waste incinerators
Technical prescriptions- referring to the blockage of exposure (e.g. via protective
clothing) or the improvement of resilience (e.g. via immunization or earthquake
tolerant constructions)
Governmental economic incentives-, including taxation, duties, subsidies and
certification schemes
Third-party incentives (i.e. private monetary or in-kind incentives)
Compensation schemes (monetary or in kind)
Insurance and liability
Co-operative and informative options-, ranging from voluntary agreements to
labelling and education programs
Can be used individually or in combination in order to accomplish even more effective
risk reduction
Options for risk reduction can be initiated by private and public actors or both
together
 ALARP-principle
Expressing that risk should be reduced to a level that is as low as reasonably
practicable.
based on reversed burden of proof, which means that an identified measure, should
be implemented unless it cannot be documented that there is an unreasonable
disparity (gross disproportion) between costs/disadvantages and benefits.
. As a rule, in a risk assessment context, suggestions for measures always arise, but
often a systematic approach for the generation of these is lacking, and in many cases,
the measures often lack ambitions.
On the basis of existing solutions (base case), identify measures that
can reduce the risk by, for example, 10, 50, and 90%.
Specify solutions and measures that can contribute to reaching these
levels.
*The solutions and measures must then be assessed prior to making a
decision on possible implementation. Although expressed by numbers,
the assessments need not express risk on a precise scale. The important
point here is to generate measures with a certain magnitude of risk
reducing effect
Assessment of Risk Management Options with Respect to Predefined Criteria
Each of the options will have desired and unintended consequences which relate to the risks
that they are supposed to reduce. In most instances, an assessment should be conducted
according to the following criteria:
Effectiveness: does the option achieve the desired effect?
Efficiency: does the option achieve the desired effect with the least resource
consumption?
Minimization of external side effects: does the option infringe upon other valuable
goods, benefits or services, such as competitiveness, public health, environmental
quality, social cohesion, etc.? Does it impair the efficiency and acceptance of the
governance system itself? 8.2 Steps of Risk Management 123
Sustainability: does the option contribute to the overall goal of sustainability? Does it
assist in sustaining vital ecological functions, economic prosperity and social cohesion?
Fairness: does the option burden the subjects of regulation in a fair and equitable
manner?
Political and legal implementation: is the option compatible with legal requirements
and political programs?
Ethical acceptability: is the option morally acceptable?
 Public acceptance: will the option be accepted by those individuals who are affected
by it? Are there cultural preferences or symbolic connotations that have a strong
influence on how the risks are perceived?
*Measuring management options against these criteria may create conflicting messages
and results. Many measures that prove to be effective may turn out to be inefficient or
unfair to those who will be burdened. Other measures may be sustainable, but not
accepted, by the public or important stakeholders.
Evaluation of Risk Management Options
this step integrates the available evidence on how the options perform in terms of the
evaluation criteria with a value judgement about the relative weight that each
criterion should be assigned
Ideally, the evidence should come from experts and the relative weights from
politically legitimate decision makers
In practical risk management, the evaluation of options is conducted in close
cooperation between experts and decision-makers
*As pointed out later, this is the step where direct stakeholder involvement and public
participation are particularly important, and it is therefore best ensured by making
use of a variety of methods
Selection of Risk Management Options
a decision has to be made as to which options are selected and which rejected.
This decision is obvious if one or more options turn out to be dominant (relatively
better on all criteria)
Otherwise, trade- offs have to be made that require legitimization
A legitimate decision can be made on the basis of formal balancing tools (such as cost
benefit or multi-criteria decision analysis), by the respective decision-makers or in
conjunction with participatory procedures.
Implementation of Risk Management Options
It is the task of risk management to oversee and control the implementation process.
implementation is delegated
the risk management team has the implicit mandate to supervise the implementation
process or at least to monitor its outcome.
Monitoring of Option Performance
refers to the systematic observation of the effects of the options once they are
implemented.
The monitoring system should be designed to assess intended, as well as unintended,
consequences.
 the monitoring phase should also provide new information on early warning signals for
both new risks and old risks viewed from a fresh perspective.
occasionally the assessment of different options requires new options to be created in
order to achieve desired results.
In other cases, the monitoring of existing rules affects the decision to add new criteria
to the portfolio.
CRISIS MANAGEMENT
Key issues
Crisis Management
Crisis management is the process by which an organization deals with a major unpredictable
event that threatens to harm the organization, its stakeholders, or the general public
crisis mindset
Requires the ability to think of the worst-case scenario while simultaneously
suggesting numerous solutions.
Trial and error is an accepted discipline, as the first line of defense might not work. It
is necessary to maintain a list of contingency plans and to be always on alert.
Elements of a Crisis
Three elements are common to most definitions of crisis:
(a) a threat to the organization,
(b) the element of surprise,
(c) a short decision time
(d) a need for change
Crisis management - 1
Crisis management consists of:
Methods used to respond to both the reality and perception of crises
Establishing metrics to define what scenarios constitute a crisis and should
consequently trigger the necessary response mechanisms.
Communication that occurs within the response phase of emergency management
scenarios
Types of Crises
Natural disasters natural phenomena
Technological Crises complex technology; something goes
wrong in the system
 Malevolence Crises criminal means of getting something
Confrontation fighting businesses
Organizational misdeeds takes action that will harm the
company
Workplace violence physical violence against other employees
Rumors false information about an organization hurting its reputation
Crisis Management
Types of crises of organizational misdeeds:
- Crises of skewed management values
- Crises of deception
- Crises of management misconduct.
CRISIS LEADERSHIP
Sudden crisis circumstances that occur without warning.
Smoldering crisis begin as minor internal issues that, due to managers negligence,
develop to crisis status.
Crisis communication effort taken by an organization to communicate with public
and stakeholders when an unexpected event occurs that could have a negative impact
on the organization.
FIVE LEADERSHIP COMPETENCIES
Building an environment of trust
Reforming the organizations mindset
Identifying obvious and obscure vulnerabilities of the organization
Making wise and rapid decisions as well as taking courageous action
Learning from crisis to effect change.
Example of Successful Crisis Management
The Pepsi Corporation faced a crisis in 1993, which was successfully managed by the
company.
In 1993, claims of syringes being found in cans of diet Pepsi were made.
Pepsi released videos and made public, showing the production process to demonstrate
that such tampering was impossible within their factories.
Crisis was managed through effective communication.
Example of Unsuccessful Crisis Management
 The Ford-Firestone Tire and Rubber Company dispute transpired in August 2000.
15-inch Wilderness AT, radial ATX and ATX II tire treads were separating from the tire
core leading to crashes Firestone recalled 6.5 million tires.
Three major blunders:
They blamed consumers for not inflating their tires properly.
They blamed each other for faulty tires and faulty vehicle design.
They said very little about what they were doing to solve a problem that had
caused more than 100 deaths.
role of risk management
Identify risks
Develop strategies to guard against risks
Execute strategies
Motivate members to cooperate in these strategies
Determine critical risks