Republic of the Philippines

Tarlac State University

COLLEGE OF BUSINESS AND ACCOUNTANCY
Romulo Boulevard, Tarlac City

Chapter 7:
Assessing Risk
Written Report
A Partial Fulfillment of the Requirements
In
Bachelor of Science in Business Administration
Major in Financial Management

Prepared by:
Ingrid Dominique U. Navarro
FM 4-6

Prepared for:
Prof. Isabelita D. Bondoc
Professor

May 2018
WHAT CAUSES RISK?

I. Internal Controls consists of five integrated components

1. Control Environment
The control environment is the set of standards, processes and structures that provide the
basis for carrying out internal control across the organization. The board of directors and
senior management establish the tone at the top regarding the importance of internal
control including expected standards of conduct. Management reinforces expectations at
the various levels of the organization. The control environment comprises the integrity and
ethical values of the organization; the parameters enabling the board of directors to carry
out its governance oversight responsibilities; the organizational structure and assignment
of authority and responsibility; the process for attracting, developing and retaining
competent individuals; and the rigor around performance measures, incentives and
rewards to drive accountability for performance. The resulting control environment has a
pervasive impact on the overall system of internal control.

2. Risk Assessment
Every entity faces a variety of risks from external and internal sources. Risk is defined as
the possibility that an event will occur and adversely affect the achievement of objectives.
Risk assessment involves a dynamic and iterative process for identifying and assessing risks
to the achievement of objectives. Risks to the achievement of these objectives from across
the entity are considered relative to established risk tolerances. Thus, risk assessment
forms the basis for determining how risks will be managed.

A precondition to risk assessment is the establishment of objectives, linked at different

levels of the entity. Management specifies objectives within categories relating to
operations, reporting and compliance with sufficient clarity to be able to identify and
analyze risks to those objectives. Management also considers the suitability of the
objectives for the entity. Risk assessment also requires management to consider the impact
of possible changes in the external environment and within its own business model that
may render internal control ineffective

3. Control Activities
Control activities are the actions established through policies and procedures that help
ensure that management’s directives to mitigate risks to the achievement of objectives are
carried out. Control activities are performed at all levels of the entity, at various stages
within business processes, and over the technology environment. They may be preventive
or detective in nature and may encompass a range of manual and automated activities such
as authorizations and approvals, verifications, reconciliations and business performance
reviews. Segregation of duties is typically built into the selection and development of
control activities. Where segregation of duties is not practical, management selects and
develops alternative control activities.

4. Information and Communication

Information is necessary for the entity to carry out internal control responsibilities to
support the achievement of its objectives. Management obtains or generates and uses
relevant and quality information from both internal and external sources to support the
functioning of other components of internal control. Communication is the continual,
iterative process of providing, sharing and obtaining necessary information. Internal
communication is the means by which information is disseminated throughout the
organization, flowing up, down and across the entity. It enables personnel to receive a clear
message from senior management that control responsibilities must be taken seriously.
External communication is twofold: It enables inbound communication of relevant external
information, and it provides information to external parties in response to requirements
and expectations.
5. Monitoring Activities
Ongoing evaluations, separate evaluations, or some combination of the two are used to
ascertain whether each of the five components of internal control, including controls to
affect the principles within each component, is present and functioning. Ongoing
evaluations, built into business processes at different levels of the entity, provide timely
information. Separate evaluations, conducted periodically, will vary in scope and frequency
depending on assessment of risks, effectiveness of ongoing evaluations, and other
management considerations. Findings are evaluated against criteria established by
regulators, recognized standard-setting bodies or management and the board of directors,
and deficiencies are communicated to management and the board of directors as
appropriate.

II. Systems and Technology

From iPhones to virtual desktops, the changes in the way IT services are delivered and
managed has resulted in big changes in the way people interact with and exploit
technology, as business leaders, as consumers, and as users. Companies have responded to
the need to hold and manage rapidly increasing volumes of data by outsourcing data
management to third parties

As companies engage in more and more joint ventures and partnerships, the need to
share and disseminate commercially sensitive data is also increasing. Yet as many
organisations currently fail to identify and manage their own sensitive data appropriate.
The counterpoint of risk is opportunity and IT functions which can effectively manage their
risks will enable their businesses to radically outperform those companies which are put
off by or simply not up to the challenge. Companies where IT feels empowered to influence
commercial decision-making by demonstrating how business enablement can be driven by
effective management of technology risks, will prosper greatly at the expense of those
companies where ignorance or fear of new or changing technology risk areas either
prevents them from moving into new areas, or results in failures when they attempt to. This
is the time for IT leaders to step up and put themselves and their function at the centre of
driving their business forward.
 III. Strengths, Weaknesses, Opportunities and Threats

A great way to identify strategic risks and core operational and financial risk is through an
analysis that risk managers call a “SWOT ANALYSIS”

Know Your Strengths

Take some time to consider what you believe are the strengths of your business.
These could be seen in terms of your staff, products, customer loyalty, processes, or
location. Evaluate what your business does well; it could be your marketing expertise, your
environmentally-friendly packaging, or your excellent customer service. It's important to
try to evaluate your strengths in terms of how they compare to those of your competitors.

Recognize Your Weaknesses

Try to take an objective look at every aspect of your business. Ask yourself whether
your products and services could be improved. Think about how reliable your customer
service is, or whether your supplier always delivers exactly what you want, when you
want it. Try to identify any area of expertise that is lacking in the business. as you can
then take steps to improve that aspect. For example, you might realize that you need
some more sales staff, or financial help and guidance. Don't forget to think about your
business's location and whether it really does suit your purpose. Is there enough parking,
or enough opportunities to attract passing trade

Spot the Opportunities

Completing a SWOT analysis will enable you to pinpoint your core activities and
identify what you do well, and why. It will also point you towards where your greatest
opportunities lie, and highlight areas where changes need to be made to make the most of
your business.

Watch Out for Threats

Analyzing the threats to your business requires some guesswork. Some threats are
tangible, such as a new competitor moving into your area, but others may be only intuitive
guesses that result in nothing. Think about the worst things that could realistically
happen, such as losing your customers to your major competitor, or the development of a
new product far superior to your own. Listing your threats in your SWOT analysis will
provide ways for you to plan to deal with the threats, if they ever actually start to affect
your business.
 IV. SCENARIO ANALYSIS

Scenario analysis is the process of estimating the expected value of a portfolio after a given
period of time, assuming specific changes in the values of the portfolio's securities or key
factors take place, such as a change in the interest rate. Scenario analysis is commonly used
to estimate changes to a portfolio's value is response to an unfavorable event, and may be
used to examine a theoretical worst-case scenario.

V. WAR GAMING

A wargame (also war game) is a strategy game that deals with military operations of
various types, real or fictional. Wargaming is the hobby dedicated to the play of such games,
which can also be called conflict simulations, or consims for short.

When used professionally by the military to study warfare, "war game" may refer to a
simple theoretical study or a full-scale military exercise. Hobby wargamers have
traditionally used "wargame", while the military has generally used "war game"; this is not
a hard rule. Although there may be disagreements as to whether a particular game qualifies
as a wargame or not, a general consensus exists that all such games must explore and
represent some feature or aspect of human behaviour directly bearing on the conduct of
war, even if the game subject itself does not concern organized violent conflict or
warfare.Business wargames exist as well, but in general, they are only role-playing games
based on market situations

VI. CALL THE EXPERTS

Even without a formal risk assessment, standard reports provided by outside experts
can provide great insight into where your business’s deepest challenges lurk.
References:

 UNC Finance and Operations (2018) University of North Carolina at Chapel Hill.
Retrieved from https://finance.unc.edu/departments/internal-
controls/components-ic-process/
 Computer Weekly (2000-2018) Retrieved from
https://www.computerweekly.com/opinion/The-impact-of-technological-change-
on-risk-management
 CBS Interactive Inc (2018) Retrieved from
https://www.cbsnews.com/news/analyzing-your-businesss-strengths-weaknesses-
opportunities-and-threats/
 Investopedia (2018) Retrieved from
https://www.investopedia.com/terms/s/scenario_analysis.asp#ixzz5F52LX1rA
 Wikipedia (2018) Retrieved from https://en.wikipedia.org/wiki/Wargaming