REPORT ABOUT RISK MANAGEMENT

WHAT IS RISK & RISK MANAGEMENT

First lets discuss what Risk Is, and then we talk about what Risk management
involves:

In most basic since RISK IS simply the likelihood that a specific threat will occur .

On the other hand, Risk is an uncertain event which could possibly on its
occurrence, affect the ongoing project life-cycle/ phase and in turn the project’s outcome.

A risk may be a potential hazard to the planned outcome of the project in terms of Cost, Time and
Quality. However, in a few cases, the risk may turn out to be a positive catalyst to the project

Risk is generally referred to in terms of business or investment, but it is also applicable in

macroeconomic situations. For example, some kinds of risk examine how inflation, market
dynamics or developments and consumer preferences affect investments, countries or
companies.

In order to manage risk we need to understand what is involves.

NOW WHAT IS RISK MANAGEMENT INVOLVES:

In a high level risk management involves the following:

RISK IDENTIFICATION:

we need to understand what risks are present before we can put protected controls and
to place This process is known as Risk Identification

ASSESSING & CLASSIFICATION :

wans we know what risks are present we can then determent the business impact in the
in place risks and to category so this is the Classification stage we after get them
assessment.
RISK STRATEGY (How to deal with risk):

the process after time when your assessing and put risk classifications its after times
categorizes those risk in to low ,medium or high value and that means what is the
likelihood other risk occurring and what is the business impact .

so again the measurement can be low, medium or high or some others security export
might make the measurement in new American value.

Regardless after we know what risks exists and what the level of business impact is we
can create then the strategy .

And the Strategy define or tell us (how to deal with risk).

It's important to understand that there are always can be risks, the overall goal risk
management however, is too simply reduce or mitigate the risk and they controlled it.

Before we define the risk management , what is the 4 processing of risk management:

THE FOUR (4) PROCESS STEPS INVOLVED IN RISK MANAGEMENT ARE:

 Identify - distinguishing the possible risks

 Assess - analyzing the probable impact of the identified risks
 Control - managing or mitigating the risks depending on the risk nature
 Review - evaluating the process of risk management to the requirements

So Risk Management  is the process and strategy that investors and companies alike
employ to minimize risks in a variety of contexts. Risk management can range from
investing in low-risk securities to portfolio diversification to credit score approval for loans
and much more.
 On other hand Risk management can be defined as the systematic scientific
identification, evaluation, and prioritization of risks of adverse health effects resulting
from human or environmental exposure to hazardous agents or situations, and the
economical application of resources to minimize, monitor, and control the probability
and/or impact of the adverse events.

For investors, risk management  can be comprised of balancing or diversifying portfolios

with a range of high- and low-risk investments, including equities and bonds. The general
rule seems to go that the wider range of investments that are deemed more or less risky
(based on how volatile the security is or how drastic its price swings are), the more risk-
managed the portfolio and less risky the investment.

TYPES OF RISKS:

There are many type of risk management. Here’s a look at some:

1. Strategic Risk:  It is the process of identifying, quantifying, and any risk that affects
or is inherent in a company’s business strategy, strategic objectives, and strategy
execution is called strategic risk
2. Compliance Risk:  Compliance risk is exposure to legal penalties, financial
forfeiture and material loss an organization faces when it fails to act in accordance
with industry laws and regulations, internal policies or prescribed best practices.
3. Operational Risk:  The term operational risk management (ORM) is defined as a
continual cyclic process which includes risk assessment, risk decision making, and
implementation of risk controls, which results in acceptance, mitigation, or
avoidance of risk
4. Business Risk: business risk is the exposure a company has to various factors like
competition, consumer preferences and other metrics that might lower profits or
endanger the company's success .
5. Market Risk: Market risk is a broad term that encompasses the risk
that  investments or equities will decline in value due to larger economic or market
changes or events .

6. Credit risk: risk of financial loss arising from the default or credit quality
deterioration of a customer or other third party, to which the Santander Group has
either directly provided credit or for which it has assumed a contractual obligation. 
7. Liquidity risk: risk that the Group does not have the liquid financial resources to
meet its obligations when they fall due, or can only obtain them at high cost. 
 8. Structural risk: risk arising from the management of different balance sheet items,
not only in the banking book but also in relation to insurance and pension
activities. 
9. Capital risk: risk of Santander Group not having an adequate amount or quality
of capital to meet its internal business objectives, regulatory requirements or
market expectations. 
10. Conduct risk: risk arising from practices, processes or behaviors which are not
adequate or compliant with internal regulation, legal or supervisory requirements

11. Reputational risk: risk of current or potential negative economic impact to the
Bank due to damage to the perception of the Bank on the part of employees,
customers, shareholders/investors and the wider community. 
12. Model risk: risk of loss arising from inaccurate predictions, causing the Bank to
make suboptimal decisions, or from a model being used inappropriately. 

*Note : We will to explain some types later

NOW WHY IS RISK MANAGEMENT IMPORTANT?

Risk management involves the accurate and correct methods to manage risks. Risk is the
uncertainty of an event or unforeseen incident or any unwanted situation. It can also be
turned into a major disaster for any organization, therefore, it is very important to
manage risk. Other important reasons are as follows:

1. Risk can be easily identified either before occurring or at the initial stage only. Some
categories of risk that can easily be identified are financial, reputational, operational,
strategic, safety, etc.

2. Reduces scams and scandals. If any organization performs risk management effectively
then they can identify the possible scandals and then they can find solutions accordingly.
Scams and scandals hamper the growth of any organization.

3. It ensures the safety of any important information that can be leaked. Data security is
the most important thing for an organization. Risk management helps in protecting the
data and prevents financial risks as well.

4. Strategic planning of risk management might bring in great opportunities. These

opportunities always help in the growth of any business.
5. Risk management helps you to work towards the projects that need major attention. It
not only helps in solving troubles but it also eliminates the hindrances coming in the way.

6. Risk management helps in securing an organization’s future and helps them in the long
run

So, The purpose of risk management is to create and protect value. To do that one
needs to take the best possible decisions. So, the objective of risk management is nothing
more and nothing less than taking better decisions.

These decisions are mainly concerned with taking action (or not) towards the achievement
and safeguarding of objectives (societal, organizational and individual things that are
valued or represent value).

Better decisions lead towards a better/more adequate use of resources in pursuing and
safeguarding objectives and also lead towards more safety and performance for
individuals, organizations and society as a whole.

ELEMENTS OF RISK MANAGEMENT:

The general responsibilities of a county risk manager include identifying and evaluating
loss exposures, developing risk control programs, and deciding how best to fund risks. 
Risk management experts think of a full-scale risk management system as a system with
four elements:

1. Risk identification

2. Risk evaluation

3. Risk control

4. Risk financing

Using the four-element approach is a step-by-step process. 

The risk manager first must Identify a Potential Loss before it can be evaluated.

Evaluation, the second step, is necessary to know how to control the expected loss.  To
evaluate a potential loss, the risk manager must know what the loss is, determine its
severity, and calculate its probable frequency of occurrence. 
The third element, Risk Control, is the one most often recognized by county officials.  It is
subdivided into “loss prevention” and “loss reduction.”  County officials  will avoid much
disappointment by admitting in advance and declaring in the policy statement that a risk
manager rarely can completely prevent a loss in a given area.  A sound risk management
program  of loss prevention can, however, decrease the frequency of loss in that area. 
When a loss does occur, the measures taken under the program will reduce the cost or
severity of the loss..

Finally, to finance the loss in the proper manner after identifying it, evaluating it, and
using such control measures as safety programs, inspections, and disaster  training the
risk manager must cover the risk with insurance or with a combination of insurance and
risk retention methods. 

WHAT IS RISK MANAGEMENT PLAN

Before jumping in to the actual meaning of Risk Management plan, let's understand what
a plan is?

A detailed proposal or a plan of action to carry out the desired objective set is termed as a
plan. As this definition suggests, an organization which carries out its operations in such a
dynamic business environment should draft a document which identifies and assesses the
risks pertaining to each and every intricate process involved in it's value chain.

Once the initial phase of event identification is done and the required objectives also are
set in line with the events defined, guidelines for identifying and assessing the risks
through SIPOC or Business owner interview should be clearly defined. And the identified
risks should be evaluated based on their likelihood and impact. Clear risk response and
mitigation strategies should be defined.

For example, the risk management plan for a project differs from that of an enterprise,
which differs from planning for a specific category of risk, such as market, strategic,
operational, credit, liquidity or other risks…

At a high level, a “risk management plan” would address at least one of the following
activities in a generic risk management process and a full plan should address all steps in
the process, including periodic updates. A common terminology is to identify, measure,
monitor and manage risks.
 A more process-oriented way of thinking about risk management is in sequential steps. A
plan would address these steps:

1. Identify potential loss exposures.

2. Measure, analyze and prioritize such exposures
3. Select appropriate techniques for treating/mitigating risk (sometimes called
risk control); among these one would often include risk financing options
including retention, transfer, insurance.
4. Implement risk controls, monitoring processes and management processes
such as reporting and update

NOW LET’S WE TALK ABOUT A 5 STEPS FOR RISK MANAGEMENT:

Risk Identification

The risks have been identified a through a series of workshops that have considered what
risks are, why they happen and how they occur. New risks will be identified as each new
initiative/project is considered and also at a biannual review workshop with managers,
which will review all existing risks and identify any new risks.

Risk Analysis

Each risk has been analyzed by management by using the following ratings:

1. Probability of the risk occurring

2. Impact of the risk if it did occurred

3. Ascertaining what level of controls and maintenance are currently being employed

4. How effective these controls are

Risk Evaluation

Management have evaluated each risk through a process of allocating an appropriate

rating of probability impact, risk and effectiveness controls.
This evaluation process determines whether the current management of each risk is within
a predetermined acceptable level or whether action needs to be taken to treat the risk. It
further identifies what monitoring is required i.e. active or periodic and whether review by
Board or management.

Risk Treatment

The following risk treatment has been allocated to each risk:

1. Tolerate the risk

2. Avoid the risk

3. Reduce the risk

This treatment is designed to reduce the probability or impact or increase the risk controls.
As there will normally be a cost associated with risk reduction, the objective is to reduce
the risk to an acceptable level consistent with established risk criteria.

The risk can be reduced by transferring the risk. This may involve the transfer of risk in
part or in full to a contractor, a supplier or to a product buyer for example. Insurance is a
common way of transferring risk. Insurance is normally taken for low probability, high
impact events.

When a risk treatment action is undertaken, it may not result in elimination or prevention
of a risk, but will often result in reduction of the risk. A residual risk will remain that
should be less than the company's level of tolerable risk.

Monitor and Review the risk. 

This is the step where you take your Project Risk Register and use it to monitor, track and
review risks.

Risk is about uncertainty. If you put a framework around that uncertainty, then you
effectively de-risk your project. And that means you can move much more confidently to
achieve your  project goals.
WHEN IS RISK IS NOT A RISK

Easy to confuse risk non-risk,

Especially cause or effect

 Cause FACT

Risk UNCERTANITY

Effect
POSSIBLE RESULT

WHICH IS WHICH?
Can you tell the different between CAUSE ,RISK ,EFFECT?

 CAUSES are definite events or sets of circumstances which exist in the project or its
environment, and which give rise to uncertainty.
Examples include the requirement to implement the project in a developing country, the need to use an
unproven new technology, the lack of skilled personnel, or the fact that the organization has never done
a similar project before.

Causes themselves are not uncertain since they are facts or requirements, so they are not the main
focus of the risk management process.

 RISKS are uncertainties which, if they occur, would affect the project objectives either
negatively (threats) or positively (opportunities). Examples include the possibility that planned
productivity targets might not be met, interest or exchange rates might fluctuate, the chance
that client expectations may be misunderstood, or whether a contractor might deliver earlier
than planned. These uncertainties should be managed proactively through the risk management
process.
 EFFECTS are unplanned variations from project objectives, either positive or negative, which
would arise as a result of risks occurring. Examples include being early for a milestone,
exceeding the authorised budget, or failing to meet contractually agreed performance targets.
Effects are contingent events, unplanned potential future variations which will not occur unless
risks happen. As effects do not yet exist, and indeed they may never exist, they cannot be
managed directly through the risk management process

Including causes or effects in the list of identified risks obscures genuine risks, which may not receive the
appropriate degree of attention they deserve. So how can we clearly separate risks from their causes
and effects? One way is to use risk met language (a formal description with required elements) to
provide a three-part structured “risk statement”

The use of risk met language should ensure that risk identification actually identifies risks, distinct from
causes or effects. Without this discipline, risk identification can produce a mixed list containing risks and
non-risks, leading to confusion and distraction later in the risk process.

1- The Strategic Risk Assessment Process

Strategic risk management can be defined as the process of identifying, assessing and
managing the risk in the organization's business strategy including taking swift action
when risks are realized. SRM involves evaluating how a wide range of possible events and
scenarios will affect the strategy and its execution and the ultimate impact on the
company's value. “Risk” is all-inclusive, encompassing everything from product innovation
risk and market risk to supply chain risk and reputational risk. A primary component and
foundation of enterprise risk management, SRM requires the organization to define
tolerable levels of risk as a guide for strategic decision-making. It is a continual process
that should be embedded in strategy setting and strategy execution.

There are seven basic steps for conducting a strategic risk assessment:

This map explain it

2- Business Risk Management (BRM)

Identifying Risks
If and when a risk becomes a reality, a well-prepared business can minimize the impact
on earnings, the lost time and productivity, and the negative impact on customers. For
startup businesses and established organizations, the ability to identify which risks pose a
threat to successful operations is a key component of strategic  business planning. Business
risks are identified using various methods, but each identifying strategy relies on a
comprehensive analysis of specific business activities that could present challenges to the
company. Under most  business models, organizations face preventable, strategic, and
external threats that can be managed through either acceptance, transfer, reduction, or
elimination.

Hazardous material risk  is present where spills or accidents are possible. The hazardous
materials most frequently spilled or released into the atmosphere of a workplace are:

 Acid
 Gas
 Toxic fumes
 Toxic dust or filings
 Poisonous liquids or waste
 Some risks have the potential to destroy a business or at least cause
serious damage that can be costly to repair.
 Organizations should identify which risks pose a threat to their operations.
 Potential threats include location hazards such as fires and storm
damage, alcohol and drug abuse among personnel, technology risks such
as power outages, and strategic risks such as investment in research and
development.
 A risk management consultant can recommend a strategy including staff
training, safety checks, equipment and space maintenance, and
necessary insurance policies.

3 - Market Risk
Market risk is the possibility of an investor experiencing  losses due to factors that affect
the overall performance of the  financial markets  in which he or she is involved. Market
risk, also called "systematic risk,"  cannot be eliminated through diversification, though it
can be hedged against in other ways. Sources of market risk include  recessions, political
turmoil, changes in interest rates, natural disasters and terrorist attacks. Systematic, or
market risk tends to influence the entire market at the same time.

This can be contrasted with  unsystematic risk, which is unique to a specific company or
industry. Also known as “nonsystematic risk,” "specific risk," "diversifiable risk" or "residual
risk," in the context of an investment portfolio, unsystematic risk can be reduced
through  diversification.

 Market risk, or systematic risk, affects the performance of the entire market
simultaneously.
 Because it affects the whole market, it is difficult to hedge as diversification will not
help.
  Market risk may involve changes to interest rates, exchange rates, geopolitical
events, or recessions.

Understanding Market Risk

Market (systematic) risk and  specific risk  (unsystematic) make up the two major
categories of investment risk.  The most common types of market risks include interest rate
risk, equity risk, currency risk and commodity risk.

Publicly traded companies in the United States are required by the Securities and
Exchange Commission (SEC) to disclose  how their productivity and results may be linked
to the performance of the financial markets. This requirement  is meant to detail a
company's exposure to financial risk. For example, a company providing derivative
investments or foreign exchange futures may be more exposed to financial risk than
companies that do not provide these types of investments. This information helps investors
and traders make decisions based on their own risk management rules.

In contrast  to market risk, specific risk or "unsystematic risk"  is tied directly to the
performance of a particular security and can be protected against through
investment  diversification. One example of unsystematic risk is a company declaring
bankruptcy, thereby making its stock worthless to investors

TYPES OF MARKET RISK

1- Interest rate risk  covers the volatility that may accompany  interest rate
fluctuations  due to fundamental factors, such as central bank announcements related to
changes in  monetary policy. This risk is most relevant to investments in fixed-income
securities, such as bonds. 

2- Equity risk is the risk involved in the changing prices of stock investments,
and  commodity risk  covers the changing prices of commodities  such as crude oil and
corn.

3- Currency risk, or exchange-rate risk, arises from the change in the price of one
currency in relation to another; investors or firms holding assets in another country are
subject to currency risk

4- credit risk
Credit risk refers to the probability of loss due to a borrower’s failure to make payments
on any type of debt. Credit risk management is the practice of mitigating losses by
understanding the adequacy of a bank’s capital and loan loss reserves at any given
time – a process that has long been a challenge for financial institutions.

Challenges to Successful Credit Risk Management

 Inefficient data management.  An inability to access the right data when it’s needed
causes problematic delays.
 No groupwide risk modeling framework.  Without it, banks can’t generate complex,
meaningful risk measures and get a big picture of groupwide risk.
 Constant rework.  Analysts can’t change model parameters easily, which results in too
much duplication of effort and negatively affects a bank’s efficiency ratio.
 Insufficient risk tools.  Without a robust risk solution, banks can’t identify portfolio
concentrations or re-grade portfolios often enough to effectively manage risk.
 Cumbersome reporting.  Manual, spreadsheet-based reporting processes overburden
analysts and IT.

Best Practices in Credit Risk Management

The first step in effective credit risk management is to gain a complete understanding of a
bank’s overall credit risk by viewing risk at the individual, customer and portfolio levels.

While banks strive for an integrated understanding of their risk profiles, much information
is often scattered among business units. Without a thorough risk assessment, banks have
no way of knowing if capital reserves accurately reflect risks or if loan loss reserves
adequately cover potential short-term credit losses. Vulnerable banks are targets for close
scrutiny by regulators and investors, as well as debilitating losses.

The key to reducing loan losses – and ensuring that capital reserves appropriately reflect
the risk profile – is to implement an integrated, quantitative credit risk solution. This
solution should get banks up and running quickly with simple portfolio measures. It
should also accommodate a path to more sophisticated credit risk management measures
as needs evolve. The solution should include:

 Better model management that spans the entire modeling life cycle.
 Real-time scoring and limits monitoring.
 Robust stress-testing capabilities.
 Data visualization capabilities and business intelligence tools that get important
information into the hands of those who need it, when they need it.

5- capital risk
Capital risk is the potential of loss of part or all of an investment. It applies to the whole
gamut of assets that are not subject to a guarantee of full return of original capital.
Investors face capital risk when they invest in stocks, non-government bonds, real estate,
commodities, and other alternative assets. Also, when a company invests in a project, it
exposes itself to risk that the project will not produce future returns to cover its capital
invested.

Breaking Down Capital Risk

Registration statements that the Securities and Exchange Commission (SEC) requires for
new securities have implicit or explicit language that prospective investors will assume
capital risk by buying the securities.. Firms with higher risk profiles - clinical-stage
biotechnology firms, for example — typically discuss at length the potential for an investor
to lose capital. When Avant filed its 10-K on June 13, 2017, the stock closed at $22.51 per
share. On the last trading day of 2017, the stock closed at $5.27. The explicit statement in
the 10-K that "the market price of our common shares has been and is likely to continue
to be highly volatile, and you may lose some or all of your investment" turned out to be
very prescient.

Capital risk is also top-of-mind for project planners of a company. Capital budgeters
analyze proposed investments in a project — a new product line or factory, for example —
by modeling projected cash flows against the capital requirements of the project. The
process of  risk analysis  will attempt to quantify capital risk by varying the model
assumptions. No rational company will undertake a capital project if the model shows an
unacceptable level of risk to capital invested. It should also be noted that a company may
not choose to proceed with a project even if the  NPV  is projected to be greater than zero.
For a firm to make an investment, its desired  hurdle rate  must be cleared.

6- Treasury and liquidity risk

Treasury Risk is the risk associated with the management of an enterprise's holdings –
ranging from money market instruments through to equities trading.
 Liquidity and Capital Risk is generally defined as the risk associated with an enterprise's
ability to convert an asset or security into cash to prevent a loss. Capital risk is generally
defined as an enterprise's access to cash at any given time and balancing this with its
efficient use.

TREASURY, LIQUIDITY – CAPITAL RISK MANAGEMENT: VALUE

 Improved product pricing through granular measurement of funding and liquidity

costs of individual transactions / products.

 Optimizing financial performance through a reduction in the cost of capital.

 Development of a clear strategic role for treasury, ensuring the mitigation of risk in
line with risk appetite through the strategic redesign of treasury policy and Ensuring
treasury policy and controls.

5  WAYS TO  MANAGE  RISK.

1_ Accept The  Risk. 

2_ Avoid The  Risk. 

3_ Transfer The  Risk. 

4_ Mitigate The  Risk.

5_ Exploit The  Risk.

1 .Accept The Risk:

Accepting the risk means that while you have identified it and logged it in your risk
management software, you take no action. You simply accept that it might happen and
decide to deal with it if it does.

This is a good strategy to use for very small risks – risks that won’t have much of an
impact on your project if they happen and could be easily dealt with if or when they arise.
It could take a lot of time to put together an alternative risk management strategy or take
action to deal with the risk, so it’s often a better use of your resources to do nothing for
small risks.

2. Avoid The Risk:

You can also change your plans completely to avoid the risk. avoid risk This is a good
strategy for when a risk has a potentially large impact on your project. For example, if
January is when your company Finance team is busy doing the corporate accounts,
putting them all through a training course in January to learn a new process isn’t going to
be a great idea. There’s a risk that the accounts wouldn’t get done. It’s more likely, though,
that there’s a big risk to their ability to use the new process, since they will all be too busy
in January to attend the training or to take it in even if they do go along to the workshops.
Instead, it would be better to avoid January for training completely. Change the project
plan and schedule the training for February when the bulk of the accounting work is over.

3. Transfer The Risk:

Transference is a risk management strategy that isn’t used very often and tends to be
more common in projects where there are several parties. Essentially, you transfer the
impact and management of the risk to someone else. For example, if you have a third
party contracted to write your software code, you could transfer the risk that there will be
errors in the code over to them. They will then be responsible for managing this risk,
perhaps through additional training.
Normally transference arrangements are written up into project contracts. Insurance is
another good example. If you are transporting equipment as part of your project and the
van is in an accident, the insurance company will be liable for providing new equipment
to replace any that was damaged. The project team acknowledges that the accident might
happen, but they won’t be responsible for dealing with sourcing replacement kit, moving it
to the right location or paying for it as that is now the responsibility of the insurance
company.
4. Mitigate The Risk
Mitigating against a risk is probably the most commonly mitigation of risk used risk
management technique. It’s also the easiest to understand and the easiest to implement.
What mitigation means is that you limit the impact of a risk, so that if it does occur, the
problem it creates is smaller and easier to fix.

For example, if you are launching a new washing machine and the Sales team then have
to demonstrate it to customers, there is a risk that the Sales team don’t understand the
product and can’t give good demonstrations. As a result, they will make fewer sales and
there will be less revenue for the company.

A mitigation strategy for this situation would be to provide good training to the Sales
team. There could still be a chance that some team members don’t understand the
product, or they miss the training session, or they just aren’t experts in washing machines
and never will be, but the impact of the risk will be far reduced as the majority of the team
will be able to demonstrate the new machine effectively.

You can mitigate against the impact, like in this example, and you can also mitigate
against the likelihood of it happening. Sometimes the actions will be broadly the same;
sometimes you’ll have to have some tasks to reduce the chance that the risk happens and
some separate tasks to make the impact of the risk smaller if it happens.

5. Exploit The Risk:

Acceptance, avoidance, transference and mitigation are great to use when the risk has a
negative impact on the project. But what if the risk has a positive impact?

For example, the risk that the new washing machines are so popular that we don’t have
enough Sales staff to do the demonstrations? That’s a positive risk – something that would
have a benefit to the project and the company if it happened. In those cases, we want to
maximize the chance that the risk happens, not stop it from happening or transfer the
benefit to someone else!

Exploitation is the risk management strategy to use in these situations. Look for ways to
make the risk happen or for ways to increase the impact if it does. We could train a few
junior Sales admin people to also give washing machine demonstrations and do lots of
extra marketing, so that the chance that there is lots of interest in the new machine is
increased, and there are people to do the demos if needed.