Scribd Logo
Upload

Welcome to Scribd!

  • Risk and Risk Management

    Uploaded by

    Shayne Esmero
    37 views4 pages

    Original Title

    RISK AND RISK MANAGEMENT

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    37 views4 pages

    Risk and Risk Management

    Uploaded by

    Shayne Esmero

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    RISK AND RISK MANAGEMENT

    What is Risk? (evolution: totally negative, may be negative, could be positive/negative)


     Italian word, “rischiare” which means to run into danger
     Anything that negatively impact the entity’s ability to meet its business objectives
     Possibility that events will (or will not) occur and affect the achievement of strategy and
    business objectives
     Exists whenever future outcome or event cannot be predicted with certainty, and a range
    of different possible outcomes (ranges from most negative to most positive) or events
    might occur
     There must be a degree of uncertainty and the outcome must matter
     “Objectives define your risk”
     From business perspective, taking advantage of opportunities (profit maximization)

    International Organization for Standardization (ISO)


    - effect of uncertainty on objectives, and an effect is a positive or negative deviation from
    what is expected
    - traditional risk definitions combine a potential event with probablity and severity
    - risk is GOAL SPECIFIC while others are EVENT SPECIFIC

    Institute of Internal Auditors


    - possibility of an event occuring that will have an impact on the achievement of
    objectives
    - measured in terms of impact and likelihood

    Institute of Risk Management


    - combination of the probability of an event and its consequences (positive or negative)

    Categories of Risk
    1. Pure Risk
    - also called as “Downside Risk”
    - there is a possibility that an adverse event will occur; events might meet what is
    expected, might turn out worse than expected, but cannot be better than expected

    2. Speculative Risk
    - “Two-way risk”
    - actual future event or outcome might be better or worse than expected

    Companies face both pure and speculative risks.


     Pure risk can often be controlled either by means of internal controls or by
    insurance. Also called “internal contol risks or operational risks”.
     Speculative risks cannot be avoided because they must be taken to make profits.
    Higher risk should be justified with higher profits but such is not always true.
    Hence, decide the acceptable level of speculative risk. Also called “business risk
    or strategic risk or enterprise risk”.
    Categories of Business Risk
     Market risk – risk from changes in the market price of key items, such as the price of
    key commodities. Market prices can go up or down, and a company can benefit from a
    fall in raw material prices or incur a loss from a rise in prices.
     Credit Risk – risk of losses from bad debts or delays by customers in the settlement of
    their debts. All companies that give credit to customers are exposed to credit risk. The
    size of the credit risk depends on the amount of receivables owed to the company, and the
    credit quality of the customers.
     Liquidity Risk – risk that the company will be unable to make payments to settle
    liabilities when payment is due. It can occur when a company has no money in the bank,
    is unable to borrow more money quickly, and has no asstes that it van sell quickly in the
    market to obtain cash. Companies can be profitable but still at risk from a liquidity
    shortage.
     Technological Risk – risk that could arise from changes in technology. When a major
    technological change occurs, companies might have to make a decision about whether or
    not adopts the new technology.
     Legal Risk – includes regulatory risk; risk of losses arising from failure to comply with
    laws and regulations, and also the risk of losses from legal actions and lawsuits.
     Health, safety, and environmental Risk – H&S are risks to the healthy and safety of
    employees, customers, and general public. E risks are risks of losses arising, in the short-
    or long-term, from damage to the environment- such as pollution or destruction of non-
    renewable raw materials.
     Reputation Risk – risk that a company’s reputation with the general public (and
    customers), or the reputation of its product brand will suffer damage. Damage to
    reputation can arise in many different ways: incidents that damage reputation are often
    reported by the media.
     Business Probity Risk – risk of losses from a failure to act in an honest way; probity
    means honesty and integrity

    Risk Management
     Committee of Sponsoring Organizations of the Treadway Commission (COSO) – a
    process, applied in strategy setting1 across the enterprise, designed to: identify potential
    events that may affect the entity, and manage risks2 within its risk appetite3, to provide
    reasonable assurance regarding the achievement of the entity’s objectives4.
     1It is a corporate governance issue
     2Risk management process: identify, assess, respond, monitor; aims to create, preserve,
    and realize value
    a) Risk Identification – company needs to understand what risks it faces, both in its
    environment and markets (strategic risks) and internally (operational risks); aided
    by creation of risk committee (managers from several departments/functions)
    Assessment of their importance in order to: (i) rank the risks in order of
    significance; (ii)identify the risks which are most significant; (iii) identify the
    significant risks where control measures are urgently needed

    b) Risk Assessment/Profiling/Mapping – consider the likelihood that losses will


    occur as a consequence of the risk, and the size of amount of the loss when this
    happens; may be measured quantitatively or qualitatively; an ongoing process
    High I & Low P – consider control measures
    High I & High P – immediate action to control risk
    Low I & Low P – review periodically
    Low I & High P – consider control action

    c) Risk Response
    d) Monitor the risk – to determine if the response was sufficient to contol the risk

     3
    Risk appetite – amount of risk that an org is willing to accept in pursuit of value
    Risk capacity – amount of risk that you can take

     4
    Objectives – (i) efficiency and effectiveness of operations; (ii) compliance with laws
    and regulations; (iii) reliability in financial reporting

    Essentials of Risk Management


    1. Language – establish a common understanding
    2. Process
    3. Ratings – quantitative or qualitative and their definitions
    4. Response

    Risk Response
    1. Risk diversification – purpose is to spread the risk
     Management must have the skills and experience to manage the portfolio of
    different business activities
     Unrelated business activities are more risky and less appropriate
     Not wise and nor are the risks reduced significantly by diversifying into activities
    with similar risks
    2. Risk transfer/Risk sharing – involves collaborating with another person and sharing the
    risks jointly; common methods are partnerships and joint ventures
    3. Hedging – creating a position (making a transaction) that offsets an exposure to another
    risk
    4. TARA Framework (Transfer, Avoid, Reduce, Accept) or S for Share
    High I & Low P – TRANSFER/SHARE: REDUCE
    People based preventive
    High I & High P – AVOID
    System based preventive
    Low I & Low P – ACCEPT
    People based detective
    Low I & High P – TRANSFER/SHARE: REDUCE
    System based detective

    Risk based approach


     An approach to decision-making based on a detailed evaluation of risks and exposures,
    and policy guidelines on the level of risk that is acceptable (risk appetite)
     Because resources are scarce
     Some risk must be accepted but risk exposures should be kept within acceptable limits

    Enterprise Risk Management Frameworks


     COSO ERM Framework – Mission, Vision, & Core Values; Strategy Development;
    Business Objective Formulation; Implementation & Performance; Enhanced Value

    1. Governance & Culture


    2. Strategy & Objective-Setting
    3. Performance – Risk management falls under here
    4. Review & Revision
    5. Information, Communication & Reporting

     ISO 31000 framework – highlights importance of risk management

    The Board should oversee that a sound enterprise risk management framework is in place to
    effectively identify, monitor, and manage key business risks. (SEC Code of Corporate
    Governance)

    COSO is sponsored jointly by five major professional associations headquartered in the United
    States:
    a.the American Accounting Association (AAA),
    b.the American Institute of Certified Public Accountants (AICPA),
    c.Financial Executives International (FEI),
    d.The Institute of Internal Auditors (IIA), and
    e. the National Association of Accountants (now the Institute of Management Accountants
    [IMA])

    You might also like