RISK MANAGEMENT

Expected £earning Outcomes

After studying the chapter, you should be able to...

1. Define risk management.

2. Explain briefly the basic principles pf risk management.

3. Describe the elements of risk management.

4. Define the relevant risk terminologies.

. .
5. Describe the potential treatments or approaches in managing
risks.

6. Explain the areas of risk management.

7. Describe the steps in the risk management process.

8. Familiarize yourself with the SEC requirements in dealing with

enterprise-wide risk management.
 CHAPTER 11

RISK MANAGEMENT

INTRODUCTION
e •11ta1ne 54 w i thout the organization
Effective corporate governance cannot I b nt is recognize« d as one
:. sk manageme
mastering the art of risk management. Ad nc Is!
,erd of directors of modern
of the most important competencies ceded by ""_,,, ~mess firms.
organization, large as well as small and medium sZ° d because of the fast-
The levels of risk faced by business firms have increa,~ technology and
growing sophistication of organization, globalization, mo"",,~~ee with legal
iaet of corporate scandals. » anon ierefore "o.""""",""[itdge or risk
requirements, top management should consider adequa!
management.

RISK MANAGEMENT DEFINED

Risk management is the process of measuring or assessing risk and developing

strategies to manage it. Risk management is a systematic approach in identifying,
analyzing and controlling areas or events with a potential for causing unwanted
change. Risk management is the act or practice of controlling risk. It includes
risk planning, assessing risk areas, developing risk handling options, monitoring
risks to determine how risks have changed and documenting overall risk
management program.
,
As defined in the International Organization of Standardization (ISO 31000),
Risk Management is the identification, assessment, and prioritization· of risks
I followed by coordinated and economical application of resources to minimize,
monitor and control the probability and/or impact of unfortunate events and to
maximize the realization of opportunities.

It is through risk management that risks to any specific program are assessed and
systematically managed to reduce risk to an acceptable level. Risk.
. . . • " is s can com e
firom uncertainty in fifinancial I market,
k project failures, legal liabilitic -:q
;+ risl.s,
. . · ' res, creit
accidents,
• natural causes
. and disasters
. as well as deliberate attack
c ferom
4 a 'versary
or events of uncertain or unpredictable root-cause.
 Risk Management 165

BASIC PRINCIPLES OF RISK MANAGEMENT

The International Organization of Standardization (ISO) identifies the basic

principles of risk management.

Risk management should:

I. create value -resources spent to mitigate risk should be less than the
consequence of inaction, i.e., the benefits should exceed the costs
2. address uncertainty and assumptions
3. be an integral part of the organizational processes and decision-making
4. be dynamic, iterative, transparent, tailorable, and responsive to change
5. create capability of continual improvement and enhancement considering
the best available information and human factors
6. be systematic, structured and continually or periodically reassessed

PROCESS OF RISK MANAGEMENT

According to the Standard ISO 31000 "Risk management Principles and

Guidelines on Implementation, "the process of risk management consists of
several steps as follows:

1. Establishing the Context. This will involve

a. Identification of risk in a selected domain of interest
b. Planning the remainder of the process.
c. Mapping out the following:
I. the social scope of risk management
II. the identity and objectives of stakeholders
iii. the basis upon which risks will be evaluated, constraints.
d. Defining· a framework for the activity and an agenda for
identification.
e. Developing an analysis of risks involved in the process.
f. Mitigation or Solution of risks using available technological, human
and organizational resources. .
 lo6
'
Chapter 11
1,4
- -identification can start with the
-. 14 i(
Identification
i.
6] risks, [el
of potential Kisk ten IC" ,
. of' , the ''-" " ' the
source of problem or with he «II analysis of the problem
analysis
itself, Common risk identification methods are:
a. Objective-based risk
b. Scenario-based risk
e. Taxanomy-based risk
d, Common-risk checking
e. Risk charting

3. Risk assessment. Once risks have been identified, their potential severity
of impact and the probability of occurrence must be assessed. The
assessment process is critical to make the best educated decisions in
prioritizing the implementation of the risk management plan.

ELEMENTS OF RISK MANAGEMENT

In practice, the process of assessing overall risks can be difficult, and balancing
resources to mitigate between risks with a high probability of occurrence but
lower loss versus a risk with high loss but lower probability of occurrence can
often be mishandled. Ideal risk management should minimize spending of
manpower or other resources and at the same time minimizing the negative effect
of risks.

For the most part, the performance of assessment methods should consist of the
following elements:
I. identification, characterization, and assessment of threats
2. assessment of the vulnerability of critical assets to specific threats
3, determination of the risk (i.e. the expected likelihood and consequences
of specific types of attacks on specific assets) ·
4. identification of ways to reduce those risks
5. prioritization of risk reduction measures based on a strategy
 Risk Management 167

RELEVANT RISK TERMINOLOGIES

I. Risks Associated With Investments

Although· a single riskk premium

:. must compensate the :investor for all the
uncertainty associated with the investment, numerous factors may
contribute to investment uncertainty. The factors usually considered with
respect to investments are
· • business risk
• financial risk
• liquidity risk
• default risk
• interest rate risk
• management risk
• purchasing power risk.
.
BUSINESS RISK

Business risk refers to the uncertainty about the rate'of return caused by
the nature of the business. The most frequently discussed causes of
business risk are uncertainty about the firm's sales and operating
expenses. Clearly, the firm's sales are not guaranteed and will fluctuate
as the economy fluctuates or the nature of the industry changes. A firm's
income is also related to its operating expenses. If all operating expenses
are variable, then sales volatility will be passed directly to operating
income. Most firms, however, have some fixed operating expenses (for
example, depreciation, rent, salaries). These fixed expenses cause the
operating income to be more volatile than sales. Business risk is related
to sales volatility as well as to the operating leverage of the firm caused
by fixed operating expenses.

DEFAULT RISK

Default risk is related to the probability that some or all of the initial
investment will not be returned. The degree of default risk is closely
related to the financial condition of the company issuing the security and
the security's rank in claims on assets in the event of default or
if a bankruptcy occurs, creditors, including
k Uptcy. For example,
b anru . th J° f rdi .
bondholders have a claim on assets prior to the claim of ordinary equity
shareholders.
168 Chapter 1H

FINANCIAL RISK
financing determine financial
Of
The firm's capital structure or sources variability in operating
risk. If the firm is all equity financed, then " j percentage basis. IF
income is· passed directly to net mcome on a� _eq� ed interest payments
the firm is partially financed by debt that re9""""";'wend payment
or by preferred share that requires fixed preferret I ..
Tl mis s,
. fi ial leverage. 1 Ieverage
then these fixed charges introduce manct . ,
:.
causes net income to vary more than operating ti ng income. The introduction
:. leverage causes the fifirm's'e lent ders and its
of financial
le
•
stocl 3khold
ol lers to

view their income streams as having additional uncertainty. As a result of

financial leverage, both investment groups would increase the risk
premiums that they require for investing in the firm.

·INTEREST RATE RISK

Because money has time value, fluctuations in interest rates will cause
the value of an investment to fluctuate also. Although interest rate risk is
most commonly associated with bond price movements, rising interest
rates cause bond prices to decline and declining interest rates cause bond
prices to rise. Movements in interest rates affect almost all investment
alternatives. For example, as a change in interest rates will impact the
discount rate used to estimate the present value of future cash dividends
from ordinary shares. This change in the discount rate will materially
ilnpact the analyst's,estimate of the value of a share of ordinary share:

LIQUIDITY RISK

Liquidity risk is associated with the uncertainty created by the inability

to sell the investment quickly for cash. An investor assumes that the
investment can be sold at the expected price when future consumption is
planned. As the investor considers the sale of the investment, he or she
faces two uncertainties: (I) What price will be received? (2) How long
will it take to. sell the asset? An example of an illiquid :
t asset±ti<s a h rouse 1n
a market with:... an abundance of homes relative to the e number be o1 £.~;hy
potent1a
buyers. This investment may not sell for sever] «,
. . . ra mont s or even years.
Of course,
. if the price is reduced sufficiently, the
, erea ,t estate wij[ sel, 3j] u t
the investor must make a selling price cc . . th
transaction to occur. :oncession in order for the
•

Risk Management 169

ln contrast, a government Treasury bill can be sold almost immediately

with very little concession on selling price. Such an investment can be
converted to cash almost at will and for a price very close to the price the
Investor expected.

The liquidity risk for ordinary equity shares is more complex. Because
they are traded on organized and active markets, ordinary equity shares
can be sold quickly. Some ordinary equity shares, however, have greater
liquidity risk than others due to a thin market. A thin market occurs when
there are relatively few shares outstanding and investor trading interest is
limited. The thin market results in a large price spread (the difference
between the bid price buyers are willing to pay and the ask price sellers
are willing to accept). A large spread increases the cost of trading to the
investor and thus represents liquidity risk. Investors considering the
purchase of illiquid investments ones that have no ready market or
require price concessions -will demand a rate of return that
compensates for the liquidity risk.

MANAGEMENT RISK

Decisions made by a firm's management and board of directors

materially affect the risk faced by investors. Areas affected by these
decisions range from product innovation and production methods
(business risk) and financing (financial risk) to acquisitions. For
example, acquisition or acquisition-defense decisions made by the
management of such firms materially affected the risk of the holders of
their companies' securities.

PURCHASING POWER RISK

Purchasing power risk is perhaps, more difficult to recognize than the

other types of risk. It is easy to observe the decline in the price of a stock
or bond, but it is often more difficult to. recognize that the purchasing
power of the return you have earned on an investment has declined
(risen) as a result.of inflation (deflation). It is important to remember that
an investor expects to be compensated for forgoing consumption today.
If an individual is invested in peso-denominated assets such as bonds,
Treasury bills, or savings accounts during the period of inflaion, t the real
or inflation adjusted rate of return will be less than the nominal or stated
rate of return. Thus, inflation erodes the purchasing power of the peso
and increases investor risk.
170 Chapter 1I

II. Risks Associated With Manufacturing, Trading And Service Concerns

. A. Market Risk

• Product Risk
o Complexity
o Obsolescence
o Research and Development
o Packaging
o Delivery of Warranties

• Competitor Risk
o Pricing Strategy
o Market Share
o Market Strategy

8. Operations Risk
• Process Stoppage
• Health and Safety
• After Sales Service Failure
• Environmental
• Technological Obsolescence.
• Integrity .
o Management Fraud
o Employee Fraud
o Illegal Acts

C. Financial Risk
• Interest Rates Volatility
• Foreign Currency
• Liquidity
• Derivative
• Viability
 Risk Management 17f
D Business Risk
• Regulatory Change
• Reputation
• Political
• Regulatory and Legal
• Shareholder Relations
• Credit Rating
• Capital Availability
• Business Interruptions
III. Risks Associated with Financial Institutions

Financial Non-Financial
• Liquidity Risk • Operational Risk
• Market Risk 0 Systems
0 Currency • Information
Processinq
0 Equity • Technoloav
0 Commodity 0 Customer satisfaction
• Credit Risk 0 Human Resources
0 Counterparty 0 Fraud and illeaal acts
0 Tradinq 0 Bankruptcy
0 Commercial • Regulatory Risk
• Loans 0 Capital Adequacy
• Guarantees 0 Compliance
Market Liquidity Risk Taxation
• 0
Chanainq laws and policies
0 Currencv Rates 0

0 Interest Rates • Environment Risk

0 Bond and Eauitv Prices
Hedged Positions Risk
• 0
• Portfolio Exposure Risk
• Derivative Risk
• Accounting Information Risk
Comoleteness
0
0 Accuracy
• Financial Reporting Risk
Adequacy
0
0 Comoleteness
0 Politics
0 Natural disasters
War
0 Terrorism
• Integrity Risk
0 Reputation
• Leadershio Risk
0 Turnover
0 Succession
172 Chapter 1H
- •
POTENTIAL RISK TREATMENTS
:. been identified and assessed,
ISi.) 31000 :1ISl' �11ggcs1s 1h:11 once nsl-.s hn_,e 1 -�1
ese techniques can fall into
techniques to manage the risks should be applied. '
one or more of these four categories:
• Avoidance
• Reduction
• Sharing
• Retention

Risk Avoidance
. :.includes performing
This hat coui ld carry
.: .:. that
:. an activity a
risk. An example • would
••
be not buying a property or business in order not to take on the legal liability
that comes with it. Avoiding risks, however, also means losing out on the
potential gain that accepting (retaining) the risk may have allowed. Not
entering a business to avoid the risk of loss also avoids the possibility of
earning profits.

Risk Reduction

Risk reduction or optimization involves reducing the severity of the loss or

the likelihood of the loss from occurring. Optimizing risks means finding a
balance between the negative'risk and the benefit of the operation or activity;
and between risk reduction and effort applied. Outsourcing could be an
example of risk reduction if the outsourcer can demonstrate higher capability
of managing or reducing risks.

Risk Sharing

Risk sharing means sharing with another party the burden of loss or the
benefit of gain, from a risk, and the measures to reduce a risk.

Risk Retention

Risk retention involves accepting the loss or benefit of gain from a risk when
it occurs. Self insurance falls in this category. All risks that are not avoided
are transferred or. retained
.
by .default.
.
Also, any amounts. 1a loss
of po teen til
I t d
over the amount mnsurex is retained risk. This is acceptable if the chance of a
very large loss is small or if the cost to insure for greater coverage involves a
substantial amount that could hinder the goals of the organization.
 Risk Management 173

AREAS OF RISK MANAGEMENT

As applied to corporate finance, risk management is the technique for measuring,

monitoring and controlling the financial or operational risk on a firm's balance
sheet.

The Basel II framework breaks risks into market risk (price risk), credit risk and
operational risk and also specifies methods for calculating capital requirements
for each of these components. · ·

The most commonly encountered areas of risk management include

1. Enterprise risk management

2. Risk management activities as applied to project management
3. Risk management for megaprojects
4. Risk management of information technology
5. Risk management techniques in petroleum and natural gas
.
A simplified framework for an Enterprise-wide Risk Management Process
.

follows:
Risk Management System Top Management's
Involvement

Oversight Activitre
· an6jives, rojss an
osine
goals
'- responsibilities, common language, and -I ssrmianager&nip6icy, 7j
!
establish uontext, set limits
[

musk Manageman?"_a...
oversight structure "

Step1;Assess Risks:
ldentit. source_measure
k
j
L....:and tolerance, etc.

Ensure that process

; captures all business risks
.--
j
j
·

,---· -··· ...

Step 2z; Develop/Design Ensure that all available
Action Plens: tools and methodologies
Reduce, avoid, retain, transfer,
-.eplot!_---
t --- L
are used
------·
Review effe�tiveness of 1
Stop 3; Implement Action Plans I C
1plans_Chegcapapilites_
_j

oview and ovaiu

Step_4: Monitor and report risk 1+--i,', · regu8a
1 [0r
, e 1 mpaont1Seon
c \
management performance PR[!

]
_..it..
@i 5; Continuousiy improve risk
ioP ,management capabilities
••
tor improvement__..±
174 Chapter 1H -----------
; 1t4 Management of Publicly-
SEC Requirement Relative to Enterprise Risk
Listed Corporation
:. dcorresponding explanation
SEC Code of Governance Recommendations2. ] an ? •

provide the following

"The Board should oversee that a sound enterprise risk management (EM
de lilyy, , monitor, assess ant manage «ey
framework is in place to effectively iidentit d ide the Board in
business riks.
s The risk management framework shoul gu sjf; :th
identifying units/business lines and enterprise-level risk exposures, as wel as e
effectiveness of risk management strategies.
Risk management policy is part and parcel of a corporation's corporate strategy.
The Board is responsible for defining the company's level of risk tolerance and
'providing oversight over its risk management policies and procedures.

Principle 12 which deals with strengthening the Internal Control System and
Enterprise Risk Management Framework states-that

"To ensure the integrity, transparency and proper governance in the conduct of
its affairs, the company should have a strong and· effective internal control
system and enterprise risk management framework." '

RISK MANAGEMENT FRAMEWORK

The Board should oversee that a sound enterprise risk management (ERM)
framework is in place to effectively identify, monitor, assess and manage key
business risks. The risk management framework should guide the Board in
identifying units/business lines and enterprise-level risk exposures, as well as the
effectiveness of risk management strategies.

Subject to a corporation's size, risk profile and complexity of operations, the

Board should establish a separate Board Risk Oversight Committee (BROC) that
should be responsible for the oversight of a company's Enterprise Risk
Management system to ensure its functionality and effectiveness. The BRO€
should be composed of at least thr~e members, the majority of whom should be
independent directors, including the Chairman. The Chairman should not be the
Chairman of the Board or of any other committee. At least one member of the
committee must have relevant thorough knowledge and experi 'sk a nd
· ence on risl
risk management.
 Risk Management 175

Subject to its size, risk profile and complexity of operations, the company should
have a separate risk management function to identify, assess and monitor key risk
exposures.

STEPS IN THE RISK MANAGEMENT PROCESS

To enhance management's competence in their oversight role on risk

management the following steps may be followed:

I. Set up a separate risk management committee chaired by a board

member.
• Creation of a risk management committee as board level will
demonstrate the firm's commitment to adopt an integrated
company-wide risk management system

2. Ensure that a formal comprehensive risk management system is in place.

• This fully documented formal system· will provide a clear vision
of the board's desire for an effective company-wide risk
management as well as awareness of. the risks, internal and
external, that the company faces.

3. Assess whether the formal system possesses the necessary elements.

e The key elements that the company-wide risk management
system should possess are
a) goals and objectives
b) risk language identification
c) organization structure and
d) the risk management process documentation.

• The risk organizational structure should include formal charters,

levels of authorization reporting lines and job description.

• The risk management process shall include the following steps:

a) Assessment risks: Identification; Determination of their
source,
b) Development actions plans: Reduce, avoid, retain, transfer or
exploit
c) Implementation of action plans
d) Monitoring and reporting risk management performance.
e) Continuous improvement risk management capabilities.

,
 176 Chapter 1]

4. Evaluate the effectiveness of the various· teps in the assessment of the

ste
comprehensive risks faced by the business firm.
• Risk. assessment step which . 1 ·inclu
I des risks identification and
determination of their sources and measurement, represents the
: for the rest ot fth
foundation the procedur dures. This step is performed
».

.
by responsible managers, i.e., : finance
I officers, ' production
managers marketing managers and human resource managers.
• This process culminates in the presentation of the risk profile or
risk map to the board of directors.

5. Assess if management has developed and implemented the suitable risk

management strategies and evaluate their effectiveness. ·
• The risk profile highlights all the significant possible risks
identified, prioritized and measured by the risk management
system.
• Strategies are developed to manage and resolve these identified
risks. These will include the process,· people, management
feedback methodologies and systems.
• Strategies may include avoidance, reduction, transfer,
exploitation and retention of risks.

6. Evaluate if management has designed and implemented risk management

capabi lities.

• Directors must continue to monitor and assess if management

has been implementing designed risk management capabilities.
• Risk management capabilities include processes, people, reports,
methodologies and technologies needed. These components
should be complete, and aligned for the risk management
structure to function effectively.

7. Assess management's efforts to monitor overall company risk

management performance and to improve continuously the firm's
capabilities.

• Risk management performance must be monitored on a

continuing basis and organization must be ready to innovate their
approaches to be in line with the changing lines.
,
 Risk Management 177

• Monitoring is done by all concerned parties such as senior

managers, process owners and risk owners.
• An independent reviewer can also be appointed to validate
results.

8. See to it that best practices as well as mistakes are shared by all. • This
involves regular communication of results and feedbacks to all
concerned.

• These should be an open communication channel to ensure that

all risk management participant particularly senior management,
are informed of risk incidents or threat of risk incident. This will
go a long way towards attaining the company's risk management
vision.

9. Assess regularly the level of sophistication of the firm's risk management

system.

I 0. Hire experts when needed.

 4bJlltj

178 Chapter 1H

REVIEW QUESTIONS

Questions

1. What is "Risk Management"?

2. What is the basic approach in managing risks?

3. How does ISO 31000 define "Risk Management"?

4. What are the basic principles of risk management?

5. Enumerate the steps in the 1SO 31000 risk management process?

6. What are the elements of the risk management process?

7. What are the key elements that the company-wide risk management
system should possess?

Multiple Choice Questions

1. The risk that refers to uncertainty about the rate of return caused by the
nature of the business is
a. Default risk c. Liquidity risk
b. Business risk d. Financial risk

2. The risk associated with the uncertainty created by the inability to turn
investment quickly for cash
a. Interest rate risk
b. Business risk
c. Liquidity risk
d. Default risk

3. The risk that the real rate of return wi II be lesser than the nominal or
stated rate of return due to inflation is referred to as
a. Purchasing power risk
b. Liquidity risk
c. Default risk
d. Business risk
 Risk Management 179

4· Operations risk is manifested in all of the following except

a. Interest rates volatility
b. Process stoppage
c. Technological obsolescence
d. Management fraud

5. Financial risks associated with Financial Institvtion include the following

except
a. Liquidity risks
b. Credit risks
c. Market liquidity risks
d. Environment risk

6. Non-financial risks associated with Financial Institutions include the

following except
a. Derivative risk
b. Integrity risk
c. Leadership risk
d. Regulatory risk

7. ISO 3 I 000 suggests that once risks have been identified and assessed,
techniques to manage the risks should be applied. These techniques
include the following except
a. Retention
b. Sharing
c. Reduction
d. Complete disregard

8. The technique of eliminating or reducing risk which could mean losing

out on the potential gain is called
a. Risk sharing'
b. Risk retention
c. Risk avoidance
d. Risk reduction

involves accepting the loss or benefit of gain from a risk

9. -----
when it occurs.
a. Risk avoidance
b. Risk reduction
c. Risk sharing
d. Risk retention
lake
PRACTICAL GUIDELINES
IN REDUCING AND
MANAGING BUSINESS
RISKS

Expected Learning Outcomes

After studying the chapter, you should be able to ...

1. Know the basic approach in reducing enterprise-wide risks

involving

• Understanding the nature of risk

• Identifying and prioritizing risks '

• Considering the acceptable level of risk

• Understanding why risks become reality

• Applying a simple risk management process

2. Understand how to apply the analytical process in managing

risks in a business enterprise.

3. Understand how to apply the basic approach in managing

financial risk.

I
4
 CHAPTER 12
PRACTICAL GUIDELINES IN REDUCING AND
MANAGING BUSINESS RISKS

Practical
. Guidelines
·. . in M lanaging
.: an d Reducing
. Enterprise-wide
:. sk ·h
jd Riasl mnneren t'mn
business activity is best achieved by applying the principles and techniques
appropriate to the situation.

UNDERSTAND THE NATURE OF RISK

The willingness and readiness to take personal and financial risks is a defining
characteristic of the entrepreneurial decision-maker. In late 90's, a study
commissioned by an internationally-known accounting firm found that while in
continental Europe strategies focus on avoiding and hedging risk, Anglo-
American companies view risk as an opportunity and accept risk management as
necessary to achieving their goals. In 2017, this relative attitude to risk among
European and US companies remains broadly the same, the result of long-
standing cultural experiences and history as well as recent events.

Successful businessmen and decision-makers make sure that the risks resulting
from their decisions are measured, understood and as far as possible eliminated.
They also go beyond the direct financial perspective and actively manage risk as
it affects the whole organization.

Accepting that risks exist is a starting point for the other actions needed, but the
most important is to create the right climate for risk management. People need to
understand why control systems are needed; this requires communication and
leadership skills so that standards and expectation are set and clearly understood.

IDENTIFY AND PRIORITIZE RISKS

Identification of significant risks both within and outside the organization is

il and allows to make informed decisions. This ·'hmakes
crucial
it easier to avoid
f :
ry surprises. Examples of sig111;fie,cant ris s might e t e I oss o a maJor
· s k s t be th
unnecessal - [; the F :. ;
customer, the failure of a key supplier or the appearance of a significant
competitor.
 182 Chapter 12

Consider the human factor into account. People behave· differently and
inconsistently when making decisions involving risk. They may be exuberant or
diffident, overconfident or overly concerned. They may simply overlook the
issue of risk.

Risk surrounds and continues to be with us. A former British prime minister once
said: "To be alive at all involves some risk." When identifying risks it helps to
define the categories into which they fall. This allows for a more structured
analysis and reduces the chances of a risk being overlooked. Some of the most
common areas of risk affecting business are shown in Table 12.1.

Table 12.1: Typical Areas of Organizational Risk

Financial Commercial Strateaic Technical Operational

Accounting Loss of key Marketing, Failure of plant Product or
decisions and personnel and pricing and or equipment design failure,
practices tacit knowledge market entry including failure
decisions to maintain
suDDlv
Treasury risks Failure to comply Market changes Accidental or Client failure
with legal affecting negligent actions
regulations or commercial . (such as fire,
codes of practice decisions (due to pollution, floods)
customers
and/or
competitors) '
Fraud Contract Political or - Breakdown in
conditions regulatory labour relations
developments
Robustness of Poor brand Resource- - Corporate
information management or building and malpractice
management handling of a resource
systems (such as sex
crisis allocation
discrimination)
decisions
Inefficient cash Market changes - -
manaaement Political change

Inadequate - - -
insurance -
 Practical Guidelines in Reducing and Managing Business Risks 183

CONSIDER THE ACCEPTABLE LEVEL OF RISK

As earlier mentioned, the usual first step is to determine the nature and extent of
the risks the business will accept. This involves assessing the likelihood of risks
becoming reality and the effect they would have if they did. Only when this is
understood can measures be taken to minimize the incidence and impact of such
risks.

There is also an opportunity cost associated with risk: avoiding a risk may mean
avoiding a potentially big opportunity. People can be too cautious and risk averse
even though they are often at their best when facing the pressure of risk deciding
to take a more audacious approach. Sometimes the greatest risk is to do nothing.

UNDERSTAND WHY RISKS BECOME REALITY

Once risks are identified they can be ranked according to their potential impact
and the likelihood of them occurring. This helps to highlight not only where
things might go wrong and what their impact would be, but also how, why and
where these catalysts might be triggered. The five most significant types of risk
catalyst are as follows:

• Technology. New hardware, software or system configurations can

trigger risks, as can new demands on existing information systems and
technology. In early 2010, Metro Manila Development Authority Chair
introduced a congestion change for traffic using the centre of the city; the
· greatest threat to the scheme's success (and his tenure as chair) was posed
by the use of new technology. It worked and the scheme was widely seen
as a success.

• Organizational change. Risks are triggered by, for example, new

management structures or reporting lines, new strategies and commercial
agreements (including mergers, agency or distribution agreements).

• Processes. New products, markets and acquisitions all cause change and
can trigger risks. The disastrous launch of "New Coke" by Coca-Cola
was an even bigger risk than anyone at the company had realized; it
outraged Americans who felt angry that an iconic US product was being
changed. That Coca-Cola eventually turned the situation to its advantage
shows that risk can be managed and controlled, but such success is rare.
184 Chapter 12

• People. Hiring new employees, losing key people, poor succession

planning, or weak people management can all create dislocation, but the
main danger is behavior: everything from laziness to fraud, exhaustion
and simple human error can trigger this risk.

• External factors. Changes to regulation and political, economic or social

developments can all affect strategic decisions by bringing to the surface
risks that may have lain hidden. The economic disruption caused by the
sudden spread of the SARS epidemic from China to the rest of Asia in
2003 highlights this risk.

APPLY A SIMPLE RISK MANAGEMENT PROCESS

·
The stages of managing the enterprise-wide risk inherent in decisions are simple.

• First, assess and analyze the risks resulting' from a decision by

systematically identifying and quantifying them.
• Second, consider how best to avoid or mitigate them.
• Third, in parallel with the· second stage, take action to manage control
and monitor the risks.

A. Risk Assessment and Analysis

It is more difficult to assess the risks inherent in a business decision than

to identify them. Risks·that lead to frequent losses, such as an increasing
incidence of employee-related problems or difficulties with suppliers,
can often be solved using past experience. Unusual or infrequent losses
are harder to quantify. Risks with little likelihood of occurring in the next
in the next five years are not important to a company focused on meeting
shareholders' shorter-term expectations. Thus, it is sensible to quantify
the potential consequences of identified risks and then define courses of
action to remove or mitigate them.

Each category of risk can be mapped in terms of both likely frequency

and potential impact, with the potential consequences being ranked on a
scale ranging from inconvenient to catastrophic (see Figure 12.1).
,
 Practical Guidelines in Reducing andManaging Business Risks 185

B. Risk Management and Control

Risk should be actively managed, and given a high priority across the
whole organization. Risk management procedures and techniques should
be well documented, clearly communicated, regularly reviewed and
monitored. To successfully manage risks, you have to know what they
are, what factors affect them and their potential impact.

If you plot the ability to control a risk against its potential impact, as·
shown in Figure 12.1, you can decide on actions either to exercise greater
control over the risk or to mitigate its potential impact. Risks falling into
the top-right quadrant require urgent action, but those in the bottom-right
quadrant (total/significant control, major/critical impact) should not be
ignored because complacency, mistakes and a lack of control can turn the
risk into a reality.

Table 12.1: Assessing and Mapping Risk

4 No control
u
E
l
0
cc Weak control
h
z
0
u
Significant control
9
r
-
a
<
Total control

Minor Significant Major Critical

POTENTIAL IMPACT

Once the inherent risks in a decision are understood, the priority is to

exercise control. All employees must be aware that unnecessary risk-
taking is unacceptable. They should understand what the risks are, where
they lie and their role in controlling them. To achieve this, share
information, prepare and communicate clear guidelines, and establish
control procedures and risk measurement systems.
186 Chapter 12

Avoiding and Mitigating Risks

Start by reducing or eliminating those rs?

non-trading risks. These can be thought of as d e
~ t
k that result only in costs: the
fixed costs of risk and
tual liabilities and
might include property damage risks, legal an con" " "
jjeved through
business interruption risks. Reducing these risks can e al _'
. . tal control processes, enrorcmng
quality assurance programs, environment .
'. : . Ali
health and safety regulations, installing ace :cident prevention and
.
:. ."ltc se it, and taking security
emergency equipment and training people to use '»
· · b
measures to prevent crime, sabotage, ·
espionagge and
%,
threats to people
• •

and systems. Reducing a risk may also mean that the cost of insuring
against it goes down.

Risks can be reduced or mitigated by sharing them. For example,

acceptable service agreements from vendors are essential to reducing
risk. Joint ventures, licensing. and agency agreements can also be used to
mitigate risk. To reduce the chances of things-going wrong, focus on the
quality of what people do - doing.the right things right reduces risks and
costs.

Risk management relies on accurate, timely information. Management

information systems should provide details of the likely areas of risk, and
the information needed to control the risks. This information must reach
the right people at the right time so that they can investigate and take
corrective action.

Create a Positive Climate for Managing Risk

Recognizing the need to manage. risk is not enough. The ethos of an

organization should recognize and reward behavior that manages risk.
This requires a commitment by senior managers and the resources
(including training) to match. Too often, control systems are seen only as
an additional overhead and not as something that can add value by
ensuring the effective use of assets, the avoidance of waste and the
success of key decisions.
 Practical Guidelines in Reducing and Managing Business Risks 187

Overcoming the Fear of Risk

Everyone accepts that taking risks is needed to keep ahead of the

competition. Consequently, employees need to understand better what
the real risks are, to share responsibility for the risks being taken and to
see risk as an opportunity, not a threat. Understanding how organizations
manage risk effectively is important, but managing risk is only one
possible strategy. Another approach is to look for ways to use the risk to
achieve success by adding value or outstripping competitors - or both. To
do this, organizations need to stop taking the fun out of risk by
controlling it in ways that are perceived as bureaucratic and stifling. Risk
is both desirable and necessary. It provides opportunities to learn and
develop and compels people to improve and effectively meet. the
challenge of change.

C. Controlling and Monitoring Enterprise-Wide Risk

The following questions when answered truthfully and positively will

assist managers in deciding how to manage the risks that confront the
business enterprise.

Where are the greatest areas of risk relating to the most significant
strategic decisions?
0 What level of risk is acceptable for the company to bear?
0 What are the potentially disclosing events that could inflict the
greatest damage on your organization?
0 What are the risks inherent in the organization's strategic
decisions, and what is the organization's ability to reduce their
incidence and impact on the business?
0 What is the overall level of exposure to risk? Has this been
assessed and is it being actively monitored?

0 What are the costs and benefits of operating effective risk

management controls?
0 What review procedures are in place to monitor risks?
inherent in strategic decisions (such as acquiring a
0 A re tl,e risks d. k
business, developing a new product or entering a new market)
new 3»
d?
adequately understooc :
 188 Chapter 12

o At what level in the organization are the risks understood and

actively managed? Do people fully realize the potential
consequences of their actions, and are they equipped to understand,
avoid, control or mitigate risk?
o To what extent would be company be exposed if key staff left'?
o If there have been major developments (such as a new
management structure or reporting arrangements), are the new
responsibilities understood and accepted'?
o Are management information systems keeping pace with
demands? Are there persistent black spots -- priority areas where
the system needs to be improved or overhauled?
o Do employees resent risk, or are they encouraged to view certain
risks as opportunities?

PRACTICAL CONSIDERATIONS IN MANAGING AND REDUCING

FINANCIAL RISK

Finance is the lifeblood of a business, heavily influencing strategies and

decisions at every level.

Many managers find it difficult to get to grips with financial issues and. as the
2008 global financial crisis revealed, many lost touch with basic financial ground
rules.

Profitability, cash flow, long-term shareholder value and risk all need to' be
considered when setting and reviewing strategy. This section provides practical
guidance about financial decisions and explains how to:

• improve profitability;
• avoid pitfalls in making financial decisions;
• reduce financial risk.

• Improving Profitability

Entrepreneurial flair and financial rigour are as much about attitude as

skill. Nonetheless, certain skills will ensure that decisions are focused on
commercial success.
 Practical Guidelines in Reducing and Managing Business Risks 189

A. Variance Analysis

Interpreting the differences between actual and planned performance is

crucial. Variance analysis
l :. is
:. used to monitor
. and manage the th lt o f
results
past decisions, assess the current situation and highlight solutions.

Common causes of variances include inefficiency, poor or flawed

planning (for example, relying on, historically inaccurate information),
poor communication, interdependence between departments and random
factors. Every business should use variance analysis but in a practical
and pragmatic and cost-effective way.

B. Assessment of Market Entry and Exit Barriers

How easy or difficult it is to either enter or leave a market is crucial in

strategic decision-making. Entry barriers include the need to compete
with · businesses that enjoy economies of scale, or established
. -
differentiated products.

Other barriers include capital requirements, access to distribution

channels, factors independent of scale (such as technology or location)
and regulatory requirements. When markets are difficult or costly for
competitors to enter and relatively easy and affordable to leave, firms can
achieve high, stable returns, while still being able to leave for other
opportunities. Consider where the barriers to entry lie for your market
sector, how vulnerable you are to new entrants, and whether you can
strengthen and entrench your market position.

C. Break-even Analysis

The break-even point is when sales cover costs, where neither a profit
nor a Joss is made. It is calculated by dividing the costs of the project by
the gross profit at specific dates, making sure to allow for overhead costs.
Break-even analysis (cost-volume-profit or CVP analysis) is used to
decide whether to continue developing a product, alter the price, provide
or adjust a discount, or change suppliers to reduce costs. It is also helps
in managing the sales mix, cost structure and production capacity, as
well as in forecasting and budgeting.
190 Chapter 12

D. Controlling Costs

To control costs:
:. · costs into
o Focus on the big items of expenaudinre. Categories
ure. . . ,
major or peripheral items. Often, undue emphasis is given to the
80% of activities accounting for 20% of costs.
o Be cost aware. Casualness is the enemy of cost control. While
focusing on major items of expenditure it may also be possible to
cut the cost of peripheral items. Costs ean be reduced over the
medium to long term by managers' attitudes to cost control and
the effects of expenses on cash flow.
o Maintain a balance between costs and quality. Getting the best
value means achieving a balance between the price paid and the
quality received.
o g for dynamic financial management. Budget early so
Use budets
financial requirements are known as soon as possible. Consider
the best time-period for the budget -normally a year but it
depends on the type of business. Some larger firms have moved
to rolling budgets, getting managers to forecast the next 18
months every quarter. Budgets provide a starting point for cash
flow forecasts and revenues. and they also play an essential role
in monitoring costs and revenues.
o Develop a positive attitude to budgeting. People need to
understand, accept and use the budget, feeling a sense of
ownership and responsibility for developing, monitoring and
control I ing it.
o Eliminate waste. For decades, leading Japanese companies have
directed much of their cost-management efforts towards waste
elimination. They achieve this by using techniques such as
process analysis, mapping and re-engineering.
 Practical Guidelines in Reducing and Managing Business Risks 191

Praetical Techniques to Improve Profitability

Some practical techniques to improve profitability:

• Focus decision-making on the most profitable areas. Concentrating on

products and services with the best margin will protect or enhance
profitability. This might involve redirecting sales and advertising
activities.
• Decide how to treat the least profitable products. These often drift, with
dwindling profitability. Turn around a poor performer (by reducing costs,
raising prices, altering discounts or changing the product) or abandon it
to prevent drain on resources and reputation. The shelf-life and appeal of
product must be considered when deciding to continue or discontinue it.
• Make sure new products enhance overall profitability. New product
development often focuses on market need or the production process,
with insufficient regard to cost, price, sales volume and overall
profitability, which are inextricably linked.

• Manage development and production decisions. The amount spent on

research, as well as the priorities and methods used, affect profitability.
Too little expenditure may increase costs in the long term.

• Set the buying policy. For example, should there be a small number of
preferred suppliers or a bidding system among a wider number of
potential suppliers? Also, consider techniques for controlling delivery
charges, monitoring exchange rates, improving quality control, reducing
inventory and improving production lead times.

• Consider how to create greater value from existing customers and

products to enhance profitability. Ask: .
- How can customer loyalty (and repeat purchasing) be enhanced?
How can the sales proposition be made more competitive relative to
the opposition? · • · .
How can existing markets, sales channels, products, brand reputation
and other resources be adapted to exploit new markets and new
opportunities?
How can sales expenses be reduced? _. .
How can effectiveness of marketing activities be increased'?
._, . how to increase profitability by managing people. Successful
• Consaer fit ibilit Pe l d ·:
leadership is prerequisite for profit"; " "?"
rewaradmng
"""; "?P,"ovate
be
em airy or their work,
rt , d , and this implies
and supporie
 192 Chapter 12
;di lear sense of direction, and
training and developing them, provii8 , ,e individual.
focusing on the needs of the team, the task an
There are many techniques for assessing the likely profitability of an
investment. One of the most used is to apply discounted cash flows in
evaluating capital investment programs.

• Avoiding Pitfalls

Many managers have financial responsibilities and their decisions will often be
influenced by or have an impact on other parts of the business. The following
principles will help avoid flawed financial decision-making.

Financial expertise must be widely available

Every manager needs to understand why successful financial management

increases profits people need to own their part of the financial control process, to
have the information and expertise needed to routinely make the best financial
decisions.

Consider the impact offinancial decisions

Do not ignore or underestimate the wider impact of finance issues upon other
departments and decisions.

Avoid weak budgetary control

Budgets are an active tool to help make financial decisions, not merely a way to
measure performance. · y y

Understand the impact of cash flow

Non-financial managers often ignore cash flows and the ti

•
·11 Id b e aware of the importance
E veryone shoul e ime va A ue of money.
. of cash to the :. .
e organization.
Know where the risk lies

Identifying risks and how to reduce them is ·a

decision-making. For example, managers need 10 �ruc,a lo successful financial
even point is, but also how and when it will be ea,,","only where the break-
 Practical Guidelines in Reducing and Managing Bue.us st 1

• Reduce Financial Risk Positive Replies to the following Oestinr w»n!

assist Top Management to Manage Financial Risk

• Are the most effective and relevant performance measures is a!co '
monitor and assess the effectiveness of financial

• Have you analyzed key business ratios recently? How use'nl r: o:

performance indicators? What are the main issues? Are on : «er»
the right things?

• Is there a positive attitude to budgets and budgeting'?

• Does decision-making focus on the most profitable prdcts +

services, or is it preoccupied with peripheral issues?

• What are the least profitable parts of the organizations I iii th

improved?

• Are market and customer decisions focused on improving profitabi''

Too often, attention if given to non-financial objectives, st
increasing market share, without adequately considering the franc;
risks and alternatives.

• How efficiently is cash managed? Do your strategic business decisi.

take account of cash considerations, such as the time value of money
194 Chapter 12

REVIEW QUESTIONS

Questions

I. Explain the difference in attitude to risk between European and US

Companies.

2. What is the advantage of defining the categories into which risks fall?

3. Explain how the following types of risk catalyst might trigger risk
a. Technology
b. Organizational charge
c. Processes
d. People
e. External factors
., .
4. The typical areas of financial .risk includes the following except
a. Poor brand management
b. Treasury risks
c. Accounting decisions and practices
d. Fraud

S. What are the stages in managing the enterprise wide risk?

6. What factors should be considered when setting and reviewing financial

strategy?

7. What are some of the financial tools that can be applied 111 making
strategic financial decision affecting profitability?

8. Enumerate and explain at least (7) practical technique to Improve

profitability.