1.

create value - resources spent to mitigate risk should be

less than the consequence of inaction, i.e., the benefits
should exceed the costs
2. address uncertainty and assumptions
3. be an integral part of the organizational processes and
decision-making
4. be dynamic, iterative, transparent, tailorable, and
responsive to change
5. create capability of continual improvement and
enhancement considering the best available information
and human factors
6. be systematic, structured and continually or periodically
reassessed
PROCESS OF RISK
MANAGEMENT
1. Establishing the Context. This
will involve

2. Identification of potential risks. Risk identification

can start with the analysis of the source of problem or
with the analysis of the problem itself. Common risk
identifiention methods are:

3. Risk assessment. Once risks have been identified,

their potential severity of impact and the probability of
occurrence must be assessed. The assessment
process is critical to make the best educated decisions
in prioritizing the implementation of the risk
management plan.
ELEMENTS OF
RISK
MANAGEMENT
For the most part, the performance of assessment
methods should consist of the following elements:
1. identification, characterization, and assessment of
threats
2. assessment of the vulnerability of critical assets to
specific threats
3. determination of the risk (ic. the expected likelihood
and consequences of specific types of attacks on
specific assets)
4. identification of ways to reduce those risks
5. prioritization of risk reduction measures based on a
strategy
RELEVANT RISK
TERMINOLOGIES
BUSINESS RISK

Business risk refers to the uncertainty about the rate of

return caused by the nature of the business. The most
frequently discussed causes of business risk are
uncertainty about the firm's sales and operating
expenses. Clearly, the firm's sales are not guaranteed
and will fluctuate as the economy fluctuates or the
nature of the industry changes. A firm's income is also
related to its operating expenses. If all operating
expenses are variable, then sales volatility will be
passed directly to operating income.
DEFAULT RISK

Default risk is related to the probability that some or all of

the initial investment will not be returned. The degree of
default risk is closely related to the financial condition of
the company issuing the security and the security's rank
in claims on assets in the event of default or bankruptcy.
FINANCIAL RISK

The firm's capital structure or sources of financing

determine financial risk. If the firm is all equity financed,
then any variability in operating income is passed directly
to net income on an equal percentage basis. If the firm is
partially financed by debt that requires fixed interest
payments or by preferred share that requires fixed
preferred dividend payments, then these fixed charges
introduce financial leverage.
INTEREST RATE RISK

Because money has time value, fluctuations in interest

rates will cause the value of an investment to fluctuate
also. Although interest rate risk is most commonly
associated with bond price movements, rising interest
rates cause bond prices to decline and declining
interest rates cause bond prices to rise.
LIQUIDITY RISK

Liquidity risk is associated with the uncertainty created

by the inability to sell the investment quickly for cash. An
investor assumes that the investment can be sold at the
expected price when future consumption is planned. As
the investor considers the sale of the investment, he or
she faces two uncertainties: (I) What price will be
received? (2) How long will it take to sell the asset?
MANAGEMENT RISK

Decisions made by a firm's management and board of

directors materially affect the risk faced by investors.
Areas affected by these decisions range from product
innovation and production methods (business risk) and
financing (financial risk) to acquisitions. For example,
acquisition or acquisition-defense decisions made by the
management of such firms materially affected the risk of
the holders of their companies' securities.
PURCHASING POWER RISK

Purchasing power risk is perhaps, more difficult to

recognize than the other types of risk. It is easy to
observe the decline in the price of a stock or bond, but it
is often more difficult to recognize that the purchasing
power of the return you have earned on an investment
has declined (risen) as a result of inflation (deflation):
 Risks Associated
With Manufacturing,
Trading And Service
Concerns
Risks Associated
With Financial
Institution
POTENTIAL
RISK
TREATMENT
RISK Avoidance
RISK Reduction
RISK Sharing
RISK Retention
AREAS OF RISK
MANAGEMENT
The most commonly encountered areas of risk
management include

1. Enterprise risk management

2. Risk management activities as applied to project
management
3. Risk management for megaprojects
4. Risk management of information technology
5. Risk management techniques in petroleum and
natural gas
SEC Requirement Relative to Enterprise Risk Manngement of Publiely-
Listed Corporation
SEC Code of Governance Recommendations 2.11 and corresponding
explanation provide the following
"The Board should oversee that a sound enterprise risk management
(ERM) framework is in place to effectively identily, monitor, assess and
manage key business risks. The risk management framework should guide
the Board in identifying units/business lines and enterprise-level risk
exposures, as well as the effectiveness of risk management strategies.
Risk management policy is part and parcel of a corporation's corporate
strategy.
The Board is responsible for defining the company's level of risk tolerance
and providing oversight over its risk management policies and procedures."
Principle 12 which deals with strengthening the Internal Control System and
Enterprise Risk Management Framework states that
"To ensure the integrity, transparency and proper govemance in the conduct
of its affairs, the company should have a strong and effective internal
control system and enterprise risk management framework."
RISK MANAGEMENT FRAMEWORK

The Board should oversee that a sound enterprise risk

management (ERM) framework is in place to
effectively identify, monitor, assess and manage key
business risks. The risk management framework
should guide the Board in identifying units/business
lines and enterprise-level risk exposures, as well as
the effectiveness of risk management strategies.
STEPS IN THE RISK
MANAGEMENT
PROCESS
1. Set up a separate risk management committee
chaired by a board
member.
2. Ensure that a formal comprehensive risk
management system is in place.
3. Assess whether the formal system possesses the
necessary elements.
The key elements that the company-wide risk
management
4. Evaluate the effectiveness of the various steps in the
assessment of the comprehensive risks faced by the
business firm.
5. Assess if management has developed and
implemented the suitable risk management strategies
and evaluate their effectiveness.
6. Evaluate if management has designed and
implemented risk management capabilities.
7. Assess management's efforts to monitor overall
company risk management performance and to improve
continuously the firm's capabilities.
8. See to it that best practices as well as mistakes are
shared by all. • This involves regular communication of
results and feedbacks to all concerned.
9. Assess regularly the level of sophistication of the
firm's risk management system.
10. Hire experts when needed.