risk as a by-product of setting objectives, whether for profit or not for profit.

the effect of uncertainty on objectives.

measured in terms of impact and likelihood.
deviation from expectations. It can be positive or negative.

risk is merely a possibility that

harm will occur. What causes harm is hazard.

uncertainty risk or not knowing the potential outcomes and the probability of these outcomes.
Genuine uncertainty where the potential outcomes and their probabilities are unknown.

Classification of risk:

1. Effect
o Fundamental risks
 are those that affect society in general. It is beyond the control of any one
o Particular risks
 are risks over which an individual may have some measure of control.
o Speculative risks
 are those from which either good or harm may result.
o Pure risks
 are those whose only possible outcome is harmful
2. controllability
o Controllable (unsystematic)
o Uncontrollable (systematic)
3. Correlation (measured by the correlation coefficient.)
o positive correlation
 the risks will increase or decrease together.
o negative correlation
 one risk will increase as the other decreases and vice versa.
4. Impact
o Financial Risk
 has some direct financial impact on the entity is treated as financial risk.
o Non-Financial Risks
 do not usually have direct and immediate financial impact on the business. may
have a significant financial impact if left uncontrolled.
5. Drivers
o Operational risks
 relate to matters that can go wrong on a day-to-day basis while the organization
is carrying out its business.
o Strategic risk
 is the potential volatility of profits caused by the nature and type of the business
strategies.
Impact of risk to:

Shareholders – may sell shares or replace directors

 Risk Averse – can tolerate risks up to a point where they receive an acceptable return
 Risk- seeking - enjoy investing in risk ventures
 Risk neutral – focus on maximizing return notwithstanding the level of risk

Creditor – can deny credit, charge higher interest, file actions in court, ask for collateral

Employees – pursue own goals

Customers – concerned on getting the vale from the goods/ services they expect

suppliers – risk of unprofitable sales

Wider community – risk of the company not acting as a good corporate citizen

RISKS FACED BY ORGANIZATIONS:

BUSINES RISK - risk associated in doing business. borne by both the firm's equity holders and providers
of debt,

FINANCIAL RISK – Risk associated with the effect of company’s capital structure or the mix of equity and
debt capital. borne entirely by equity holders.

o Shorter-term
 liquidity risk
 credit risk
o longer-term risks
 gearing
 currency
 interest rate risks

MARKET RISK - speculative risk. hardly controllable.

PRODUCT RISK - include risks of financial loss due to producing a poor-quality product.

LEGAL RISK – risk associated with changes in legislation

POLITICAL RISK – risk associated with political actions that affect the position and value of an
organization

TECHNOLOGICAL RISKS – risk of failure of system caused due to tampering of data access to critical
information, non-availability of data and lack of controls.

 Strategic and operational technological risks - may force a new system for strategic
reasons but is impractical for operational purposes.
ENVIRONMENTAL RISK - potential liability of the company arising out of the environmental effects of
the company’s operation,

PROBITY RISK - risk of unethical behavior by one or more participants in a particular process.

Reputation risk - arises from the negative public opinion. strongly correlated to other risks.

Fraud risk - perpetrated through the abuse of systems, controls, procedures and working practices.

RISK MANAGEMENT

a process to identify, assess, manage, and control potential events or situations to provide
reasonable assurance regarding the achievement of the organization’s objectives.

Commonly used standards:

COSO 2017 Enterprise Risk Management – Integrating with Strategy and Performance

 Governance and Culture:

 Strategy and Objective-Setting:
 Performance:
 Review and Revision:
 Information, Communication, and Reporting:

COSO 2004 Enterprise Risk Management – Integrated FrameworK

cube-shaped three-dimensional matrix.

 Vertical (categories of objective):

o Strategic
o Operations
o Reporting
o Compliance
 Third dimension (entity and its units):
o Entity level
o Division
o Business unit
o Subsidiary
 Horizontal rows (eight components)
o Internal environment,
o Objective setting
o Event identification
o Risk assessment
o Risk response
o Control activities
o Information and communication
o Monitoring
ISO 31000:2018 – Risk Management Principles and Guidelines

o Principles.
 Integrated.
 Structured and comprehensive.
 Customized.
 Inclusive.
 Dynamic.
 Best available information.
 Human and cultural factors.
 Continual improvement.
o Framework.
 Leadership and commitment.
 Integration.
 Design.
 Implementation.
 Evaluation
 Improvement.
 Adapting.
 Continually improving.
o Process.
 Scope, context and criteria.
 Communication and consultation.
 Risk assessment.
 risk identification,
 risk analysis,
 risk evaluation,
 Risk treatment.
 Monitoring and review.
 Recording and reporting.

A Risk Management Standard – IRM/Alarm/AIRMIC 2002

–developed in 2002 by the UK’s 3 main risk organizations.

Institute of Risk Management (IRM),

The Association of Insurance and Risk Manager (AIRMIC)
The Public Risk Management Association (Alarm)

 Risk Assessment
o Risk identification
o risk description
o Risk estimation
 Risk Evaluation
  Risk Reporting. (internal & external)
 Risk treatment

The Turnbull Guidance - Internal Control Guidance 1999 in UK

 A focus on significant risks.

 Emphasis on risk management.
 Ongoing, continuous monitoring of risk and control.
 Engaging all employees.
 Streamlining risk management databases.