Professional Documents
Culture Documents
本书版权归Arcler所有
Comprehensive Guide to
Business Risk Management
本书版权归Arcler所有
本书版权归Arcler所有
COMPREHENSIVE GUIDE TO
BUSINESS RISK MANAGEMENT
Jonah C. Pardillo
Publishing
www.societypublishing.com
本书版权归Arcler所有
Comprehensive Guide to Business Risk Management
Jonah C. Pardillo
Society Publishing
224 Shoreacres Road
Burlington, ON L7L 2H2
Canada
www.societypublishing.com
Email: orders@arclereducation.com
This book contains information obtained from highly regarded resources. Reprinted material
sources are indicated and copyright remains with the original owners. Copyright for images and
other graphics remains with the original owners as indicated. A Wide variety of references are
listed. Reasonable efforts have been made to publish reliable data. Authors or Editors or Publish-
ers are not responsible for the accuracy of the information in the published chapters or conse-
quences of their use. The publisher assumes no responsibility for any damage or grievance to the
persons or property arising out of the use of any materials, instructions, methods or thoughts in
the book. The authors or editors and the publisher have attempted to trace the copyright holders
of all material reproduced in this publication and apologize to copyright holders if permission has
not been obtained. If any copyright holder has not been acknowledged, please write to us so we
may rectify.
Notice: Registered trademark of products or corporate names are used only for explanation and
identification without intent of infringement.
Society Publishing publishes wide variety of books and eBooks. For more information about
Society Publishing and its products, visit our website at www.societypublishing.com.
本书版权归Arcler所有
ABOUT THE AUTHOR
Jonah C. Pardillo received her degree for Masters in Business Administration from
University of the East, Philippines. Her bachelor was also earned from University of
the East. Currently, she is affiliated at University of Mansford, California, USA. She
has professorial experience and teaches several business courses in undergrad from Far
Eastern University, Technological Institute of the Philippines, Manila Business College,
Global Reciprocal College. Further, she was also a Content developer for undergrad
and graduate business subjects. Aside from academic experience, she also manages her
own business.
本书版权归Arcler所有
本书版权归Arcler所有
TABLE OF CONTENTS
本书版权归Arcler所有
Chapter 3 Integrated Risk Management ................................................................... 61
3.1. Introduction ...................................................................................... 62
3.2. Techniques ........................................................................................ 63
3.3. Operational Risk ............................................................................... 64
3.4. Foreign Exchange.............................................................................. 65
3.5. Analysis ............................................................................................ 67
3.6. Classification .................................................................................... 68
3.7. Risk Elements.................................................................................... 68
3.8. Structure ........................................................................................... 70
3.9. Information ....................................................................................... 74
3.10. Problems ........................................................................................ 81
3.11. Cash Flow....................................................................................... 84
viii
本书版权归Arcler所有
5.7. FMEA.............................................................................................. 125
5.8. Model ............................................................................................. 129
5.9. Quality ........................................................................................... 131
ix
本书版权归Arcler所有
8.6. Assessment ..................................................................................... 192
8.7. Activities ......................................................................................... 197
8.8. Processes ........................................................................................ 199
本书版权归Arcler所有
LIST OF FIGURES
本书版权归Arcler所有
Figure 2.14. Risk criteria
Figure 3.1. Integrated risk management
Figure 3.2. Price fluctuations
Figure 3.3. Foreign exchange fluctuations
Figure 3.4. Risk elements
Figure 3.5. Alternative risk transfer
Figure 3.6. Finite risk insurance
Figure 3.7. Future cash flows
Figure 4.1. Political and societal unpredictability
Figure 4.2. Investment banks
Figure 4.3. UK Institute of Actuaries and Institute of Civil Engineers
Figure 4.4. British TSR2 supersonic fighter project
Figure 4.5. Federal Aviation Authority
Figure 4.6. Risk analysis and management of projects system
Figure 4.7. Munich plane accident
Figure 5.1. Katrina
Figure 5.2. Piracy
Figure 5.3. Failure modes and effects analysis
Figure 6.1. Corporate governance
Figure 6.2. Money laundering
Figure 6.3. IPR
Figure 6.4. London maritime arbitrators association
Figure 6.5. EHS crisis management
Figure 7.1. Supply chain risk management
Figure 7.2. Silk road
Figure 7.3. Outsourcing
Figure 7.4. Vendor-managed inventory
Figure 7.5. Bullwhip effect
Figure 7.6. Monte Carlo simulation
Figure 8.1. Sustainable business and risk management
Figure 8.2. Cause-and-effect analysis
Figure 8.3. Pareto analysis
xii
本书版权归Arcler所有
LIST OF ABBREVIATIONS
本书版权归Arcler所有
本书版权归Arcler所有
INTRODUCTION
Any financial institution must handle a wide range of risks, including market, credit,
liquidity, event, and operational risks. Senior management in large institutions around
the world is changing how they see their future as a result of five important forces: new
technology, globalization, non-bank competition, deregulation, and the opening up of
formerly closed markets. Risk is constantly increased by cross-border business, and the
trend toward globalization among the clients means that they must follow the trend,
go worldwide, and deal with a continually expanding range of risks. Profits are always
under pressure due to increased competition, at least in the short term. This pressure is
partially a result of liberalization. In order to sustain bottom lines, compromises and
risks might be made.
In fact, no single technology can do all the necessary recovery tasks. Certain technologies
can provide the foundational elements, for there is no one-size-fits-all answer for a
company continuity plan. Companies are expanding and depend on technology to
function; hence, recovering those processes requires technology. However, you still must
have a well-thought-out plan for handling unanticipated circumstances or downtime.
Many of the current systems in use today in most organizations cannot be used as an
addition to the business continuity plan. Servers continue to be heavily dependent on
aging, outdated recovery strategies, and backup procedures that won’t match corporate
needs requirements. Consequently, a thorough and validated business continuity plan
is required. More than ever, and given the increased reliance on IT systems, potentially
much greater than ever before. Planning for business continuity is much more crucial as
a result of this dependency. The more dependent a business is on IT, the more essential
it is to have not just a very strong not only strong continuity plan, but also a strong and
resilient IT infrastructure.
Organizations increasingly understand that they cannot have one without the other.
There are now a lot more tools available to assist boost the resilience and redundancy
of systems, and using those approaches as a backup plan is now more practical than
aspects that are active in the business continuity plan. However, in the actual world,
choices are typically made to satisfy specific needs.
本书版权归Arcler所有
本书版权归Arcler所有
PREFACE
Businesses are changing into more effective and dynamic entities as a result of increased
competition. These companies will need to be robust to unforeseen and potentially
catastrophic occurrences, be able to respond swiftly to external factors and increase
their variable-to-fixed cost ratio. For a large part of this, it’s important to have a solid
grasp of risk, how to analyze and manage it, and finally, how to use this information
to your benefit. Understanding and weighing the effects of not fulfilling service level
agreements for a while, however, is one thing; setting a lower level of fixed resources in
response is quite another. The specification of a system or process to be resilient to both
internal and external variables is also simple.
Organizations must meet rising corporate governance standards with respect to ethical
and social responsibility while also delivering on higher stakeholder expectations in
this more uncertain business climate. For instance, legislation to widen the scope of
regulations surrounding the management of bribery risk and the avoidance of modern
slavery has been introduced in numerous nations. Given all of these developments, it
is highly appropriate to emphasize the value of enterprise risk management (ERM) to
corporate performance. All organizations still view effective ERM as a commercial
necessity, which includes protecting corporate reputation. A successful ERM program
improves an organization’s capacity to meet goals and guarantee sustainability through
transparency and moral behavior. Everyday hazards are something we all deal with.
Personal activities have risks, which might include those related to travel as well as
those related to financial decisions.
This book focuses on the responsibilities we play in our jobs or occupations, as well as
business and commercial risks. However, assessing risks and making decisions about
how to handle them is a daily process that must be completed not only at work but
also at home and when engaging in leisure activities. We live in a period of immediate
communication, media attention, and growing tendencies in global management. As
a result, it’s crucial to have precise technology and tools as well as greater business
understanding and commercial awareness. Due diligence, corporate governance, and
risk management are concepts that must be acknowledged as integral parts of larger
company challenges when traditional barriers and lines between responsibilities are
being broken down. This book serves as a handbook for business risk management for
graduates and research students.
本书版权归Arcler所有
本书版权归Arcler所有
CHAPTER 1
INTRODUCTION TO BUSINESS RISK
MANAGEMENT
CONTENTS
1.1. Introduction ........................................................................................ 2
1.2. Risk .................................................................................................... 3
1.3. Business.............................................................................................. 5
1.4. Sustainability ...................................................................................... 7
1.5. Methods ........................................................................................... 12
1.6. Framework........................................................................................ 17
1.7. Public Relations ................................................................................ 27
本书版权归Arcler所有
2 Comprehensive Guide to Business Risk Management
1.1. INTRODUCTION
A number of interconnected social, cultural, environmental, and economic
aspects have been incorporated into the sustainable development framework
over the past 10 years. Our ability to generate economic growth and wealth
from the finite resources this planet has to offer will be impacted by the
increasing severity of breakdowns in our life support systems that have
followed the rise in ecological stressors (Nyoman Pujawan & Geraldin,
2009). As local habitats are harmed, these pressures will have an impact on
the level of social development we can attain. Without economic income,
social capital development and ecological capital preservation would not be
supported by capital revenues. Identifying, measuring, and assessing risks
while formulating management plans is the process of risk management.
Moving the risk to a third party, avoiding the risk, lessening the risk’s negative
effects, and accepting some or all of the consequences are all strategies.
As detrimental to company interests as a lack of controls is excessive risk
management. The target of risk management is to actively manage hazards
in a commercial setting, not necessarily to eliminate or reduce them. This
could indicate that certain risks are being overcontrolled and that extra
expenses are being incurred (Nocco & Stulz, 2006) (Figure 1.1).
Source: https://profiletree.com/wp-content/uploads/2018/07/What-is-risk-man-
agement-process.jpg.webp.
本书版权归Arcler所有
Introduction to Business Risk Management 3
1.2. RISK
All risk management strategies fall into one of four broad categories once
risks have been identified and evaluated. Some methods of risk management
can be divided into several groups: Risk transfer refers to getting a third
party to take on the risk, usually through a contract or financial hedging;
Avoiding risk is avoiding engaging in potentially dangerous activities. An
illustration would be to refrain from purchasing a home or company in order
to avoid the obligation that comes with it. Risk reduction (mitigation) refers
to strategies that lessen the severity of the loss. Risk acceptance (retention)
entails accepting the loss when it occurs. This type of insurance includes true
self-insurance. For minute risks where the cost of insurance would outweigh
the overall losses incurred over time, risk retention is a practical strategy.
Traditional risk management prioritizes threats with physical or legal origins
(natural disasters, fires, accidents, death, and lawsuits). Contrarily, financial
risk management concentrates on hazards that can be controlled through the
use of traded financial instruments.
Financial as well as regulatory and compliance concerns, are all included
in a sustainable ERM system (Figure 1.2), but they are organized around
the three pillars of sustainable development (Schanfield & Miller, 2005).
However, it places more emphasis on analyzing the risks that threaten
intangible assets like reputation and includes a wider range of external risk
variables. Compared to more conventional approaches, the risk reward
assessments and strategic risks analyzes have a wider scope and time frame.
These more recent factors may nevertheless have an impact on your business
operations directly or indirectly, and we can illustrate the risk levels by
using a nonfinancial risk rating system, the SERM risk rating system, as a
model of typical loss experiences (Mainelli, 2004). The SERM model will
provide a quantitative assessment of effects on businesses that are pertinent
to their financial performance or, more precisely, their market worth. While
most organizations have a basic level of risk management capability to meet
regulatory requirements, investing in risk management processes that are
in line with business goals and strategy is advantageous for performance.
An assessment of the risks identifies the threats to the organization and the
advantages of controlling the risk environment in accordance with corporate
goals. The opportunity cost on risk management would be better spent on
more profitable activities, and this is where resource allocation becomes
challenging. Once more, effective risk management maximizes the reduction
of risks’ negative impacts while minimizing expense. Risk appetite refers to
the sum that a company is ready to achieve its goals. An organization can
本书版权归Arcler所有
4 Comprehensive Guide to Business Risk Management
create a strategy that is suitable for it by defining the type and level of risk
that is acceptable. A corporation that adopts a high-risk strategy but has a
poor taste for risk might anticipate a difficult period. In reality, different
areas of the organization will have varying risk appetites (Figure 1.3).
Source: https://cengssud.org/wp-content/uploads/2018/12/serm-1170x500.jpg.
Source: https://cdn.ttgtmedia.com/rms/onlineimages/risk_appetite_vs_risk_
tolerance-f_mobile.png.
本书版权归Arcler所有
Introduction to Business Risk Management 5
1.3. BUSINESS
For instance, a pharmaceutical business will approach its quality assurance
activity with a low-risk appetite because it recognizes the need for this activity
to be highly managed, but it may have a dissimilar risk appetite for risk in
its research and development (R&D) sector; creating a risk management
strategy. It is obvious that the formulation of the overall business strategy
would be influenced by a clearly defined risk appetite and risk environment
(Adil, 2008). According to the organization’s understanding of the risk
environment, all strategy documents submitted to the board for endorsement
should include a commentary on the key perils related to the organization’s
objectives and strategy and their acceptability in accordance with the agreed-
upon risk appetite; A properly created and formalized business plan should
outline how an organization will prioritize, concentrate, and distribute its
resources to take advantage of possibilities that have been recognized. A
number of supporting strategies, including HR and IT, will be developed
for the allocation of resources and investment to aid an organization in
achieving its business strategy. This does not change how risk management
investments and resources are allocated; additionally, a risk management
statement based on organizational goals and company strategy.
An investigation of the source of the risk, the problem, or the event that
gave rise to the risk is used to identify the risk. Common risk identification
techniques include taxonomy-based risk identification (Figure 1.4) or a
breakdown of potential risk sources, objectives-based, scenario-based
analysis, common-risk checking and risk assessments. After risks have been
identified, they must next be evaluated based on the likelihood that they will
occur multiplied by the likely extent of the loss; this roughly equates to the
risk level. These values may be easy to measure or almost impossible to
determine. Therefore, it is crucial to provide the most accurate assessment to
support the prioritization phase of the risk management plan. A key point is
that studies have shown that the frequency of risk assessments has a greater
impact on financial benefits of risk management than any formula.
本书版权归Arcler所有
6 Comprehensive Guide to Business Risk Management
Source: https://www.garp.org/hubfs/Website/Imported_Blog_Media/a2r-
5d000003oPzXAAU_Figure-1.jpg.
A risk prioritization (Figure 1.5) process should then be used, with risks
with the highest loss and highest probability of incidence being handled first
and risks with the lowest probability of occurrence and lowest loss being
handled later. In practice, it can be challenging to strike a balance between
risks with a high likelihood of incidence but lower loss and risks with a
high likelihood of occurrence but lower loss; a risk management framework
or system used to meet the aforementioned requirements and foster an
organizational risk management culture.
While the risk environment, risk appetite, and risk management plan
are essential components for organizations to successfully implement their
business strategies, they must be supported by an overarching framework
for risk management (Ullah et al., 2022).
Cannot find another Entire risk borne Medium (3) High (4)
oil company to by ExploriCo if
partner with failure
本书版权归Arcler所有
Introduction to Business Risk Management 7
Source: https://www.dummies.com/wp-content/uploads/389002.image0.jpg.
1.4. SUSTAINABILITY
Sustainability challenges (Figure 1.6) may have an economic bearing on
all of the major management choices that businesses make, from strategies
to investment choices (Child & Tsai, 2005). These selections may have an
impact on the economic levers, which in turn may have an impact on an
organization’s competitiveness and value drivers. Risk management and
sustainability management have an impact on operations and productions,
which is why they are connected to revenue and profits. Costs are rising as
resource demand skyrockets and resource base prices rise if supply cannot
keep up with demand, which has an inflationary impact on the entire supply
chain. When possible, expenses are reduced by not investing in fixed assets,
yet predictions call for ongoing cost rises. The idea that the government was
the best or primary institution for addressing significant social problems has
generally lost favor. As global welfare changes continue, it is anticipated that
this tendency will persist. Certain obstacles to this approach will be more
widely known. In the US, decisions have been made to replace private safety
inspectors with a federalized public screening agency staff in the post-9/11
era in the belief that government management in this area is superior (Van
本书版权归Arcler所有
8 Comprehensive Guide to Business Risk Management
Ryzin, 2014). Government has an indirect impact on the risk agenda, and the
number of informal government recommendations is rising. Government
authorities at all levels are urging businesses to provide the public with more
information on their methods and performance, both in terms of quantity
and quality.
Source: https://www.mdpi.com/sustainability/sustainability-12-03534/article_
deploy/html/images/sustainability-12-03534-g001.png.
Recently, the European Commission presented a plan for how it sees
corporate social responsibility (Figure 1.7) developing within the EU,
urging all businesses to follow the triple bottom line of economic, social,
and environmental responsibility; The European Commission is supporting
efforts to tighten vehicle emissions limits beyond those anticipated in current
proposals in response to calls from European Union (EU) governments and
lawmakers for stricter standards, which has significantly increased calls for
more product responsibilities and controls. The OECD is also in favor of
greater corporate responsibility because in the coming decades, corporate
本书版权归Arcler所有
Introduction to Business Risk Management 9
Source: https://www.thebci.org/static/uploaded/c731f52f-8be9-4ea8-
80751b50ed523a81.jpg.
本书版权归Arcler所有
10 Comprehensive Guide to Business Risk Management
Source: https://www2.deloitte.com/us/en/insights/industry/financial-servic-
es/climate-change-credit-risk-management/_jcr_content/root/responsiveg-
rid_380572564/advanced_image.coreimg.95.800.jpeg/1641881523401/
us164768-figure1.jpeg.
本书版权归Arcler所有
Introduction to Business Risk Management 11
Source: https://nap.nationalacademies.org/openbook/12784/xhtml/images/
p2001c3c6g206001.jpg.
Legal hazards can be used in a way that causes some uncertainty. It
can be used to describe the impact of the risk or its origin such as a shift
in the regulatory environment. Additionally, it could suggest a specific
course of action to manage a risk, such as getting legal counsel to make
sure a crucial contract satisfies a business’s strategic needs. Applying
a more uniform process for assessing legal risks may reveal that risks
have been overcontrolled perhaps as a result of an excessive weighting
of legal issues, as well as reveal which legal repercussions call for more
investment in control mechanisms. The SERM method discovered that if
risk management strategies are not consistent with the concepts and policies
used elsewhere in the organization, their effectiveness will be diminished.
For instance, if compensation plans for certain people or units favor short-
term financial performance, a risk-based methodology for pricing projects
with possible long-term obligations may not have much of an impact. It
should be highlighted that the main goal is risk management, not necessarily
risk reduction or elimination. It may be clear through a comprehensive study
of risks and how they are currently managed in a business whether hazards
are being overcontrolled. Disproportionate control implementation can have
negative effects, including the creation of extra expenses and a reduction in
the ability to seize opportunities. For instance, situations like competitive
本书版权归Arcler所有
12 Comprehensive Guide to Business Risk Management
bidding for new business may make this particularly clear. For instance, a
set of controls that are too stiff may prevent the organization from reacting
rapidly enough to support success.
1.5. METHODS
A systematic method to risk recording is necessary for a successful risk
management program so that risks may be managed and regularly tracked.
Risk management professionals have indicated that categorizing hazards
is beneficial so that protocols may be established to monitor and control
them. It is more crucial to have mechanisms in place to manage the risks
involved and to consistently assess them than it is to employ a particular
classification approach. At the appropriate organizational level, information
about individual risks should be compiled. Actions to address risks might be
prioritized using the overall risk ratings emissions (Figure 1.10) generated
by an evaluation matrix or other methods (Zeng, An, & Smith, 2007). But
keep in mind that stakeholder perception of a risk may be just as significant
as the grade determined by taking its impact and possibility into account.
For instance, the public’s image of an organization’s actions may be
particularly impacted by environmental difficulties, necessitating the need
for procedures that can be clearly demonstrated to handle environmental
hazards. As a result, there should be less tolerance for certain risks and a
larger priority placed on the appropriate controls.
Source: https://www.mckinsey.com/~/media/mckinsey/business%20functions/
risk/our%20insights/banking%20imperatives%20for%20managing%20cli-
mate%20risk/svgz-banking-climate-risk-ex1.svgz.
本书版权归Arcler所有
Introduction to Business Risk Management 13
本书版权归Arcler所有
14 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Introduction to Business Risk Management 15
Source: https://d3i71xaburhd42.cloudfront.net/2c63b34f9a92dbf9c88a645d1e
00bc50c2907fb/12-Figure5.1-1.png.
Although some of the process’s challenges are unquestionably better
suited to the larger transaction, others are as relevant regardless of its size.
For instance, the administration of the company will be reflected in late
or imprecise returns to the authorities. They might also point to money
problems, as in the case of late financial statements filed with corporate
registrations. The knowledge gathered throughout the due diligence process
can be a priceless asset in the target’s continued management after the
sale. Organizations should be aware that there are more people benefiting
from the risk management and due diligence processes as a result of the
constant demand from regulators, security exchanges, and stakeholders. It
is crucial to take the user of this information into account when the parties
are designing the methodology for legal risk management and due diligence
assignments because there may be overlaps in the functions. For instance,
there are often certain forms and formats in which data must be delivered
if it is to a government authority. Recasting the material numerous times
only to satisfy the regulator’s obsession with precision will be exceedingly
annoying and more expensive.
The idea is to have each due diligence team decide the level of exposure
based on what can or cannot be replied, keeping in mind how important
high-quality data is. Due diligence is often not completed because there
is insufficient information about the business operations. The deal can be
本书版权归Arcler所有
16 Comprehensive Guide to Business Risk Management
risky, much like in personal partnerships like marriage, because there can
never be a full examination into each party’s pasts in terms of their health,
emotions, and finances. All due diligence procedures must include a balance
as part of the risk-reward calculation. For instance, failing to authenticate a
£1,000 transaction in a £50 million trade could not be worth the thousands
it would cost to validate the transaction. The due diligence team’s skills
and experience are crucial in this situation. To be able to differentiate
between what is vital and what is not, they must first acquire the necessary
training and experience. Second, they must have the right equipment at their
disposal in order to carry out their duties. Information presentation is also
crucial. Accurate and timely information can satisfy shareholders, investors,
and stakeholders, but they are often less interested with the accuracy. In
actuality, most people would rather prefer simpler information to complex
information. They may be making judgments on the company’s adherence
to a certain regulation, but they are also interested in knowing the company’s
prospects for survival and growth. As stated, it is crucial to identify the risk
owner. For instance, it’s crucial to make sure that nobody in this procedure
forgets about the employees. All employees who earn remuneration from the
company, including clerks, middle managers, management, and associated
parties, like hearing about it. Additionally, the exercise in due diligence can
involve the creation of reports without transgressing privacy laws or other
legal requirements.
At the highest level of the organization, commitment to the program
must be paramount. The program won’t become fully implanted
throughout the organization in order to provide the anticipated results
without the personal involvement of the board members or similar body.
This is frequently represented in the delegation of responsibility for risk
management implementation to a specific officer or committee. It is crucial
that risks are assessed and tracked uniformly across the pertinent operations.
For this, there needs to be a precise framework for identifying and rating
risks as well as precise reporting and oversight processes. Additionally,
an internal program will be required to outline the strategy to be used as
well as the roles and responsibilities of individuals and groups within the
organization. It’s important that everyone in the organization is aware of
the main goals and components of the risk management strategy. Different
people’s duties and responsibilities should be transparently defined. The
implementation of a risk management program involves a major investment
in terms of management time and resource. Information concerning risks
should be communicated both upwards and downwards in order to bring
本书版权归Arcler所有
Introduction to Business Risk Management 17
1.6. FRAMEWORK
Contingent on the complexity of the systems involved and the type of
systems already in place, this could take months or years. It’s critical that the
risk management system be viewed as an ongoing program of improvement
and adjustment rather than a static framework. A strong procedure for
tracking development and re-evaluating priorities is also essential. To do
this, active input on risk issues is necessary. It has also been discovered
that implementing any risk management system, no matter how flawed or
insufficient, usually offers advantages over not implementing one at all.
Efficacy ought to increase with time as the organization gains experience.
Similar to this, an organization’s risk profile will alter as a result of both
internal and external variables, like regulatory changes or an increased threat
of terrorist attack, as well as changes to the type or scope of the business.
For any risk management system to be effective, it must be able to respond
to these changes. The organization’s culture must support the goal of open
and transparent risk management. Establishing a “no blame” culture that
encourages risk identification rather than penalizes it is useful in managing
professional or personal constraints that could otherwise tend to prevent
honest reporting. Compliance was formerly managed and measured as a
project rather than a process by organizations. This puts the organization at
great danger in the current business climate.
Compliance (Figure 1.12) must be monitored and validated continuously
due to the dynamic nature of business processes, workforces, partner
relationships, and IT systems. The requirement for a structured compliance
management program will arise when organizations face a growing number
of compliance duties. Organizations will look to tools that offer a central
repository of risk and compliance management services in order to control
expenses as well as to give a single interface into risk and compliance
management (“Strategic Outsourcing,” n.d.). This will include reporting on
metrics, assessments, and control documentation. It ought to be compatible
with other technologies that focus on particular compliance and risk domains
such data security, privacy, business partner relationships, and financial
systems.
本书版权归Arcler所有
18 Comprehensive Guide to Business Risk Management
Source: https://s7280.pcdn.co/wp-content/uploads/2020/07/GRC-break-down.
png..
Any risk management procedure’s goal is based on established company
objectives. The targets have to be prepared and be able to be expressed. If
the business targets are to be understood and attained, clarity and precision
are far preferable to hazy assumptions and broad generalizations. Clarity
is necessary for the risk management team to be able to recognize when
the company is veering off course, which is another crucial factor. If the
automobile is not in motion and the keys are in another person’s pocket,
falling asleep at the wheel poses no risk. However, dozing off is not advised
if the business is progressing. Finding justifications and explanations for
continuing is not the goal. Every procedure has exceptions, but the more
consistently consistent the principles that guide corporate operations, the
easier it is to spot the exceptions and assess whether they are warranted this
time or not. Integration is a significant topic and a crucial business concern.
It has consequences for risk culture and is crucial for continuing risk
management. It is obvious that in the deal, the momentum, the need to close,
and the short amount of time to evaluate the facts can lead to actions that
本书版权归Arcler所有
Introduction to Business Risk Management 19
本书版权归Arcler所有
20 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Introduction to Business Risk Management 21
Source: https://cafe24corp.com.ph/img/culture/img_curtureEnvironment_gal-
lery2.jpg.
Compared to most industrialized countries, Britain makes it simpler to
start a company organization. It depends on the firm whether it succeeds
or not, but bureaucracy rarely leads to failure. It can be surprisingly easy
to put the framework in place. We should first think about the kinds of
situations that could expose a trader to personal liability and jeopardize
their own assets. It almost goes without saying that the trader, whether
acting as a lone proprietor, a partner in a firm, or a corporate director,
may be held personally liable for damages sustained by third parties as a
result of dishonest or careless behavior in the course of his business. But
being sincere and responsible does not exclude the possibility of personal
culpability. It is common knowledge that even professional, experienced,
and cautious drivers occasionally exhibit poor judgment or have a brief loss
of focus. The results could be costly and fatal. Although a clean driving
record may persuade the magistrates to be lenient, it is unlikely to lessen
legal liability for physical harm, injury, and death brought on by driver
mistake. In business, it is the same. The restaurant owner whose suppliers
provide wholesome-looking but tainted food that is served to a customer, the
one-man financial advisor who unknowingly offers what proves to be bad
advice, and the international auditing practice who failed to uncover a fraud
concealed deep in the accounts could all be at risk.
本书版权归Arcler所有
22 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Introduction to Business Risk Management 23
Source: https://upload.wikimedia.org/wikipedia/commons/c/ce/Ken_Lay.jpg.
There are almost daily reports of illegal conduct that is disrupting both
private people and corporate citizens wherever they operate. For instance,
本书版权归Arcler所有
24 Comprehensive Guide to Business Risk Management
the UK was hit hard by crimes against businesses last year. So, if business
is to become truly organized in its battle against organized crime, more
and more businesses are discovering that establishing a more favorable
connection with governmental institutions, particularly the police, can offer
a healthy path ahead. In order to address these issues, business should in
fact be more creative and, to the greatest extent feasible, stay current with
advancements. Today’s economy can make running a business a challenging
task that necessitates a multidisciplinary approach to problems that were
previously irrelevant or handled by others. Additionally, people in charge
of non-profit organizations need to take into account the risks involved
because there have been instances of charities being used as fronts for
financial crime. However, the majority of the challenges are pertinent to
business in general. The results of the surveys and the above-mentioned
actions demonstrate that economic crime is an issue of growing concern
that affects not just the business community but also the general population
because of its detrimental repercussions. It’s important to dispel the myth
that economic crime has no victims because everyone is affected by its
harmful effects. The results are startling and highlight the need for increased
cooperation between government, business, and consumer organizations.
Additionally, as was already mentioned, economic crime has no bounds
and transcends all geographical and industry borders. It is crucial that the
topic of economic crime is highlighted in industry forums and that there is
closer cooperation between industry bodies and consumers in this age of
technological innovation in order to increase public awareness of the issue.
The trust that companies have in their employees is typically rewarded by
their diligence and commitment, but since employee disengagement by a
single staff member can have serious consequences, this must be prioritized.
For instance, both music and software piracy are serious issues.
Additionally, while teaching management and staff about preventative
techniques is essential, it must be done in tandem with strict and efficient
regulation. There is no doubt that the price of crime and the cost of crime
prevention is significant for business, especially given the global trend toward
increasing economic crime. Businesses experience the cost of crime both
directly and indirectly, for instance, in the form of stolen items and greater
security and insurance costs. All firms, regardless of size and location, must
prioritize increased risk management in order to become more organized
against organized economic crime. There is no question that all interested
parties need to work together more, and that this is a situation that has to be
watched closely and on which expert advice should be sought. In light of the
本书版权归Arcler所有
Introduction to Business Risk Management 25
本书版权归Arcler所有
26 Comprehensive Guide to Business Risk Management
monitor. With these dependencies, the amount of time that can pass without
causing harm is dangerously decreasing. Customers now expect a smooth,
seven days a week service, and there are entirely new hazards as a result of
e-commerce, internationalism, and other factors.
E-commerce (Figure 1.15) is one significant field where the benefits
of the first pioneer are utterly disproportionate to the others (Chen, Liu,
& Li, 2019). Here, fundamental entrepreneurial inclinations are fueled by
ever-more-powerful computers, together with telecommunication and data
mining technologies.
Source: https://www.thestatesman.com/wp-content/uploads/2020/10/iStock-
ecomm.jpg.
Therefore, the implication is that contingency planning is merely one of
the risk manager’s options. Risk spending and resources are choices, too,
if reliable, tried-and-true preparations can be made so that the organization
can navigate through an occurrence without suffering major damage. This
is especially true when dealing with low frequency, high impact exposures
本书版权归Arcler所有
Introduction to Business Risk Management 27
and when risk management prevents the organization from doing what it
does best. Finance directors love the fact that subsequent expenses accrued
after the incident are frequently covered by insurance. However, before we
go, it’s crucial to emphasize the need for trustworthy, tried-and-true plans.
The continuity manager, who is tasked with identifying risks and evaluating
them in light of their potential influence on safety as well as the urgency,
survival requirements, and obligations of the organization, is familiar with
all of this. The inclusion of contingency plans for kidnapping, extortion,
bomb threats, suspicion of large fraud, succession planning, media attacks,
product recalls, and other situations should also be made here, in addition
to business continuity plans. Of course, there are similarities between them,
but each person’s demands must be satisfied. Risk management may not
be able to completely eliminate risk since it is not cost-effective or just
not possible. When all practicable preventive measures have been taken,
continuity planning may be the only remaining option.
本书版权归Arcler所有
28 Comprehensive Guide to Business Risk Management
replacement of buildings and contents are not the most pressing issues. That
is the comparatively simple part. However, the large organizations of today
have incorporated new and risky sites of exposure into their processes, which,
if and when the risk incident occurs, could eliminate essential dependencies
on which the entire organization depends. In other words, the likelihood of
a quick demise or expulsion from their market has increased, not decreased.
When evaluating an organization, the risk manager should take into account
the expectations of its stakeholders and determine whether the failure to
achieve any of them could result in a single point of potential catastrophic
failure.
As a result, not only have the risks themselves changed, but so has the
likelihood that these new hazards would harm the organization. Furthermore,
the level of damage that may result from old, maybe insurable risks may
be incomparable to anything we could have predicted in the past. Older
business models had the organization’s locations scattered throughout the
host nation so they could be close to their clients. Nowadays, the product
delivery often comes from one or two important technology factories that,
if inoperable, may bring the entire organization to a halt. Additionally,
these factories themselves rely on postage-stamp-sized information and
communication technology (Schweer & Sahl, 2017). As a result, a small
team’s or an individual’s skills may be what an international company
counts on for its whole delivery. The true issue is not the hardware’s loss,
but rather how it is used, the data it contains, and the effects its introduction
has had on the larger production process. It has taken the place of a sizable
number of trained employees who are now simply non-existent. It provides
the fundamental data about the product and the client. It makes the audit
criteria and audit trail credible. It allows other authorized people access and
has the company principles incorporated within its software. Both internally
and publicly, it communicates. Both sensitive information and useful
management data are secured.
The first thing to emphasize is the significance of adequate liability
coverage, both in terms of the scope of coverage and the adequateness of the
limit of indemnity. Liability awards may be many times the organization’s
net asset worth in some cases. In other words, a successful claim coupled
with a breach in insurance coverage could undermine the company’s
very financial soundness and force its liquidation. The inadequacy of the
limit of indemnity may not be the main cause of such insurance failure.
Exclusion clauses will be present in policies. Claims filed in American
or Canadian courts may be excluded as one exclusion, and any goods or
本书版权归Arcler所有
Introduction to Business Risk Management 29
本书版权归Arcler所有
本书版权归Arcler所有
CHAPTER 2
FUNDAMENTALS OF RISK
MANAGEMENT
CONTENTS
2.1. Introduction ...................................................................................... 32
2.2. Risk .................................................................................................. 33
2.3. Hazards ............................................................................................ 34
2.4. Risk Matrix ....................................................................................... 37
2.5. Risk Management ............................................................................. 39
2.6. Attitude and Risk .............................................................................. 43
2.7. Compliance ...................................................................................... 45
2.8. Enterprise Risk Management ............................................................. 48
2.9. Risk Criteria ...................................................................................... 53
2.10. ERM................................................................................................ 56
2.11. Operations...................................................................................... 59
本书版权归Arcler所有
32 Comprehensive Guide to Business Risk Management
2.1. INTRODUCTION
In order to clearly oversee and govern the risks that are thought to be material
to its business and to continuously monitor its operational environment for
new hazards. The strategy aims to make sure that a defined risk appetite is
established that strikes a balance between opportunities and risks to help the
organization accomplish its strategic goals (Bojanić, Nerandžić, Stevanov,
& Gračanin, 2022). The board is in charge of developing the group’s risk
appetite, defining the risk framework, and making sure that risk controls are
included into management’s operational strategy. The audit committee is in
charge of evaluating the efficacy of the existing risk management systems
and conducting an impartial examination of the risk mitigation strategies
created for significant risks. The purpose of the monthly meetings of the risk
committee is to perform a thorough evaluation of the risk register and make
sure that management is doing an effective job of identifying and managing
risks when they come up (Figure 2.1).
Source: https://46ev833n9u2l3zs8zp44sst3tpr-wpengine.netdna-ssl.com/wp-
content/uploads/2019/03/1.-Figure-Risk-Management-Flow-Simple.png.
本书版权归Arcler所有
Fundamentals of Risk Management 33
To ensure that risks are detected promptly and that appropriate action plans
are put in place, the committee holds working sessions with departmental
and divisional management. In order to guarantee that risk registers are
complete, this strategy makes sure that risk is identified both top-down and
bottom-up from the various management levels of the business. The risk
committee is assisted by group internal audit, which carries out independent
evaluations of the business’s risks and its progress in implementing the
mitigating action plans set forth for any pertinent risks (Bozkus & Caliyurt,
2018). The status of these reviews is communicated to the risk committee
on a monthly basis.
An event must happen for a danger to manifest. So perhaps the simplest
definition of a risk is an unplanned event with unforeseen repercussions.
If the focus is on occurrences, the risk management approach is likely to
become more transparent. Think about what may interfere with a theatrical
performance, for instance. Power outages, the absence of a key actor,
considerable transportation problems or road closures that delay audience
arrival, as well as a sizable staff illness are some of the occurrences that
could create interruption. The management must decide what to do after
identifying the potential performance-disturbing incidents to lessen the
likelihood that one of them would result in the cancellation of a performance.
This examination by the administration is an illustration of risk management
in action.
2.2. RISK
Risk can result in either positive or negative outcomes, or it can only
create uncertainty. As a result, risks may be thought of as being connected
to a chance, a loss, or the existence of uncertainty for a business. Every
danger has unique characteristics that call for specialized management or
investigation. Risks are categorized into four groups: hazard (or pure) risks,
control (or uncertainty) risks, hazard (or speculative) risks, and compliance
(or required) risks. Organizations will generally aim to reduce compliance
risks, mitigate hazard risks, manage control risks, and accept opportunity
risks. It’s crucial to remember that there is no correct or wrong way to divide
up risks. Perhaps more frequently, risks are divided into two categories:
pure risks and speculative risks. Indeed, there are numerous arguments over
terminology used in risk management. Regardless of theoretical debates,
it is crucial that an organization choose the risk classification system that
is best appropriate for its particular set of circumstances. There are certain
本书版权归Arcler所有
34 Comprehensive Guide to Business Risk Management
dangerous situations that can only end badly. These risks, which can be
categorized as operational or insurable risks, are hazard risks or pure risks.
Organizations will typically have a tolerance for hazard risks, and these
risks need to be controlled within the organizationally acceptable limits
(Black & Baldwin, 2010). Theft is an excellent illustration of a hazard issue
that many firms deal with. There are various dangers that cause uncertainty
regarding how a scenario will turn out. These are typically related to project
management and are referred to as control hazards. Organizations generally
dislike taking risks under control. Uncertainties can be linked to the project’s
advantages as well as the completion of the project on schedule, within budget
specifications. To make sure that the results of the business activities fit
within the desired range, the management of control risks will frequently be
implemented. The aim is to lessen the discrepancy between expected results
and actual results. In order to generate a profit, companies also consciously
assume risks, particularly those related to the market or the economy. These
risks can be categorized as speculative or opportunity risks, and a company
will have a particular appetite for taking such risks. Opportunity risks have
to do with how risk and return are related (Lenz, 2016). The goal is to take
risky action in order to acquire benefits. Opportunity risks will be geared
toward investing.
2.3. HAZARDS
Hazard risks (Figure 2.2) are connected to a source of possible harm or a
circumstance that has the potential to adversely affect objectives, and hazard
risk management is focused on minimizing the potential impact (Yeung &
Morris, 2001). The most frequent hazards connected to operational risk
management (ORM), including programs for workplace health and safety,
are hazard risks. Unknown and unforeseen events are linked to control risks.
They are occasionally referred to as uncertainty risks, and it can be quite
challenging to quantify them. The use of strategies and project management
are frequently linked to risk control. In certain situations, it is obvious that
certain things will happen, but it is difficult to anticipate and regulate exactly
what those things will lead to. As a result, the strategy is built on controlling
the ambiguity around these events’ potential effects and consequences.
Opportunity hazards can be divided into two categories. While there are
risks and dangers involved in taking advantage of an opportunity, there are
also risks involved in passing it up.
本书版权归Arcler所有
Fundamentals of Risk Management 35
Source: https://www.securingpeople.com/wp-content/uploads/2019/09/BPS_
Enterprise_Risk_Chart.jpg.
Opportunity risks (Figure 2.3) are sometimes of a financial nature and
may not be obvious or readily evident. Even while opportunity risks are
taken with the hope of getting a good result, there is no guarantee of this.
Nevertheless, the main strategy is to seize the chance and any accompanying
dangers. Small firms face opportunity risks from moving to a new location,
buying new land, expanding, and diversifying into new goods (Luo & Tung,
2007). The usage of computers as an example aids in clarifying the differences
between compliance, hazard, control, and opportunity risks. The hazards
of compliance come from operating a computer system while adhering to
specific legal standards, particularly those pertaining to data protection.
An organization that experiences a viral attack on its software programs
will not gain from it. Control risks are related to the upgrade project when
a business installs or upgrades a software product. The decision to install
new software is also an opportunity risk because the goal is to improve
results; nevertheless, it is possible that the new software may not provide
all of the capabilities for which it was designed and that the opportunity
benefits will not materialize. In reality, the organization’s operations could
be seriously harmed if the new software system’s functionality fails. It is
本书版权归Arcler所有
36 Comprehensive Guide to Business Risk Management
crucial to comprehend the full extent of each and every risk that has been
noted. Before any steps are made to alter the likelihood or severity of the
danger, this is the degree of risk. Although there are benefits to knowing
the level of risk that is inherent, some dangers make it difficult to do so
in practice. The relevance of the implemented control measures can be
determined by defining the inherent level of risk. The IIA has historically
held the position that determining the risks inherent level should be the first
step in the assessment of all risks. According to prior IIA guidelines, “we
look at the inherent hazards in the risk assessment before evaluating any
controls.” The goal of any risk assessment remains the same, despite the
heated argument over whether to conduct it at the inherent or current level.
Its purpose is to determine what is thought to be the current level of risk and
to list the major safeguards in place to make sure that it is really maintained.
A risk matrix is frequently used to display the underlying risk level in terms
of likelihood and size (Anthony (Tony), 2008). Once the control or controls
have been implemented, the risk’s residual or current level can then be
determined. The risk matrix may clearly show the work needed to minimize
the risk from its inherent level to its current level.
Source: https://www.journalofaccountancy.com/content/dam/jofa/archive/is-
sues/2008/06/creating-growth-exhibit1.gif.
本书版权归Arcler所有
Fundamentals of Risk Management 37
本书版权归Arcler所有
38 Comprehensive Guide to Business Risk Management
Source: https://www.business2community.com/wp-content/uploads/2019/08/
Risk-Matrix.jpg.
本书版权归Arcler所有
Fundamentals of Risk Management 39
Source: https://slideplayer.com/4893322/16/images/slide_1.jpg.
Adequate security protocols, the separation of financial responsibilities,
authorization, and delegation procedures, as well as the pre-employment
screening of workers, are all significant prevention methods for theft and
fraud. It is worthwhile to consider language since, should an occurrence
occur, this is crucial in connection to hazards and dangers. If a danger of
hazard materializes, it might have a very significant impact. The organization
will be affected by this major event in terms of potential financial losses,
本书版权归Arcler所有
40 Comprehensive Guide to Business Risk Management
Source: https://ddi-dev.com/uploads/swot.png.
Risks must be considered in the context in which they first surfaced.
When a board has decided that an opportunity should not be passed up, it
may look that an organization is taking excessive risks. The opportunity’s
本书版权归Arcler所有
Fundamentals of Risk Management 41
significant risk component, however, might not have been completely taken
into account. Making sure that strategic decisions that seem high risk are
actually made with all of the information available is one of the primary
contributions of effective risk management. One of the main advantages
of risk management is an increase in the robustness of decision-making
processes. The organization’s risk appetite and attitude toward risk are
closely linked but not the same concepts (Aquino & Douglas, 2003). Risk
appetite and risk attitude both reflect how a company views risk over
the long term and the short term, respectively. This is comparable to the
distinction between a person’s current hunger for food and their long-term
or established attitude toward the food they eat. The maturity cycle stage is
another important aspect that will impact the organization’s attitude toward
risk. A more proactive approach toward risk is needed for a start-up company
than it is for one that is growing or one that is an established company in a
well-established industry. In mature markets where a business is in decline,
there will be a considerably more risk-averse attitude toward risk. It is
frequently argued that certain high-profile business people are very good at
entrepreneurial start-up but are not as successful in managing established
firms since the attitude toward risk must alter whether a company is a start-
up operation rather than a mature organization.
Overall, the UK government’s challenge is to maintain the UK economy’s
prosperity based on a Brexit plan (Figure 2.7) and other measures that will
maintain the UK’s resilience (Billing, McCann, Ortega-Argilés, & Sevinc,
2021). Risk is sometimes referred to as result uncertainty. This term, while
a little technical, is nonetheless helpful and is especially relevant to the
management of control risks. The most challenging risks to recognize and
quantify are control risks, which are frequently connected to projects. A
project’s overarching goal is to provide the required results on schedule,
within budget, and in accordance with the project’s specifications for quality
or performance. More details on the nature of the conditions will become
available as the construction work progresses. Alternatively, it might
be found that the earth is contaminated, weaker than anticipated, or that
there are other potentially harmful circumstances, including the discovery
of ancient remains. Given this uncertainty, these risks ought to be viewed
as control risks, and the project’s overall management ought to take the
uncertainty of these various risk types into account. The project manager
shouldn’t expect that only negative features of the ground conditions would
be found. The project manager should also avoid assuming that things will go
more smoothly than anticipated just because they want to. Because control
本书版权归Arcler所有
42 Comprehensive Guide to Business Risk Management
Source: https://www.onepager.com/community/blog/wp-content/up-
loads/2016/06/Brexit.png.
Analysis of an organization’s risk exposure (Figure 2.8) can be done
very effectively by categorizing risks according to their long, medium, and
short-term impacts. These risks will be connected to the organization’s
strategy, tactics, and operations, in that order. Risks might be viewed in
this sense as being connected to things like occurrences, changes in the
environment, actions, or choices. Strategic choices therefore have an impact
on long-term risks. When the decision is made to introduce a new product,
it may take some time before the outcome of that choice becomes clear. The
impact of medium-term risks often manifests a year or so after the event
or decision, depending on the circumstances. Medium-term hazards are
frequently connected to specific projects or work programs. For instance,
choosing a computer system is a long-term or strategic choice if new
computer software needs to be installed. The endeavor to implement the
new software, however, will include medium-term decisions with medium-
term risks. Short-term dangers start to affect you as soon as the incident
本书版权归Arcler所有
Fundamentals of Risk Management 43
Source: https://pm-training.net/wp-content/uploads/2021/11/Organizational-
Risk-Exposure-Types.png.
本书版权归Arcler所有
44 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Fundamentals of Risk Management 45
2.7. COMPLIANCE
The extensive range of compliance criteria that enterprises must meet will
be known to all of them (Gunningham, Thornton, & Kagan, 2005). These
regulatory standards differ greatly amongst company sectors, and many are
heavily regulated with a specific regulator for the sector or industry. For
instance, most nations throughout the world set strict regulatory restrictions
on businesses engaged in the gambling or gaming industries. The regulator
may revoke the license to operate if the required regulatory conditions are
not met. This drastic response by a regulator could lead to the organization’s
eventual departure. All businesses that deal with money are obligated to
implement policies to lessen the likelihood of money-laundering operations
being carried out. Banks and other businesses that deal with large sums of
cash must implement anti-money-laundering procedures, and frequently, a
top executive who is solely focused on this issue. Compliance issues are
important and can be difficult in the insurance sector (Baker & Griffith,
2007). Compliance problems pose special challenges when an insurance
policy is issued in one nation to safeguard assets or pay liabilities in another
nation. If an unapproved form of insurance or illegal insurance policies have
been issued, failure to comply with all requirements may result in insurance
claims not being paid or, in the worst-case scenario, being illegal in a certain
country.
There are still many regulatory standards that must be met by
organizations even if there aren’t specific regulators for that area of the
economy or industry. Most nations across the world, in particular, have
health and safety regulations that impose duties on organizations to protect
本书版权归Arcler所有
46 Comprehensive Guide to Business Risk Management
the welfare and health of workers and other people who may be impacted by
their job activities. These safety criteria typically cover not only locations
within the organization’s direct control, but also the health and safety of
employees working abroad. Organizations with cars will also be subject to
certain road safety requirements, particularly if they transport persons or
hazardous materials (Sheffi, 2001). Risk management has several different
historical roots and is used by many different types of professions. One
of the earliest innovations in risk management came from the handling
of insurance in the United States. Because insurance in the 1950s was so
expensive and had such a narrow scope of coverage, risk management
became more common and better coordinated (Dionne, 2013). Companies
understood that buying insurance alone was not enough to ensure the safety
of both persons and property. As a result, insurance buyers started to worry
about the level of property protection, health, and safety regulations, product
liability problems, and other risk management difficulties.
In Europe throughout the 1970s, a combined approach to risk finance and
risk control emerged, and the notion of total cost of risk gained significance
(Allen & Santomero, 2001). As this strategy gained traction, it also became
clear that corporations faced several risks that could not be insured. There
have been institutionalized disciplines of risk management for at least 100
years. Its early roots can be found in the specialized field of insurance,
which has a long and illustrious history. The demand for risk control
criteria grew as insurance got more regulated and structured, particularly
in regard to the insuring of cargo being moved by ships throughout the
globe. Education programs to support the growth of risk management as
a profession emerged as risk management grew more established. At this
time, risk management laws related to corporate governance started to
emerge, and different regulators received more power in regards to certain
risks as well as in regards to certain business sectors. During the 1980s,
the development of risk management credentials became more formally
structured (Knechel, 2007). Risk management standards have emerged as a
result of increased risk management knowledge and expertise, as well as a
more organized regulatory approach. Particular risk management strategies
have also developed in certain sectors, such the banking sector, in addition to
the generic risk management guidelines applicable to all industries. A higher
level of risk management maturity is expected of financial organizations, as
evidenced by the establishment of regulated capital requirements for banks
and insurance companies.
本书版权归Arcler所有
Fundamentals of Risk Management 47
本书版权归Arcler所有
48 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Fundamentals of Risk Management 49
Source: https://www.nexigroup.com/content/dam/corp/img/sustainability/en-
terprise-risk-management/roles-and-responsibilities/ERM-process_notext.png.
The most crucial choices a company must make are strategic ones. Better
information is delivered through risk management, allowing for the more
confident execution of strategic decisions. An organization must be able
to achieve the desired goals with the plan it chooses. There are numerous
instances of corporations that chose the wrong strategy or failed to implement
the chosen strategy effectively. Numerous of these businesses experienced
corporate failure. When technological advancements or shifts in consumer
expectations occur, as is frequently the case with grocery shops, strategic
decisions are frequently the most challenging. The goal of strategy should be
to seize chances. For instance, a sports club might recognize the opportunity
to increase product sales to its current clientele. Some organizations will set
up a travel agency and offer related travel insurance to their supporters who
travel abroad. Additionally, a club credit card could be established and run
by a fresh financial division (Zumello, 2011).
本书版权归Arcler所有
50 Comprehensive Guide to Business Risk Management
Any hazard event’s outcome will be less detrimental with the help of
hazard management. Insurance (Figure 2.10) serves as a technique for
limiting the financial cost of losses when a risk materializes in the context of
hazard management. Techniques for risk management and loss management
will cut down on anticipated losses and guarantee that overall costs are kept
in check. The organization’s risk tolerance will inevitably decrease as a
result of the combination of insurance and risk control/loss management
lowering the actual cost of hazard losses. The organization’s risk capacity
will then be more readily available for opportunity investment. The variety
of potential outcomes from any event is reduced via control management.
Internal auditors’ well-established methods of internal financial control
serve as the foundation for control management. The major goal is to lessen
losses brought on by ineffective control management while also narrowing
the range of potential outcomes. This is the contribution internal control
should make to an organization’s overall risk management strategy. The goal
of opportunity management is to increase the likelihood and importance of
favorable outcomes. The company should consider opportunities to boost
sales of the good or service as part of its opportunity management strategy
(Figure 2.11).
Source: https://www.researchgate.net/publication/268259388/figure/fig3/AS:6
69396536131584@1536607979033/The-major-players-in-insurance-business.
png.
本书版权归Arcler所有
Fundamentals of Risk Management 51
Source: http://wiki.doing-projects.org/images/f/f1/Pyramid.png.
Opportunity management should make it easier to give better value
for money in not-for-profit organizations. The most crucial thing to stress
is how critical it is to have top management’s backing and, preferably, a
board member’s sponsorship. A plan for implementation is also required to
address the doubts of the workforce and other stakeholders. Although risk
management is essential to an organization’s performance, many managers
might need to be convinced that the advised implementation strategy is
the best one. It’s vital to remember that not all actions and responsibilities
conducted by managers should be attributed to risk management by the risk
manager. Even while risks are inherent in all choices, processes, procedures,
and activities, not all actions inside the business will be guided by risk
management (Lavastre, Gunasekaran, & Spalanzani, 2012).
There are numerous risk management frameworks (Figure 2.12) and
standards that have been developed by numerous businesses. It is widely
accepted that a standard is a written document that provides information
on both the risk management framework and process. It is mentioned in
many risk management standards that risk management activities should be
carried out in the context of the organization, the business environment, and
the risks that the organization faces. A framework is needed to implement
and assist the risk management process in order to explain and define the
context. The risk management context should be taken into account when
本书版权归Arcler所有
52 Comprehensive Guide to Business Risk Management
Source: https://upload.wikimedia.org/wikipedia/commons/thumb/4/47/Risk_
Management_Framework.svg/779px-Risk_Management_Framework.svg.png.
本书版权归Arcler所有
Fundamentals of Risk Management 53
Source: https://www.researchgate.net/profile/Barbara-Adams-3/publica-
tion/235184165/figure/fig4/AS:393539851702279@1470838620383/Exam-
ples-of-the-drivers-of-key-risks-AIRMIC-ALARM-IRM-2002-p-3_W640.jpg.
本书版权归Arcler所有
54 Comprehensive Guide to Business Risk Management
risk and risk management. A good risk management strategy is built around
an effective and dynamic risk register. The risk register, however, runs the
risk of turning into a static record of the current state of risk management
operations. This has the practical repercussions that senior management may
believe their risk management responsibilities have been satisfied by attend-
ing a risk assessment session and creating a risk register, and no further
measures are necessary. It is preferable to think of the risk register as a risk
action plan that offers a record of the key controls that are already in place as
well as the specifics of any additional controls that need to be implemented,
as well as the state of the organization with regard to risk management. It
shall be made clear who is responsible for carrying out the suggested steps
when creating such a risk action plan.
Source: https://international.gc.ca/world-monde/assets/images/funding-fi-
nancement/criteria-en.gif.
The organization’s intranet may host the data contained in the risk
register, which will aid in communicating and understanding risks. In
some businesses, the risk register is designated as a restricted record that
internal audit can utilize as one of the primary sources of reference while
conducting an audit of risk management practices. Even in the event that
this is not the case, the data included in the risk register should be extremely
本书版权归Arcler所有
Fundamentals of Risk Management 55
本书版权归Arcler所有
56 Comprehensive Guide to Business Risk Management
2.10. ERM
Consider a sports club as an illustration of the ERM strategy, where the main
objective is to increase game attendance. This process contains a number of
steps, including marketing, promotion, the distribution, and sale of tickets,
as well as logistical planning to make sure that fans have the best possible
experience during the game. Making sure there are sufficient parking and
transportation options, together with acceptable catering and other welfare
preparations in the stadium, will help maximize attendance at sporting
events. The treasury function and the specialized knowledge of hedging
against the price of a barrel of oil are frequently used in energy sector
ERM. Several energy companies have built quite sizable departments in this
field of financial risk management. However, the management of treasury
risks continues to be intimately linked to the practice of ERM in energy
businesses. The regulatory environment is one of the factors influencing
risk management in the finance industry. Banks have been subject to Basel
II for a while, and they are getting ready to adopt Basel III standards by that
year. The Solvency II Directive will soon impose comparable restrictions
on the European insurance industry (Gatzert & Wesker, 2012). Financial
institutions are obligated as a result to assess their operational risk exposure.
The ability to estimate the capital that needs to be held in reserve to meet the
effects of the identified risks materializing is the result of ORM efforts in
financial institutions. These ORM operations have the effect of improving
risk identification and management, which lowers the capital needed to
cover the repercussions of the risks materializing. The ERM technique can
be considered as having a specific use in ORM inside financial firms.
本书版权归Arcler所有
Fundamentals of Risk Management 57
本书版权归Arcler所有
58 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Fundamentals of Risk Management 59
2.11. OPERATIONS
Instead of approaching risk management operations as a separate manage-
ment function requiring a separate set of management information, firms
must integrate risk activities across the board. Perhaps this is one of the
main drawbacks of the risk register’s widespread adoption in many orga-
nizations. The risk register represents a snapshot of the organization’s risk
management operations, but there is a risk that it is not continuously exam-
ined. The risk register is frequently a static record that offers little resistance
to organizational management. Perhaps the era of the risk register is over,
and businesses should instead integrate risk assessment, risk recording, and
risk action plans into the management data that is utilized to run their opera-
tions on a daily basis. In conclusion, maintaining risk management opera-
tions that are appropriate, aligned, comprehensive, entrenched, and dynamic
is a challenge for risk managers and risk management. However, as boards,
executive management, managers, and staff become more aware with the
theory and practice of risk management, the difficulties of achieving this are
growing. Management reforms frequently come and go. A particular strat-
egy temporarily gains popularity before going out of style. Since risk man-
agement practices are already required in many industries, it is unlikely that
this would ever happen to risk management. The global financial crisis has
also prompted a thorough review of the advantages that risk management
can provide and how these advantages can be realized.
本书版权归Arcler所有
本书版权归Arcler所有
CHAPTER 3
INTEGRATED RISK MANAGEMENT
CONTENTS
3.1. Introduction ...................................................................................... 62
3.2. Techniques ........................................................................................ 63
3.3. Operational Risk ............................................................................... 64
3.4. Foreign Exchange.............................................................................. 65
3.5. Analysis ............................................................................................ 67
3.6. Classification .................................................................................... 68
3.7. Risk Elements.................................................................................... 68
3.8. Structure ........................................................................................... 70
3.9. Information ....................................................................................... 74
3.10. Problems ........................................................................................ 81
3.11. Cash Flow....................................................................................... 84
本书版权归Arcler所有
62 Comprehensive Guide to Business Risk Management
3.1. INTRODUCTION
Risk has intensified as a result of the quickening company pace. The
way businesses engage has undergone significant changes as a result of
new technologies and commercial strategies (Miller, 1992). While using
information technology more frequently has increased productivity, it has
also added new sources of complexity and uncertainty. Value chains are
more streamlined and reliant on the meticulously planned coordination of a
vast network of supply chain partners. Shorter product life cycles and quick
product uselessness are commonplace in many sectors. Because business
operations have gotten more automated, minor issues can quickly get out
of hand without adequate monitoring and management. In addition to
increasing a company’s reliance on outside parties, increased outsourcing
has also made it more challenging to identify risk events and take appropriate
action. The implications of ineffective risk management have also gotten
worse. Because of how intertwined today’s value chains are, even a minor
error made by one party might affect several other trading partners (Miller,
1992) (Figure 3.1).
Source: https://www.researchgate.net/profile/Bijan-Khazai/publica-
tion/291312102/figure/fig2/AS:614348313604096@1523483460033/Compo-
nents-of-the-framework-for-integrated-risk-management-Cardona-2010-Car-
reno-et-al_W640.jpg.
本书版权归Arcler所有
Integrated Risk Management 63
3.2. TECHNIQUES
A technique for managing risks comprehensively and tightly binding risk
management to a company’s financial and economic goals is enterprise
risk management. It starts by establishing the firm’s appetite for risk on a
strategic level. Using a uniform framework for measurement, monitoring,
and control, risk issues influencing the company are addressed. Across
business divisions, functions, and risk sources, risk is managed in an
integrated manner. Programs for corporate risk management are becoming
more popular among executives. Market risk, credit risk, operational risk,
and business risk are just a few of the hazards that businesses must deal with.
Market risk is the degree of uncertainty brought on by shifts in the value
of financial or nonfinancial assets (Linsmeier, Thornton, Venkatachalam,
& Welker, 2002). Changes in foreign exchange rates, for instance, can
significantly affect both the income statement and the balance sheet when a
company operates in different nations. Changes in interest rates can have an
impact on a company’s interest costs, loan portfolio value, and market value
of its debt.
Price fluctuations (Figure 3.2) for commodities like steel and copper
can have an impact on the price of things sold, while price variations for
commodities like heating oil and electricity can have an impact on the cost
of maintaining factories and office buildings. The possibility that parties to
whom a company has granted credit may not meet their obligations is known
as credit risk. Customer defaults or missed payments from customers can
have different effects on a business. These can range from short-term changes
in liquidity to downgrades in ratings or even bankruptcy. Although it might
seem that financial services companies should be primarily concerned with
credit risk, this is not the case. A strong credit concentration in a high-risk
customer group can occasionally have serious financial ramifications, even
本书版权归Arcler所有
64 Comprehensive Guide to Business Risk Management
Source: https://www.new.treasury-management.com/wp-content/up-
loads/2020/09/TMI187-P19-24-Validus-1no.jpg.
本书版权归Arcler所有
Integrated Risk Management 65
risk mitigation efforts can just create new hazards or move the risk to areas of
the company that are less obvious. Additionally, failing to take into account
risk interactions might lead businesses to drastically overestimate their
risk exposures. For instance, the sharp reduction in capital expenditures by
telecom companies a few years ago created risk for producers of telecom
equipment on a number of fronts. As demand for their products became
increasingly unpredictable, manufacturers faced significant business risk.
They were exposed to higher credit risk. High-flying consumers were given
loans whose credit quality quickly declined since many of them were on the
verge of default (Taskinsoy, 2013). As stock valuations for recent strategic
purchases plummeted, triggering multibillion-dollar write-offs, they also
faced heightened market risk.
本书版权归Arcler所有
66 Comprehensive Guide to Business Risk Management
are greater options for supplier diversification due to the increased use of
auctions and spot markets. Additionally, it increases price transparency for
a variety of goods and services (Hanna, Lemon, & Smith, 2019). Firms
will find it simpler to quantify a wide range of risk factors as a result. The
development of new risk management products will also be influenced by it.
Source: https://d3i71xaburhd42.cloudfront.net/aa4b14b52817bef28e758e9ade
5879c5b1344a62/14-Figure1-1.png.
Access to corporate information is now easier, which is the second
important shift. Businesses now have unparalleled access to fairly standardized
information because of the widespread deployment of enterprise-level
software packages to assist corporate operations like enterprise resource
planning (ERP) and supply chain management. Both within the company
and amongst partners in the value chain, these systems are becoming more
tightly connected. Businesses will be in a position where they can see their
supply chains from beginning to end, from the early stages of product design
through after-market service. They will be able to notice risk occurrences
earlier and respond more skillfully as a result. The implementation of new
business procedures and organizational controls may be necessary to address
本书版权归Arcler所有
Integrated Risk Management 67
other risk categories. For this, a company needs to assess the level of risk
that may be accepted and then modify its business strategies or financial risk
management programs accordingly. This procedure might involve shifting
some or all of the risk to a third party, either through the use of financial
derivatives or insurance, in order to reduce the exposure to risk. It could also
entail passing up on specific business possibilities, quitting certain product
or customer groups, or selling some business units in situations when
derivatives and insurance are either unavailable or too expensive.
3.5. ANALYSIS
Historical analysis has the disadvantage that important risk events are
frequently rare, which is a downside (Bucheli & Salvaj, 2018). By integrating
in the analysis events affecting other organizations with comparable business
characteristics, this challenge can be at least partially overcome. Another
issue with historical analysis is that, by its very nature, it can only pinpoint
risk variables that have already led to problems. This raises the likelihood
that significant risk factors, particularly those connected to shifting
technological, commercial, or industry dynamics, would go unnoticed.
Risks can also be discovered through process mapping. This method starts
by developing a business process map, a graphic representation of business
workflows for various company tasks that resembles a flowchart. Process
maps are thorough because they give a complete picture of the business
or value chain processes that are being examined. Each step on the map
describes a specific business process, offering information about its goal,
method of execution, personnel involved, and potential pitfalls. Following
completion, the process map is examined for control openings, potential
weak points, and vulnerabilities. Risks that might develop during meetings
between departments or organizations are given particular consideration.
The analysis looks for missing control procedures that are not depicted
on the process map, such as a missing approval process. Additionally, it
searches for steps where poorly defined tasks or responsibilities could result
in mistakes in processing or a loss of control. Process mapping is especially
helpful for locating risks related to subpar execution. Process mapping, as
opposed to historical research, can spot risks with a significant potential
impact before a loss really occurs. Clarifying the expected effects of a
prospective risk exposure on the organization as a whole can also be helpful.
本书版权归Arcler所有
68 Comprehensive Guide to Business Risk Management
3.6. CLASSIFICATION
For recognizing particular classifications of risk, certain risk identification
techniques work well. Finding operational risks and prospective risks
related to value chain interactions can be done through process mapping
and historical analysis. On the other hand, market risk is virtually typically
examined using historical analysis. Although it might be challenging
to apply for threats to intangibles like reputation, historical analysis is
frequently the method of choice for evaluating the frequency and magnitude
of risk events. The best method for identifying a variety of value chain risks,
such as quality, quantity, and price risk, is historical analysis. And finally,
scenario analysis is a flexible method for locating significant risks at the
corporate level. There are several value chains hazards that merit in-depth
discussion. When a company develops and produces new products, buys
goods, and services from its suppliers, or sells goods and services to its
clients, it is exposed to risk. Price risk, for instance, results from uncertainty
regarding both the prices that a company will ultimately realize for its
products in the market as well as the cost of goods and services required for
production. Quantity risk, or the chance that the intended quantity of a good
or service may not be offered for purchase or sale, is a related risk. Quantity
risk can occasionally be very serious, as is the case when there is a supply
disruption. In other circumstances, it is just the outcome of typical supply
unpredictability. Inventories of raw materials and component parts, products
in the manufacturing pipeline, and inventory retained to satisfy expected
consumer demand all present quantity risk to businesses (Christopher &
Peck, 1997). The danger connected to having too much or too little inventory
is sometimes referred to as inventory risk. A company that has too much
inventory may be vulnerable to product or pricing changes that lower the
value of its inventory. Contrarily, a company may be unable to satisfy client
demand if there is a scarcity of inventory.
本书版权归Arcler所有
Integrated Risk Management 69
本书版权归Arcler所有
70 Comprehensive Guide to Business Risk Management
3.8. STRUCTURE
Ensuring that a company’s organizational structure is suitable for the risks
it faces is one of the first stages in building an efficient risk management
program (Zaridis & Mousiolis, 2014). This entails a number of actions, such
as identifying the company’s risk objectives, outlining the senior management
position, setting up efficient monitoring methods, and developing a set of
suitable internal controls. In order to develop a successful risk management
program, senior managers are crucial. They are in charge of outlining the
risks the company is willing to accept and its tolerance for risk. They ensure
that the company has the resources and expertise it needs to support its risk
management plan. Senior management determines suitable roles and duties
for individuals either directly or indirectly involved in risk management by
developing an appropriate organizational structure. Additionally, many non-
financial companies are using similar strategies. An integrated framework for
risk measuring and management is one of the crucial mechanisms that must
be put into place. In order for a company to effectively monitor and manage
its overall risk exposure, it is essential to build methods for measuring and
reporting various forms of risk as part of this process. To give a means of
staying up to date on industry best practices, businesses must also set up risk
assessment and audit systems in conjunction with a benchmarking process.
本书版权归Arcler所有
Integrated Risk Management 71
本书版权归Arcler所有
72 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Integrated Risk Management 73
products in particular because every extra minute in the supply chain raises
the possibility of price drops. Since uncertainty tends to grow over time, the
longer it takes for a product to reach its intended consumer, the greater the
risk. Value chain restructuring lowers risk by simplifying the value chain.
As a result, it is simpler to coordinate operations with suppliers, which helps
to eliminate execution errors and lower supply risk. An organization has
fewer middlemen between it and its end clients, which gives the company
quicker access to information regarding changes in supply and demand.
Thus, inventory and manufacturing resources can be used more effectively.
Risk can also be decreased by altering the way value chain interactions
function. This frequently has the effect of changing information flows and
incentives. Without physically shortening the value chain, cooperative
business models like vendor-managed inventory (VMI), for instance, give
suppliers improved inventory visibility. The provider nevertheless continues
to get more precise and timely information regarding client demand. Since
eliminating one type of risk might also introduce others, many of these
decisions involve trade-offs. It is necessary to implement methods, metrics,
and procedures for controlling and mitigating operational risk in order to
develop integrated risk management systems that connect strategy, planning,
and execution. Operational risk management (ORM) is to reduce business
interruptions, enhance crisis response, and limit the negative effects of risky
events. This is achieved by incorporating various types of risk management
capabilities into operational processes. They can be used as a guide for
developing information systems that track and react to dangerous supply
chain occurrences. They also offer a useful set of metrics for monitoring and
tracking operational risks and outline a hierarchical method for determining
risk limits that may be used in a production scenario. The first step in ORM
is figuring out how much risk a company is willing to take. The amount of
money the company is willing to lose as a result of risky actions is used to
define this. A firm’s overall financial goals, including its profit and sales
ambitions, are taken into consideration when determining acceptable losses
because a firm’s potential for profit depends on its appetite for risk. At the
business unit level, where business managers have the power to influence
and control risk, risk limits are created once acceptable risk levels have
been determined for the company as a whole. The value at risk is frequently
used to indicate risk limitations, with different time periods having differing
acceptable loss thresholds. The process of establishing these restrictions
often include assessing the unit’s operations and how well they align with the
firm’s overall risk appetite. It takes some skill to strike the right balance when
本书版权归Arcler所有
74 Comprehensive Guide to Business Risk Management
3.9. INFORMATION
Information in plenty is necessary for effective risk management. Systems
collect data directly from business operations in order to enable the
necessary management controls and conduct risk analysis (Woo, 1987). The
risk management process can be organized so that hazards can be controlled
collectively by adopting a modular approach. This enables multitasking,
allowing various organizational units to successfully coordinate their risk
management operations. An ideal ORM system would also have ways to
record and organize organizational risk learning. Continuous monitoring
of hazards as well as the program’s efficacy is necessary for effective
ORM (Panisello & Quantick, 2001). Losses avoided, opportunities taken
advantage of, the pace at which new products are introduced, management
comfort level, control efficacy, and overall company risk-return profile are
among the metrics used to measure program effectiveness. Programs for
minimizing operational risk can provide a capacity for handling company
emergencies. These include methods for dealing with extreme circumstances
as well as backup systems. They want to provide quick crisis resolution
while striking a balance between risk management and business flexibility.
Foreign exchange, interest rates, equity prices, and commodity prices are
just a few of the many market risks that companies have historically used
the financial markets to manage. New derivatives products have arisen as
financial engineering approaches have advanced to protect against a wide
range of new hazards. Some of these goods are standardized, while others
are extremely adaptable to the unique requirements of a certain party.
Moving risk from one party to another is the main focus of financial risk
management. In a business situation, a company frequently looks to offload
some or all of its risk to a third party, such as a bank, an insurance provider,
a trader, or an investor. Transferring risk does not automatically make it
safer. A company will occasionally genuinely take on more risk as part of its
financial management strategy. Instead of just switching from one type of
risk to another, a company may choose to maintain a steady level of overall
risk exposure.
本书版权归Arcler所有
Integrated Risk Management 75
本书版权归Arcler所有
76 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Integrated Risk Management 77
Source: https://d3i71xaburhd42.cloudfront.net/387843cbffea63d7ff1a10d1c22
e4434a380264e/23-Figure1.2-1.png.
本书版权归Arcler所有
78 Comprehensive Guide to Business Risk Management
Source: https://d3i71xaburhd42.cloudfront.net/20f18ec0b62d2f00e3dc964157
99e6c8a201c44e/8-Figure2-1.png.
A profit-sharing mechanism is frequently a part of FRI and enables ex-
post insurance rate adjustments based on the purchasing company’s claim
history. Compared to traditional insurance products, FRI has a longer term,
with coverage often lasting three to five years. It might be challenging to tell
financial risk management products apart from insurance. Additionally, the
line separating the two is continually changing. For the financial markets
to become more liquid, risk needs to be reasonably standardized. In order
for diverse market players to easily exchange it, it also needs to be pretty
simple to price. Insurance can be a good substitute for risks that the financial
markets are unable to absorb. For instance, the financial markets have
本书版权归Arcler所有
Integrated Risk Management 79
本书版权归Arcler所有
80 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Integrated Risk Management 81
3.10. PROBLEMS
Another difficult problem is installing software. Software design, coding,
implementation, and maintenance mistakes can happen (Verdon & McGraw,
2004). Software upgrades are challenging to implement throughout the
complete technical system from a technical standpoint as well. A thorough
understanding of the technical system is necessary to determine whether the
software installation or upgrade will fit into the system’s overall structure
and to determine how the installation or upgrade will affect the system’s
overall usability. Good software installation also requires being aware of
security holes and patches from the security community. Technical experts
本书版权归Arcler所有
82 Comprehensive Guide to Business Risk Management
must consider not just how changes to the system will affect security but
also the kinds of problems that users of the modified system will face.
Safety stock is intended to address demand uncertainties during an item’s
inbound lead time, or the period of time between placing an order with a
supplier at the warehouse and the delivery of the products. It also covers
lead time uncertainties. However, in this case, demand uncertainty will be
the main topic. If the safety stock level is set too high, more resources than
necessary are committed to inventory. The intended serviceability may not
be achieved if, however, the safety stock level is set too low and stock runs
out too frequently. The majority of inventory control software applications
work by assuming that daily needs are regularly or Poisson distributed or
by simply setting a fixed safety stock level to determine the level of safety
stock for each product.
It is essential to apply an adjusted demand distribution for every single
product in order to solve this issue and enhance the accuracy of safety stock
estimates, enabling accurate risk management (Medina, Muller, & Roytelman,
2010). By giving each product its own continuous demand distribution
based on either historical or anticipated daily demand data. Additionally, it
enables adaptive adjustment of the safety stock calculation scheme. Failures
are a possibility with IT infrastructures. In terms of dependability, a failure
is an occurrence that takes place when the delivered service differs from the
intended service. Here, we distinguish between intentional system failures
that are accidental or non-malicious and intentional system failures that are
malicious. For instance, a failed disc drive falls under the first category,
whereas a hacker assault falls under the second. While coping with accidental
faults is something we understand very well, malicious faults still present
a number of unresolved issues. Here, we’ll focus on the latter category of
errors and risk management for IT security. While dynamic security risk
management deals with security vulnerabilities as they arise, static security
risk management addresses architectural difficulties.
It is more difficult to get data for ORM and measurement than it is for
credit or market risks. Given the general lack of interest in strict cost controls,
banks rarely gather or store data about their internal control environment
in a systematic way. As a result, designing and putting in place a suitable
infrastructure to compile these loss events and indicators could be expensive
and take several years to complete. Instead of only previous losses being the
proof of operational risk, operational risk is a result of both the institution’s
internal control environment over which it has some degree of control and
the external environment. The control environment is far more of a leading
本书版权归Arcler所有
Integrated Risk Management 83
本书版权归Arcler所有
84 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Integrated Risk Management 85
(Hsu, Fournier, & Srinivasan, 2016). Therefore, to assess how a specific ele-
ment will affect the profitability, all types of uncertainty should be taken into
account under a variety of future business scenarios. Following this mapping
of all the risk components, the computations can be performed using a Mon-
te Carlo simulation or even more complex methods like stochastic dynamic
programming. The consolidated data are evaluated to identify subgroups of
projects that exhibit or have previously displayed comparable health char-
acteristics. The similarity is determined by a set of measurements. In the
early stages of a project, this segmentation can be quite helpful for project
profiling. Before continuing with the project development cycle, it can be
quite beneficial to establish a few project profiles in order to ascertain the
precise requirements that must be met by a given proposal. The various port-
folios are examined in light of the segmentation process’s findings in order
to find statistically significant reasons why certain behaviors are healthy or
problematic. In this step, data mining techniques are utilized to identify key
project characteristics that, when combined, result in the patterns of project
health that are visible. In order to establish an accurate baseline for perfor-
mance measurements, analysis should be performed on data for both healthy
and troubled projects. An approach like this would prevent one from identi-
fying erroneous trends or root causes that would be skewed by problematic
project data and would not actually affect project health management.
Source: https://www.starbreeze.com/sbz-media/2019/10/Estimated_cash_
flow_1923-e1570799009450.jpg.
本书版权归Arcler所有
86 Comprehensive Guide to Business Risk Management
The management of price risk and quantity risk is the main focus of
financial risk management for the more advanced conventional utilities. The
utility industry’s players can be divided into retail customers, wholesalers,
and traders for the purpose of financial risk management. Since they
frequently have fixed-price variable-quantity contracts, retail users typically
incur little to no price or quantity risks. Although there are frequently some
daily or weekly variations in the price schedule, prices for retail users are
fixed in the sense that they are known in advance with certainty. They
don’t, however, suffer any quantity risks because when someone turns on a
light, they always assume that there will be enough electricity to power it.
Wholesale customers and suppliers typically deal with market-determined
costs and supply constraints; therefore, they actively manage risk. These
procedures estimate risks and carry out mitigation plans for those that the
businesses do not want to keep. In utility markets, where the fundamental
commodities are purchased and sold, traders act to create liquidity. Energy
deregulation is either advanced or complete in the majority of Western
nations, meaning that wholesale customers are still subject to the whims of
market-based rates and availability. The markets themselves, however, can
be a significant source of risk. Some power markets, including those in the
UK and California, have experienced serious issues with their commercial
models, necessitating a recent revamp. Prices for spot contracts and a variety
of forward contracts are often available due to the deregulation of the energy
markets (Tanlapco, Lawarree, & Liu, 2002). Once more, the presence of
a market does not guarantee that all potentially valuable contracts are
readily available in sufficient numbers. The specific forward contracts that
are offered depend on the commodity in issue as well as the region. Gas
is expensive to transport, electricity is still governed by some interstate
transmission restrictions, and oil is transported by tankers and pipelines.
Thus, to name just three of the more frequently occurring risk categories
for energy, wholesalers must contend with market risks, liquidity risks, and
location risks.
These factors will still be present in utility computing, although
location risk will play a less role due to the constant need for high-capacity,
dependable network connections between remote supply and consumption
locations. The most frequent comparison to computational utilities is
electricity. Electricity, on the other hand, is a very unique good and utility
since it incorporates certain physical laws that will be upheld no matter what
the market wishes to happen and must thus be incorporated in to prevent
本书版权归Arcler所有
Integrated Risk Management 87
本书版权归Arcler所有
本书版权归Arcler所有
CHAPTER 4
PROJECT MANAGEMENT
CONTENTS
4.1. Introduction ...................................................................................... 90
4.2. Issues ................................................................................................ 90
4.3. Banks................................................................................................ 91
4.4. Projects............................................................................................. 94
4.5. Funds................................................................................................ 95
4.6. Industries .......................................................................................... 99
4.7. Threats ............................................................................................ 101
4.8. Uncertainty..................................................................................... 104
4.9. Contracts ........................................................................................ 105
4.10. Project Management ..................................................................... 106
4.11. Accidents ...................................................................................... 107
4.12. Milestones .................................................................................... 109
本书版权归Arcler所有
90 Comprehensive Guide to Business Risk Management
4.1. INTRODUCTION
Wherever goods or services are produced, processed, supplied, or bought,
business risk arises. Enterprises can have a variety of outcomes, including
continued operation, bankruptcy, a natural disaster, or a change to a different
type of organization. Project risk arises during the phase from the limited
number of business operations that are predetermined from the project’s
beginning until its conclusion in order to achieve specific objectives (Van
Der Merwe, 2002). A business is typically a group of projects; frequently,
the organization manages a portfolio of related projects at once. A project is
an endeavor or activity that is planned to make use of a variety of resources,
most notably money, land, labor, and time, in order to accomplish a goal
or set of goals. An expected or fixed budget and a predetermined timeline
or time period are two conventional project instruments introduced by
the project control. Lenders may become more risk prone in a variety of
circumstances even when they still desire high investment returns and fear
worse-case scenarios. There will be non-monetary returns, but the project
equation will still need to take these into account. Some organizations will
establish their objectives to be defined by non-monetary ideals or to achieve
a benefit other than financial gain. The optimal compromise to balance the
risk-return ratio is what today’s leaders seek.
4.2. ISSUES
Political and societal unpredictability (Figure 4.1) are current issues.
A significant aspect for firms is globalization. Competition for today’s
enterprises might easily come from the next town over or from across
the world (Gummesson, 2005). The management teams of today must be
more agile, proficient, and rapid than before. Standing still is not an option
given the rate of technological advancement, which indicates that this is
probable to last long into the future. Only adaptable organizations will be
successful; change management develops into both a business requirement
and an art. The rate at which a company can enhance the variety of goods
and services it offers, as well as the way in which they are created and
delivered, is the actual indicator of its success. Because of the numerous
and varying ways in which project participants might affect the project’s
result, risk is notoriously difficult to assess. The typical project scenario
involves a project team working together within the corporate framework.
The varied influences of individuals and parties on your progress mean that
you can never be totally certain of the speed or direction of your project.
本书版权归Arcler所有
Project Management 91
Risk need not always have a negative effect on the person. The chances of
winning a Western European or American state lottery are incredibly slim.
Banks and fund managers that lost billions of dollars on foolish schemes
include some of these skilled investors. Investing in increasingly cutting-
edge financial products carries a bigger risk of failure than success. One
would like to assume that we would be satisfied to let risk and investment
experts determine the benefit or risk of an investment or project. Although
it may seem implausible, many businesses pay little attention to how their
employees perceive risk, especially when it comes to risk management. Risk
analysis frequently amounts to nothing more than a gut instinct, the belief
that one has just made a wise purchase. Few people would openly admit to
being risk averse or seeking in any form.
Source: https://media.springernature.com/lw685/springer-static/image/art%
3A10.1007%2Fs11192-020-03416-6/MediaObjects/11192_2020_3416_Fig4_
HTML.png.
4.3. BANKS
Investment banks (Figure 4.2) frequently claim that their foreign exchange
trading operations are risk-hedging, but in reality, they are just betting that
本书版权归Arcler所有
92 Comprehensive Guide to Business Risk Management
their open positions will increase in value (Geyfman & Yeager, 2009).
Since both profit and loss are canceled out during a hedging investment, a
perfect hedge has neither. Short-term market speculation, which is a risk-
seeking tactic, is how banks and corporations that acknowledge losing
money on hedging operations have lost money. Similar to this, businesses
that hire personnel on a temporary basis solely by offering more and higher
compensation are not risk-averse. In reality, these businesses increase the
likelihood that employees will be drawn to them for the wrong reasons,
such as greed, by raising wages in their industry. The potential drawback is
that employee turnover must have an impact on the project’s health because
loyalty to the organization is typically shorter than the length of the most
recent pay check. The practice of screening employees is not always present
in businesses that are seen as well-run. Therefore, the organization and their
projects must be at risk due to critical project staff that lack self-control.
We have seen instances where project members who engage in risk-taking
behavior must be considered as staff who engage in excessive drinking, drug
use, prostitution, and other immoralities. A business that has minimal control
over its employees must be thought of as risk averse. A lot of computer-
based technology has been developed that fall under the risk management
category.
Source: https://cdn.corporatefinanceinstitute.com/assets/investment-banking-
diagram.png.
The UK Institute of Actuaries and Institute of Civil Engineers (ICE)
(Figure 4.3) developed RAMP (Risk Analysis and Management of Projects),
本书版权归Arcler所有
Project Management 93
Source: https://www.ice.org.uk/media/pqhnnzz5/fish-building.jpeg.
本书版权归Arcler所有
94 Comprehensive Guide to Business Risk Management
4.4. PROJECTS
Large projects frequently have numerous tasks ongoing at once; there is
not always a clear distinction between project phases. The traditional
methods can occasionally provide the mistaken impression that projects
advance smoothly and proceed to completion. Perhaps this isn’t the case.
Throughout history, the same errors have been made. Some tasks ought to
never be finished. The projects should never have been launched in the first
place, the final product is completely wrong, or the cost-benefit analysis
demonstrates the projects’ lack of value. Such ventures must be stopped in
their tracks or abandoned before they squander your company’s precious
resources. The old models are being questioned due to the complexity of
combining various project stages and the rise in the specialized project skills
required. In the past, a lot of project scheduling and budgeting exercises
were geared on mechanistic forecasting and control. For many reasons, a
housing complex is typically created as a prototype. To demonstrate the
clients, the architect will create a cardboard or acetate mock-up. This can
be manufactured using satisfactory endorsement. The structures don’t have
to be finished simultaneously. The first should be finished before the others.
This will enable any design flaws. The requirement for self-financing via
the sale of finished selling homes before construction is complete to cover
the costs of building acquired thus far. Real estate sales need the use of
show houses, as they gain notoriety and draw clients. There is a custom of
inviting potential purchasers to show homes to increase exposure. Revenue
is generated far before the remaining construction has been completed.
Other concepts have emerged recently, although a lot of them have
included prototyping techniques. One illustration is rapid application
development (RAD) (Coleman & Verbruggen, 1998). This is comparable to
prototyping and incorporates its fundamental ideas. However, RAD uses a
more rigid and rigorous technique. The installation of packages or existing
products for customization has grown in popularity. This essentially consists
of a toolkit or partially developed product that you may customize to meet
your needs. It is frequently believed that producing these packages will
be quicker and less expensive than attempting to develop the entire thing
from scratch. In computer software systems where software packages are
purchased off the shelf, this technique is common. The capacity to quickly
advance along the learning curve without incurring the large start-up costs
associated with creating the product from scratch is what appears to be
advantageous. This will not always be the case; there are many instances
本书版权归Arcler所有
Project Management 95
where purchasing packages and then customizing them has turned out to be
more expensive than creating the entire project from scratch.
4.5. FUNDS
Raising the necessary funds to complete a project is one of the major
difficulties or hurdles. The use of venture financing is frequently advocated,
particularly for technology ventures that are commercial or in the preliminary
stages of R&D. It is important to recognize the scope of this issue because
venture capital markets in other countries are not as developed as those in
the United States. When there is no functional prototype or patent, this task
is more difficult. The type of project they are working on must be understood
by both the project manager and the project owner. There are several types of
project inertia for every project and every project type. There are those that
start out slowly but finish quickly. Some initiatives, on the other hand, start
out quickly yet take an incredibly long time to finish. Neither the project
owner nor the project manager being aware of the type of project inertia
is one of the primary risks in project management. As a result, they might
invest excessive amounts of time and money at the beginning or finish of
the project. The nature of the sector and the types of project inertia present
must be understood by an experienced project manager. Business is by
nature a risky endeavor since there are dangers lurking everywhere. There
is a common misconception that because projects dedicate set quantities of
resources, risk cannot be effectively taken into account without degrading
the final product. A power generator, for instance, should not be constructed
in an area where thunderstorm activity is known to occur. The issue of
performance or project quality emerges if the project’s costs and timeline
have already been agreed upon and fixed. One solution is to externalize the
risk of a power outage during thunder by including provisions in insurance
policies that safeguard the plant in such circumstances.
A risk manager may not always be welcomed by a firm or client. They
face resistance, much like a pest control operator. Calling them in carries
some social shame because it’s equivalent to admitting you have a problem.
Controlling your workforce, particularly if they are unskilled, incompetent,
or dishonest, is a key component of risk management. Your project success
may be in jeopardy because of some of your workers who hold key project
positions. Someone working for your organization may be unintentionally
committing project errors, disclosing private information, accepting bribes,
or incurring losses in secret. However, nobody actually wants the general
本书版权归Arcler所有
96 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Project Management 97
本书版权归Arcler所有
98 Comprehensive Guide to Business Risk Management
out loans of one kind or another with floating interest rates; the changes
in the rate could be disastrous. The net present value or actual rate of
return on project investments is directly impacted by the interest rate. A
variety of interest rate derivative products are available for investors to
choose from in order to hedge against an unpleasant rate increase due to
the expanding scope of global trade and the creation of innovative financial
products. Most investors steer clear of short-term bets by diversifying their
investments over a longer period of time, investing in a variety of stocks and
bonds. Additionally, fixed-rate loans are becoming more widely available.
Examples include mortgages, which have interest rates fixed for a set time,
like two years, but then increase to a maximum rate, like 10.85%, after the
fixed period has passed. The advantage for the client is that he can budget his
limited resources to prevent changes in interest rates, which cannot increase
to the point where they bankrupt mortgage holders. It is possible to say that
the consumer has adopted a risk limiting or risk mitigation plan.
The project owner or leader might ask a series of questions to the
customer to screen them and determine what kind of credit performance
they will likely face. To create a picture of the expected credit risk, the
credit screening uses a standard template with points for each element and
pass/fail judgment boxes. The customer could be the project owner; thus,
subcontractors and the project manager should confirm that the customer
has a solid credit history before beginning work to ensure timely completion
and payment of all employees. For someone who wishes to open a trading
account with a broker or investment bank, a straightforward template
would resemble this. Screening is based on the assumption that the bank or
organization initially wanted to screen the client. Giving unauthorized soft
loans to chosen friends or associates of the company is a common practice.
Although the British TSR2 supersonic fighter project (Figure 4.4) is
sometimes acknowledged as a technological achievement, the World War
II government considered it to be a monetary disaster (Reed, 1970). Similar
to the Grand Canyon, the Channel Tunnel is a feat of engineering but not
often one of business. Numerous instances of projects running out of money
or being canceled are reported. These occurrences frequently originate
from political and business decisions made by the project owner and other
connected parties and are not always within the project manager’s control.
One of the disturbing trends in management science is the occurrence of
projects running later than expected. The increased interconnectivity of
adjacent projects is another cause of scheduling difficulties. The project
manager or owner may not be solely to blame for such failures. Thus, it
本书版权归Arcler所有
Project Management 99
Source: https://upload.wikimedia.org/wikipedia/commons/0/09/BAC_TSR.2_
XR219_Warton_11.06.66_edited-2.jpg.
4.6. INDUSTRIES
In high-tech industries like pharmaceutical or computer hardware
and software, this is typically a cause of failure or underperformance.
Companies engaged in cutting-edge research and development (R&D) are
referred to as being on the cutting edge of technology, as well. Usually,
project commencement is approved once it reaches a set of required or
desired performance thresholds. When these thresholds are not met, it
frequently suffices to end the project in its early stages. An example of one
of these abandoned yet once ambitious endeavors is biotechnology. Even
the most anticipated medications, like Viagra tablets for treating impotence,
will have some negative effects (Gallagher & Chapman, 2010). British
本书版权归Arcler所有
100 Comprehensive Guide to Business Risk Management
Biotech, for instance, was fined $50,000 by the US Securities and Exchange
Commission for its publicity releases for its cancer drug called Marimastat.
Companies must exercise extra caution when obtaining regulatory approval
for pharmaceutical products since delays and schedule risks might arise
in the areas of a drug’s therapeutic effects, the reliability of its testing,
consumer safety, and regulatory authority decisions. Another example is
the Iridium satellite phone system’s introduction. Projects that originally
appear promising may face a minefield of technology. Different levels of
influence are occasionally exerted on businesses and organizations within
an industrial sector. An industrial directive or fine may exert pressure on
a project to change its course of action. This could be done to lengthen the
testing time, as in the pharmaceutical business, to force a modification in the
design of automobiles or buildings, or even to revoke the project owner’s
operating license.
For instance, it could be a decision made by the Federal Aviation
Authority (Figure 4.5) regarding operating standards and flying safety. The
options typically include appealing the regulatory decision in court, paying
any fines, changing the location of operations, or closing up. Operational risk
thus has an impact on or even takes precedence over other considerations.
The project is seriously at risk from a project manager or project owner
who lacks integrity. Once more, the model may have been a fine concept,
but its implementation was subpar. Smaller projects must be evaluated on a
cost-benefit basis, where you must determine whether the costs of creating
a contract are excessive given the amount at risk. Unexpectedly many
businesses start projects without a comprehensive contract; frequently, a
letter of intent is sufficient to guarantee the production and order for the
beginning of a significant project. Small and medium-sized businesses, as
well as solo enterprises, frequently lack the resources, money, time, people,
and legal knowledge to form contracts (Dvorsky, Belas, Gavurova, &
Brabenec, 2021). So, there is still a chance that they won’t get paid for their
services. Knowing where the risks are and how likely it is that you will
run into them is risk analysis. Knowing where not to fly and how to sail
safely around icebergs are both examples of risk management. Project risk
management is the application of knowledge; it is not pseudoscience.
本书版权归Arcler所有
Project Management 101
Source: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c8/Seal_
of_the_United_States_Federal_Aviation_Administration.svg/1200px-Seal_of_
the_United_States_Federal_Aviation_Administration.svg.png.
4.7. THREATS
A map of potential threats and the damage they might create is what risk
analysis is like. Using the map, risk management determines how to avoid
the dangers. Recent years have seen an increase in coordinated efforts to
define risk and risk management approaches. The RAMP or Risk Analysis
and Management of Projects system (Figure 4.6), which was introduced by
the Institute of Civil Engineers (ICE) and the Institute of Chartered Actuaries
in the UK, is one such instance (Hallikas, Virolainen, & Tuominen, 2002).
They have made a clear effort to offer a project framework to define and
lower risks. The goal is to combine risk analysis and risk management in the
context of project operations in order to recognize and address risk factors
that could cause substantial delays or overspending in projects. The system
develops a thorough and comprehensible framework for project control and
risk detection. RAMP operates by focusing on describing and quantifying
risks throughout a project’s life cycle. RAMP and comparable approaches
may be seen by some as a collection of common sense. However, RAMP is
本书版权归Arcler所有
102 Comprehensive Guide to Business Risk Management
superior in many ways since it gives some of the project’s more unpredictable
parts a structure. RAMP seeks to compel the project participants into a
logical set of procedures and provide them the ability to continue having
planned risk evaluations throughout the project life cycle; the goal is not
to make paperwork and controls halt project development. The cost of
good project risk management must be low, meaning that the value of risk
management must outweigh the expense of getting there. Risk management
is a tool used to keep the project on track and within budget. A construction
project for a toll road bridge serves as a case study of RAMP in action.
The unpredictability of an outcome where the entire investment cost will be
higher than the project’s benefit or result poses a risk to the business plan.
The possibility that the project schedule will take longer than expected or
not be delivered at all depends on risk as well.
Source: https://static.javatpoint.com/tutorial/software-engineering/images/
software-engineering-risk-management-activities.png.
Within the project cycle, risk fluctuates with time. Work done in the
feasibility stage can lower risk to the degree where we can reasonably
expect that the result will be more valuable than the investment. We must
continue to keep in mind both what has been agreed upon and what is still
subject to change. We must modify the contract, and either the contractor or
本书版权归Arcler所有
Project Management 103
本书版权归Arcler所有
104 Comprehensive Guide to Business Risk Management
4.8. UNCERTAINTY
Most of the uncertainty and a significant amount of risk are removed from
the contract by fixed costs. The downside risk is that the contractor’s actual
costs could increase over the project, which would result in poor profits
or worse. When contractors are frequently affected by strikes or material
shortages, fixed-cost contracts are preferred since the client is bound by a set
price even while staffing costs and capital equipment costs are dangerously
rising. The fixed price is typically increased as a result of a force clause that
allows such events to be deemed beyond the contractor’s control. If the client
or project owner accepts a high price when actual labor and material costs
are lower than anticipated, they may be in error. This is a typical situation for
corporate workers who receive a fixed amount for expenses, such as $100 per
night for hotel lodging and $40 per day for meal allowance for project work
away from home, regardless of their actual costs. The client may potentially
save money if hotels and meals were less expensive. The drawback of this
is that if contractors are billed for labor in man-days instead of hours, they
have no motivation to reduce the cost of their labor and materials. When it
is discovered that contractors overcharged the client by inflating their costs,
this strategy loses favor. However, it is still frequently employed when the
cost of raw materials is well-known and largely stable. This is frequently the
basis for price quotes from carpenters and other trades people working in
small businesses. It was employed by NASA when it first began to explore
space. The Channel Tunnel is an impressive engineering achievement,
but it does not inspire confidence in people who first purchased shares
本书版权归Arcler所有
Project Management 105
4.9. CONTRACTS
Writing bond contracts may be simple; receiving payment for bonds drawn
from a bank may also be simple; but, receiving payment for insurance
bonds may be more challenging because they must be verified by insurance
company investigators (Black & Cox, 1976). There will likely be legal power
struggles over what these mitigating circumstances are and whether clauses
can be legally invoked. Additionally, there have been situations where the
customer attempted to deny the contractor’s bond. The client could not
have tried to pay the project manager or contractor at all. The performance
bond is only used as a justification for delaying payment. Formatting and
mailing an invoice are simple; collecting money is more challenging. For
本书版权归Arcler所有
106 Comprehensive Guide to Business Risk Management
the more challenging or forgetful client, reminder phone calls and faxes may
be necessary. Working with screened or reputable clients is one strategy
to reduce the risk of credit or default. Bad debtors find it more difficult
to conduct business in this community because their reputation precedes
them. If they cross the line, you may quickly spread the word by putting
it out there. Another strategy is to hone your writing abilities and learn to
compose professional letters of reminder and threat of legal action. If you
have to go all out, it’s advantageous to establish a good working relationship
with a reputed law company or barrister. Another option is to build up a
relationship with a larger organization. If the debtor refuses to pay, you can
use all of the resources to threaten legal action. In most circumstances, an
agent working for a bigger corporation has the power to obtain payment. This
is undoubtedly an option and will depend on your specific situation. Smaller
businesses might not use such techniques due to financial constraints.
This demonstrates that a company’s reputation is a valuable commodity
that even the most difficult client is reluctant to lose quickly. However, the
client can still be willing to argue with the project manager to obtain even
the smallest discount or insignificant concession. It’s interesting to observe
how important reputation or honor are in business. Sometimes shaming a
tough client is the best course of action to deal with a non-payer. If the
company’s upper management is hesitant to support the project, its lifespan
is undoubtedly finite. Projects bring about change, and they are likely to
encounter resistance from all sides. Managers who are unable to handle the
introduction of change run the risk of having their efforts meet a brick wall.
For individuals who manage to become lost in the project documentation,
this has major repercussions. You or your project manager could occasionally
forget or lose sight of activities that need to be completed. Other times,
outside actors who aren’t technically part of the project team can have an
impact on the project. When the initiative faces strong resistance, there may
be enough unkind voices that can garner enough support or wield enough
influence to bring the effort to an end. It is a risk management tool that you
can use to defend both the project and yourself.
本书版权归Arcler所有
Project Management 107
4.11. ACCIDENTS
The tragedy and the Munich plane accident in 1958 (Figure 4.7), which
claimed the lives of the majority of the Manchester United football team,
are somewhat comparable. A football squad cannot easily fly on different
aircraft, which is the difference. With military air support, it is easier to
separate counterterrorism personnel. If at all possible, key personnel should
ride in separate vehicles. Have a backup plan in case one vehicle is late
or doesn’t show up. You can never predict when issues will develop. For
instance, those in Russia and certain former Soviet states are severely low-
funded, highlighting some of the challenges faced by state-run businesses
in the transition economies. Among the state personnel who are affected by
the backlog in unpaid payments are doctors and nurses. Under-funding of
public hospitals is more of a norm than an exception worldwide. You may
need to consider insurance, proper first aid, or even stand-by emergency
evacuation services in the event that your team needs to receive intensive
care in these facilities. In all fields of labor, including business, sports,
and the arts, a top boss may abruptly depart from their position. There are
numerous reasons for leaving your job, including disagreements about the
working environment, poor performance, conflicts with co-workers, or the
attraction of better money elsewhere. One of a company’s key concerns is
succession, yet it is frequently not effectively addressed. The loss of a senior
management puts the entire organization under stress and strain, which could
be enough to jeopardize projects and the company’s continued existence.
本书版权归Arcler所有
108 Comprehensive Guide to Business Risk Management
Top management is frequently preoccupied with other issues and may miss
the warning signs that important employees may be about to quit. Without
key personnel, a project stands the serious danger of performing far below
par. All initiatives must be able to resist the pressure of employee attrition or
turnover, especially longer-term ones.
Source: https://icdn.strettynews.com/wp-content/uploads/2020/05/Screenshot-
2020-05-27-at-17.11.58.jpg.
Venture capitalists are willing to make investments and safeguard these
investments through a strategy of diversification and risk taking (Macmillan,
Siegel, & Narasimha, 1985). They will select a group of promising businesses
and anticipate that some of them will fail in the next year or two. However,
the venture capitalist also anticipates that any losses from these companies
will be more than offset if a start-up company succeeds to the point where
it may be listed on the stock market three years later, allowing the venture
capitalist to sell his part and make a sizable profit. It has been demonstrated
in the field of portfolio investing that a well-managed, balanced mix of
hazardous investments can boost potential profits while actually lowering
overall risk. To maximize the possible return while reducing the overall
risk on the portfolio, a minor percentage of a well-balanced fund should
be invested in riskier markets. A lot of interaction with numerous players
takes place in business. These individuals have various responsibilities and
本书版权归Arcler所有
Project Management 109
4.12. MILESTONES
Checkpoints or milestones for the project’s development are crucial for
identifying business plan deviations. Projects, especially long-term ones,
should have the support and involvement of top management, in addition
to being informed about them. Otherwise, the managers risk losing sight
of the project’s objectives and letting it deteriorate. Keep your project on
course and your finger on the pulse. The project manager has occasionally
been contrasted with a government employee (Oehmen, Seering, Bassler, &
Ben-Daya, 2011). While bureaucrats work to make this message a reality,
ministers are zealous visionaries. The project manager must coordinate the
needs of several departments as well as the work of outside contractors
while combining resources, labor, and raw supplies. A successful project
manager sometimes needs to be a great diplomat or politician since the
art of compromise and reconciliation plays a significant role in this. He
or she is responsible for tying up all the loose ends, which will inevitably
result in disagreements and statements from the project participants with
competing interests. An important risk of performance failure could result
from a desire to consummate a contract. Make sure the promises made to
customers by your sales representatives align with what you can provide for
an acceptable profit. The contract may occasionally arrive at the last minute,
making it difficult to carefully read every word before signing. A successful
department is essential to a thriving business. Due to the traditional role
of accountants in regulating cash flow, it serves as the focal point of risk
management operations in smaller to medium-sized businesses.
本书版权归Arcler所有
110 Comprehensive Guide to Business Risk Management
The actions and roles of both extrovert and introvert types of business
players are combined in a market. Without the functions that each of these
types performs, the majority of businesses would fail. Knowing how to
balance being risk-averse and risk-seeking, as well as when to take risks
and when to avoid them, is essential. When a gambler wins, they may be
hailed as geniuses or, if they lose, as stupid fools. They have to complete
the productive effort and produce the finished goods. In mission-critical
applications, when substantial loss of life is a possibility, proper design and
testing are especially important. They have the most influence on the final
product’s design, but they must cooperate with any requests or suggestions
made by the sales and marketing, accounts, or other departments. When
developing a new product or service, the project is particularly vulnerable
because a lot of money is being spent while there aren’t any obvious sales
or cash inflows. Making sure the project adheres to the proper health and
safety procedures is your responsibility as the project manager. If neglected,
these provide the risk of significant negligence lawsuits, and you also need
to cope with the implementation of new employer liability regulations. Self-
indemnification only addresses a portion of the whole project environment.
Reviewing professional ethics and risk management is really necessary
(Sison, 2000). Even if your direct staff are well-trained and risk-aware,
health and safety risks might still harm you if you work with external
subcontractors. It is not always adhered to those proper standards are applied.
The emotional aspect of health and safety means that it will always be a
delicate subject. However, it is frequently important to make an effort to get
health and safety on the project schedule and to secure the required funding.
Sadly, the perceived risk of injury is frequently considered to be minimal,
and it may take a serious accident for health and safety concerns to become
a top priority. Regulatory agencies must make sure that standards are upheld
and that health and safety training is an integral element of projects.
Both the federal government and local governments establish tax
legislation. They also include capital depreciation, operational taxes, land
taxes, personal and corporate income taxes, as well as tax credits and
deductions. Successful project managers and owners are able to navigate the
regulatory minefield and weigh the advantages of the tax structure against
potential downside tax risk. This kind of stuff shows why it’s important to
proceed cautiously, perform early employee screening, and then assemble
your core team. You can consider expanding once all checkpoints and
gateways have been successfully passed. Even the most prestigious
western companies commit the error of extending generous salaries and
本书版权归Arcler所有
Project Management 111
本书版权归Arcler所有
本书版权归Arcler所有
CHAPTER 5
ENTERPRISE RISK MANAGEMENT
CONTENTS
5.1. Introduction .................................................................................... 114
5.2. Pillars ............................................................................................. 115
5.3. Opportunities ................................................................................. 116
5.4. Piracy ............................................................................................. 117
5.5. Risk ................................................................................................ 119
5.6. Discrepancy ................................................................................... 122
5.7. FMEA.............................................................................................. 125
5.8. Model ............................................................................................. 129
5.9. Quality ........................................................................................... 131
本书版权归Arcler所有
114 Comprehensive Guide to Business Risk Management
5.1. INTRODUCTION
ERM has recently experienced substantial growth. The eight most significant
elements influencing this trend are Basel Agreements, September 11, 2001,
Fraud in corporate accounting, Katrina, a hurricane (Figure 5.1), Review
of rating agencies, financial crisis, rare occasions, and Prolonged trends.
The last component covers trends that have emerged gradually over time,
while the first seven elements are notable discrete events and are mentioned in
chronological sequence. Some of the discrete occurrences are related to or start
in the financial services industry (Stroh, 2005). However, as these occurrences
are well-known in the ERM community and have an impact on ERM that
is felt across all industrial sectors, it is beneficial for persons in all sectors to
comprehend them. Understanding the timeline is also important because the
development of ERM has been influenced by the sequence of events.
Source: https://www.e-education.psu.edu/earth107/sites/www.e-education.psu.
edu.earth107/files/Unit2/Mod5/Fig%205_512px-KatrinaNewOrleansFlood-
ed_edit2.jpeg.
本书版权归Arcler所有
Enterprise Risk Management 115
5.2. PILLARS
Pillar 1 describes how to calculate capital requirements, providing basic
options based on industry averages and more complex options for banks
with more sophisticated operations based on internal models that are tailored
to the company, its operations, and its risks and, for the most part, rely on
management’s own estimates for most parameters. Supervisors are able to
examine the bank’s risk management procedures and risk exposures in Pillar
2, and if necessary, use a multiplier to raise the minimum required capital
determined in Pillar 1 as a result of their examination (Weber, 2012). The third
pillar discusses the proper disclosure of risks. The inclusion of operational
risks in the scope of Basel I was the most significant development, leading
banks toward a comprehensive approach to risk management. As illustrated
by the global financial crisis that started in the United States in 2007, it is
simple to criticize and claim that the Basel Committee failed to achieve
its objectives in retrospect. These accords, however, were largely embraced
and did constitute a development over earlier procedures. Even if the Basel
Accords didn’t achieve their objective of creating a common baseline for
excellent risk management procedures, they did lead to a greater attention on
risk in the banking industry and beyond since other industries looked to the
banking industry as a model for managing risk. Basel II has a clear influence
on and is generally identical to Solvency II, a set of risk management rules
for European Union (EU) insurance companies planned to go into effect in
November 2012 (Lannoo & Valiante, 2012).
By bringing to light four key components of risk, the terrorist attacks
on the United States on September 11, 2001, improved our understanding
of ERM. Since September 11, virtually every institution is more aware
of the potential for a terrorist assault. Many of these organizations have
also considered various terrorist scenarios, especially those that are based
in or close to sizable cities or other potential terrorist targets. They have
本书版权归Arcler所有
116 Comprehensive Guide to Business Risk Management
5.3. OPPORTUNITIES
Anyone working in the security industry, for instance, can tell you how
many opportunities arose as a result of the assaults. Businesses that offer
teleconferencing services also gained as a result of the sharp decline
in business travel. Although this is not a novel idea, the magnitude of
September 11th raised awareness of the need to take potential effects into
account when analyzing risk scenarios. The first incident involved litigation
and enhanced the board of directors’ responsibilities and, more importantly,
their financial exposure personally if corporate accounting fraud went
undiscovered. In a WorldCom litigation, it was revealed that a settlement
required 10 outside directors to pay damages from their personal assets
totaling almost 20% of their net worth without being permitted to receive
reimbursement from their directors and officers (D&O) liability insurance
coverage (Pitt, 2005). Similar personal payments from directors were part of
the Enron litigation settlement. These settlements were noteworthy because
they sparked two important trends. First, the added liability made serving on
a board of directors less appealing. The retirement of many directors made
it more challenging for corporations to find new directors. The second, and
more significant tendency for ERM, is that the surviving directors started to
ask management what steps were being taken to guard the business against
significant risks. When corporations embraced ERM, it was frequently the
result of pressure from a board of directors placed on management.
本书版权归Arcler所有
Enterprise Risk Management 117
5.4. PIRACY
Piracy (Figure 5.2) is worth mentioning even if it is not a very significant
component because it is another illustration of something that formerly
appeared unthinkable in contemporary times (van Kranenburg & Hogenbirk,
2005). Such occurrences have increased our awareness of the difference
between our attitude prior to a remote incident and immediately afterwards,
as well as how rapidly our mindset and reality may change. ERM is today
and has been for some time a hot topic as a result of all the factors influencing
awareness and implementation of ERM programs. Most businesses have
started implementing ERM, are thinking about implementing ERM, or are
interested in learning more about ERM. Their management is aggressively
looking for information on it, and the boards of directors are asking
questions about it. Even government agencies and non-profit groups are
interested in ERM and how to modify it for their purposes. In order to meet
this demand and serve the expanding ERM market, providers of goods
and services have been spending quickly in growth. ERM is becoming a
more prominent topic in conferences, and some of them are even hosting
本书版权归Arcler所有
118 Comprehensive Guide to Business Risk Management
Source: https://www.ncta.com/sites/default/files/inline-images/graphic-Pira-
cy_09_19-01-%281%29.gif.
It’s helpful to think of risk as being there whenever there is a chance
that an event won’t turn out exactly as predicted. You probably envision
bad outcomes, like losing your career or your health, when you consider
the risks in your life. Risk can be as basic as the possibility of being late
for something on a regular basis due to traffic or bad weather. Risk, on
the other hand, will be defined as any departure from expectations in an
ERM framework. This definition of risk covers both upward and downward
volatility (Annamalah, Raman, Marthandan, & Logeswaran, 2018). For
本书版权归Arcler所有
Enterprise Risk Management 119
instance, you would undoubtedly view the potential that your bonus would
be smaller than anticipated as a risk, but you are unlikely to view the prospect
that your bonus will be more than anticipated as a risk. Risk is typically
seen as the potential for loss. Even many ERM practitioners use this as
their primary reference. Loss, however, is an imperfect idea since, as was
previously mentioned, it does not account for upside volatility, which is the
potential for an unanticipated gain. However, loss has a more malicious flaw.
People frequently unintentionally overestimate a risk’s extent or severity
as a result. Sadly, this leads to the duplicate counting of some predicted
losses that should not be included. The risk severity, or impact, should only
contain the excess over the amount expected because our definition of risk
is deviation from expected. The company’s strategic plan baseline financial
projection is likely to incorporate the annual anticipated lawsuit expense.
5.5. RISK
The inability to quantify strategic and operational risks is one of the causes
of this imbalance. When creating risk scenarios for financial hazards, which
take into account quantitative effects on financial results, a sizable amount
of objective market data can be used. There is much less information
accessible regarding operational and strategic risks, which strongly depend
on the specific makeup of the company affected. Popular quantification
techniques can fall short in supporting operational and strategic risks. The
quantification techniques either offer no quantification or, even worse,
drastically overstate how serious a risk is. The notion that financial risks are
the most significant risks that they make up the bulk of the risks that pose
the greatest harm to the organization is a second factor contributing to the
disproportional attention on these risks. Research repeatedly demonstrates
that the majority of a company’s significant risks and greatest threats are
operational and strategic risks. The majority of people who are modeling
have a focus on finances. Their training focuses on managing financial risk.
They have financial risk training and certification. They only have exposure
to financial danger. Even the department’s name and mandate may protect
them from financial risk. Their approaches function best when a plethora of
objective quantitative data is accessible, which is not the case with strategic
and operational risks. In addition, their procedures cannot easily handle
these risks.
One or a combination of the aforementioned variables may be the
cause of the inadequate inclusion of non-financial hazards. Whatever the
本书版权归Arcler所有
120 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Enterprise Risk Management 121
本书版权归Arcler所有
122 Comprehensive Guide to Business Risk Management
5.6. DISCREPANCY
This discrepancy between the ERM program’s internal reality and what
is presented to external stakeholders poses a serious danger (Blume,
Lim, & Mackinlay, 1998). Consider a situation where a company’s stock
price suddenly drops by 50% as a result of a danger that none of its rivals
experienced. Currently, management is being examined. The management’s
estimate of shareholder value, or business value, is taken into account, but
only to the extent that it has an effect on secondary stakeholders’ levels
of satisfaction. For instance, rating agency restrictions must be considered
because a lower rating could have a negative influence on value when
looking for risk-to-value trade-offs that might maximize corporate value. In
order to maximize corporate value, most corporations have long since moved
away from AAA ratings, believing them to be excessively expensive and
redundant. The market has recognized this movement. Another illustration
本书版权归Arcler所有
Enterprise Risk Management 123
would be that if regulators are not completely satisfied, they might take
action that would diminish the value of the company. The ERM process
cycle’s first stage is risk identification. It entails identifying the major
risks that pose the greatest possible threats to the company. This requires
condensing a lengthy list of potential dangers into a manageable number
of significant risks. Using qualitative risk assessments that are based on
internal judgments of the possibility and seriousness of each potential risk,
this is primarily accomplished.
The primary risks are quantified in the second stage of the ERM process
cycle on both an individual and integrated level. In order to do this, an
ERM model must be used to calculate the potential effects of various risk
scenarios on certain critical KPIs. Following completion of this, enterprise
risk exposure measurements are produced by quantifying the effects of
integrated risk scenarios, which involve many risks occurring at once.
Once a risk appetite has been established, choices on whether to enhance or
decrease risk exposures can be taken. The integration of ERM into normal
decision-making processes, such as strategic planning, tactical, and strategic
decisions, and transactions, falls under the second category. Risk messaging
is the fourth stage of the ERM process cycle. Internal risk messaging and
outward risk messaging are the two different types of messaging included
in this. This is an effective way of communicating internally, and it sends
a clear message to management that risk and return need to be taken into
account jointly. Once risk exposures are monitored by the departments,
business units, and individuals that generate them and are represented in
incentive compensation, it becomes obvious that increasing the firm’s risk
exposure will increase the expected return.
For a strong ERM program, good risk governance is a prerequisite,
but it is not sufficient. Even if a corporation has created and put into place
what looks to be a strong risk governance structure, that alone cannot tell
us much about what is actually happening. A hollow ERM program can
have all the risk governance components in place around it, similar to a
complex freeway system that is empty of traffic. ERM framework is more
fundamental and directly related to the effectiveness of an ERM program.
Before going through the ERM process cycle at least once, just the most
fundamental risk governance structure is necessary initially. It varies from
firm to company how ERM develops, is embraced, and is integrated into
its essential processes. It is difficult to write the entire risk governance
framework needed to support ERM activities until it is known how they will
actually be carried out. It’s crucial to first comprehend the ERM process
本书版权归Arcler所有
124 Comprehensive Guide to Business Risk Management
steps in order to grasp risk governance. Only within the context of ERM
operations can the many essential participants’ roles and duties be discussed.
The same is true of the organizational structure, rules, and practices that
make up risk governance, along with roles and responsibilities. They can
only be discussed once the ERM process as a whole has been well defined
and comprehended. These match up with all risk categories, which for the
majority of businesses include financial, operational, and strategic. A large
portion of these possible risks are merely irrelevant. The business’s chosen
strategy serves as a natural filter, removing unimportant risks. In other
words, the strategy will decide which risks are relevant to the organization
and which ones are not.
There are many objective external quantitative experience data for the
primary hazards for which building risk scenarios is mostly objective. The
vast majority of the major hazards in this category is monetary concerns.
For instance, think about market risks. We have decades of experience
working with daily data on the major stock markets’ volatility. We can
create a thorough, smooth, continuous distribution of historical risk
scenarios for market risk as a result. Creating risk scenarios for these kinds
of issues is largely objective (Miller & Waller, 2003). The comprehension
of the risk event, its likelihood, and its financial repercussions is largely
based on historical experience. A set of deterministic risk scenarios are
chosen by management from the continuous distribution, which involves
some subjective judgment. The major risks, however, for which creating
risk scenarios is primarily subjective, are those for which there is either no
external, objective quantitative experience data, or for which there are only
very few such data that are easily available. The majority of the major hazards
in this category are operational and strategic risks. Consider the strategic risk
associated with strategy execution. By adapting the failure modes and effects
analysis (FMEA) (Figure 5.3) method from the manufacturing industry,
which heavily incorporates input from internal subject matter experts,
management creates a set of deterministic risk scenarios (von Ahsen, 2008).
本书版权归Arcler所有
Enterprise Risk Management 125
Source: https://www.onupkeep.com/images/raster/learning/maintenance-tools/
fmea-matrix.png?cbh=e50368192c1ffbc11c427fa1512b5adc.
5.7. FMEA
The FMEA technique can be useful in risk scenarios that are largely
objective. Data from the past is frequently lacking. Experts in the field can
also contribute their expertise and intuition, which can be very valuable to
the process. Combining the two methods is frequently the most effective
technique for these largely objective risk scenarios. The exposure to
corporate risk must also be measured. The distribution of all potential
effects on the baseline company value from simulations including one
or more events, or one or more risk scenarios occurring concurrently, is
known as enterprise risk exposure. Because more than one variable might
diverge from the strategic plan during any given period in business, this is
a more accurate and comprehensive portrayal of the firm’s risk exposure.
本书版权归Arcler所有
126 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Enterprise Risk Management 127
for the strategic strategy typically serves as its foundation. The Plan is a
static, one-scenario prediction of the future that is stated as though it will
occur exactly as predicted, without a single doubt. This is a little unfair
considering that the work done by the various business segments to develop
the Plan frequently entails some excellent scenario analyzes, such as SWOT
analyzes and sensitivity analyzes, frequently with robust quantitative
workups (Gurl, 2017). When the ERM program is initially established with
just the company’s main business sector in mind, this is most frequently
the case. This is particularly prevalent in financial services companies with
a variety of businesses, some of which must have the necessary capital on
their balance sheets and others of which do not. Amounts of capital that
must remain on the balance sheet to fund ongoing operations and cannot
be used to finance expansion in the future are referred to as necessary
capital. Various stakeholders, including regulators, rating services, and
management itself, all have their own methods for defining and determining
the appropriate amount of capital. To guarantee that all stakeholders are
satisfied, the corporation frequently holds the highest of these amounts.
Financial services firms that focus primarily on banking or insurance
typically employ a capital-based ERM framework, using capital as their
principal performance indicator. It makes sense why these kinds of firms
would gravitate toward a capital-based strategy. For them, it is a significant
metric. It is also a statistic that results from risk management, as the amount
of capital that is needed is determined by how much risk the company is
exposed to. Unfortunately, this makes implementing an enterprise-wide
ERM program impossible for financial services organizations with non-
financial services operations. Due to the absence of capital requirements in
these non-financial services sectors, a capital-based approach is inapplicable.
Consider a bank holding company that has both a consultancy division and
a retail banking division. A capital-based ERM program is put in place. The
amount of additional capital required that the risk exposure generates is
their primary criterion for measuring risk exposure. Although the consulting
industry plainly generates risk, it does not provide the necessary capital
because this area of the firm is exempt from capital requirements. Because
capital requirements are not a standard unit of measurement that can be
used to assess risks throughout the firm, the company’s ERM program is
insufficient.
For these hazards, industry data is frequently lacking. The potential
impact of a company’s strategic plan being wrong or the prospective impact
of bad strategy implementation, for instance, cannot be quantified using any
本书版权归Arcler所有
128 Comprehensive Guide to Business Risk Management
industry data set. Each organization faces a different risk depending on its
strategy and ability to properly implement it. Industry data is frequently
helpful as supplemental anecdotal information for calculating risk. However,
using industry data as the main foundation for risk quantification is frequently
unsuitable. Depending on the risk mitigation strategies in place, the overall
effect of risk on a business varies greatly. For instance, if one company
has better risk management practices or higher insurance coverage than
another seemingly identical company, the first company will not experience
the same negative effects from the risk event as the second company. Each
organization’s process for dealing with risks can differ greatly. The unique
characteristics of the organization and its risk management strategies are not
taken into account when using an industry data set. Finding the best internal
subject matter experts for the risk in question is the first stage in the FMEA
process. For some risks, this may be the most senior individual connected
with the risk, such as the executive risk owner who is in charge of the risk’s
overall management across the entire organization. Depending on the risk,
litigation or human resources concerns may be the case. But typically, the
individual who is most at risk is the best option.
The identified respondents are then asked to provide a set of risk scenarios
for the major risk in issue as the second step in the FMEA interview process.
For each major risk, there are frequently a number of risk scenarios. Although
upside risk scenarios won’t apply to all significant risks, it’s still vital to take
them into account. These scenarios each represent a distinct deterministic
risk scenario. In other words, these are imagined real-world occurrences
(Kirchsteiger, 1999). Creating particular deterministic scenarios is essential.
It is simpler for interviewers to consider the sequential succession of
potential events and the implications for the business when they can visualize
a specific event occurring. Modifying the plausible worst-case scenario
results in some of the less extreme risk possibilities. The FMEA approach
directs the experts to go through the event in detail and chronologically for
each specific risk scenario. The internal subject matter expert’s knowledge
about what outcomes in the external and internal environment will probably
follow from the original occurrence is extracted through a series of expert-
led questions. The event’s likelihood is determined in the third stage. It’s
challenging since everything is so ambiguous. Additionally, it is challenging
since the interviewers are sometimes used to providing such estimates and
frequently lack a basic understanding of probability. Creating estimations
of the quantitative effects of each deterministic risk scenario on the base
company value is the last stage in the FMEA interview process. Similar to
本书版权归Arcler所有
Enterprise Risk Management 129
5.8. MODEL
ERM model to shock the baseline firm value, both the likelihood and the
quantitative consequences are inputs used to first quantify individual risk
exposures and then enterprise risk exposure (Wu & Olson, 2009a). The
notion that this information can’t possibly be relevant because it is all based
on mere guesses is a common initial concern brought up in early talks of
the FMEA technique. Although the latter is mostly accurate, the process
does require educated guesses. The ERM process does benefit greatly from
this knowledge. Even highly speculative estimations are vastly preferable
to no quantitative information at all for management. Even though these are
only educated guesses, they are created by people who are familiar with the
risks, frequently by people with decades of personal experience and even
more anecdotal knowledge of risk incidents in the business. The company
employs a lot of intelligent people, and their heads are jam-packed with
priceless information. This valuable knowledge is taken from the subject
matter experts by the FMEA process and presented on the page in a uniform
quantitative way for all major risks throughout the entire organization.
Many times, the FMEA process is the first time the subject matter experts
are asked to consider risk scenarios and potential mitigation, and this
introspective process results in better approximations than had previously
existed anywhere. As a form of sensitivity analysis, ranges around the
estimate are utilized to demonstrate how inaccurate the estimate could be.
A business unit originally objected when an ERM team provided them with
a commercial opportunity based on FMEA data because of the approximate
nature of one important assumption.
The outcomes of the FMEA interviews are documented, which is another
aspect that elevates this knowledge above educated estimates. People are
more careful about the quality of their work when they are aware that their
name is formally associated with it. This happened when SOX was first
put into use. Senior executives were required to sign their first attestation
verifying the certainty of the risk assessments, control assessments, and
financial reports at the conclusion of the first significant effort to collect and
analyze a huge amount of data. As the executives started to scrutinize the
本书版权归Arcler所有
130 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Enterprise Risk Management 131
5.9. QUALITY
The quality of the qualitative risk assessment portion of the risk identification
process step is diminished by failing to consistently define all hazards
according to their source (Burkov, Burkova, Barkhi, & Berlinov, 2018).
For the qualitative risk assessment, survey respondents are asked to rate
the likelihood and severity of potential major risks using a qualitative scale.
Participants in the qualitative risk assessment must have a precise description
and a shared knowledge of the risks they are assessing in order for the survey
results to be useful. Unfortunately, it frequently leads to misunderstanding
when risks are determined by their results. Different survey respondents
may imagine a different source of risk when contemplating a particular risk
characterized by its consequence, and as a result, the chance and severity
本书版权归Arcler所有
132 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Enterprise Risk Management 133
本书版权归Arcler所有
本书版权归Arcler所有
CHAPTER 6
CORPORATE GOVERNANCE AND
RISK MANAGEMENT
CONTENTS
6.1. Introduction .................................................................................... 136
6.2. Compliance .................................................................................... 137
6.3. Business.......................................................................................... 138
6.4. Liabilities ........................................................................................ 141
6.5. Payments ........................................................................................ 143
6.6. Laws ............................................................................................... 146
6.7. Funds.............................................................................................. 148
6.8. Cost-Savings ................................................................................... 152
6.9. Principles........................................................................................ 153
6.10. Claims .......................................................................................... 154
6.11. Information ................................................................................... 159
本书版权归Arcler所有
136 Comprehensive Guide to Business Risk Management
6.1. INTRODUCTION
The ideas of due diligence and corporate governance are becoming more
and more significant in today’s business world. Both ideas have expanded
in terms of their application and significance. As a result of the international
regulatory and voluntary frameworks that are forming, their application
has in fact begun to overlap. From simply economic beginnings, they have
expanded to include a variety of business behaviors (Greuning & Brajovic-
Bratanovic, 2022). Furthermore, regardless of their size or location, all
organizations should prioritize these concerns in light of the ongoing
corporate scandals that make headlines and highlight the need for better
corporate governance.
It is imperative for business success to comprehend and appreciate
corporate governance (Figure 6.1) and due diligence. Like anything else,
due diligence procedures must have a beginning point. Each party to the
deal must be willing to start a due diligence process if there are discussions
about a potential merger. But this is when the lines between what constitutes
due diligence might blur. Prior to any informal or official conversations in a
merger situation, there would typically be a large amount of due diligence.
The necessary diligence is to ascertain whether there is sufficient data to
support discussions regarding a potential merger. Therefore, there is never a
single phase with a single beginning point for every due diligence exercise.
Source: https://www.researchgate.net/profile/Suhaimi-Sarif-2/publica-
tion/314153284/figure/fig2/AS:667699281657859@1536203322240/Key-ele-
ments-of-corporate-governance.png.
本书版权归Arcler所有
Corporate Governance and Risk Management 137
6.2. COMPLIANCE
All businesses will engage in some type of due diligence, whether formally
or informally. Larger organizations, of course, require a more formal,
structured approach. An excess of people each doing things their own way
might lead to a surplus of data with no information. Smaller organizations,
on the other hand, might conduct all of their business informally, making
a lot of impromptu decisions without any notes or documentation. It is
important for any firm to comprehend how due diligence benefits everyone.
Traditionally, management has this responsibility because they establish
the company’s rules, practices, culture, and methods of doing business. A
legal questionnaire and disclosure documents that have been attested by
the candidate are the first steps in the normal traditional process, which is
followed by a review, compilation, or audit of financial data (Andersen &
Choong, 1997). A regulatory agency records search is typically carried out.
Numerous public records are typically searched. Research is frequently
added in areas like the candidate’s industry niche, as well as occasionally
the media. Additionally, additional research is occasionally contributed
by getting in touch with other business and governmental organizations.
In order to streamline the transaction, warranties, and indemnities have
evolved throughout this procedure. For instance, it is possible that the
vendor is ignorant of any flaws or problems that surface during the due
diligence procedure.
The fact that the material discloses how the target has been managed is
another significant advantage of the legal due diligence procedure. It may
consider the history of the target and applicant as well as their goals, as
well as their chosen organizational structure, whether that be a corporation,
partnership, or owner manager business. There are many smaller acquisitions
that draw the attention of the due diligence process, even though many
due diligence exercises involve very large transactions. While some of
the process’s concerns are better suited to larger transactions, others are
applicable regardless of transaction size. For instance, the administration of
the company will be reflected in late or inaccurate returns to the authorities,
such as the Inland Revenue and corporate registers. They might also point
to money problems, as in the case of late financial statements filed with
corporate registrations. Furthermore, as said, the information gathered
during the due diligence process can be an invaluable instrument for
continued management of the target after the sale is finalized. It should be
highlighted that there are more people who benefit from the due diligence
process due to the constant pressure from regulators, security exchanges,
本书版权归Arcler所有
138 Comprehensive Guide to Business Risk Management
6.3. BUSINESS
The type of business or transaction being considered in some situations will
limit or restrict the amount of due diligence that is accessible or necessary.
In contrast to a private firm where there has been no such public disclosure,
the offering circular or document of a publicly traded company that is
本书版权归Arcler所有
Corporate Governance and Risk Management 139
本书版权归Arcler所有
140 Comprehensive Guide to Business Risk Management
the subprime sector and falling liquidity levels. It is common for a corporate
finance transaction to involve a combination of equity, debt, or variants
of both, and this will prompt a proper examination of the appropriate
combination and pricing. To ascertain the proper ratio of each and the
associated risks, a well-known formula is the weighted average cost of
capital. Numerous aspects will need to be taken into account when deciding
whether or not to invest, fund, or carry out the transaction as well as when
analyzing the business or transaction overall. A team of experts from several
disciplines would evaluate these issues as part of the crucial due diligence
process, which would also involve looking into various aspects of the
business or transaction. The due diligence process will differ significantly
from one firm or transaction to another, thus the first information requests
or the framework for the inquiry and study will need to be adjusted to the
particular business or transaction. The evaluation and structuring process,
as well as the final success or failure of the proposed investment or finance
for the business or transaction, will be significantly influenced by the due
diligence process (Das & Teng, 2001).
Depending on the business or transaction being proposed or considered,
the due diligence process will first take a high-level approach before
reaching down to a more in-depth and distilled consideration of the various
issues affecting the value of the business, frequently after sifting through a
myriad of legal, technical, and commercial issues. These factors will then
serve as the foundation for a report or reports that will ultimately be used to
make investment or credit choices. The due diligence team would be made
up of a variety of professional consultants, typically including expertise in
law, finance, technology, the environment, insurance, and actuarial work.
As soon as it is practical, these advisors should be hired so they have time
to fully address the pertinent issues. The lending institution or investment
bank will usually be in charge of leading the due diligence process and
coordinating the due diligence team. The team conducting the due diligence
exercise needs to receive precise instructions regarding the goal and
restrictions of the exercise. The team will be better able to streamline the
exercise, concentrate on the pertinent issues, and make it more time and cost
effective if they are aware of what the company or transaction includes and
what the exercise’s goals are. The due diligence team must be informed of
these plans and tactics if a firm intends to purchase a target with the goal
of launching or building a hotel with a casino or another type of property
that will be developed and sold. The investment corporation wants to know
本书版权归Arcler所有
Corporate Governance and Risk Management 141
from the due diligence process whether these tactics are feasible and what
difficulties they include. It is frequently incredibly surprising how far along
advanced transactions can go before important corporate finance problems
are identified. Thus, high level information overviews are advised from
the very beginning. The business’s regulated status and compliance with
regulatory requirements would be at the heart of this transaction. The
framework for how the transaction is financed, organized, documented, and
finished can then be negotiated and agreed upon based on the facts revealed.
6.4. LIABILITIES
The liabilities would be quantified, the price adjusted or the purchase price
deferred, and the disclosures warranted as being complete and accurate in
themselves once disclosures are made, for example, as regards pending
litigation, breaches of overdraft facilities, or arrangements with creditors.
This would ensure that the extent of the liability is correctly provided for
(Dullaway & Needleman, 2004). The exchange of secret undertakings is a
crucial step at the beginning of the due diligence process. These set up the
atmosphere where lenders or investors are safely given price-sensitive and
important information about a business or transaction without running the
danger of the information leaking into the public realm and lowering the
business’s worth and reputation. The suitable environment must be created
since only complete disclosure will allow for the proper examination of the
proper risk and reward. The due diligence team and its advisers are often
ring-fenced, and each member is required to give their commitment to
uphold the engagement’s confidentiality requirements.
Doing proper due diligence on the business owners or management or
making sure the proposed funds to be invested in or lent to the business as
part of the corporate finance transaction are clean are the first steps in any
corporate finance transaction. The evaluation of the appropriate sources of
finances flowing into and out of a commercial activity would thus be included
in the exercise. Additionally, the professional members of the due diligence
team will typically be subject to independent disclosure obligations and may
be required, if they have concerns or suspicions, to disclose information to
regulatory authorities without consulting the client or other due diligence
team members. If a regulated adviser misses money laundering when they
should have noticed it or had reason to suspect it, they may have committed
a money laundering (Figure 6.2) offense.
本书版权归Arcler所有
142 Comprehensive Guide to Business Risk Management
Source: https://www.unodc.org/images/money-laundering/images_website_up-
date/Money_Laundering_Cycle.png.
Any due diligence engagement’s conditions should be extremely clear
on this point, and any confidentiality agreements will undoubtedly include
an exception for disclosure (Trakman, 2002). Financial data that has been
provided and the related financial ratios contain a wealth of information.
Whatever the interpretation of the entries and financial ratio calculations,
there is still a lot that could be hiding behind the numbers. The facts gleaned
from a thorough study will be crucial in the ongoing discussions about the
structure and cost of financing. Accounts should, at the very least, be audited
in accordance with best accounting practices and local law. Examining any
caveats or qualifications on the audit reports, as well as a pattern of frequent
changes in auditors, is an essential component of historical analysis.
Likewise, management accounts should at the very least embrace accounting
principles and procedures that are in line with the audited accounts. The
strength of the accounting systems used to record information, the accuracy
of the postings, and the consistency and dependability of the basis on which
postings are produced are of greater importance. It’s important to properly
examine revenues. Contracts may be signed and bills issued even when there
is no underlying delivery or delivery agreement. A rigorous examination is
also required to ensure that the true costs of revenues are disclosed, rather
than being hidden to artificially inflate earnings and profitability.
本书版权归Arcler所有
Corporate Governance and Risk Management 143
6.5. PAYMENTS
For unique payment provisions, such as advance payments that do not
necessarily require delivery or performance, capital obligations must
be carefully addressed. The actual cost, delivery, and execution must
be compared to financial estimates based on the projection of capital
expenditures and sources of cash for the payment of such expenditures
(Black & Cox, 1976). A planned capital financing might only be sufficient
to cover working capital needs and fall short of meeting the company’s
capital requirements, which are crucial to its future growth. Management
frequently exaggerates the genuine working capital requirements in an effort
to increase profits and returns. The worth of the stock and the ongoing work
should be determined without taking profits into account but accounting
for potential losses. It is crucial to physically inspect the inventory to make
sure that the raw materials and goods are not out-of-date or redundant and
that the value is appropriately recorded in the books. On-site stock checks
at transaction closings are not unusual. It is important to carefully review
all contingent, disputed, and other liabilities, including claims arising from
contracts, as well as any defaults or cross-defaults that may occur under
current borrowing facilities as a result of the financing. The effects of any
defaults should also be carefully considered.
The country in which the firm is located, as well as the country of the
lender or investor, will have different tax effects. The tax consequences of a
transaction or investment may have a significant impact on pricing, such as
the withdrawal of previously held reliefs or the crystallization of charges, or
the understatement or overstatement of deferred tax liabilities and tax assets
as reported in the books of accounts. Tax is a crucial component of the due
diligence process. It will be necessary to evaluate previous tax calculations
and take the transaction’s effect into account. This will frequently influence
how the transaction is set up, such as through the purchase of shares or assets,
financing through debt or equity, delayed consideration, or installments, in
order to maximize tax savings. The full range of applicable taxes, such as
income or capital gains taxes, estate or inheritance taxes, value-added tax or
sales or service taxes, as well as customs and excise duties and fees, would
be covered by the tax review. An examination of the anticipated impact
would be required in each scenario. For instance, value-added taxes may
be applied to asset acquisitions, loans may be subject to withholding taxes
on interest due, and foreign exchange controls may apply to offshore equity
investments, resulting in punitive departure fees. It would be typical to see
本书版权归Arcler所有
144 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Corporate Governance and Risk Management 145
Source: https://www.researchgate.net/publication/339481869/figure/fig1/AS:8
62458134671360@1582637451115/Different-types-of-IPR.png.
Normally, when a business, in whole or in part, is transferred to another,
existing regulations will preserve the interests of the employees. The same
terms and conditions apply for the automatic transfer of the personnel.
The provisions of such legislation will not apply to transfers that do not
include a business transfer. As long as the employer company remains the
same, the regulations will not have an impact on the transfer of shares. Any
rights and obligations resulting from employment contracts, including all
collective agreements established on behalf of employees, are transferred to
the new employer as part of a business transfer. However, benefits related
to occupational pension plans would need to be transferred separately.
Irrespective of the magnitude of the enterprise, regulations may still be
applicable. Any transaction involving a change in ownership must also
take into account consulting with trade or employee union representatives.
本书版权归Arcler所有
146 Comprehensive Guide to Business Risk Management
6.6. LAWS
Laws governing product liability might vary greatly between jurisdictions.
Because strict responsibility may be the basis for product liability legislation
in some countries, carelessness may not even need to be shown (Henderson,
1983). Potential liability to businesses could be limited. Even though the
bulk of high-profile cases have occurred in the USA, it is important to note
that upcoming legal changes in the UK and the rest of the EU may broaden
the potential for extensive litigation and potentially multi-million-dollar
damages that are frequently seen in the USA. Product liability is not the
only area of litigation risk. In fact, there are a wide range of potential causes
for litigation, some of which can be connected to the proposed transaction
and others might be completely unconnected. Money laundering first came
under criminal inquiry in the USA in 1919. As it was not common practice
for banks to inquire about the source of cash prior to making deposits, tax
evasion was prevalent at the time. The Bank Secrecy Act of 1970 (BSA), also
known as the Currency and Foreign Transactions Reporting Act, mandated
that banks create a paper trail. Other laws governing money exchange and
financial accounts were passed in the USA after the BSA was passed. The
Money Laundering Control Act of 1986 established money laundering as
a criminal offense in the USA (“EBSCOhost | 33768853 | The Criminal
Prosecution of Banks under the US Bank Secrecy Act of 1970,” n.d.).
本书版权归Arcler所有
Corporate Governance and Risk Management 147
This Law Society guidance note makes it clear that a professional legal
adviser does violate the law by tipping off if he or she discloses information
to a client under privileged circumstances, such as when providing the
client with legal advice, or to any third party in connection with ongoing
or anticipated legal proceedings. The guidance paper states that the legal
advisor is not required to inform the clients that he or she has reported or
plans to disclose something to the FIU. Legal counsel should withdraw from
the case and carefully examine following the Law Society’s standards while
making a report to the FIU if they consult with their client about making a
report to the FIU and the client objects. When a legal advisor informs a client
that they have made or plan to make a report to the FIU while providing legal
advice to the client or acting in connection with present or anticipated legal
procedures, they are not breaking the law. The Law Society has also said
that the aforementioned is true for both transactional activity and litigation.
Additionally, it should be mentioned that regulatory and reporting
standards, which have an impact on stakeholder and insurer confidence, are
the main external factors. As small businesses and small and medium-sized
enterprises (SMEs) deal with the implications of today’s business environment
and scrutiny of bureaucracy, regulation, customers, non-governmental
organizations (NGOs), as well as the media, the issues and concerns that
were previously only the purview of large businesses have snuck into those
of small businesses and SMEs. While a jurisdiction’s company law controls
businesses that have been formed there, that jurisdiction’s securities rules
and regulations apply to businesses, investors, and middlemen engaged in
the purchase or sale of securities there. For instance, in the energy industry,
two-thirds of companies with primary listings on overseas exchanges also
have secondary listings on US stock markets. The majority of the big
listed corporations also have their primary listings on US stock exchanges
(Risman, Salim, Sumiati, & Indrawati, 2017). Therefore, modifications to
US requirements have a significant impact on how business is conducted
in general. Insurance can cover a sizable amount of any financial damages
brought on by policy violations. Protection of premises from intrusion by
unauthorized individuals has risen on the corporate agenda in recent years.
Employees, clients, subcontractors, etc., now demand a certain level of
protection from the possibility of a random intrusion. Budgets now include
expenditure for reducing this risk since it has become necessary. It applies
to integrity risk as well. There are several instances of unethical, and
occasionally illegal, behavior by people or organizations within corporations
that has negatively impacted a company’s reputation, if not its viability.
本书版权归Arcler所有
148 Comprehensive Guide to Business Risk Management
There are a few well-supported cases that the IBE has identified. While it
may not always be able to ensure the avoidance of such unethical behavior,
as is the case with other aspects of corporate governance.
In order to learn how other businesses, manage the values and goals
that National Grid has defined as being crucial, a set of questions would
be devised. The benchmarking research would include information on the
environmental policies, organizational structure, financial management, and
business goals for contaminated site management. To perform the survey,
it would be crucial to compile a list of numerous comparable businesses.
The businesses might all be situated in the UK or they could also be spread
across the USA or other nations. Additionally, all utilities or other connected
businesses may be included in the company. The final benchmarking
goals would rely on how National Grid defined the values and goals that
were considered crucial. Active investors will alter their investments in
accordance with how they choose their stocks. A passive investor will hold
all of the stocks inside an index, whereas a passive investor will invest in
accordance with an index and may alter how much of a certain stock is
kept. This strategy is typically used by funds that need to adopt a low risk
profile and are quite substantial in size. Since retirees and pensioners often
invest passively, almost all major private equity firms in the USA invariably
count pension funds among their top investors. In the form of employees
and retirees, Ford Motor Company’s profit-sharing model also contributes
to the emergence of a sizable number of passive investors. More recently,
Citigroup increased the scope of its microfinance initiatives in Bangladesh
by collaborating with BRAC, a countrywide anti-poverty NGO that has 5
million members, the majority of whom are women. Citigroup secured a
pool of millions of low risks, passive investors for more than half a decade
by providing BRAC access to $180 million over a six-year period.
6.7. FUNDS
Active funds carry a lot more risk than passive funds do. Their first
responsibility as a pension fund is to give their members fair compensation.
Furthermore, major pension funds are increasingly being held accountable
for their members’ quality of life in addition to their fiduciary obligations to
them. One illustration involves Baker Hughes. Baker Hughes works in the
process and oilfield industries. Additionally, it produces, markets, and sells
other goods as well as offers services to sectors of the economy unrelated
to the oilfield or continuous process industries. A suggestion to apply the
本书版权归Arcler所有
Corporate Governance and Risk Management 149
本书版权归Arcler所有
150 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Corporate Governance and Risk Management 151
expensive option if the matter doesn’t require the knowledge and assistance
that a large business may offer. Additionally, many companies discover that
using one company entirely is not always required or practical, and that
adding a little competition might be beneficial. Many lawyers overlook
the fact that there is a sizable hidden cost to litigation. Complex litigation
necessitates constant collaboration between the attorneys and their client.
The client is frequently expected to contribute significantly and consistently.
This can consume a lot of the client’s time, energy, and there are financial
considerations as well. The client should think about whether investing the
necessary time and effort in their business would be a better use of their
resources. The client should be clear about the goals of the case and make
sure that everyone has agreed to them. Make sure the attorneys outline their
approach to the litigation, when they could seek a settlement or engage in
mediation, the scope of their fee arrangement, and how they intend to keep
the client informed of developments.
By establishing a budget with the attorneys in advance and possibly
during the course of the case, some of the financial unpredictability
associated with litigation can be reduced. The opposition’s actions may have
a significant impact on the litigation’s cost, pace, and direction. As a result, it
is challenging for attorneys to predict with accuracy how the adversary will
act and react, and as a result, how much it will cost to win or lose a case.
The best the attorney can typically do is either give an estimate that accounts
for everything that could go wrong or give updated estimates for each stage
of the litigation as the case moves forward, including likely maximum and
minimum amounts. The client must be prepared to cover the expenses and
risks if they want an estimate that doesn’t allow for growth. If the litigation
proceeds without issues, this indicates that he or she will have overpaid. It is
a little different when attorneys submit bids for bulk work that could include
hundreds of conflicts over time. It is not in the client’s best advantage to bind
the attorney to a fee schedule that tempts the attorney to spend less time on
the case than it merits, and it is not in the lawyer’s best interest to accept
work that turns out to be unprofitable. The attorneys should always be able
to give accurate predictions of the future costs on an ongoing basis.
It can be required to involve international attorneys when issues occur.
Their costs might be more difficult to manage. For a UK-based company, for
instance, they might be less expensive than their UK equivalents, but they
might charge on completely different principles. In the event that a second
language is involved, the client can anticipate paying a little bit extra to
enjoy the luxury of a foreign lawyer reporting to and getting instructions in
本书版权归Arcler所有
152 Comprehensive Guide to Business Risk Management
the client’s native tongue. The price of having text professionally translated
will be high. If a client doesn’t already have a solid working relationship
with an overseas attorney in the relevant nation, they should think about
asking UK solicitors with an international practice to hire foreign attorneys
on their behalf. Some of the larger companies have offices abroad. Some big
and little legal firms are members of one of the international bar groups that
give them access to reliable foreign peers. Although hiring UK lawyers will
result in higher costs, they are more likely to be aware of potential dangers.
They should be able to make all the necessary inquiries on the client’s behalf
and avoid unpleasant surprises about costs and fees. They will make an
effort to be economical. In some cases, a portion of their price may even be
reimbursed as recoverable expenses in successful international litigation.
6.8. COST-SAVINGS
The sooner the better from a cost-savings perspective if the problem can
be resolved without going to trial. The closer the case is to trial, the more
expensive it becomes (Potkany, Stasiak-Betlejewska, Kovac, & Gejdos,
2016). In the UK, most commercial attorneys view it as part of their duty to
settle the case as fast and inexpensively as feasible and, whenever possible,
to avoid the high costs of a trial. They are typically good negotiators and
may begin settlement negotiations without running the danger of their client
viewing it as a sign of weakness. The subject of settlement can typically be
brought up by the lawyers without necessarily implying that their clients’
direct instructions are required. Even still, it doesn’t hurt to periodically
remind the attorneys that settlement is preferable to trial if there aren’t
any fundamental legal issues or points of principle at stake. Lawyers are
frequently charged with prolonging legal proceedings to raise their fees. It
cannot be emphasized enough that the optimal course of action in terms
of due diligence and corporate governance is generally to avoid disputes.
Although it may seem like common sense, avoidable business disputes
nonetheless arise frequently, even when both parties conduct their company
with integrity. Misunderstandings are frequently the cause of conflicts. In
most business ventures, the participants focus on all the great aspects of the
enterprise rather than giving any thought to how issues will be resolved if
things do not go as planned. Agreements, contracts, and other business papers
should be carefully designed to account for potential misunderstandings or
problems. Paying a lawyer later to clean up the mess is typically significantly
more expensive than paying a lawyer now to help create something that will
minimize the chance of difficulties emerging.
本书版权归Arcler所有
Corporate Governance and Risk Management 153
The client can be confident that if their attorney initiates the conversation,
they will push the opposing party into hiring legal representation as well,
decreasing the likelihood of an early settlement, at least temporarily. In many
jurisdictions, this is the case. Even while the parties may not acknowledge
it, there is frequently an emotional barrier to resolution in business. A party
may feel that they have been mistreated, or it may just be a personality
mismatch. If something has occurred and emotions are too intense to
allow resolution, the topic should be removed from the parties control, i.e.,
change the negotiating team. An offer to settle a dispute or an offer to accept
less money than requested may be interpreted as weakness, but not if it
is made in the right way. Until a deal in principle is reached, negotiators
might also seek official approval to settle from the board of directors or
their management. Lawyers might offer advice during talks while remaining
silent. Keep in mind the importance of what is occasionally referred to as
a commercial settlement, in which the agreed-upon debt or obligation is
returned by ongoing or expanded commerce between the parties.
6.9. PRINCIPLES
Together with the natural justice principles, such legislation establishes
a general framework of guidelines that generally restricts the scope for
judicial involvement or intervention. The courts stay out of the picture,
only getting involved when it is allowed and absolutely essential. In many
foreign nations, an arbitration award may be enforced as such. It can be put
into effect in the same way as a court order. If necessary for the purposes of
enforcement, it may be converted into a court judgment, for instance if it is
to be enforced abroad in a nation where a foreign judgment but not a foreign
arbitration award may be executed. An arbitration award can frequently
be enforced abroad more easily than a judicial verdict. Heavy commercial
arbitration can involve a team of expert witnesses, senior junior lawyers,
leading counsel, and junior counsel who have been briefed for the hearing.
The price tag may be as high as what would be paid in court. Additionally,
the parties are responsible for paying the arbitrators’ daily fees. The price
of renting a room and other amenities for the hearing may also be involved.
Even if there are court costs associated with litigation, the judge will preside
over the case for the entire duration without charging extra. The courtroom
is free of charge. In addition to the tribunal members’ costs, at least one
international arbitration body imposes significant administrative expenses.
For creating an administrative structure in which the arbitration reference
本书版权归Arcler所有
154 Comprehensive Guide to Business Risk Management
can take place, certain trade organizations that offer an arbitration procedure
to their members levy a nominal fee. Others don’t charge anything, leaving
all administrative matters to the parties and the tribunal to handle, usually
with some standardization of fees. If the parties can agree on a single
arbitrator, the cost of arbitration can be greatly decreased. But occasionally,
if they cannot agree among themselves and there is no organizing body
with a predetermined procedure for this event, they can at least agree on
who will appoint the arbitrator on their behalf. Even with the CPR reforms,
the process can be fairly slow and expensive when one is dealing with an
obstructive opponent in another nation. In certain situations, the High Court
has appointment powers.
6.10. CLAIMS
For modest claims, certain organizations offer a unique process. For claims
under $50,000 USD, the London Maritime Arbitrators Association (Figure
6.4), whose arbitrators frequently handle complex issues, has a small claims
procedure (Steele, 2010). This process offers a straightforward, fixed-price
resolution service. In accordance with this approach, the arbitrator decides
the dispute solely based on the documents submitted, i.e., without holding
an oral hearing. The parties have a significant amount of control over
how quickly an arbitration reference can move forward. With everyone’s
cooperation, the process can be completed in a few weeks, often even less, if
the dispute is to be decided by a single arbitrator solely based on papers. The
hearing date may need to be set months, potentially even a year or more in
advance if the tribunal consists of three professional arbitrators who are very
busy attorneys and solicitors, very busy expert witnesses, and witnesses of
fact who have similar issues. With good faith on both parties, it is probably
accurate to argue that arbitration is typically quicker than litigation before
UK courts and unquestionably far quicker than litigation before some
foreign courts. The goal of mediation is to help the disputing parties reach
an amicable resolution of their disagreement by enlisting the help of a
neutral third party, the mediator. While using certain methods, strategies,
and talents to assist the parties in negotiating an amicable resolution of their
disagreement without going to court, the mediator does not have the power
to render any decisions that are legally binding on the parties.
本书版权归Arcler所有
Corporate Governance and Risk Management 155
Source: https://www.acerislaw.com/wp-content/uploads/2021/05/How-to-Initi-
ate-LMAA-Arbitrations.jpeg.
As a result, mediation and arbitration are very different. Contrary
to arbitration, mediation does not entail the making of a factual or legal
determination or the creation of a final, binding judgment. An agreement to
participate in mediation will not be enforceable, in contrast to agreements to
arbitrate disputes. There isn’t a lot of mediation law yet, but it could change
in the future. In most cases, the principles of natural justice do not apply to
mediation. The skill of the mediator comes in assisting both sides to come
to an understanding regarding how a conflict should be resolved. Mediation
will not succeed if there is no desire to settle. Sometimes the parties will
come to the realization that at least some of the difficulties between them
can be settled, leaving the court with fewer or shorter matters to address.
There are no absolute laws. Different mediators operate in various ways.
The mediator usually attends meetings where all parties involved convene in
person. The mediator outlines the process that will be followed. The parties
shall determine if they desire the presence of their counsel. Then, each party
briefly summarizes the facts of their case and outlines the relief they want.
There can be a time limit set. The mediator will then visit the parties in their
separate rooms, most likely more than once, to discuss the case and try to
identify any potential points of agreement or major barriers to resolution.
Except when expressly authorized or requested to do so, the mediator will
not reveal what has been discussed to the other party. The mediator will
communicate opinions, advice, and, ideally, offers. In order to ensure that
the parties are focused on resolving the dispute, the parties may be given a
deadline for the completion.
In comparison to the alternatives, arbitration might be quite inexpensive.
Modest fees must be paid to cover the mediator’s services and the cost of
the facilities if the mediation is administered by a court or a professional
本书版权归Arcler所有
156 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Corporate Governance and Risk Management 157
for litigation if it is contested. The debtor receives notice of this and has
eight days to pay or raise an objection or defense; otherwise, a summons
will be issued. If a claim for interest is accepted, the debtor is required to
pay interest as well as costs associated with pursuing the claim. However,
with continuity planning, all of these measures which may include corporate
decision-making, security, health, and safety, resilience in production lines,
etc., are most effective when they are all a part of a relatively seamless risk
and impact understanding and management process. Even the difficulties
faced by continuity planners and risk managers are comparable. Both risk
management and business continuity management are commercial issues
that also deal with the unique difficulties of acceptability and urgency. Every
discipline is changing on its own. They would benefit much by cooperating
more closely and each offering helpful support to the other.
After an occurrence, such a spill or an industrial accident, legal
responsibility issues frequently flow into public relations challenges.
Regardless of the real environmental impact, a spill that makes front page
news will undoubtedly result in more serious repercussions for a firm.
Naturally, when they feel that the problem was not handled appropriately, an
aggrieved party or someone who believes they are damaged, is more inclined
to file a lawsuit. Changing such a view requires a strong public relations
plan. It is insufficient to merely respond to an EHS issue (Brown, 2014).
The crisis needs to be handled. A firm is more likely to come under intense
scrutiny if it is not ready to deal with the public and if senior management is
not responding in a way that reassures the public that the company has things
under control. Government enforcement, such as criminal investigations
and prosecution, as well as third-party lawsuits, such as citizen suits, are
some of the ways that government scrutiny can take place. Some businesses
have spent a significant amount of money working with competent public
relations agencies and attorneys to build EHS crisis management plans
(Figure 6.5).
本书版权归Arcler所有
158 Comprehensive Guide to Business Risk Management
Source: https://blog.lnsresearch.com/hs-fs/hub/136847/file-1378873204-jpg/
images/lns_ehsdiagram.jpg?width=375&height=403&name=lns_ehsdia-
gram.jpg.
However, it is typical for an organization to simply accept the plan and
store it, certain that it would be available when needed. Everyone involved
in handling an EHS crisis, from the second shift process operator to the
CEO, needs to be aware of both the plan’s contents and, more crucially, their
specific position within it. It takes considerable consideration, planning,
testing, practice, and updating to create the type of organization needed to
handle an EHS crisis (Irani et al., 2002).
本书版权归Arcler所有
Corporate Governance and Risk Management 159
6.11. INFORMATION
Information is affected by outdated data, such as contact or health information,
which can result in significant delays and either an over or underreporting
of data to agencies and the general public. Due to outdated data, even
sophisticated organizations with well-thought-out crisis management
policies can face substantial liabilities. A new process chemical’s material
safety data sheet, which OSHA and the EPA both require to be kept, might
not be included in the plan, which could result in an incomplete report to the
EPA during a process release and a sizable fine. A release that spreads to an
adjacent neighborhood could have considerably more terrible repercussions
due to the outdated knowledge. Additionally, EHS managers are frequently
given control over completely new facilities and divisions in this era of
frequent company mergers and takeovers. EHS mishaps are more prone
to occur during these times of transition because EHS may be temporarily
disregarded due to staff changes and other factors. Ironically, most EHS
managers can’t concentrate on integrating crisis management strategies
because they are just too busy integrating daily EHS functions. Unfortunately,
this can cause significant issues in the wake of EHS accidents. Finally, there
are numerous new laws, regulations, and policies at the federal, state, and
municipal levels that may be relevant in an EHS emergency. Most businesses
keep track of new EHS regulations and implement them into operations, but
many neglect to update their crisis management systems and strategies to
reflect these new regulations.
Despite the fact that many businesses have in-house EHS attorneys
with specialized knowledge, many are already overburdened with daily
regulatory issues, briefing management on important issues, managing
litigation, and examining EHS issues in deals. Despite their best efforts, it is
simply not possible for these people to consistently participate in EHS crisis
management planning (Carrithers, DeHart, & Geaneas, 1998). Furthermore,
a lot of in-house attorneys travel extensively. Incorporating an experienced
outside attorney into the team has major benefits because they are likely to
have seen numerous strategies created by various clients. The competence
of a lawyer is required both before and during a crisis due to the numerous
legal obligations and issues involved. Additionally, the attorney can help
the corporation prepare comments for the media and government agencies,
even though they won’t actively take part in information distribution during
a crisis. Additionally, the attorney can help if the inquiries turn into criminal
investigations. Additionally, a lawyer can start creating a record that can be
used in the future, assist in internal investigations of fundamental causes,
本书版权归Arcler所有
160 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
CHAPTER 7
SUPPLY CHAIN RISK MANAGEMENT
CONTENTS
7.1. Introduction .................................................................................... 162
7.2. Supply Chains................................................................................. 163
7.3. Integration ...................................................................................... 166
7.4. Risk Management ........................................................................... 166
7.5. Outsourcing.................................................................................... 168
7.6. Production ...................................................................................... 173
7.7. Strategies ........................................................................................ 174
7.8. Variables ......................................................................................... 177
7.9. Scorecard ....................................................................................... 180
本书版权归Arcler所有
162 Comprehensive Guide to Business Risk Management
7.1. INTRODUCTION
Moving items along a supply chain has been a part of military organizations’
history, and this is still the case as evidenced by the deployment of American
personnel to Iraq and Afghanistan. But not all businesses involved in supply
chains are military. Lean manufacturing practices used by Toyota, make-
to-order operations used by Dell, and ground-breaking retail practices used
by Walmart rely on supply chains that are connected by computer systems
between various source businesses (Manuj & Mentzer, 2008). As consumers,
supply chains offer a lot of advantages to all of us. The numerous potentials
for efficiency that global connection offers producers of goods and services
must be taken advantage of. These chances, however, come with dangers
and are not free. Some supply chains are very straightforward; for example,
bananas harvested in Costa Rica might be sent right to the Cayman Islands-
based plantation owner. A farmers’ market in Nevada can receive beans
that were picked in California. However, the majority of products need
to be processed extensively, particularly foods and medicines, partly for
preservation and partly for safety reasons. Standard Oil has a lengthy supply
chain that connects refineries and oil wells all over the world. Even more
intricate supply chains were used by steel producers, starting with various
types of mines, and continuing through various processing facilities, blast
furnaces, open steel production ovens, rolling mills, and steel yards, which
in turn supplied a wide range of manufacturers (Figure 7.1).
Source: https://www.researchgate.net/profile/Ceyhun-Ozgur-2/publica-
tion/339366297/figure/fig2/AS:860417945522176@1582151032610/Supply-
Chain-Risk-Management-Framework_W640.jpg.
本书版权归Arcler所有
Supply Chain Risk Management 163
本书版权归Arcler所有
164 Comprehensive Guide to Business Risk Management
Source: https://upload.wikimedia.org/wikipedia/commons/thumb/b/bf/Seiden-
strasseGMT.JPG/1200px-SeidenstrasseGMT.JPG.
Almost every activity has a number of unanticipated side effects. For a
Spanish refiner, the least expensive option might be to purchase crude oil
from Libya. However, that low cost also carries a little danger of political
unrest. Government confiscation might be less likely in Nigeria than in
Libya. On the other hand, Nigeria can have increased local crime issues that
consume the anticipated savings. Therefore, Venezuela may be a source of
crude oil for the refiner. The issue of political instability then reappears. As a
result, the refiner might go back to Libya only to discover that war has broken
out, negating all of that source’s cost advantages. Supply chains look for ties
that will last. There are several transient disturbances in real life. Political
disruptions have been discussed, but nature has a much greater capacity for
本书版权归Arcler所有
Supply Chain Risk Management 165
spectacular disruption than politics. There are many risks associated with
supply chains, which can be divided into internal and external problems
like market prices, rivals’ actions, manufacturing yield and costs, supplier
quality, and political issues. Supply chain companies must be concerned
with hazards coming from all angles. Opportunities in any corporation
depend on how well that organization is able to manage risks. The majority
of natural risks are managed either by insurance, which has its own costs, or
through diversification and redundancy. The organization must decide while
taking into account all trade-offs, just like with any other business choice.
Historically, this has involved the costs and benefits elements. Society
is increasingly heading toward complicated decision-making contexts
involving consideration of both ecological and social justice considerations.
There are more opportunities to control risk sources when dealing with
external risks. Political systems in the past have been impacted by particular
supply chains. There are other petroleum companies that come to mind,
as well as arms companies like Alfred Nobel’s. While most supply chain
participants can’t be counted on to be in control of political hazards like
wars and regulations, they may influence the conditions that contribute to
labor unrest. Organizations in the supply chain are projected to have an even
stronger impact on economic variables. The advantage of monopolies or
cartels is their capacity to affect pricing, even though it is not anticipated
that they will be able to regulate exchange rates. Business organizations
are also in charge of creating product portfolios in dynamic marketplaces
with product life cycles and technologies that give competitive advantage.
The dangers result from the skills of competitors in an unending race. The
supply chain organization and its members are more directly responsible
for internal risk management. Organizations in the business world are in
charge of managing their structural, production, and financial capacities.
In addition to carrying out their social obligations, they are in charge of
programs that ensure appropriate workplace safety, which has been shown
to be cost-effective for enterprises. It is necessary to coordinate actions
within supply chains with vendors and, to a lesser extent, with customers.
Information technology offers practical instruments for managing the
interchange of supply chain information. The duty of supply chain core
organizations to manage risks associated with the trade-off between greater
participation made possible by Internet connections and the dependability
provided by long-term relationships with a smaller group of suppliers who
have demonstrated their reliability is another crucial factor.
本书版权归Arcler所有
166 Comprehensive Guide to Business Risk Management
7.3. INTEGRATION
Vertical integration with contemporary cross-organizational supply chains
was the traditional method of commercial organization (Spekman & Davis,
2004). Of course, this also resulted in them accepting the risk that went along
with it, but at the time, the prevalent belief was that the more they managed
their operations, the more they could control the hazards. As a result,
enormous monopolies developed vertical supply chains that linked mines,
processing, transportation, and various types of production to various levels
of marketing. Facility sitting was a factor in supply chain considerations.
The location of minerals determined where mines would be built, although
refining and other processing plants might be situated anywhere. In order to
balance costs, manufacturing is typically traded off against logistics costs for
moving raw materials to processing facilities or finished goods to customers.
The way business is done today is very different. Supply chain members have
replaced the vertically integrated company partnerships of the 19th and early
20th centuries with cooperative agreements. Thus, supplier choice becomes
crucial in addition to facility location. Being more competitive is the main
goal, and as a result, services associated with the production of the products
are prioritized. Additionally, there is a focus on bringing specialists together,
with a dynamic integration of frequently separate companies cooperating to
provide goods and services. The distinction between goods and services is
fading, making the previous division of labor obsolete. Commoditization
of goods and services now takes into account factors like quality, delivery
efficiency, dependability, and risk in addition to price.
本书版权归Arcler所有
Supply Chain Risk Management 167
本书版权归Arcler所有
168 Comprehensive Guide to Business Risk Management
participants can also help people better manage risks. Choosing a supplier
and allocating orders are examples of tactical options. Other tactical choices
include product promotion, information sharing, vendor-managed inventory
(VMI) systems, and cooperative planning, forecasting, and replenishment.
7.5. OUTSOURCING
The outsourcing (Figure 7.3) of non-core services offers cost benefits to
supply chain core firms. Supply chain networks are impacted by a number
of things (Cho & Chan, 2015). Along with options for network design
and interactions, choices must be made about which sources to use, how
to distribute orders, and what contractual arrangements are necessary.
An efficient supply chain network must be configured, have products
assigned to facilities, customers assigned to the appropriate facilities, and
production and shipping volumes and schedules planned for each facility.
In 2003, an electrical grid failure in the northeast of the United States left
50 million people without power for around 30 minutes, extending from
Ohio, Pennsylvania, and New Jersey up through Ontario, Canada. Passenger
rail transportation, international air travel, and financial markets were all
disrupted, however essential services were kept running by the 20% of the
electrical system that was still operational. Ohio power lines being struck
by trees caused the outage, it was said (Coleman, 2019). Other catastrophes,
such as hurricanes, earthquakes, terrorism, and political instability, will
significantly disrupt supply systems.
Source: https://cdn.wallstreetmojo.com/wp-content/uploads/2021/10/Steps-To-
Outsourcing.jpg.
本书版权归Arcler所有
Supply Chain Risk Management 169
Demands, supplier yields, lead times, and cost uncertainty are operational
risks in order allocation in the supply chain. As a result, not only do certain
suppliers need to be chosen, but regular purchases from them also need to
have quantities set. While supply chains offer their members a number of
beneficial advantages, they can also lead to coordination issues. Coordination
of information systems can mitigate some of the negative effects, but profit
sharing is still a concern. A few of the risks that producers face includes
shifts in demand due to a variety of factors. Despite having one of the most
regular demand patterns in the world, the food business still experiences
fluctuations in the demand for particular products. Recent concerns about
the safety of food, particularly spinach, cherry tomatoes, and many other
grocery items, have had a significant impact on this demand. The global
concern over mad cow disease persists, particularly in South Korea and
Japan. Variety is a good way to control product risk and can be utilized to
gain market share and cater to different market segments. The fundamental
concept is to diversify products to cater to the unique requirements of each
market group. Even though it is anticipated that this will improve profits
and market share, it will also result in higher manufacturing and inventory
costs. Dell’s make-to-order method is one solution to address the possible
inefficiencies in product variety. Until an order is received, this method
avoids wasting time or money assembling a product. Dell has an extremely
adaptable production structure that enables them to produce on demand,
which has proven to be a very profitable core competency. Additionally,
they don’t squander money on inventory, but they do cause inventory issues
for their suppliers who must deliver items immediately. In the retail sector,
Walmart has also been quite effective in this regard.
Today’s prosperous retail businesses prioritize providing excellent
customer service. Retail companies can offer better services that are used
throughout supply chains. To manage supply networks, many different
control schemes have developed (Guo, Zhang, & Gao, 2020). The iconic
bullwhip phenomenon was caused by the conventionally disorganized supply
chains of the 1980s, which lacked information sharing and independent
inventory management systems. The bullwhip phenomenon results from
an overestimation of demand brought on by the irregularity of orders from
supply chain components further down the line. Increasing information
sharing throughout the supply chain was a logical first step to take in order
to reduce the inefficiencies brought on by the bullwhip effect (Chen, Liao,
& Kuo, 2013). The advantages of better forecasting and production planning
本书版权归Arcler所有
170 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Supply Chain Risk Management 171
Source: https://www.refrigeratedfrozenfood.com/ext/resources/Technolo-
gy-Showcase/Technology-Showcase3/PathGuide-VMI-Lifecycle-feature.
jpg?1558621068.
The bullwhip effect (Figure 7.5), however, which affects standard retail
inventory control, causes excessive stocks when demand volatility is strong.
However, VMI can perform worse than conventional retailer-managed
inventory when replacement is desirable. Continuous replenishment (CR)
is an automatic replenishment program where a supplier replenishes a
retailer’s inventory based on the retailer’s stock level information and actual
product usage data. Larger shops in the US and the UK have adopted CR
since it was first tested by Walmart in 1995 (Shi, Katehakis, & Melamed,
2013). Suppliers can base inventory decisions on sales projections rather
than fluctuations in inventory levels. By requiring supply chain participants
to exchange more data and information, as well as to adopt standard
methods and performance metrics, CR improved VMI. This encouraged
group decision-making, responsibility, and performance-based incentives.
Inventory turnover and customer service levels have both been said to have
improved under CR. However, CR still has the potential to have gaps because
it may not always represent stocks across the whole supply chain. The main
aspect of CR that is missing the most is manufacturer forecasts of upcoming
本书版权归Arcler所有
172 Comprehensive Guide to Business Risk Management
Source: https://media-exp1.licdn.com/dms/image/C4E12AQH6nG3mSIPJ0g/
article-cover_image-shrink_600_2000/0/1600748417337?e=1658361600&v=
beta&t=MNQYSsHsws_tipon3BEtvmqK5KjknslYSTJruYGgbZQ.
To delay the point of product differentiation, postponement relies on
design principles including standardization, commonality, and modular
design. Based on overall demand, a more generic product is created, with
customization applied to specific goods later in the production cycle. This
makes it possible to respond to unique product demand in a more flexible
manner. This approach, which has also been used by Xilinx, Hewlett-
Packard, and Benetton, was demonstrated by Nokia’s response to the Philips
fire in 2000. Postponement increases product flexibility and a company’s
capacity to manage suppliers. To benefit from safety stock for important
products without incurring the cost of having large stocks for all things,
strategic stock is used. Examples include Toyota, which stocked cars at
important distribution points to guarantee a plentiful supply in specific
areas which did the same with appliances. This enables improved customer
service standards without incurring exorbitant inventory holding expenses.
The Centre for Disease Control employs similar tactics for purchasing
medical supplies. Increasing product availability through strategic stocks
本书版权归Arcler所有
Supply Chain Risk Management 173
7.6. PRODUCTION
Even if production cannot be transferred, economic supply incentives can
be applied. Due to uncertain demand and government pricing pressure,
the supply of a certain type of flu vaccination on the U.S. market was
curtailed. A bacterial contamination in one of these companies’ production
lines caused them to be discontinued in October 2005, which resulted in an
anticipated shortage of 48 million flu injections and subsequent rationing
to high-risk populations. Economic supply incentives could encourage
more involvement in this market, preventing shortages in the future. A
similar situation is InterCon Japan, which has a monopoly relationship with
one major supplier. Intercon Japan provided Nagoya Steel with financial
incentives, including minimum order quantities, technical guidance, and
market demand data, to help them create a new steel method for producing
cable connections (Tang & Tomlin, 2008). By maintaining price pressure on
its original supplier, Intercon Japan was able to expand product availability
and promptly modify order quantities. An approach that ensures delivery is
flexible transportation. There are many methods to do it, including using
multimodal transportation. Seven-Eleven Japan urged its logistics partner
to diversify by establishing a network of ships, helicopters, motorbikes,
bicycles, and trucks. This made it possible for Seven-Eleven Japan to send
rice balls to Kobe earthquake victims quickly in 1995 (Chopra, 2017).
Transport using many carriers guarantees a constant flow of commodities.
When faced with regional political upheavals, alliances of cargo planes have
been able to swap carriers rapidly and also enable less expensive delivery.
本书版权归Arcler所有
174 Comprehensive Guide to Business Risk Management
7.7. STRATEGIES
Strategies for managing revenue include dynamic pricing and promotions.
Revenue management gives the company more control over product demand,
allowing it to influence the products that customers choose. An approach
based on anticipating consumer product demand based on display position
is called dynamic assortment planning. By regularly manipulating product
positioning, supermarkets are able to exert more control over consumer
demand. The gradual leakage of new items without official announcements
is known as silent product rollover. Instead of requesting products that have
been discontinued or run out of supply, this encourages customers to choose
things that are still in stock. Swatch, which only creates products once, and
Zara, which quietly introduces new fashion lines, are two examples of this
method in action. All items can be substituted for one another, which makes
it easier to deal with demand fluctuations and supply or demand disruptions.
It is helpful for firms to start by determining their level of risk tolerance.
No company is immune to danger. They shouldn’t cover every danger with
insurance either. Organizations are designed to take on risks in situations
where they have the capacity to do so. They are unable to handle all risks,
therefore top management must decide which ones they expect to encounter
and which ones they are prepared to take on. All hazards must be taken into
account throughout the risk identification process. Within their sphere of
authority, each manager should be in charge of continuing risk identification
and management. A risk matrix can be created once the risks have been
recognized. The method of risk management is how those hazards that have
been recognized are controlled. The distribution of suitable responsibilities
according to roles determines how effective this procedure is. A high-level
group within the organization that keeps an eye on important new markets
and products can monitor it. The enterprise risk management structure must
work as intended, thus a systematic internal audit as part of the risk review
process is frequently contracted out to outside suppliers. In order to balance
risk and return, supply chain management requires numerous decisions.
Making decisions about sources to use, products to provide clients, and
appropriate delivery modes are all part of supply chain management.
Additionally, choices must be made on the kind of information technology
to buy, whether hiring a consultant is wise, which vendor’s software will be
本书版权归Arcler所有
Supply Chain Risk Management 175
acquired from, and which kind of software will be used. Before describing the
straightforward multi-attribute rating technique for multi-criteria selection
decisions, I will first go over some fundamentals of creating hierarchies of
criteria.
An initially vague problem is transformed into a set of precise elements,
relations, and operations by structuring. Value serves as the objective in
the most basic hierarchy, with available options branching out from this
value node. When there are more branches coming from a single node
than a predetermined number, hierarchies typically incorporate additional
layers of objectives. According to cognitive psychology, people struggle to
assimilate too many different branches. Identification of the overarching
fundamental objective comes next. Combining particular essential goals,
such as lowering costs, reducing harmful health effects, and reducing harmful
environmental effects, can serve as the overall goal. Regarding essential
goals, means objectives should be mutually exclusive and exhaustive as
a whole. Decision-makers shouldn’t accept the options that are presented
to them. The traditional approach to solving an issue is to come up with
potential solutions before concentrating on goals. This approach frequently
assumes that decision-makers are forced to make only one of several
available options. It is proposed that a more successful strategy would be
for decision makers to use objectives to generate options based on what
they would like to accomplish and why objectives are significant. Numerous
other factors have been noted as having potential significance in supplier
management. Along with risk and profit, fundamental operational criteria
also include delivery performance, quality, and warranty performance.
Reserve capacity, supplier process competency, and labor relations history
are examples of process factors. Hazardous waste management, the ability
to reduce pollution, and the control of hazardous emissions are examples
of green factors. Segmenting suppliers can be used as a starting point for
choosing a supplier for a specific item as well as a tactical technique to help
suppliers boost their output.
As we’ve seen, supply chains offer a lot of potential dangers. To model
those hazards, one must take probability into account, which necessitates
the use of Monte Carlo simulation (Figure 7.6), an established analytical
method (Deleris & Erhun, 2005). Simulation models are collections
of presumptions about the connections between model constituents.
Simulations can be process or time-oriented. Utilizing probabilistic inputs
for components like demands, interarrival periods, or service times allows
for the inclusion of uncertainty. These probabilistic inputs require probability
本书版权归Arcler所有
176 Comprehensive Guide to Business Risk Management
Source: https://kanbanize.com/wp-content/uploads/website-images/kanban-
resources/monte-carlo-when-explained.png.
Although supply chain networks bring significant economic advantages,
there are related risks as well. These risks can be caused by a variety of
things, such as industrial mishaps, geopolitical unrest, natural disasters, and
market failure. Based on historical statistics, some of these dangers can be
本书版权归Arcler所有
Supply Chain Risk Management 177
7.8. VARIABLES
Variables are the elements that can be changed to enhance the objective
function. Usually, they are factors that the decision-maker can influence, like
production levels. They may be the sources chosen or the designated transit
本书版权归Arcler所有
178 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Supply Chain Risk Management 179
necessitate contracts granting the core supply chain vendor access to the
internal data of the outsourcing provider, which could be troublesome.
The outsourced vendor should handle internal operations, and if they
hesitate, you should go back to the outsourcing market to find a successor.
The performance of the outsourcing provider can be tracked in terms of
service delivery from the viewpoint of the client. It is possible to undertake
joint initiatives to improve processes and increase lines. The primary supply
chain organization can also keep track of how much of their volume is
allocated to each external vendor. To reduce the danger of the outsourcing
vendor failing, it would be wise to keep the volume ratio to each vendor
within the permitted upper limits. You might once more go back to the
market to identify substitute supplies in that eventuality. Potential infiltration
is also present when measuring the outsourcing company’s internal business
activities. The problem is the same as it is from a financial standpoint. The
core supply chain organization may occasionally be able to measure specific
technological and industrial facets of the outsourced vendor through the
development of close contractual connections. In general, it appears better
to let the seller handle these issues. Innovation and learning make up the
last aspect on the balanced scorecard. From the perspective of the primary
supply chain organization, these variables seem appropriate to measure. All
participants in the extended supply chain will benefit from collaborative
efforts to engage with outsourced vendors. The main notion is that the
organization can monitor these metrics over time to obtain a thorough
picture of all four organizational performance views.
To track the effectiveness of the enterprise in strategic decision analysis,
different types of scorecards such as company-configured scorecards or
strategic scorecards have been suggested to integrate into the business decision
support system or expert system. Taking risks is essential to conducting
business, even though they must be handled. Profit, by definition, necessitates
taking some risk. At Mobil, Chrysler, the U.S. Army, and countless other
corporations, scorecards have been successfully used in conjunction with
risk management. A wide range of elements with the potential to have an
impact on an organization’s operations, procedures, and resources make
up enterprise risk. Economic change, changes in the financial markets, and
risks in the political, legal, technological, and demographic contexts can
all have an impact on external factors. While most of these are out of a
particular organization’s control, they can be prepared for and protected
from using tried-and-true methods. Among other internal hazards, these
include production disruption, fraud, system failure, and human mistake.
本书版权归Arcler所有
180 Comprehensive Guide to Business Risk Management
7.9. SCORECARD
The balanced scorecard was used to evaluate overall performance in a
petroleum supply chain. Traditionally, the emphasis has been on financial
indicators, but a firm’s sustainability does not solely depend on its ability
to be profitable (Martinsons, Davison, & Tse, 1999). Financial metrics are
not directly tied to operational effectiveness or strategic performance in any
本书版权归Arcler所有
Supply Chain Risk Management 181
way. The structure for balanced scorecards was modified to fit a petroleum
supply chain. Features in petroleum supply systems necessitate a specialized
study. It is well knowledge that crude oil prices fluctuate, necessitating
flexibility on the part of those involved in the petroleum supply chain. The
preservation of crude oil quality is crucial. Similar multi-criteria analysis
has been suggested by others to improve supply chain balanced scorecards.
By enabling a single number for entire organizational performance, as in
the construction example, this version of the balanced scorecard was meant
to give a more comprehensive application. Here, comparing organizational
performance with that of rival organizations from each aspect was a specific
goal. A quoted price with an exchange rate distribution, a probability of
product failure, a probability of company failure, and a probability of
political failure were all taken into account in that scenario.
本书版权归Arcler所有
本书版权归Arcler所有
CHAPTER 8
SUSTAINABLE BUSINESS AND RISK
MANAGEMENT
CONTENTS
8.1. Introduction .................................................................................... 184
8.2. Risk ................................................................................................ 185
8.3. Goals .............................................................................................. 186
8.4. Managers ........................................................................................ 189
8.5. Factors ............................................................................................ 191
8.6. Assessment ..................................................................................... 192
8.7. Activities ......................................................................................... 197
8.8. Processes ........................................................................................ 199
本书版权归Arcler所有
184 Comprehensive Guide to Business Risk Management
8.1. INTRODUCTION
An entirely new set of business regulations that have a significant impact
on the long-term sustainability of organizations has been imposed by the
turbulent and uncertain economic and political climate. In this situation,
firms have begun concentrating on cost-cutting and risk-management
measures to gain a competitive edge (Brillinger, Els, Schäfer, & Bender,
2020). Only companies with a strong infrastructure, a healthy workflow,
and effective procedures that are interconnected throughout the organization
can guarantee sustainable business performance. The interaction between
organizational processes must therefore be examined for risks, and if
processes are contracted out to a third-party provider, risks must also be
evaluated between the organization and the outsourced processes. Perils
that pose a threat to the organization are added to the risk handling strategy
after being detected, assessed, and analyzed, and resources are assigned to
take preventive measures. Failure Mode Effects Analysis is one of the most
effective risk assessment techniques now in use, mostly in the engineering
and medical sectors. By creating a process for regulating risks and evaluating
if threats are impending, this strategy greatly lowers the expenses associated
with handling risks (Figure 8.1).
Source: https://sustainableenviro.com/media/sites/2/2018/10/Managing-Food-
System-Sustainability-Risk-1080x551.jpg.
本书版权归Arcler所有
Sustainable Business and Risk Management 185
8.2. RISK
Risk appetite, risk tolerance, and the organizations’ response to risky
situations were all assessed in order to prepare for conversations about risk
assessment in SMEs and major corporations. Based on data gathered during
interviews with managers and specialists with experience in risk assessment-
related fields across various business sectors, the comparative analysis
between the two types of organizations and the relationship between risk
assessment and the organizational context were conducted. Results from
interviews with managers and CEOs were used to accomplish goals relating to
risk identification and determining the function of performing risk assessment
at the interaction between business processes in organizations and between
the organization and outsourced business processes. Based on feedback from
managers who have adopted or are testing the proposed risk assessment
model, follow-up surveys were used to validate the model and assess its
effects. In today’s fiercely competitive business environment, managing a
business requires new guidelines (Paxson, 1992). Even though the operational
level is where the majority of the risks relating to business sustainability are
created, managers must still keep an eye on and maintain control over all
business operations in order to successfully implement new strategies that
guarantee the organizations’ competitive advantage or, in some cases, even
business survival. An increasing number of firms create strategies employing
the process method to balance performance metrics amid financial crises.
Business processes are groups of interconnected, interacting tasks that convert
resources or inputs into outputs. Each process is planned as a component
of a workflow that is monitored and regulated in order to add value to the
organization. To accomplish business goals and support the organization’s
mission and vision, business processes connect people, expertise, and
technology. Research on techniques for developing, implementing, carrying
out, and monitoring process activities has been done in-depth.
To ensure that information is accessible throughout the organization,
organizations must update and maintain standard operating procedures as
well as other documents pertaining to applying processes in accordance
with the established approach. Documentation and control procedures
frequently relate to requests from clients or other interested parties or to
legal requirements. In order to ensure business sustainability, measuring the
critical performance indicators and developing strategies around the same
variables are no longer sufficient. As a result, organizations have begun
concentrating on managing processes and changing objectives in accordance
with process results. Depending on how closely they are integrated into the
本书版权归Arcler所有
186 Comprehensive Guide to Business Risk Management
8.3. GOALS
The primary goals of the contract management team are to create performing
contracts while meeting the needs of the clients and adhering to laws and
regulations. The important performance indicators concern total contracted
value, offering process performance, and process risk levels. A contracting
team and a legal team are typically included in the contract management
department to guarantee that all contracts are compliant with the law. The
department uses checklists, the Pareto analysis, risk assessment, and risk
management as approaches for achieving business objectives. The primary
process interactions are with business procedures that senior management,
the marketing, and financial teams are responsible for executing. Risks
associated with contracting might be related to undetected or unquantifiable
本书版权归Arcler所有
Sustainable Business and Risk Management 187
Source: https://www.isixsigma.com/wp-content/uploads/images/stories/migrat-
ed/graphics/394a.gif.
本书版权归Arcler所有
188 Comprehensive Guide to Business Risk Management
Source: https://www.cec.health.nsw.gov.au/__data/assets/image/0005/341285/
Pareto-1.png.
Risks could arise if only one supplier is considered and chosen, which
could lead to higher costs, delayed delivery, and unhappy customers.
Another significant risk that contributes to lower sales and delayed
deliveries is delayed procurement. Other procurement risks include failing
to specify acceptance standards for goods and services and working with
unqualified suppliers, which can result in higher production costs, defective
goods, late delivery, and unhappy customers. The greatest risks are those
associated with flaws and errors that customers report that could result in
complaints. Another production-related risk that negatively affects sales is
delayed deliveries. Other hazards include work accidents that can result in
losing authorizations, declining sales, and losing market share, as well as
manufacturing infrastructure failures that cost money to fix, cause delays
in deliveries, and pollute the environment. Client complaints and reduced
delivery capacity may result from operating with non-compliant or outdated
materials and equipment, employing erroneous product specifications, and
not allocating enough time for verification methods.
本书版权归Arcler所有
Sustainable Business and Risk Management 189
The risks that have been discovered can be related to creating non-
compliance, including selling non-compliant items to customers and
turning them into flaws that result in higher expenses, delayed delivery,
and complaints. Other hazards include slow control procedures, delayed
procurement, and client loss as a result of ineffective controls. Products can
be provided with flaws due to unqualified vendors and mistakes in defining
compliance standards for goods and services. Organizational workflows
can be recognized horizontally as procedures linked between departments
as well as vertically as they move from one organizational level to another
(Mendling & Hafner, 2005). Process owners and managers continuously
detect, analyze, and send feedback regarding all process interactions in order
to optimize workflows. The objectives of the organization determine how
organizational business processes interact with one another. This feedback
mechanism ensures that reports are sent from the operational level to the
strategic level, where managers make decisions and create strategies based
on the information they have received. Then, process owners and department
managers put operational plans into place, watch over, examine, and report
on performance indicators linked to the process’s outcomes. As a result, the
process manager is the owner of all process interactions and is responsible
for ensuring their effectiveness while evaluating and managing risks that
may arise at this level. Sharing findings with other process managers and
offering comments is another crucial task for process managers. When
employing the process approach, information about detected and evaluated
risks at each process interaction should also be communicated because there
may be major hazards that endanger the success of the business.
8.4. MANAGERS
Managers can now pursue profitability through higher revenue or
profit margins and boost corporate value by extending their businesses
internationally. Management plans are created with the target markets’
business environments in mind while entering international markets.
Countries and organizations are now interconnected. Organizations have
expanded their operations globally in one of two ways: by exploring new
markets or by outsourcing their operations. To cut manufacturing and service
expenses and boost income by focusing on new global market segments,
corporations must investigate and comprehend international business
environments as well as the key distinctions between their own country and
the nations where they intend to outsource procedures. Although they have
本书版权归Arcler所有
190 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Sustainable Business and Risk Management 191
8.5. FACTORS
The key factors driving back sourcing decisions are service quality, rising
wages and transportation expenses, as well as flexibility. Managers must
first examine the causes of the outsourcing’s unsatisfactory results before
reshoring. There are two main reasons why managers have had to re-evaluate
their outsourcing decisions: poor communication and poor control. These
restrictions may make it impossible to manage business process interaction-
related hazards. Risk assessment continuously examines all influencing
factors to predict and anticipate potential changes both inside and outside the
organization. The determination of business goals and strategy often involves
conducting a risk assessment. To maintain sustainable performance and
boost profitability, quality assurance, and customer happiness, organizations
must recognize, assess, and manage the top impacting risks. Organizations
must develop new strategies for adjusting to the new obstacles in order to
meet corporate objectives in the current economic and political environment,
which has changed all business processes. In order to address new business
possibilities and prevent threats from materializing, it is necessary to conduct
a proactive risk assessment of the uncertainties associated with the changes
in the business environment. There has been a developing basic consensus
that systematic risk management is necessary to address these difficulties.
The most frequent new risks are high risks with low probability of
occurrence, which can result in global supply chain disruptions, market
segment losses, unsatisfactory outcomes of outsourced or offshored
company activities, and even insolvency or bankruptcy. Although there
are various operational risk assessment techniques accessible, many
academicians and experts concur that these tools and approaches have not
been synthesized into a comprehensive management system. As reactionary
responses to risks that have already manifested as unfavorable events,
organizations adopt firefighting strategies; nevertheless, these techniques
are incredibly ineffective and have significant drawbacks in terms of
money, labor, and time. In order to accomplish company goals and maintain
sustainable performance, risk assessment must be carried out proactively
as a collection of integrated operations with the common objective of
monitoring, regulating, and managing risks. Sustainability is intricate and
multifaceted, encompassing a wide range of issues such as stakeholder
本书版权归Arcler所有
192 Comprehensive Guide to Business Risk Management
8.6. ASSESSMENT
Identifying, assessing, and analyzing risks inside an organization is the goal
of risk assessment, which is a collection of coordinated tasks (O’Donnell
& Schultz, 2005). By providing information about risk profiles, including
risk source and impact on key performance measures, these activities help
people better comprehend risk. Managers may establish sound company
plans and make informed decisions with the aid of risk assessment. As a
result, risk assessment helps firms achieve their long-term goals and improve
their overall business performance. To produce consistent, comparable, and
本书版权归Arcler所有
Sustainable Business and Risk Management 193
trustworthy results that are long-lasting, the process needs a methodical and
structured strategy. Individuals responsible for standardizing and assuring
process efficiency through the evaluation of outcomes and the development
of standards, guidelines, and procedures take part in each phase of the risk
assessment process. Business management includes not just dealing with the
repercussions of not meeting goals, but also figuring out what led to the risk
materializing in the first place. This can be done reactively by taking into
account past risks that have already had an impact. The management team
must take a proactive stance and assess potential risks in order to avert risk
materialization. Resources must be set aside for risk identification, analysis,
and estimation before deciding to undertake risk assessment.
Risk assessment is important for accomplishing corporate goals and
should be taken into account at every stage of the decision-making process.
While risk management and assessment are crucial for an organization’s
long-term success, companies must constantly innovate and update
their procedures to deal with the ambiguities and shifts in the business
environment. Experts have been looking into new ways to reduce the expenses
associated with handling risks while also increasing the process’ accuracy
and efficiency over the past several years in an effort to avert the negative
effects of risk materialization. When determining risk levels, the FMEA
method offers considerable benefits for risk management and control, as
well as a significant cost reduction. This is crucial for achieving sustainable
company performance because it prevents resources from being wasted
controlling risks whose materialization conditions may never materialize.
Instead, they can be employed to produce solutions that provide value for the
organization. Examining potential benefits from risk management is another
development in the field of risk assessment. An unclear scenario may result
in both negative and positive outcomes. The FMEA method is generally
used in engineering and medical, and a risk assessment strategy based on
opportunities is not utilized as a standard in companies, thus there are many
opportunities connected to innovation in the risk assessment sector.
By identifying the circumstances that resulted in the materialization of
prior risks, as well as by inferring these circumstances based on the judgment
and expertise of specialists with risk assessment, it is possible to manage
the negative effects of risk materialization. Business performance indicators
are impacted by risk materialization, allowing businesses to identify the
circumstances that indicate a significant departure from expected values.
Risks can therefore be controlled by keeping an eye on the values of these
indicators, and a significant portion of the risks need not be included in the
本书版权归Arcler所有
194 Comprehensive Guide to Business Risk Management
risk handling plan. If business risks are not managed and risk assessment
findings are not put to use, sustainable business performance cannot be
guaranteed. By using risks as business opportunities, the risk assessment
process is made more effective and adds value for the organization, which has
a significant positive impact on sustainability and business performance. The
organization’s attitude toward risky circumstances, interest in assessing and
managing risks, and risk tolerance, which varies primarily by organization
size, all influence risk-taking. When making strategic decisions based on
the best information available, managers can get assistance from the risk
assessment process. Organizations must decide between an aggressive
strategy that entails taking risks in pursuit of new business prospects and
a defensive risk strategy that is focused on avoiding or managing risks.
For performance to be sustainable, risk assessment needs to be innovated,
improved, and used to address new opportunities brought about by risk
materialization. If the risks that have been identified are examined and new
business prospects can be realized, organizations also have the choice of
spending resources to force risk materialization. This approach can enhance
the outcomes of risk assessments and make them even more valuable as
management tools.
Numerous experts have discussed risk assessment methods, but the
process always involves choosing risk criteria and identifying risks before
doing risk analysis and evaluation to produce the risk profile. The risk
profile must take into account both the potential for negative and positive
effects of risk materialization in order to uncover new business prospects.
The organization is at danger from unacceptable or very high risks, but as
these risks might also present possibilities, they can also be seen as desirable
for corporate growth. In order to measure the impact of taking risks and
utilizing an offensive risk assessment method, it is important to consider
the influence on the business performance indicators. The stability of the
organization depends on managing the tension between an offensive and
defensive risk strategy. A risk assessment focused on sustaining corporate
performance maps both potential positive and negative outcomes of risk
materialization and strikes a balance between defensive and offensive risk
management tactics.
Making the most of both the favorable and unfavorable consequences
of risk materialization is essential to a strategy based on making strategic
decisions while taking into account threats and opportunities. Risks have a
distinct stake or cost for large corporations, therefore organizations like the
majority of large companies that only create defensive strategies to assure
本书版权归Arcler所有
Sustainable Business and Risk Management 195
本书版权归Arcler所有
196 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Sustainable Business and Risk Management 197
8.7. ACTIVITIES
By deciding the shareholders’ strategic activities and affecting the
organization’s market strategy, which has an impact particularly on
competition, risk assessment influences external stakeholders. Since a
company’s reputation for economic stability and growth attracts new
customers, investors, and qualified job seekers, risk assessment is closely
connected to the company’s image. One benefit of effective collaborations
is benchmarking, where information about risk assessments may be shared
with corporate partners in order to compare outcomes and streamline the
本书版权归Arcler所有
198 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Sustainable Business and Risk Management 199
8.8. PROCESSES
Processes should be codified to improve knowledge and understanding
across the organization in order to be sustainable. A flowchart can be used
to represent business processes as a collection of actions connected by
decision points. The process matrix, which incorporates a series of actions
and regulations based on process data, is another method of representing the
formality of business processes. In recent years, running a firm has faced
new hurdles. To reach the desired values of the performance metrics, new
approaches and procedures must be developed as a result of the financial
crisis. Since business processes are the foundation of every company and
have a direct impact on business performance, controlling risks at the
operational management level is frequently essential to an organization’s
survival. In the current business environment, risk management and process
improvement are crucial. A growing number of managers employ the process
approach as a tactic to reduce risks associated with interactions between
business processes. The primary unacceptable risk that can result from
management activities or after-sales processes interacting with one another
is decreased sales of support services and spare parts. Ineffective business
strategies, improper resource allocation, erroneous budget estimates for
warranty-related expenses, inaccurate offers of spare parts or services, a
failure to monitor faulty items, and a failure to analyze redundant faults are
the main culprits.
Risks associated with management team operations and monitoring
activities are acceptable and relate to additional unanticipated costs during
the warranty period, but risks must be monitored and prevented from being
brought on by gathering data from unrelated sources and failing to keep track
of clients’ needs. Choosing which business processes to outsource in order
to boost revenue and profit margin was one of the biggest issues process
managers faced in previous years. Recently, experts in the field, academics,
and managers came to the conclusion that not all actions about offshore
or outsourcing were profitable for the companies, and as a result, back-
shoring, and reshoring became a new business trend. Recent studies have
本书版权归Arcler所有
200 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Sustainable Business and Risk Management 201
本书版权归Arcler所有
202 Comprehensive Guide to Business Risk Management
directly affects how frequently hazards manifest and how much it will cost
to manage those risks.
Detection assesses the conditions that determine risk materialization.
By continuously monitoring the organization’s performance indicators,
detection can determine whether specific conditions are met that can result
in risk materialization. Probability of appearance and consequence are
typically estimated by process owners based on their experience and other
subjective data. If risk management expenses were lower, opportunities were
discovered more frequently, and seizing these chances enhanced business
outcomes, organizations would be more willing to take on risk. Utilizing the
FMEA method, organizations can identify which risks are worth handling
in order to prevent negative effects of materialized risks or to force risk
materialization in order to take advantage of an opportunity. When detection
is used, this risk loses appeal to managers seeking for new business prospects.
Monitoring performance metrics impacted by common hazards is necessary
to determine whether risk levels are rising and whether new opportunities
are opening up. These indicators are impacted by the dangers of ineffective
marketing campaigns, a bad company reputation, customers losing interest
in the company’s goods and services, and non-performing contracts.
本书版权归Arcler所有
BIBLIOGRAPHY
本书版权归Arcler所有
204 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Bibliography 205
本书版权归Arcler所有
206 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Bibliography 207
36. Chapman, C., & Ward, S., (2004). Why risk efficiency is a key aspect
of best practice projects. International Journal of Project Management,
22(8), 619–632. https://doi.org/10.1016/j.ijproman.2004.05.001.
37. Chen, T. K., Liao, H. H., & Kuo, H. J., (2013). Internal liquidity risk,
financial bullwhip effects, and corporate bond yield spreads: Supply
chain perspectives. Journal of Banking & Finance, 37(7), 2434–2456.
https://doi.org/10.1016/j.jbankfin.2013.02.011.
38. Chen, X., Liu, C., & Li, S., (2019). The role of supply chain finance
in improving the competitive advantage of online retailing enterprises.
Electronic Commerce Research and Applications, 33, 100821. https://
doi.org/10.1016/j.elerap.2018.100821.
39. Child, J., & Tsai, T., (2005). The dynamic between firms’ environmental
strategies and institutional constraints in emerging economies:
Evidence from China and Taiwan. Journal of Management Studies,
42(1), 95–125. https://doi.org/10.1111/j.1467-6486.2005.00490.x.
40. Cho, V., & Chan, A., (2015). An integrative framework of comparing
SaaS adoption for core and non-core business operations: An empirical
study on Hong Kong industries. Information Systems Frontiers, 17(3),
629–644. https://doi.org/10.1007/s10796-013-9450-9.
41. Chopra, S., (2017). Seven-eleven Japan Co. Kellogg School
of Management Cases, 1–14. https://doi.org/10.1108/case.
kellogg.2016.000298.
42. Christopher, M., & Peck, H., (1997). Managing logistics in fashion
markets. The International Journal of Logistics Management, 8(2),
63–74. https://doi.org/10.1108/09574099710805673.
43. Clarkson, P. M., Li, Y., Pinnuck, M., & Richardson, G. D., (2015). The
valuation relevance of greenhouse gas emissions under the European
Union carbon emissions trading scheme. European Accounting Review,
24(3), 551–580. https://doi.org/10.1080/09638180.2014.927782.
44. Code of Business Conduct and Ethics, (n.d.). Retrieved from: https://
www.sec.gov/Archives/edgar/data/1297401/000119312511045757/
dex14.htm (accessed on 07 September 2022).
45. Coffee, J. C. J., (2001). The rise of dispersed ownership: The roles
of law and the state in the separation of ownership and control.
Yale Law Journal, 111, 1. Retrieved from: https://heinonline.org/
HOL/Page?handle=hein.journals/ylr111&id=19&div=&collection=
(accessed on 07 September 2022).
本书版权归Arcler所有
208 Comprehensive Guide to Business Risk Management
46. Coleman, G., & Verbruggen, R., (1998). A quality software process for
rapid application development. Software Quality Journal, 7(2), 107–
122. https://doi.org/10.1023/A:1008856624790.
47. Coleman, J. W., (2019). Pipelines & power-lines: Building the
energy transport future. Ohio State Law Journal, 80, 263. Retrieved
from: https://heinonline.org/HOL/Page?handle=hein.journals/
ohslj80&id=275&div=&collection= (accessed on 07 September 2022).
48. Coleman, R., (2011). Operational risk. In: Wiley Encyclopedia of
Operations Research and Management Science. John Wiley & Sons,
Ltd. https://doi.org/10.1002/9780470400531.eorms0591.
49. D’Aubeterre, F., Singh, R., & Iyer, L., (2008). Secure activity resource
coordination: Empirical evidence of enhanced security awareness in
designing secure business processes. European Journal of Information
Systems, 17(5), 528–542. https://doi.org/10.1057/ejis.2008.42.
50. Damanpour, F., & Damanpour, J. A., (2001). E‐business e‐commerce
evolution: Perspective and strategy. Managerial Finance, 27(7), 16–
33. https://doi.org/10.1108/03074350110767268.
51. Das, T. K., & Teng, B. S., (2001). A risk perception model of alliance
structuring. Journal of International Management, 7(1), 1–29. https://
doi.org/10.1016/S1075-4253(00)00037-5.
52. Daud, W. N. W. D., Yazid, A. S., & Hussin, H. M. R., (2010). The
effect of chief risk officer (CRO) on enterprise risk management
(ERM) practices: Evidence from Malaysia. International Business &
Economics Research Journal (IBER), 9(11). https://doi.org/10.19030/
iber.v9i11.30.
53. Deleris, L. A., & Erhun, F., (2005). Risk management in supply networks
using Monte-Carlo simulation. Proceedings of the Winter Simulation
Conference, 2005, 7. https://doi.org/10.1109/WSC.2005.1574434.
54. Dionne, G., (2013). Risk management: History, definition, and critique.
Risk Management and Insurance Review, 16(2), 147–166. https://doi.
org/10.1111/rmir.12016.
55. Dreher, A., & Vaubel, R., (2009). Foreign exchange intervention and the
political business cycle: A panel data analysis. Journal of International
Money and Finance, 28(5), 755–775. https://doi.org/10.1016/j.
jimonfin.2008.12.007.
56. Dullaway, D. W., & Needleman, P. D., (2004). Realistic liabilities
and risk capital margins for with-profits business. A discussion paper.
本书版权归Arcler所有
Bibliography 209
本书版权归Arcler所有
210 Comprehensive Guide to Business Risk Management
65. George, B., Button, M., & Whatford, N., (2003). The impact of
September 11th on the UK business community. Crime Prevention
and Community Safety, 5(2), 49–59. https://doi.org/10.1057/palgrave.
cpcs.8140146.
66. Geyfman, V., & Yeager, T. J., (2009). On the riskiness of universal
banking: Evidence from banks in the investment banking business
pre- and post-GLBA. Journal of Money, Credit, and Banking, 41(8),
1649–1669. https://doi.org/10.1111/j.1538-4616.2009.00266.x.
67. Ghasemzadeh, F., & Archer, N. P., (2000). Project portfolio selection
through decision support. Decision Support Systems, 29(1), 73–88.
https://doi.org/10.1016/S0167-9236(00)00065-8.
68. Gilbert, A. L., & Han, H., (2005). Understanding mobile data services
adoption: Demography, attitudes or needs? Technological Forecasting
and Social Change, 72(3), 327–337. https://doi.org/10.1016/j.
techfore.2004.08.007.
69. Gilmore, A., Carson, D., & O’Donnell, A., (2004). Small business owner‐
managers and their attitude to risk. Marketing Intelligence & Planning,
22(3), 349–360. https://doi.org/10.1108/02634500410536920.
70. Greuning, H. V., & Brajovic-Bratanovic, S., (2022). Analyzing
Banking Risk: A Framework for Assessing Corporate Governance
and Risk Management – Fourth Edition (English). Retrieved from:
https://policycommons.net/artifacts/2232409/analyzing-banking-
risk/2990081/ (accessed on 07 September 2022).
71. Guidara, A., Lai, V. S., Soumaré, I., & Tchana, F. T., (2013). Banks’
capital buffer, risk, and performance in the Canadian banking
system: Impact of business cycles and regulatory changes. Journal
of Banking & Finance, 37(9), 3373–3387. https://doi.org/10.1016/j.
jbankfin.2013.05.012.
72. Gummesson, E., (2005). Qualitative research in marketing:
Road‐map for a wilderness of complexity and unpredictability.
European Journal of Marketing, 39(3, 4), 309–327. https://doi.
org/10.1108/03090560510581791.
73. Gunningham, N. A., Thornton, D., & Kagan, R. A., (2005). Motivating
management: Corporate compliance in environmental protection.
Law & Policy, 27(2), 289–316. https://doi.org/10.1111/j.1467-
9930.2005.00201.x.
本书版权归Arcler所有
Bibliography 211
74. Guo, S., Zhang, W., & Gao, X., (2020). Business risk evaluation of
electricity retail company in China using a hybrid MCDM method.
Sustainability, 12(5), 2040. https://doi.org/10.3390/su12052040.
75. Gurl, E., (2017). Swot Analysis: A Theoretical Review. https://doi.
org/10.17719/jisr.2017.1832.
76. Hallikas, J., Virolainen, V. M., & Tuominen, M., (2002). Risk analysis
and assessment in network environments: A dyadic case study.
International Journal of Production Economics, 78(1), 45–55. https://
doi.org/10.1016/S0925-5273(01)00098-6.
77. Han, Z., & Nigg, J., (2011). The influences of business and decision
makers’ characteristics on disaster preparedness—A study on the
1989 Loma Prieta earthquake. International Journal of Disaster Risk
Science, 2(4), 22–31. https://doi.org/10.1007/s13753-011-0017-4.
78. Hanel, P., (2006). Intellectual property rights business management
practices: A survey of the literature. Technovation, 26(8), 895–931.
https://doi.org/10.1016/j.technovation.2005.12.001.
79. Hanna, R. C., Lemon, K. N., & Smith, G. E., (2019). Is transparency a
good thing? How online price transparency and variability can benefit
firms and influence consumer decision making. Business Horizons,
62(2), 227–236. https://doi.org/10.1016/j.bushor.2018.11.006.
80. Hassel, H., (2010). Risk and Vulnerability Analysis in Society’s
Proactive Emergency Management: Developing Methods and
Improving Practices. Doctoral thesis (compilation), Lund University.
81. Haug, P., (1985). A multiple-period, mixed-integer-programming
model for multinational facility location. Journal of Management,
11(3), 83–96. https://doi.org/10.1177/014920638501100307.
82. Hawtin, M., (2003). The practicalities and benefits of applying revenue
management to grocery retailing, and the need for effective business
rule management. Journal of Revenue and Pricing Management, 2(1),
61–68. https://doi.org/10.1057/palgrave.rpm.5170049.
83. Henderson, J. A. J., (1983). Product liability and the passage of time:
The imprisonment of corporate rationality. New York University
Law Review, 58, 765. Retrieved from: https://heinonline.org/HOL/
Page?handle=hein.journals/nylr58&id=785&div=&collection=
(accessed on 07 September 2022).
84. Henderson, J. C., (1992). Aligning business and information technology
domains: Strategic planning in hospitals. Hospital & Health
本书版权归Arcler所有
212 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Bibliography 213
本书版权归Arcler所有
214 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Bibliography 215
本书版权归Arcler所有
216 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Bibliography 217
134. Salter, M. B., (2008). When the exception becomes the rule: Borders,
sovereignty, and citizenship. Citizenship Studies, 12(4), 365–380.
https://doi.org/10.1080/13621020802184234.
135. Salzmann, O., Ionescu-Somers, A., & Steger, U., (2005). The business
case for corporate sustainability: Literature review and research
options. European Management Journal, 23(1), 27–36. https://doi.
org/10.1016/j.emj.2004.12.007.
136. Schanfield, A., & Miller, M., (2005). A sustainable approach to ERM:
As best practices begin to emerge, one company uses a phased plan
to create a fully functioning, integrated enterprise risk management
system. Internal Auditor, 62(2), 79–83. Retrieved from: https://go.gale.
com/ps/i.do?p=AONE&sw=w&issn=00205745&v=2.1&it=r&id=GA
LE%7CA131780246&sid=googleScholar&linkaccess=abs (accessed
on 07 September 2022).
137. Scholten, K., Sharkey, S. P., & Fynes, B., (2019). Building routines
for non-routine events: Supply chain resilience learning mechanisms
and their antecedents. Supply Chain Management: An International
Journal, 24(3), 430–442. https://doi.org/10.1108/SCM-05-2018-0186.
138. Schwartz, H., & Davis, S. M., (1981). Matching corporate culture and
business strategy. Organizational Dynamics, 10(1), 30–48. https://doi.
org/10.1016/0090-2616(81)90010-3.
139. Schweer, D., & Sahl, J. C., (2017). The digital transformation of
industry – the benefit for Germany. In: Abolhassan, F., (ed.), The
Drivers of Digital Transformation: Why There’s No Way Around the
Cloud (pp. 23–31). Cham: Springer International Publishing. https://
doi.org/10.1007/978-3-319-31824-0_3.
140. Sharma, A., & Kansal, D. V., (n.d.). Mobile Banking as Technology
Adoption and Challenges: A Case of M-Banking in India, 1(1),1-10.
141. Sheffi, Y., (2001). Supply chain management under
the threat of international terrorism. The International
Journal of Logistics Management, 12(2), 1–11. https://doi.
org/10.1108/09574090110806262.
142. Shelden, R. G., & Brown, W. B., (2000). The crime control industry
and the management of the surplus population. Critical Criminology,
9(1), 39–62. https://doi.org/10.1007/BF02461037.
143. Shenhar, A. J., Dvir, D., Levy, O., & Maltz, A. C., (2001). Project
success: A multidimensional strategic concept. Long Range Planning,
34(6), 699–725. https://doi.org/10.1016/S0024-6301(01)00097-8.
本书版权归Arcler所有
218 Comprehensive Guide to Business Risk Management
144. Shi, J., Katehakis, M. N., & Melamed, B., (2013). Martingale methods
for pricing inventory penalties under continuous replenishment and
compound renewal demands. Annals of Operations Research, 208(1),
593–612. https://doi.org/10.1007/s10479-012-1130-5.
145. Simkins, B., & Ramirez, S. A., (2007). Enterprise-wide risk
management and corporate governance. Loyola University Chicago
Law Journal, 39, 571. Retrieved from: https://heinonline.org/HOL/
Page?handle=hein.journals/luclj39&id=591&div=&collection=
(accessed on 07 September 2022).
146. Sison, A. J., (2000). Integrated risk management and global business
ethics. Business Ethics: A European Review, 9(4), 288–295. https://doi.
org/10.1111/1467-8608.00203.
147. Soltanizadeh, S., Abdul, R. S. Z., Mottaghi, G. N., & Wan, I. W.
K., (2016). Business strategy, enterprise risk management and
organizational performance. Management Research Review, 39(9),
1016–1033. https://doi.org/10.1108/MRR-05-2015-0107.
148. Spekman, R. E., & Davis, E. W., (2004). Risky business: Expanding the
discussion on risk and the extended enterprise. International Journal
of Physical Distribution & Logistics Management, 34(5), 414–433.
https://doi.org/10.1108/09600030410545454.
149. Steele, J., (2010). The LMAA in the 21st-century: Securing the future for
London maritime arbitration. Arbitration: The International Journal
of Arbitration, Mediation, and Dispute Management, 76(3). Retrieved
from: https://kluwerlawonline.com/journalarticle/Arbitration:+The+In
ternational+Journal+of+Arbitration,+Mediation+and+Dispute+Mana
gement/76.3/AMDM2010054 (accessed on 07 September 2022).
150. Stroh, P. J., (2005). Enterprise Risk Management at United Health
Group (pp. 26–35). Strategic Finance. Retrieved from: https://
go.gale.com/ps/i.do?p=AONE&sw=w&issn=1524833X&v=2.1&it=
r&id=GALE%7CA133858716&sid=googleScholar&linkaccess=abs
(accessed on 07 September 2022).
151. Swani, K., Milne, G. R., Brown, B. P., Assaf, A. G., & Donthu, N.,
(2017). What messages to post? Evaluating the popularity of social
media communications in business versus consumer markets. Industrial
Marketing Management, 62, 77–87. https://doi.org/10.1016/j.
indmarman.2016.07.006.
本书版权归Arcler所有
Bibliography 219
152. Tang, C., & Tomlin, B., (2008). The power of flexibility for mitigating
supply chain risks. International Journal of Production Economics,
116(1), 12–27. https://doi.org/10.1016/j.ijpe.2008.07.008.
153. Tanlapco, E., Lawarree, J., & Liu, C. C., (2002). Hedging with futures
contracts in a deregulated electricity industry. IEEE Transactions
on Power Systems, 17(3), 577–582. https://doi.org/10.1109/
TPWRS.2002.800897.
154. Taskinsoy, J., (2013). Basel III: Road to Resilient Banking, Impact on
Turkey’s Financial Sector [SSRN Scholarly Paper]. Rochester, NY.
Retrieved from: https://papers.ssrn.com/abstract=3274876 (accessed
on 07 September 2022).
155. Trakman, L. E., (2002). Confidentiality in international commercial
arbitration. Arbitration International, 18(1), 1–18. https://doi.
org/10.1023/A:1014277907158.
156. Ullah, S., Mufti, N. A., Qaiser, S. M., Hussain, A., Lodhi, R. N., &
Asad, R., (2022). Identification of factors affecting risk appetite of
organizations in selection of mega construction projects. Buildings,
12(1), 2. https://doi.org/10.3390/buildings12010002.
157. Van, D. M. A. P., (2002). Project management and business
development: Integrating strategy, structure, processes, and projects.
International Journal of Project Management, 20(5), 401–411. https://
doi.org/10.1016/S0263-7863(01)00012-6.
158. Van, K. H., & Hogenbirk, A., (2005). Multimedia, entertainment, and
business software copyright piracy: A cross-national study. Journal
of Media Economics, 18(2), 109–129. https://doi.org/10.1207/
s15327736me1802_3.
159. Van, R. G. G., (2014).The curious case of the post-9-11 boost in government
job satisfaction. The American Review of Public Administration, 44(1),
59–74. https://doi.org/10.1177/0275074012461560.
160. Verdon, D., & McGraw, G., (2004). Risk analysis in software design.
IEEE Security & Privacy, 2(4), 79–84. https://doi.org/10.1109/
MSP.2004.55.
161. Viterbo, A., (2019). The European union in the transnational financial
regulatory arena: The case of the Basel committee on banking
supervision. Journal of International Economic Law, 22(2), 205–228.
https://doi.org/10.1093/jiel/jgz013.
本书版权归Arcler所有
220 Comprehensive Guide to Business Risk Management
162. Von, A. A., (2008). Cost‐oriented failure mode and effects analysis.
International Journal of Quality & Reliability Management, 25(5),
466–476. https://doi.org/10.1108/02656710810873871.
163. Walters, B. A., Peters, S., & Dess, G. G., (1994). Strategic alliances and
joint ventures: Making them work. Business Horizons, 37(4), 5–11.
Retrieved from: https://go.gale.com/ps/i.do?p=AONE&sw=w&issn=
00076813&v=2.1&it=r&id=GALE%7CA15636442&sid=googleScho
lar&linkaccess=abs (accessed on 07 September 2022).
164. Wang, M., & Jie, F., (2020). Managing supply chain uncertainty and risk
in the pharmaceutical industry. Health Services Management Research,
33(3), 156–164. https://doi.org/10.1177/0951484819845305.
165. Weber, O., (2012). Environmental credit risk management in banks and
financial service institutions. Business Strategy and the Environment,
21(4), 248–263. https://doi.org/10.1002/bse.737.
166. Wilson, S., (2006). Law, morality, and regulation: Victorian experiences
of financial crime. The British Journal of Criminology, 46(6), 1073–
1090. https://doi.org/10.1093/bjc/azl067.
167. Woo, C. Y., (1987). Path analysis of the relationship between market
share, business-level conduct, and risk. Strategic Management Journal,
8(2), 149–168. https://doi.org/10.1002/smj.4250080206.
168. Woods, M., (2009). A contingency theory perspective on the risk
management control system within Birmingham City Council.
Management Accounting Research, 20(1), 69–81. https://doi.
org/10.1016/j.mar.2008.10.003.
169. Wu, D. D., & Olson, D. L., (2009a). Enterprise risk management:
Small business scorecard analysis. Production Planning & Control,
20(4), 362–369. https://doi.org/10.1080/09537280902843706.
170. Wu, D. D., & Olson, D. L., (2009b). Introduction to the special section
on “optimizing risk management: Methods and tools.” Human and
Ecological Risk Assessment: An International Journal, 15(2), 220–
226. https://doi.org/10.1080/10807030902760967.
171. Yeung, R. M. W., & Morris, J., (2001). Food safety risk: Consumer
perception and purchase behaviors. British Food Journal, 103(3), 170–
187. https://doi.org/10.1108/00070700110386728.
172. Young, P. C., & Tomski, M., (2002). An introduction to risk management.
Physical Medicine and Rehabilitation Clinics, 13(2), 225–246. https://
doi.org/10.1016/S1047-9651(01)00005-5.
本书版权归Arcler所有
Bibliography 221
本书版权归Arcler所有
本书版权归Arcler所有
INDEX
本书版权归Arcler所有
224 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
Index 225
本书版权归Arcler所有
226 Comprehensive Guide to Business Risk Management
本书版权归Arcler所有
本书版权归Arcler所有