PALAWAN STATE UNIVERSITY

COLLEGE OF BUSINESS AND ACCOUNTANCY

PUERTO PRINCESA CITY

ENTERPRISE RISK MANAGEMENT

PrE 4: ENTERPRISE RISK MANAGEMENT
2ND Semester | SY: 2023-2024
TOPIC 1

Overview

• Define Risk.
Risk is a possibility that something bad will happen that could possibly
impact our plans and achievement of our objectives. Organizations
need to identify, assess, and manage risks to achieve their goals,
including protecting the organization's assets and avoiding
unexpected losses.

• Enterprise Risk defined.

• What is Enterprise Risk Management (ERM)?

• Enterprise Risk and Expected Loss

• Value at Risk
o Value at Risk methods

• Identify and explain different types of enterprise risk

o Financial Risk: Types of Financial Risk

o Operational Risk
o Strategic Risk

• Scope of Risk Management

• Principles and aims of risk management

ENTERPRISE RISK MANAGEMENT - 1 -

DISCUSSION:

RISK

What is risk? Risk is the level of uncertainty about future events. Organization
mangers need to identify, assess and respond to risk in order for the organization
to achieve its goals and objectives and its vision. Risk must be managed to an
acceptable level to adequately protect the organizational assets and to mitigate
losses. Even though risks are difficult to determine and quantify, management
should make the best effort to identify, assess, and respond to them. This section
focuses on the enterprise risk management (ERM) model. ERM provides a
comprehensive approach to risk identification, assessment, and response.

ENTERPRISE RISK DEFINED.

Enterprise risk is a condition that may prevent an organization from achieving its
objective. Some business risk is easy to locate. We put sprinkler systems in buildings
and buy insurance policies to protect against fires. Retail stores put magnetic
detectors at entrance doors to detect shoplifters and prevent theft. But some
enterprise risks, which are risks that would cause losses or put the ability of the
business to function appropriately in jeopardy, aren't always as easy to identify.
Although risks often are difficult to determine and quantify, management should
make the best effort to identify risks and their probabilities of occurrence.
Several organizations provide guidance to assist with the design and
implementation of an effective enterprise-wide risk management approach. The
latter part of this topic focuses on the most widely used and accepted enterprise
risk management framework, the COSO Enterprise Risk Management Integrated
Framework, a comprehensive approach to assessing an organization's risk.

ENTERPRISE RISK MANAGEMENT

Enterprise Risk Management (ERM) is, in its simplest definition, risk management
practiced at the enterprise level. It puts the core strategic mission of the enterprise
at the center of the discussion, driving all possible responses to potential risks in a
holistic approach. This has not always been the case. The ever-increasing
complexity of the world is engendering new and sometimes previously
unimagined risks, ones that don’t always fall within what was considered
traditional risk management practice. The need for a different approach had
become increasingly clear over the last two decades or so, and ERM emerged to
the fore as a response to these new challenges. ERM is still evolving, a fitting
testament to the fact the ERM is itself an ongoing process and not a one-time
project. This section will describe the history of risk management as a backdrop to
better understand what is now considered cutting-edge ERM.

ENTERPRISE RISK MANAGEMENT - 2 -

ENTERPRISE RISK AND EXPECTED LOSS

In a business context, risk is defined as the level of exposure to a chance of loss.

For example, if BSA Company determines that a particular risk could result in a loss
up to P500,000.00, the company would be willing to spend up to P500,000.00 to
mitigate the risk. The amount of the loss calculated by the company represents
the maximum possible loss (extreme or catastrophic loss). This loss often is referred
to as the value at risk (Var). VaR includes cash flow at risk, earnings at risk, and
earnings per share (EPS) distribution (mean and variance). Normal risk models
cannot deal with totally unexpected losses such as an atomic attack.

VALUE AT RISK (VaR)

As noted, historical performance over long periods of time average rates of return
to accommodate fluctuations of unusually high or low returns. But as the name
implies, historical provides a retrospective indication of risk. When reviewing a
portfolio, historical volatility illustrates how risky the portfolio had been over the
some previous period of time. It provides no indication about the current market
risk of the portfolio. VaR gives the organizations the ability to assess current risk.

VaR is the maximum loss within a given period of time and given a specified
probability level (level of confidence). Unlike retrospective risk metrics that
measure historical volatility, VaR is prospective. It quantifies market risk while it is
being taken.

Figure 1 – Value at Risk Characteristics

Application VaR can be applied to any portfolio that can be

reasonably be marked to market performance on a
regular basis. VaR is not applicable to real estate or
other illiquid assets.
Time Frame/Horizon VaR evaluates a portfolio’s performance over a specific
period of time, such as trading day, week, or a month.
Base Currency VaR measures risk in a currency. Any currency can be
used.
VaR measurement A resulting Var measure summarizes a portfolio’s market
risk with a single number.
VALUE AT RISK (VaR) METHODS:

ENTERPRISE RISK MANAGEMENT - 3 -

 The historical method estimates risk based on actual historical
returns for a time period by putting them in order from worst to
best. The historical method assumes that history will repeat itself
Historical Method from a risk perspective. A histogram plot correlates the
frequency of returns with losses. The results indicate the
confidence level related to the occurrence of a worst-case
daily loss. (For example, if we invest $1,000, we are 95%
confident that our worst daily loss will not exceed $40 ($1,000 ×
4%).)
The variance-covariance method assumes that stock returns
Variance are normally distributed. Expected (or average) return and a
Covariance Method standard deviation are estimated, and a normal distribution
curve is plotted. By reviewing the normal curve, one can see
exactly where the worst percentages lie on the curve.
A Monte Carlo simulation refers to any method that randomly
Monte Carlo generates trials. This method involves developing a model for
Simulation future returns and running multiple hypothetical tests through
the model. It enables calculating the expected loss and the
variance related to the losses and the probabilities associated
with the maximum loss.

TYPES OF ENTERPRISE RISK

Hazards Risk related to natural disasters such as storms, floods, etc.

Risk is caused by the inability to finance the business, including
Financial short-term (liquidity) and long-term (solvency). This risk can be
influenced by internal factors such as strategic decisions or
external factors such as global economic conditions.
Risk is related to the mix of fixed and variable costs in a
Operational company's cost structure. Risk increases with the proportion of
fixed costs. Operational risk can also arise from the internal
process and system failures, personnel, legal and compliance
issues, and political instability.
Strategic Risk related to planning and strategic decisions.
Business Risk Risk related to the fundamental viability of a business—the
question of whether a company will be able to make sufficient
sales and generate adequate revenues to cover its operational
expenses and turn a profit.

FINANCIAL RISK

ENTERPRISE RISK MANAGEMENT - 4 -

Financial risk, as the term suggests, is the risk that involves financial loss to firms.
Financial risk generally arises due to instability and losses in the financial market
caused by movements in stock prices, currencies, interest rates, and more.

TYPES OF FINANCIAL RISK:

a) Market Risk
This type of risk arises due to the movement in prices of financial
instruments. Market risk can be classified as Directional Risk and Non-
Directional Risk. Directional risk is caused due to movement in stock price,
interest rates, and more. Non-Directional risk, on the other hand, can be
volatility risks.

b) Credit Risk
Also known as default risk. This type of risk arises when an organization fails
to fulfill its obligations towards its counterparties. Credit risk can be
classified into Sovereign Risk and Settlement Risk. Sovereign risk usually
occurs due to complex foreign exchange policies. On the other hand,
settlement risk arises when one party makes the payment while the other
party fails to fulfill the obligations.

c) Liquidity Risk
This type of risk arises out of an inability to execute transactions. Liquidity
risk can be classified into Asset Liquidity Risk and Funding Liquidity Risk.
Asset Liquidity risk arises either due to insufficient buyers or insufficient
sellers against sell orders and buys orders, respectively.

d) Legal Risk
This type of financial risk arises out of legal constraints such as lawsuits.
Whenever a company needs to face financial losses out of legal
proceedings, it is a legal risk.

e) Asset-backed Risk
This type is the chance that asset-backed securities—pools of various types
of loans—may become volatile if the underlying securities also change in
value. Sub-categories of asset-backed risk involve the borrower paying off
a debt early, thus ending the income stream from repayments and
significant changes in interest rates.

f) Foreign Investment Risk

Investors holding foreign currencies are exposed to currency risk because
different factors, such as interest rate changes and monetary policy
changes, can alter the calculated worth or the value of their money.
Meanwhile, changes in prices because of market differences, political
changes, natural calamities, diplomatic changes, or economic conflicts

ENTERPRISE RISK MANAGEMENT - 5 -

 may cause volatile foreign investment conditions that may expose
businesses and individuals to foreign investment risk.

OPERATIONAL RISK

"Operational Risks" is a risk that includes errors because of the system, human
intervention, incorrect data, or other technical problems. Every firm or individual
has to deal with such an operational risk in completing any task/delivery.

Operational risks may include:

a) System errors
b) Internal control errors
c) Product issues
d) Human errors
e) Improper management
f) Quality issues

In the case of individuals, we can drill it down to error because of self-process

or other technical problems.

STRATEGIC RISK
a) Industry Margin Squeeze
As industries evolve, a succession of changes can occur that threatens all
companies within that sector. One particular threat is that profit margins
will be eroded for all companies in that sector. The industry will become a
no-profit zone from factors such as overcapacity and commoditization.
The best countermeasure for this margin squeeze is shifting the
compete/collaborate ratio among the firms. When the industry is growing,
and margins are large, companies can compete nearly on all fronts and
ignore collaboration. However, this 100 to zero ratio of competition to
collaboration should dramatically shift when the margins decline.
Collaboration may include sharing back office functions, coproduction or
asset-sharing agreements, purchasing and supply chain coordination,
joint R&D, and collaborative marketing.

b) Technology Shift
Technology risks can impact a company's performance. But the entrance
of new technology into the industry can make companies' products and
services obsolete quickly. For example, the film processing industry
experienced a significant shift with introducing digital imaging into a
formerly film-based process. However, most firms don't always know how
and when technology will succeed in the marketplace. Risk managers

ENTERPRISE RISK MANAGEMENT - 6 -

 can double bet-that invest in two or more versions of technology
simultaneously. Hence, no matter which version prevails, the company
comes out as a winner.

c) Brand Erosion
Brands are susceptible to an array of risks that can appear overnight and
threaten to destroy the brand. One of the most effective
countermeasures to brand erosion is redefining the scope of brand
investment past marketing to other factors that affect a brand, like service
and product quality. Another countermeasure involves the continuous
reallocation of brand investment based on the early detection of
weaknesses by measuring the critical dimensions of the brand
continuously.

d) Competitor
Competitors are the company's major sources of risk, whether from the
threat of new products or lower-cost structures. One of the most
detrimental risks is the one-of-a-kind competitor that emerges in the
market and seizes most of the market share. Constantly scanning the
need for this type of competitor is crucial because the best response is to
change the business design once identified rapidly. This response allows a
company to minimize the strategic overlap from the competitor and
establish a profitable position in an adjacent marketplace.

e) Customer Priority Shift

One of the most significant risks associated with customers is the shift in
customers' preferences. Two effective countermeasures are the
continuous creation and analysis of proprietary information and fast and
cheap experimentation. Ongoing innovation and research enable
companies to detect the next phase of customer preferences in the
industry. The quick and affordable experiment helps managers to
determine the right product variations to offer different customers fast.
These approaches help companies retain and grow their customer bases
and increase revenue per customer and overall profitability.

(Customer priority shift is another form of strategic risk. Customers'

preferences can change gradually or overnight without any prior notice
to a company. To help understand customers' preferences, companies
need to create and analyze proprietary information continuously. Also,
companies should use fast and cheap experimentation methods with
customers. This helps companies identify the proper product variations to
offer to different customers.)

f) Project (New-Project Failure)

ENTERPRISE RISK MANAGEMENT - 7 -

 All projects face risks, but a new project faces the chance of not working
correctly, not attracting profitable customers, that competitors will copy
it, or that it grows too slowly. The best protection against these types of risk
is to begin with an accurate assessment of the project's chance of success
before it is launched. The next step is to review past projects'
performances, both internally and externally. Three methods to help a
company systematically improve the project's odds of success are smart
sequencing, developing excess options, and employing the stepping-
stone method. Smart sequencing means launching the better-
understood, more controllable projects first. Developing excess
opportunities while planning the project will also help to ensure the best
one is used. The stepping stone method involves creating a series of
projects that lead from uncertainty to success and make the ultimate
project a success.

g) Market Stagnation
Many companies have had their market value plateau or even decline
because they could not find new sources of growth. In order to counter
this risk of stagnating volume growth demand, innovation can be applied.
This involves redefining a company's market to expand the value offered
to customers beyond product functionality. This could reduce company
costs, capital intensity, cycle time, and risk, improving profitability.

Risks are identified by bringing the team together; the organization has to
bring together the project team, board, stakeholders and discuss essential
questions about the goals and then jot down what can be the risky
elements in the entire project. There is a need to have open discussions
on what could go wrong and what hindrances are most likely to occur?
What kind of harm will it cause to the project? Can it be avoided or
covered up? It is crucial to identify the threats that come with the project
and eventually find out the opportunities that risks create and use it for its
overall benefit.

In this lesson we have talk about many different risk terms. It is important to
understand the different risk terms because the managerial solution to the risk is
informed by where the risk comes from.

SUMMARY:

Firms face a variety of risks. Risk is affected by the volatility of an outcome and
the time horizonan event is expected to take place. The most common types
of risk are business risk, haxard risk, financial risk, operational risk, strategic risk,
legal risk, compliance risk, political risk, inherent risk, residual risk and liquidity risk.

Source

ENTERPRISE RISK MANAGEMENT - 8 -

Parrino, R., Kidwell, D., and Bates, T. (2017). Fundamentals of Corporate Finance,
4th Edition. Hoboken, NJ: John Wiley & Sons.

ENTERPRISE RISK MANAGEMENT - 9 -