Republic of the Philippines

PALAWAN STATE UNIVERSITY

Puerto Princesa City

PSU-PCAT

RISK MANAGEMENT

CHAPTER II – DEVELOPMENT OF RISK MANAGEMENT

A. Origins of Risk Management

The study of risk management began after World War II. Risk management has long been associated with
using market insurance to protect individuals and companies from various losses associated with accidents.
Other forms of risk management, alternatives to market insurance, surfaced during the 1950s when market
insurance was perceived as very costly and incomplete for protection against pure risk. The use of derivatives
as risk management instruments arose during the 1970s, and expanded rapidly during the 1980s, as
companies intensified their financial risk management. International risk regulation began in the 1980s, and
financial firms developed internal risk management models and capital calculation formulas to hedge against
unanticipated risks and reduce regulatory capital. Concomitantly, risk management governance became
essential, integrated risk management was introduced and the chief risk officer positions were created.
Nonetheless, these regulations, governance rules, and risk management methods failed to prevent the
financial crisis that began in 2007. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2231635

B. Importance of Risk Management

Risk management is important within the field of finance as the technology surrounding the field evolves, the
tools used to manage risk must evolve as well.
https://corporatefinanceinstitute.com/resources/career-map/sell-side/risk-management/importance-of-risk-
management-in-finance/

 Managing the organization

Managing risk is important to avoid situations such as the 2008 Global Financial Crisis. Risk management is
important to support a well-functioning economy and financial system.
https://corporatefinanceinstitute.com/resources/career-map/sell-side/risk-management/importance-of-risk-
management-in-finance/

 Changes in the Marketplace

The marketplace is changing rapidly due to several forces, which include technology, globalization,
social responsibility, and consumer concerns about sustainability. The new forces result in capabilities of
and opportunities for both consumers and companies. The study discusses these capabilities and
opportunities and their impact on changing the marketplace. The study also discusses about distribution
channels and heightened competition. Distribution channels are getting modified due to retail
transformation and disintermediation. Intense competition is being generated between domestic and
foreign brands due to globalization. Companies need to be aware of these forces, acknowledge the
forces, and modify their marketing strategies to keep customers satisfied and to achieve business
excellence.
https://www.researchgate.net/publication/342605218_The_Changing_Marketplace_Challenges_Strategi
es_and_Initiatives

RRASTURIASNAVARROHANDOUTS2NDSEM2023-2024
 C. 7R’s of (hazard) risk management

recognition of risks; •

ranking of risks; •

responding to significant risks; •

resourcing controls;

• reaction (and event) planning;

• reporting of risk performance;

• reviewing the risk management system.

Risk management can improve the management of the core processes of an organization by ensuring that key
dependencies are analyzed, monitored and reviewed. Risk management tools and techniques will assist with the
management of the hazard risks, control risks and opportunity risks that could impact these key dependencies.

4T’s of (hazard) risk management

Tolerate
Sometimes it’s okay to do nothing. The likelihood and impact of the risk is low. You may decide to simply retain the risk
because it is acceptable without further actions. Log and monitor the risk because retaining a risk should always be an
informed decision. You should not find that your organization has retained a risk by default.

Terminate
Sometimes a risk is so far outside your risk appetite. Or is assessed as having such a severe impact on your business that
you have to stop (i.e. terminate) the activity causing it. For example, you may decide not to start or continue a business
activity in a particular country. Or withdraw a product or service from the market that gives rise to unacceptable risk.

Treat
You will almost certainly decide to take action on the most severe risks. You may act to reduce the likelihood of the risk
occurring, or the severity of the consequences if it does. For example, install a firewall to reduce the likelihood of an external
intrusion to your IT systems. And implement network segregation if an intruder does gain access.

Transfer
Insurance isn’t available for everything. Sometimes while it’s possible to transfer the activity to a third party, you still retain
the liability if things go wrong. In the case of the payment card industry data security standards (PCI DSS), a third-party
arrangement outsources merely the function, not the responsibility or liability for PCI compliance.

A. Specialist areas of risk management

What Is a Risk Management Specialist?

A risk management specialist is responsible for evaluating financial risks that could potentially impact a company or
organization. They are also responsible for looking at ways to reduce these risks by analyzing financial positions along with
monetary policy so that the company has insurance against future losses. Banks, investment companies, and private
businesses typically employ risk management specialists. Risk management specialists are considered to be financial
managers and tend to put in very long hours.
How to Become a Risk Management Specialist

The skills and qualifications to have a career as a risk management specialist include a degree in finance, accounting, or a
related field. Most employers consider applicants with a bachelor’s degree, however, some jobs may require a master’s
degree. Experience working in finance may be required. Working for a health care company, licensure may be required,
depending on the state. Voluntary certifications are available as well. It is also beneficial to have critical-thinking and
analytical skills to perform the job duties effectively.

RRASTURIASNAVARROHANDOUTS2NDSEM2023-2024
 B. Enterprise risk management

Enterprise risk management (ERM) is a methodology

that looks at risk management strategically from the
perspective of the entire firm or organization. It is a
top-down strategy that aims to identify, assess, and
prepare for potential losses, dangers, hazards, and
other potentials for harm that may interfere with an
organization's operations and objectives and/or lead
to losses.
Enterprise risk management takes a holistic approach and calls for management-level decision-making that may not
necessarily make sense for an individual business unit or segment. Thus, instead of each business unit being responsible
for its own risk management, firm-wide surveillance is given precedence.

It also often involves making the risk plan of action available to all stakeholders as part of an annual report. Industries as
varied as aviation, construction, public health, international development, energy, finance, and insurance all have shifted to
utilize ERM.

ERM, therefore, can work to minimize firmwide risk as well as identify unique firmwide opportunities. Communicating and
coordinating between different business units is key for ERM to be successful, since the risk decision coming from top
management may seem at odds with local assessments on the ground. Firms that utilize ERM will typically have a
dedicated enterprise risk management team that oversees the workings of the firm.

Modern businesses face a diverse set of risks and potential dangers. In the past, companies traditionally handled their risk
exposures via each division managing its own business. Enterprise risk management calls for corporations to identify all
the risks they face. It also makes management decide which risks to manage actively. As opposed to risks being siloed
across a company, a company sees the bigger picture when using ERM.

ERM looks at each business unit as a "portfolio" within the firm and tries to understand how risks to individual business
units interact and overlap. It is also able to identify potential risk factors that are unseen by any individual unit.

Companies have been managing risk for years. Traditional risk management has relied on each business unit evaluating
and handling their own risk and then reporting back to the CEO at a later date. More recently, companies have started to
recognize the need for a more holistic approach.

A chief risk officer (CRO), for instance, is a corporate executive position that is required from an ERM standpoint. The
CRO is responsible for identifying, analyzing, and mitigating internal and external risks that impact the entire corporation.
The CRO also works to ensure that the company complies with government regulations, such as Sarbanes-Oxley (SOX),
and reviews factors that could hurt investments or a company's business units. The CRO's mandate will be specified in
conjunction with other top management along with the board of directors and other stakeholders.
https://www.investopedia.com/terms/e/enterprise-risk-management.asp

C. Levels of risk management sophistication

RRASTURIASNAVARROHANDOUTS2NDSEM2023-2024
 https://www.pngkit.com/bigpic/u2r5y3o0y3u2q8w7/

RRASTURIASNAVARROHANDOUTS2NDSEM2023-2024