Professional Documents
Culture Documents
PSU-PCAT
RISK MANAGEMENT
The study of risk management began after World War II. Risk management has long been associated with
using market insurance to protect individuals and companies from various losses associated with accidents.
Other forms of risk management, alternatives to market insurance, surfaced during the 1950s when market
insurance was perceived as very costly and incomplete for protection against pure risk. The use of derivatives
as risk management instruments arose during the 1970s, and expanded rapidly during the 1980s, as
companies intensified their financial risk management. International risk regulation began in the 1980s, and
financial firms developed internal risk management models and capital calculation formulas to hedge against
unanticipated risks and reduce regulatory capital. Concomitantly, risk management governance became
essential, integrated risk management was introduced and the chief risk officer positions were created.
Nonetheless, these regulations, governance rules, and risk management methods failed to prevent the
financial crisis that began in 2007. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2231635
RRASTURIASNAVARROHANDOUTS2NDSEM2023-2024
C. 7R’s of (hazard) risk management
recognition of risks; •
ranking of risks; •
resourcing controls;
Risk management can improve the management of the core processes of an organization by ensuring that key
dependencies are analyzed, monitored and reviewed. Risk management tools and techniques will assist with the
management of the hazard risks, control risks and opportunity risks that could impact these key dependencies.
Tolerate
Sometimes it’s okay to do nothing. The likelihood and impact of the risk is low. You may decide to simply retain the risk
because it is acceptable without further actions. Log and monitor the risk because retaining a risk should always be an
informed decision. You should not find that your organization has retained a risk by default.
Terminate
Sometimes a risk is so far outside your risk appetite. Or is assessed as having such a severe impact on your business that
you have to stop (i.e. terminate) the activity causing it. For example, you may decide not to start or continue a business
activity in a particular country. Or withdraw a product or service from the market that gives rise to unacceptable risk.
Treat
You will almost certainly decide to take action on the most severe risks. You may act to reduce the likelihood of the risk
occurring, or the severity of the consequences if it does. For example, install a firewall to reduce the likelihood of an external
intrusion to your IT systems. And implement network segregation if an intruder does gain access.
Transfer
Insurance isn’t available for everything. Sometimes while it’s possible to transfer the activity to a third party, you still retain
the liability if things go wrong. In the case of the payment card industry data security standards (PCI DSS), a third-party
arrangement outsources merely the function, not the responsibility or liability for PCI compliance.
A risk management specialist is responsible for evaluating financial risks that could potentially impact a company or
organization. They are also responsible for looking at ways to reduce these risks by analyzing financial positions along with
monetary policy so that the company has insurance against future losses. Banks, investment companies, and private
businesses typically employ risk management specialists. Risk management specialists are considered to be financial
managers and tend to put in very long hours.
How to Become a Risk Management Specialist
The skills and qualifications to have a career as a risk management specialist include a degree in finance, accounting, or a
related field. Most employers consider applicants with a bachelor’s degree, however, some jobs may require a master’s
degree. Experience working in finance may be required. Working for a health care company, licensure may be required,
depending on the state. Voluntary certifications are available as well. It is also beneficial to have critical-thinking and
analytical skills to perform the job duties effectively.
RRASTURIASNAVARROHANDOUTS2NDSEM2023-2024
B. Enterprise risk management
It also often involves making the risk plan of action available to all stakeholders as part of an annual report. Industries as
varied as aviation, construction, public health, international development, energy, finance, and insurance all have shifted to
utilize ERM.
ERM, therefore, can work to minimize firmwide risk as well as identify unique firmwide opportunities. Communicating and
coordinating between different business units is key for ERM to be successful, since the risk decision coming from top
management may seem at odds with local assessments on the ground. Firms that utilize ERM will typically have a
dedicated enterprise risk management team that oversees the workings of the firm.
Modern businesses face a diverse set of risks and potential dangers. In the past, companies traditionally handled their risk
exposures via each division managing its own business. Enterprise risk management calls for corporations to identify all
the risks they face. It also makes management decide which risks to manage actively. As opposed to risks being siloed
across a company, a company sees the bigger picture when using ERM.
ERM looks at each business unit as a "portfolio" within the firm and tries to understand how risks to individual business
units interact and overlap. It is also able to identify potential risk factors that are unseen by any individual unit.
Companies have been managing risk for years. Traditional risk management has relied on each business unit evaluating
and handling their own risk and then reporting back to the CEO at a later date. More recently, companies have started to
recognize the need for a more holistic approach.
A chief risk officer (CRO), for instance, is a corporate executive position that is required from an ERM standpoint. The
CRO is responsible for identifying, analyzing, and mitigating internal and external risks that impact the entire corporation.
The CRO also works to ensure that the company complies with government regulations, such as Sarbanes-Oxley (SOX),
and reviews factors that could hurt investments or a company's business units. The CRO's mandate will be specified in
conjunction with other top management along with the board of directors and other stakeholders.
https://www.investopedia.com/terms/e/enterprise-risk-management.asp
RRASTURIASNAVARROHANDOUTS2NDSEM2023-2024
https://www.pngkit.com/bigpic/u2r5y3o0y3u2q8w7/
RRASTURIASNAVARROHANDOUTS2NDSEM2023-2024