LEARNING UNIT 2 – PART I

RISK MANAGEMENT AND GOVERNANCE

Copy Right Reserved © University of the Free State 2024 1

 LEARNING OUTCOMES:
After completing this learning unit, students should be able to:
 Explain the concept of risk within a business or an organisation (business risk).
 Identify and explain the different types of risks (internal and external risks).
 Explain the risk management process.
 Explain key concepts/components of the risk management process.
 Explain how risks can be identified.
 Explain how risks are assessed and evaluated briefly.
 Identify and explain the different types of risk responses.
 Explain the implications of ineffective risk management (consequences).
 Explain who is responsible for the risk management process.
 Explain the monitoring, documentation and reporting of risks within a business or
organisation.
LU2: Study Guide, Page 5 Copy Right Reserved © University of the Free State 2024 2
 BUSINESS RISKS
• Not all risks will have an impact on a business.
• Specific risks associated with the nature and business of an entity are
referred to as business risks.
• ISA315.12 (b) defines business risk as a risk resulting from significant
conditions, events, circumstances, actions, or inactions that could
adversely affect an entity’s ability to achieve its objectives and execute
strategies

LU2: Study Guide, Page 10 Copy Right Reserved © University of the Free State 2024 8
 RISK MANAGEMENT PROCESS:
• Risks faced by any business or organisation should be managed.
• Minimising the possibility that adverse events would occur, minimising
the adverse effects should the risk occur.
• Risk Management Process:

Risk Identification Risk Evaluation Risk Response

LU2: Study Guide, Page 11 Copy Right Reserved © University of the Free State 2024 10
 RISK MANAGEMENT PROCESS
• Steps in a detailed risk management framework:

STEP 1: Risk Identification

STEP 2: Risk Evaluation

STEP 3: Risk Response

STEP 4: Risk Strategy Implementation

STEP 5: Risk Monitoring

STEP 6: Risk Strategy review

LU2: Study Guide, Page 12 Copy Right Reserved © University of the Free State 2024 11
 S T E P 1 : R I S K I D E N T I F I C AT I O N
• Process of finding, recognising, describing, and documenting the various business risks
that the entity is exposed to.
• Different strategies and sources that can be used:
• SWOT Analysis (Strengths, Weaknesses, Opportunities, Threats)
• Porter’s Five Forces Model (Competition, new entrants, customers, suppliers,
substitute)
• Stakeholder Engagement
• King IV: Six Capitals
• Financial, Intellectual, Manufactured, Natural, Human, and Social and Relational
Capital
• Why is this important?

LU2: Study Guide, Page 14 - 15 Copy Right Reserved © University of the Free State 2024 12
ST E P 1 :RIS K ID EN T IF I CAT IO N E XAM P LE :
By using Porter’s Five Forces module,
identify possible business risks for a
local barbershop.
Business risks:
 Existing competitor barbershop
offering cheaper haircuts
 New barbershops
 Cheaper products offered by retailers
or competitors
 Any other business risks?

Copy Right Reserved © University of the Free State 2024 13

 S T E P 2 : R I S K E VA L U AT I O N :

• The evaluation process involves assessing:

• Likelihood of occurring (Possibility of the risk occurring)
• Impact (effect) when occurring (Effect the risk would have if the risk
happend)
• Ranking and prioritising of risks identified

LU2: Study Guide, Page 14 Copy Right Reserved © University of the Free State 2023 14
 R I S K M AT R I X | R I S K M A P

Which of these risks should management give most attention to?

LU2: Study Guide, Page 14 - 15 Copy Right Reserved © University of the Free State 2024 15
 RANKING AND PRIORITISING OF RISKS

1 - Risk of theft
(physical or digital)

2 - Risk of broken
windows

3 - Risk of strong
winds / tornado
LIMITED RESOURCES

Copy Right Reserved © University of the Free State 2024 16

 RISK APPETITE
• Risk Appetite: How much risk the business is willing to accept to achieve
its objectives.
• The board will determine the risk appetite of the business.
• Depend on stakeholder and investor demands
• Expected returns

LU2: Study Guide, Page 17 Copy Right Reserved © University of the Free State 2024 17
 LEVELS OF RISK TOLERANCE
• Levels of risk tolerance: Specific limit of risk that an entity will
tolerate to achieve its objectives.
• Based on the Risk Appetite of the business
• Above the limit – Not Accept (Do something to reduce the risk)
• Below the limit - Accept

LU2: Study Guide, Page 17 Copy Right Reserved © University of the Free State 2024 19
 RISK RESPONSE
• Businesses should respond to business risks that have been identified.
• Respond based on the ranking / priority of the business risks identified.
• If the risk is above the tolerable level = unacceptable risks.
• Respond to unacceptable risks.
• If the risk ranking / priority is below the tolerable level = accept the risk
(consequences if the risk would materialise)
• Different types of responses management can adapt for different risks

LU2: Study Guide, Page 16 - 17 Copy Right Reserved © University of the Free State 2024 20
 TYPES OF RISK RESPONSES:

Risk tolerance or Transferring of risk to Mitigation or

acceptance a third party treatment of risk

Avoidance or Exploitation of the

Risk diversification
termination of activity opportunity

LU2: Study Guide, Page 16 - 17 Copy Right Reserved © University of the Free State 2024 21
HOMEWORK AND
A D M I N I S T R AT I O N :
• Class changes
• Independent learning classes
• Question 2.1 (Will be posted on Blackboard)
• Question 2.2 (Will be posted on Blackboard)

Copy Right Reserved © University of the Free State 2024 22

ANY
QUESTIONS?

Copy Right Reserved © University of the Free State 2024 23