Risk management

F.Manuere
 What is risk
• Risk refers to the
possibility that
something unexpected
or not planned for will
happen.
 Types of risks
•THERE IS
DOWNSIDE
RISK AND
UPSIDE RISK
 Downside risk
•The risk that actual
events will turn out
worse than
expected.
 Upside risk
• The risk that events
will turn out better
than expected, ed
gratia, a sudden
increase in profits.
Categories of risk

•Business risks.
•Financial risks .
 Business risk
•These are risks in
the operation of a
business.
 Business risks
•Risks that target
the performance
of the company.
 Examples
•1. Sudden increase
or fall in demand of
products/services.
 Examples
2.Obsolescence/t
echnological
change.
 Examples
•Competition
 Examples
•Liabilities or
losses.
 Liabilities
• Damage to property,
actions by employees,
injuries to employees =
solutions take out
insurance policies.
 Credit risk
• Debts losses,
borrowers failing to
pay back lenders.
Banks are good
examples.
 Examples
•Foreign exchange
risk.
 Interests rate risk
•SUDDEN FALL OR
RISE IN THE PRICE
OF LOANS.
 Risk Management
• It involves; risk
identification, risk
evaluation, risk
management measures,
risk control and risk
review.
 Risk identification
• Methods used are;
• 1.Internal audit
programmes(IAPs).
• 2.Hazard and operability
studies(HAZOPs).
• 3. Environmental audit
programmes(EAPs).
 IAPs
•Refer to SPAMSOAP
 HAZOPs

• This is used by manufacturing

organisations to identify
physical and procedural
hazards in their operations.
 EAPs
• This is used to assess major
environmental risks caused by
companies engaged in
chemical processing, oil
extraction, and water supply.
 Risk evaluation
• This is the determination of
the size of the risk, whether
the risk will materialise,
whether the losses caused are
low or high ,whether some
risks are insurable.
 Risk mgt measures
• 1.insurance.
• 2.Avoid.
• 3.Accept.
 Control and review
•SPAMSOAP
 Internal control systems
• This consists of the
control environment
and the control
procedures.
 Control environment
• Corporate culture
,leadership style,
employee attitude to
internal control
systems.
 Control procedures and
policies
• SPAMSOAP
 The spam soap
• Segregation of duties,
• Physical controls,
• Authorisation and approval,
• Management controls,
• Supervision,
• Organisation,
• Arithmetic accounting controls,
• personnel
 Segregation of duties
• Duties should be split
between two or more
people, so that the work
done by one person acts
as a check on the work
done by another.
 Physical controls
• Measures such as, putting
cash in a safe, banking
cash receipts,
immediately, preventing
unauthorised access to
computer systems.
Authorisation and approval
• All financial transactions
should require the
authorisation or approval
of an appropriate
responsible person.
 Management controls
• This is the use of a
budget to monitor
expenditure and
revenue
 Supervision
• The day to day
monitoring of the work
of employees to detect
and prevent fraud.
 Organisation
• Refers to levels of
responsibilities ,lines
of authority and
reporting .
 Arithmetic accounting
controls
•Used to check the
accuracy of records
and numbers.
 Personnel
•Refers to highly
skilled employees.
 Role of the board
• Usually the board of directors have the
following responsibilities:
• •Select competent board members; and
establish guidelines to govern the board
organization and structures.
• •Select competent executive officers, evaluate
and compensate them accordingly;
 xx
• •review and approve the
management-developed
strategy i.e. approve the overall
risk-appetite of the institution;
• •monitor the control of the
environment;
 zz

• •ensure that the necessary

corrective actions are taken to
remedy the situation;
• •ensure the compliance of the
institution with its legal and
regulatory requirements;
 cc

Directors are to perform

• •

these functions in the

best interest of the
shareholders and other
stakeholders.
 Role of the board

• 5. The board and senior management should

effectively utilize the work conducted by the
internal audit function, external auditors
and internal control functions
• •External audits - the board and senior
management should:
 vv
• –Engage external auditors to review
internal controls relating to financial
statements
• –Ensure that external auditors comply
with applicable codes & standards of
professional practice
• –Ensure that external auditors understand
their duties
 gg
• •6. The board should ensure that
compensation policies and practices are
consistent with the bank’s corporate
culture, long-term objectives and strategy,
and control environment
• Avoid compensation policies that create
incentives for excessive risk-taking
 ROLE OF management

• Current Version made up of Eight

Framework Components
• •Internal Environment – risk
management philosophy and risk
appetite, ethical values, etc
••
 aaaz
• Objective setting –
Management must have
process to set objectives and
ensure it aligns with entity’s
mission and are consistent
with risk appetite
 nn
• •Event
Identification – Internal
and external events affecting
achievement of objectives
must be identified, distilling
between risk and opportunity
 rr
• •Risk Assessment – Risks are
identified and analyzed
considering likelihood and
impact, as a basis for determining
how they are managed.
•.
 tt
• •Risk response –
Develop set of actions
in line with risk appetite
– avoid, accept, reduce
or share risks
 qq
Control Activities –
• •

Policies and procedures

to ensure risk response
is effectively
implemented
 oo
• Monitoring – Entirety of
enterprise risk
management is monitored
and modifications made as
appropriate