Professional Documents
Culture Documents
MANAGEMENT
First Semester
Sy 2020-2021
DEFINITION
• A systematic process embedded in a company’s system of internal control (spanning all
business activity), to satisfy policies effected by its board of directors, aimed at fulfilling its
business objectives and safeguarding both the shareholder’s investment and the company’s
assets.
• ERM has to satisfy a series of parameters. It must be embedded in a business’s system of
internal control, while at the same time it must respect, reflect and respond to the other
internal controls. Enterprise risk management is about protecting and enhancing share value
to satisfy the primary business objective of shareholder wealth maximization. It must be
multifaceted, addressing all aspects of the business plan from the strategic plan through to
the business controls:
• strategic plan
• marketing plan
• operations plan
• research and development
• management and organisation
• forecasts and financial data
• financing
• risk management processes
• business controls
THE INTEGRATION OF ERM
BENEFITS OF ERM
• Align risk appetite and strategy
• Minimise operational surprises and losses
• Enhance risk response decisions
• Resources
• Identify and manage cross-enterprise risks
• Link growth, risk and return
• Rationalise capital
• Seize opportunities:
There are three major benefits of ERM: improved business performance, increased
organizational effectiveness and better risk reporting.
THE ERM FRAMEWORK
DISCUSSION
1. If Enterprise Risk Management was implemented before the pandemic, do you think it can
help businesses to increase their chances of survival? If yes, in what way?
2. Which business industry would most likely survive this pandemic? Least likely?Why?
INTERNAL CONTROL AND RISK
MANAGEMENT
An internal control system encompasses the policies, processes, tasks, behaviors and other
aspects of a company that, taken together:
It is a set of coordinated activities to direct and control an organization with regard to risk.
It deals with the identification, assessment and various strategies that help mitigate the adverse
effects of risk on the organization.
PURPOSE OR RISK MANAGEMENT
• To mitigate the loss of property and increase the chance of success of the organization
• To identify potential events that may affect the entity and manage risks to be within its risk
appetite in order to provide reasonable assurance regarding the achievement of entity's
objectives.
• To achieve maximum sustainable value from all the activities of the organization.
• Enhances the understanding of the potential upside and downside of the factors that can
affect an organization.
• Increases the probability of success and reduces both the probability of failure and the level
of uncertainty associated with achieving the objectives of the organization.
BENEFITS OF EFFECTIVE ERM
The briefing states the following potential benefits of effective risk management:
• Early mover into new business areas
• Greater likelihood of achieving business objectives
• Higher share prices over the longer term
• Reduction in management time spent “fire fighting”
• Increased likelihood of change initiatives being achieved
• More focus internally on doing the right things properly
• Lower cost of Achievement of competitive advantage
• Fewer sudden shocks and unwelcome surprises
TYPES OR RISK
1. SYSTEMATIC/SYSTEMIC RISKS- Uncontrollable by an organization and MACRO in
nature. (Ex. Political risks)
(2) The specific business activity, process or project, forming the subject of the risk
management study.
STAGE 2: RISK IDENTIFICATION
• The purpose of the risk assessment stage is to provide a judgement of the likelihood and
impact of the risks and opportunities identified, should they materialise.
STAGE 4: RISK EVALUATION
• The plan stage uses all of the preceding risk management effort to produce responses and
specific action plans to address the risks and opportunities identified to secure the business
objectives.
RISK RESPONSE STRATEGIES
• Risk reduction
• Risk removal
• Risk retention
STAGE 6: RISK MANAGEMENT
Risk management requires undertaking four key activities:
1. Reacting
2. Registering
3. Reviewing
4. Reporting
RISK MANAGEMENT PROCESS (A-T-M)
2. Risk
Identification
3-4.Risk
Assessment and
Evaluation
RISK ASSESSMENT PHASE
• Risk identification establishes the exposure of the organization to risk and uncertainty. This
requires an intimate knowledge of the following:
1. organization
2. the market in which it operates;
3. the legal, social, political and cultural environment in which it exists; and
4. an understanding of strategic and operational objectives.
• Risk analysis activity assists the effective and efficient operation of the organization by
identifying those risks that require attention by management
• The result of the risk analysis can be used to produce a risk profile. It provides a tool for
prioritizing risk treatment efforts.
METHODS OF RISK
IDENTIFICATION
• Strengths, Weaknesses, Opportunities and Threats (SWOT) Analysis
• Political, Economic, Social, Technological, Environmental, Legal and Industial (PESTELI)
Analysis
• Flowcharts and dependency Analysis - analysis of processes and operations within the
organization to identify critical components that are key to success
• Questionnaires and checklists - Use structured questionnaires and checklists to collect
information to assist with the recognition of the significant risks
• Workshops and brainstorming - Collection and sharing of ideas and discussion of the
events that could impact the objectives, stakeholder expectations or key dependencies.
• Inspections and audits - Physical inspections of premises and activities and audits of
compliance with established systems and procedures
RISK TREATMENT PHASE
• Risk treatment is presented in ISO 31000 as the activity of selecting and implementing
appropriate control measures to modify the risk.
• Risk treatment includes as its major element, risk control (or reduction), but extends further
to, for example, risk avoidance, risk retention, risk transfer and risk exploitation.
• Any system of risk treatment should provide efficient and effective internal controls.
AVOID OR ACCEPT TRANSFER
• Divest by exiting a market or geographic area, or by • Insure through cost-effective contract with
selling, liquidating or spinning-off a product group. independent, financially capable party under a well-
• Eliminate at the source by designing and defined risk strategy
implementing internal preventive processes. • Hedge risk by entering in to capital markets
• Accept risk at its present level taking no further • Share risks/rewards of investing in new markets and
action products by entering into alliances or joint venture
• Re-price products/services by including a premium
(if market condition allows)
REDUCE/CONTROL/MITIGATION EXPLOIT
• Control risk through internal processes or actions that • Expand business portfolio by investing in new
reduce the likelihood of undesirable events occurring industries and geographic areas
to an acceptable level • Reorganize processes through restructuring, vertical
integration, outsourcing and re-engineering
• Redesign the company's business model
RISK MONITORING PHASE
• Monitoring and review ensures that the organization monitors risk performance and learns
from experience.
• Monitoring and review as the final step involves understanding the impact of the control
mechanisms developed on the hazard and the risk it poses.
SAMPLE RISK REGISTER
(SHOW RISK REGISTER OF CHINA BANK CORPORATION)