Risk Assessment Skill
Boards as a whole must spot problems early and blow the whistle, exercising constructive dissatisfaction. On a revitalized board, directors have enough confidence in the process to vigorously challenge one another, including the company s chief executive. Operating statements balance sheets, and statements of cash flow that compare current period and year-to-date numbers with the corporate plan and the previous year; Cont .
Management briefs that explain variations of the above from plan, including a revised forecast for the rest of the year; Market-share figures; Minutes of management committee meetings in which key reports were presented or capital expenditure actions taken; Important news articles about the company and its competition; Reports from financial analysts about the company and its competition. Cont ..
For this purpose the company should subject itself to periodic external and internal risk reviews. The Board must satisfy itself that appropriate risk management systems and procedures are in place to identify and manage risks.The Elements of Good Corporate Governance
Risk management: The Board has the ultimate responsibility for identifying major risks to the organization. setting acceptable levels of risk and ensuring that senior management takes steps to detect. monitor and control these risks.
safety and environment.Board Disclosure Risk Management
The company shall lay down procedures to inform Board members about the assessment and minimization. These procedures shall be periodically reviewed to ensure that executive management controls risk through means of a properly defined framework. which are beyond financial and insurable hazards. health. UK Combined Code states The Board should maintain a sound system of internal control to safeguard its shareholder s investment and the company s assets . ethics.
Value and Risk Management
Corporate Risk Management (CRM) is a tool to address portfolio of risks reputation. e-business.
under Board supervision. and reviewing internal financial controls The responsibility of the audit committee for reviewing all the company s internal control systems and risk management systems Internal audit
. identifies the risk arising from business and establish the priorities for control and particular objectives . Three main areas relating to controls and risk management: The Board s responsibility for the system of internal control.Risk Management
Cadbury Committee on Risk Management
It describes risk management as the process by which Executive Management.
Typical items in an initial briefing about risk management
An overview of the risk management framework and process actually followed An explanation as to how risk management relates to the overall business plan and related functions such as audit details of the resources and staff devoted to risk management Any regulatory and legislative requirements in relation to risk management (for example in the pharmaceutical engineering or banking industries) The major risk categories that the organization faces and how these are ascertained
the risk environment and individual risks
.Methods of keeping the risk assessment up to date The major individual risks and their historical and expected impact The alternative management strategies available and why certain strategies have been preferred and implemented An assessment of the cost and benefit of alternative risk management strategies in specific significant areas The measurement process in place to validate the effectiveness of the risk management strategies in place Most recent risk management reports Current issues in relation to the risk management framework.
Are risk management activities/ responsibilities included in job descriptions? How do our performance management and incentive systems link to our risk management practices?
. why not? Is accountability for risk management transparent at the management level? If not.Risk Structure
Is there a common risk management language/ terminology across the organization? If not. describe how this has been achieved. why not? If yes.
How does the organization adapt its activities as strategies and process change? (ii) Reputation risk What are the risks to brand and reputation inherent in the way the organization executes its strategies?
.Types of Risk and their assessment
(i) Operational risk 1. given its appetite for risk? 3. What are the risks inherent in the processes chosen to implement the strategies? 2. How does the organization identify. quantify and manage these risks.
(iii) Regulatory or contractual risk Which financial and non-financial risks are related to compliance with regulations or contractual arrangement? (iv) Financial risk 1. Are our information systems reliable?
. relevant and timely? 2. Have operating processes put financial resources at undue risk? 2. Is our data/ information/ knowledge reliable. Has the origination incurred unreasonable liabilities to support operating processes? (v) Information technology risk 1.
. political or criminal risks. including our e-business strategy? (vi) New risks 1. outsourcing risks. What risks have yet to develop? These might include risks from new competitors or emerging business models. Do our security systems reflect our reliance on technology. 2. relation risks. In a business environment that is constantly changing. describe them. recession risks.3. financial disasters such as rogue traders and other crisis and disaster risks. why not? If yes. are there processes in place to identify emerging risks? If not.
Identification of nature of risk Following covered under enterprise risks (a) Industry and Services Risks ² Economic risks such as dependence on one product. etc in the short and long term. revenues and customer preferences ² Customer relations risks
. costs. one process. one industry. ² Service risks ² Market structure ² Business dynamics ² Competition risks affecting tariffs prices. one client.
etc.(b) Management and Operations Risks ² Risks to property ² Clear and well defined work process ² Changes in technology/ upgradation ² R & D risks ² Personnel risks ² Environmental and pollution control regulations. cities. ² Locational benefits near metros. etc
. railway stations. ports.
interest rates risks and forex risks namely. fluctuation risks and interest rate risk in respect of foreign exchange transactions. suppliers. strikes. cargo risks. riots and civil commotion. etc.
(d) Political risks
² Elections ² War risks ² Country/ Area risks ² Insurance risks. quality. like Fire. ² Fiscal/ monetary Policy Risks including Taxation risks.(c) Market risks
² Raw material rates ² Transportation risks ² Quantities.
. lead time. marine risks.
etc.(e) Credit Risks
² Creditworthiness risks ² Risks in settlement of dues by clients ² Provision for doubtful and bad debts
(f) Liquidity risks
² Financial solvency and liquidity risks ² Borrowing limits.
. earthquakes. floods. delays ² Cash/ Reserve management risks ² Tax risks
(g) Disaster risks
² Natural risks like fires.
(h) Systems risks ² System capacities ² System reliability ² Obsolescence risks ² Data integrity risks ² Coordinating and interface risks
. Mines Act.² Man-made risk factors arising under the Factories Act. ² Risk of failure of effective Disaster Management Plans formulated by the company. etc.
² Contractual liability ² Frauds ² Judicial risks ² Insurance risks
.(i) Legal Risks .
why not? If yes. why not? If yes.Optimization
Does the risk approach include a regular search for new markets. how is this achieved? Is risk a priority consideration whenever business processes are improved? If not. describe how this is achieved?
. partnering opportunities and other risk optimization strategies? If not.
How is our risk strategy linked to our business strategy? 3. Is our risk appetite (the amount of risk the organization is willing to take) clear? How is it linked to our objectives? 5. Is our risk management policy clearly articulated and communicated to the organization? If not. how has this been achieved? 4. What are the risks inherent in our business strategies and objectives? 2. How has the board s perspective on risk permeated the organisation and culture?
. why not? If yes.Risk Management Framework
Product liability claims v. Theft iii.Debtor default
viii. Fraud ii. Fire/ earthquake vi.IT failure vii.Professional negligence iv.Strike
.Identification of Risk
Can arise from any of the following: i.
Credit .Political iv.Categorization of risk
May vary from industry to industry and amongst risk practitioners i. Attrition iii.. Catastrophe ii.
.Market v. Operational vi.
Rating the Risk Risk Scale
Scale 1 2 3 4 5 Impact Probability Catastrophic Certain High Almost certain Moderate Probable Low Very-low Somewhat unlikely
. Insure c. Control . Ignore b. Transfer d.Managing Risk
Avoidance may seem the answer to all risks. Risk transfer causing another party to accept the risk typically by contract or by hedging.Management Technique for Risks
Risk avoidance . Risk retention Is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained.A strategy may be prohibitive in cost. Risk reduction . but avoiding risks also means losing out on the potential gains that accepting the risk may have involved.