RISK MANAGEMENT

UNIT 3, LESSON 2
RISK

▪ “an uncertain event or set of circumstances that, should it occur, will have an
effect on achievement of one or more project objectives; this effect could be
positively or negatively”
▪ “the combination of the probability of an event and its consequences” (ISO/-EC
Guide 73, Institute of Risk Management, 2002)
▪ “uncertain future events which could influence the achievement of the
organization’s strategic, operational and financial objectives” (IFAC, 1999)
▪ “any event that might affect a listed company’s performance, including
environmental, ethical and social risks” (Institute of Chartered Accountants in
England & Wales, 1999)
RISK MANAGEMENT

▪ “The process by which organizations methodically address the risks

attaching to their activities with the goal of achieving sustained benefit
within each activity and across the portfolio of all activities. The focus of good
risk management is the identification and treatment of these risks. Its
objective is to add maximum sustainable value to all the activities of the
organization. It marshals the understanding of the potential upside and
downside of all those factors which can affect the organization. It increases
the probability of success, and reduces both the probability of failure and
the uncertainty of achieving the organization’s overall objectives”
(Institute of Risk Management)
BENEFITS OF RISK MANAGEMENT

1. Being seen by stakeholders as profitable and successful;

2. Being seen by stakeholders as predictable, with analysts comfortable with what the
organization is saying;
3. Not issuing profit warnings, or having major exceptional items to report to shareholders;
4. Proactively managing mergers and acquisitions;
5. Reducing the impact of any impairment of goodwill;
6. Maintaining brand reputation;
7. Being seen by stakeholders to be adopting corporate social responsibility and being a good
corporate citizen;
8. Having a well-managed supply chain;
9. Having a good credit rating.
COMMON FEATURES OF RISK MANAGEMENT

Linked closely with achieving

business objectives
Addressing both ‘upside’ and
‘downside’ risks
Involving the identification
and treatment of risks
Reducing both uncertainties
and the probability of failure
AVENUES OF RISK MANAGEMENT

HAZARD FROM
• Managing the risk associated with compliance and prevention

UNCERTAINTY THROUGH
• Managing to minimize the risks of uncertainty in respect of
operating performance
OPPORTUNITY MOVING HIGHER TO
• Managing opportunity risks to increase and sustain shareholder
value
GUIDING QUESTIONS IN RISK MANAGEMENT

(a) What are the drivers of business value?

(b) What are the key risks associated with
these drivers of value?
The Risk Management
Process according to
PROCESS OF RISK MANAGEMENT
1. Map the business processes that drive value to answer the International
this question; Federation of
2. Identify and analyze the business risks
Accountants (1999)
3. Establish the appropriate responses that will have the
most impact on the value drivers. report
 DIFFERENT VIEWS ON RISK

Risk as • Risk management in this context is using management techniques to reduce the
probability of the negative event without undue cost
HAZARD or THREAT • Responsibility rests on financial controllers, internal auditors and insurance specialists

• The notion of the distribution of all possible outcomes (positive and negative)
Risk as • Risk management in this context is on reducing the variance between anticipated and
actual outcomes
UNCERTAINTY • Concerns chief financial officers, line managers in-charged of operation

Risk as • Accepts that with greater risk comes greater return (and greater potential loss)
• Risk management in this context is on maximizing the upside or benefits
OPPORTUNITY • Concerns senior management and corporate planners?
ENTERPRISE GOVERNANCE (BY CIMA)
ENTERPRISE RISK MANAGEMENT (ERM)

▪ ERM
▪ A process effected by an entity’s board of directors, management and other
personnel, applied in strategy setting and across the enterprise, designed
to identify potential events that may affect the entity, and manage risk to
be within its risk appetite, to provide reasonable assurance regarding the
achievement of entity objectives

▪ ERM Framework
▪ describes the critical principles and components of an effective enterprise
risk management process
▪ how all important risks should be identified, assessed, responded to and
controlled
ENTERPRISE RISK MANAGEMENT (ERM)

▪ a risk-based approach to managing an enterprise, integrating concepts of

strategic planning, operations management, performance management and
internal control.

Risk Management Structure Resources

(identification and communication of risk) (support to risk management)

ERM

Tools and techniques

Risk culture (to enable the efficient and consistent
management of risks across the organization.)
HOW FIRMS MANAGE RISKS

MODELS/APPROACHES TO RISK MANAGEMENT

1. COSO’S ERM FRAMEWORK

2. The Institute of Risk Management standard.
3. Australia/New Zealand Standard AS/NZS 4360:2004.
4. CIMA’s risk management cycle.
COSO’S ENTERPRISE RISK MANAGEMENT
(ERM) FRAMEWORK
▪ COSO (Committee of Sponsoring Organizations of the Treadway Commission)
▪ is a voluntary private-sector organization dedicated to improving the quality of financial
reporting through business ethics, effective internal controls, and corporate governance.
▪ is dedicated to guiding executive management and governance entities toward the
establishment of more effective, efficient, and ethical business operations
▪ sponsors and disseminates frameworks and guidance based on in-depth research,
analysis, and best practices
▪ Members:
▪ American Institute of Certified Public Accountants
▪ American Accounting Association
▪ Financial Executives International
▪ Institute of Management Accountants
▪ The Institute of Internal Auditors
 COSO’S ERM FRAMEWORK
▪ Aligning risk appetite and strategy – Management considers the entity’s
risk appetite in evaluating strategic alternatives, setting related objectives,
Aligning risk
appetite with
and developing mechanisms to manage related risks.
strategy ▪ Enhancing risk response decisions – Enterprise risk management provides
the rigor to identify and select among alternative risk responses – risk
Improving the Enhancing avoidance, reduction, sharing, and acceptance.
deployment risk response
of capital decisions ▪ Reducing operational surprises and losses – Entities gain enhanced
capability to identify potential events and establish responses, reducing
surprises and associated costs or losses.
ERM ▪ Identifying and managing multiple and cross-enterprise risks – Every
enterprise faces a myriad of risks affecting different parts of the
Proactively
seizing
Reduction of
surprises and
organization, and enterprise risk management facilitates effective response
opportunities losses to the interrelated impacts, and integrated responses to multiple risks.
▪ Seizing opportunities – By considering a full range of potential events,
Identifying
interrelated management is positioned to identify and proactively realize opportunities.
impact of
multiple risks ▪ Improving deployment of capital – Obtaining robust risk information
allows management to effectively assess overall capital needs and enhance
capital allocation.
COSO’S ERM FRAMEWORK

ERMS seeks the following

Strategic organizational objectives:
1. Strategic – high-level goals,
aligned with and supporting its
mission
Compliance
Organizational
Objectives
Operations 2. Operations – effective and
efficient use of its resources
3. Reporting – reliability of reporting
4. Compliance – compliance with
Reporting applicable laws and regulations.
COSO’S ERM FRAMEWORK

Interrelated Components of COSO’s ERM model

Internal Environment the tone of the organization (risk
management policy and risk appetite)
Objective Setting Setting objectives which are aligned to
the mission and risk appetite
Event Identification Events (risks and opportunities)
affecting the achievement of objectives
are identified.
Risk Assessment Likelihood and impact of risks are
identified and analyzed
Risk Response whether to avoid, accept, reduce or
share risk (aligned with risk appetite)
Control Activities policies and procedures to ensure
carrying out of the response
Information and
communication
Monitoring Evaluations and necessary modification
OTHER FRAMEWORK:
THE INSTITUTE OF RISK MANAGEMENT STANDARD (IRM)

• Risk management process, risk assessment

comprises risk analysis and risk evaluation
• Risk analysis - processes of
identification, description and
estimation of risk
• Risk evaluation is used to make
decisions about the significance of risks
to the organization and whether each
specific risk should be accepted or
treated.
OTHER FRAMEWORK:
AUSTRALIA/NEW ZEALAND STANDARD (AS/NZS 4360:2004)

Five Steps in the Risk Management Process

1. Establish the goals and context for risk
management;
2. Identify risks;
3. Analyze risks in terms of likelihood and
consequences and estimate the level of risk
faced;
4. Evaluate and rank those risks;
5. Treat the risks through the most appropriate
options.
OTHER FRAMEWORK:
CIMA’S RISK MANAGEMENT CYCLE

The cycle begins with identifying risks,

assessing the scale of risks, developing a risk
response strategy, implementing the strategy
(which involves allocating responsibilities),
implementing and monitoring controls and
reviewing the effectiveness of the process. At
the centre of the cycle is the provision of
information for decision-making.
 WHAT ARE THE
LIMITATIONS OF
ERM?
SUPPLEMENTARY

▪ Crash course on Subprime Mortgages

▪ https://youtu.be/GPOv72Awo68