CHA PTER 11 -

RISK
MANAGEMENT
 1. DEFINE WHA T IS RISK
MA NA GEMENT
2.EXPLA IN BRIEFLY THE PRINCIPLES OF
RISK
MANAGEMENT
3.DESCRIBE THE ELEMENTS OF RISK MANAGEMENT

EXPECTED 4.DEFINE THE RELEVANT RISK TERMINOLOGIES

LEARNING 5.DESCRIBE THE POTENTIA L TREA TMENTS

OR A PPROA CHES IN MA NA GING RISKS

OUTCOMES 6.EXPLAIN THE AREAS OF RISK MANAGEMENT

7.DESCRIBE THE STEPS IN THE RISK MANAGEMENT

PROCESS

8.FAMILIARIZE WITH THE SEC REQUIREMENTS IN

DEALING WITH ENTERPRISE-WIDE RISK

 RISK COMES FROM
NOT KNOWING WHAT
YOU'RE DOING.
RISK - IS THE POSSIBILITY OF SOMETHING
BA D HAPPENING

RISK - IS PROCESS
MA NA GEMENT THE OF
MEASURING STRATEGIES
DEVELOPING OR ASSESSING RISK A ND
TO MANAGE
IT
 1. CREATE VALUE - spent
BASIC resources m itigate risk to
PRINCIPLES than
should be less of inaction (i.e. the
consequence

OF RISK benefits should exceed the costs)the

2.Address uncertainty and assumptions
MA NA GEMENT 3.Be an integral part of the
organizational processes and decision-
4. making
Be dynam ic, iterative, transparent,
tailorable, and responsive to change
5. Create the capability of continual
im provem ent and enhancement
considering the best available information
and human factors
6. Be systematic, structured, and continually
or periodically reassessed
 PROCESS OF RISK
MANAGEMENT
1.Establishing the Context - This involves the following:
a.Identification of the risk in a selected domain of interest
b.Planning the remainder of the process
c.Mapping out the following:
i.the social scope of risk management
ii.the identity and objectives of stakeholders
iii.the basis upon which risks will be evaluated, constraints
d. Defining a framework for the activity and an agenda for identification
e.Developing an analysis of risks involved in the process
f.Mitigation or solution of risks using available technological,
hum an and organizational resources
2.Identification of potential risks - common risk identification methods are:
a. Objective-based risk
b . Scenario-based risk
c . Taxanom y-based risk
d . Com m on-risk checking
e. Risk charting
3. Risk Assessment - Once risks have been identified, their potential
severity of impact and the probability of occurence must be assessed.
The assessment process is critical to make the best educated decisions
in prioritizing the implementation of the risk management plan.
ELEMENTS OF
RISK Identification, charracterization, and
1
MA NA GEMENT assessement of threats

Assessment of the vulnerability of

2 critical assets to specific threats

Determination of the risk (i.e. the

3 expected likelihood and consequences of
specific types of attacks on specific
assets
4 Identification of ways to reduce those
risks
Prioritization of risk reduction
5 measures based on a strategy
RELEVANT RISK
TERMINOLOGIES
I. R isk s A sso c iated w ith In vestm en t
a. Business Risk - refers to the uncertainty a b o u t the rate of a return caused by the nature of the business.
Most frequently discussed as business risks are the firm's sales a n d operating expenses.
b. Financial Risk - refers to the possibility of losing m o n e y o n an investment or business venture. A firm's
capital structure or sources of financing determines the financial risk.
c. Liquidity Risk - is associated w i t h the uncertainty created by the inability to sell the investment q u ick ly for
cash. As the investor considers the sale of the investment, he or she faces t w o uncertainties: 1. W h a t
price will b e received? a n d 2. H o w long will it take to sell the asset?
d. Default Risk - is related to the probability that s o m e or all of the initial investment will n o t b e returned.
The degree of default risk is closely related to the financial c o n d i t i o n of a company.
e. Interest Rate Risk - Interest rate risk is m o s t c o m m o n l y associated w i t h b o n d price m o v e m e n t s for rising
interest rates cause b o n d prices to decline a n d d ecl i n i n g interest rates cause b o n d prices to rise.
f. M a n a g e m e n t Risk - is the risk—financial, ethical, or otherwise—associated w i t h ineffective, destructive, or
u n d erp er fo rm i n g m a n a g em en t . Decisions m a d e by a firm's m a n a g e m e n t a n d b o a rd of directors
materially affect the risk faced by investors.
g. Purchasin g Po we r Risk - is perhaps m o r e dificult to recognize that the other types of risks. It is the
possibility that you will no t b e able to buy as m u c h w i t h your savings in the future.
RELEVANT RISK
TERMINOLOGIES
II. R isk s A ssoc iated w ith M an u fac tu rin g , Trad in g , an d Servic e
Concerns
a. Market Risk - P ro d u c t risk: Complexity, Obsolescence, Research a n d Development,
Packaging, Delivery of Warranties; C o m p e t i t o r Risk: Pricing Strategy, Market Share,
Market Strategy.
b. Operation Risk - Process Stoppage, Health a n d Safety, After Sales Service Failure,
Environmental, Tecnological Obsolescence, Integrity: Management Fraud,
E m p l o ye e Fraud, Illegal Acts.
c. Financial Risk - Interest Rates Volatility, Foreign Currency, Liquidity, Derivative,
Viability.
d. Business Risk - Regulatory Change, Reputation, Political, Regulatory a n d Legal,
Shareholder Relation, Credit Rating, Capital Availability, Business Interruptions.
RELEVANT RISK
TERMINOLOGIES
III.Risks Associated w i t h Financial Institution
FINANCIAL 8. A c c o u n t i n g Information Risk
1.Liquidity Risk a. C o m p leten ess
2. Market Risk: b . A c c u rac y
a. C u rren c y 9. Financial Reporting Risk
b . E q u ity a. A d eq u ac y
c . C o m m o d ity b . C o m p leten ess
3. C red it R isk
a. C o u n terp arty
b . Trad in g
c . C o m m erc ial
i. Loans
ii. Guarantees
4. M ark et Liq u id ity R isk
a. Currency Rates
b. Interest Rates
c. B o n d a n d Equity Prices
5.H e d g e d Positions Risk
6. Portfolio Exposure Risk
7. Derivative Risk
RELEVANT RISK
TERMINOLOGIES
III. Risks Associated w i t h Financial
Institution
N O N - FINANCIAL 4. Integrity Risk
1. O p eratio n al R isk a. R ep u tatio n
a. System s 5. Leadership Risk
i. Information Processing a. Tu rn o ver
ii. Technology b.
b . C u sto m er Satisfac tio n Su c c essio n

c . H u m an R eso u rc es
d . Frau d an d Illeg al A c ts
e. B an k ru p tc y
2. R eg u lato ry R isk
a. C ap ital A d eq u ac y
b . C o m p lian c e
c . Taxatio n
d . C h an g in g Law s an d
P o lic ies
3. E n viro n m en t R isk
a. P o litic s
b . N atu ral D isasters
c . W ar
d . Terro rism
POTENTIAL RISK THREATMENTS
Avoidance
Risk avoidance is the elimina tio n of hazards, activities a n d
exposures that c a n negatively affect an organization a n d its
assets w h e n performing an activity.

Reduction
Risk reductio n or o p t i m i z a t i o n involves reducing the severity of Retention
th e o r th e lik elih oo d o f th e lo o s fro m o c c u rin g . O p tim iz in g Risk retention involves a c ce pt in g the loss or benefit of gain
risks m e a n s finding a ba la nce b e t w e e n the negative risk a n d from a risk w h e n it occurs. Best e x a m p l e for this is "Self-
the benefit of the opration or activity; a n d b e t w e e n risk insurance".
reduct io n a n d effort applied.

Sharing
Risk sharing m e a n s sharing w i t h another party the b u r d e n of
loss or the benefit of gain from a risk, a n d the measures to
reduce a risk.
AREAS OF RISK MANAGEMENT

The most commonly

encountered
areasofriskmanagementinclude:

1.Enterprise Risk M a n a g e m e n t
2.R isk m an ag em en t ac tivities
as a p p l i e d to project
management
3.R isk m an ag em en t
fo r megaprojects
4. Risk m a n a g e m e n t of informa tion
technology
5.R isk m an ag em en t
tec h n iq u es in
p e t r o l e u m a n d natural gas
 SE C R E QUI R E ME NT R EL
AT I VE TO
E NT E R PR I SE R I SK
MA NA G E ME NT OF PUBL I CL Y- L I
Recommendation 2.11
S T should
" The B oard E D oversee that aCsO RP
ound O R A risk
enterprise T ImO
anN
agement
(ERM) fra mework is in place to effectively identify, monitor, assess a n d
m a n a g e key business risks. The risk m a n a g e m e n t fra mework should gui de
the B oard in identifying units/business lines a n d enterprise-level risk
exposures, as w el l as the effectiveness of risk m a n a g e m e n t strategies. "
I N T E R N AL C O N T R
OL SYSTEM AN D Explanation
" Risk m a n a g e m e n t policy is part a n d parcel of a corporation’s corporate
ENTERPRISE RIS strategy. The B oard is responsible for defining the company ’s level of risk
K tolerance a n d providing oversight over its risk m a n a g e m e n t policies a n d

M AN AGE M E procedures. "

N T F R AM E W
O R Ktransparency and
" To ensure the integrity, proper governance in the
conduct of its affairs, the company should have a strong and effective
Principle
internal 12
control system and enterprise risk management framework. "
ST E PS I NT HE R I SK MA NA G
E
To M E N TmPanagem
enhance R Oent's
C E com
S Spetence in their oversight role on risk m anagem ent. the following steps m ay
be followed:

1.Set up a separate risk management committee chaired by a board member.

Creation of a risk m a n a g e m e n t c o m m i t t e e as b oa rd level will d em o nstrate the firm's c o m m i t m e n t to a d o p t an integrated
c o m p a n y- w i d e risk m a n a g e m e n t system.
2.Ensure that a formal comprehensive risk management system is in place.
This fully d o c u m e n t e d formal system will provide a clear vision of the board's desire for an effective c o m p a n y- w i d e risk
m a n a g e m e n t as well as awareness of the risks, internal a n d external, that the c o m p a n y faces.
3.Assess whether the formal system possesses the necessary elements.
The key e l e m e n t that the c o m p a n y- w i d e risk m a n a g e m e n t system sho uld possess are:
a. Goals a n d Objectives
b. Risk Language Identification
c. Organization Structure a n d
d. The Risk M a n a g e m e n t Process D o c u m e n t a t i o n
The risk organizational structure sho uld i nc l ud e formal charters, levels of authorization reporting lines a n d job description.
The risk m a n a g e m e n t process shall i nc l ud e the following steps:
a. Assessment risks: Identification, Deter m ina tio n of their source,
b. D e ve l o p m e n t action plans: Reduce, Avoid, Retain, Transfer or Exploit.
c. Im p l e m e nt a t i o n of action plans.
d. M o nito r ing a n d reporting risk m a n a g e m e n t performance.
e. Continuous i m p ro v e m e n t risk m a n a g e m e n t capabilities.
ST E PS I NT HE R I SK MA NA G
E4.Evaluate
M E Nthe TP R O C ofEthe
effectiveness S various
S steps in the assessment of the comprehensive risks faced by the
business firm.
Risk assessment step w h i c h includes risks identification a n d d et erm i n a t i o n of their sources a n d
measurement, represents the foundation for the rest of the procedures. This step p er fo r m ed by
responsible managers (i.e finance officers, p ro d u c t i o n managers, m a r ket i n g managers, a n d h u m a n
resource managers).
This process cu l m i n a t es in the presentation of the risk profile or risk m a p to the b o a rd of directors.
5.Assess if management has developed and implemented the suitable risk management strategies and
evaluate their effectiveness.
The risk profile highlights all the significant possible risks identified, prioritized a n d m ea su re d by the risk
m a n a g e m e n t system.
Strategies are developed to m a n a g e a n d resolve these identified risks. These i n cl u d e the process,
people, m a n a g e m e n t feedback methodologies, a n d systems.
Strategies m ay i n cl u d e avoidance, reduction, transfer, exploitation, a n d retention of risks.
6. Evaluate if management has designed and implemented risk management capabilities.
Directors m u s t co n t i n u e to m o n i t o r a n d assess if m a n a g e m e n t has b een i m p l e m e n t i n g d esig n ed risk
m a n a g e m e n t capabilities.
Risk m a n a g e m e n t capabilities i n cl u d e processes, people, reports, methodologies, a n d technologies
needed. These c o m p o n e n t s sh o u l d b e complete, a n d aligned for the risk m a n a g e m e n t structure to
function effectively.
ST E PS I NT HE R I SK MA NA G
E M E N T PR O C E S S
7.Assess management's efforts to monitor overall company risk management performance and
to improve continuously the firm's capabilities.
Risk m a n a g e m e n t performance m u s t b e m o n i t o r e d o n a c o nt i nuing basis a n d organization
m u s t b e ready to innovate their approaches to b e in line w i t h the c h a n g i n g lines.
Mo ni toring is d o n e by all c o nc e r ned parties such as senior managers, process owners, a n d
risk owners.
A n i n d e p e n d e n t reviewer c a n also b e a p p o i n t e d to validate results.
8.See to it that best practices as well as m istakes are shared by all. This involves
regular communication of results and feedbacks to all concerned.
These should b e an o p e n c o m m u n i c a t i o n c ha nne l to ensure that all risk m a n a g e m e n t
participant particularly senior m a nagem ent, are i nfo r m ed of risk incidents or threat of risk
incident. This will go a long way towards attaining the company's risk m a n a g e m e n t vision.
9. Assess regularly the level of sophistication of the firm's risk management system.
10.Hire experts when needed.