Professional Documents
Culture Documents
2. Identify risks
4. Evaluate risks
4
RI
1. Business analysis
Analyze operation & its wider environment (legislative, regulatory & economic)
5
RI
2. Identify the risks
Risks faced, relations b/w them, & identify individuals who will be responsible for each risk & its management
6
RI
5. Produce a risk register
7
RI - Benefits
Enhances awareness & transparency of risks
Transfer of knowledge
Improve understanding across the org.
Acts as a firm base for subsequent risk analysis, quantification & prioritization
Enhances quality of reporting to the BAM
Helps improves business decision making
8
RI - Need
Need senior sponsorship of RM program
Be consistent on the standards used overtime
Ensure quantitative & qualitative data to develop a comprehensive risk profile for org.
Integrate RI with the entire RM process
Demonstrate added value (on top of meeting regulatory requirements)
9
RI tools
RI tools
1. SWOT analysis
2. Risk checklist
4. Risk taxonomy
5. Case studies
6. Process analysis
11
RI tools
1. SWOT analysis
2. Risk checklist
5. Case studies
6. Process analysis
RI at each stage
13
RI tools
Advantages
Disadvantage
14
RI techniques
RI techniques
1. Brainstorming
3. Surveys
4. Gap analysis
5. Delphi technique
6. Interviews
7. Working groups
16
1) Brainstorming
Process
Potential disadvantage:
Mitigation:
Participants should come from various departments across org. & have different backgrounds
17
2) Independent group analysis
Process
Potential disadvantage:
18
3) Surveys
Process
Potential disadvantage:
Survey is not flexible (e.g. MC is easier to analyze but limit range of possible responses)
Mitigation:
19
4) Gap analysis
Process
Potential disadvantage:
20
5) Delphi technique
Process
After each round, a facilitator provides an anonymous summary of output from the previous round
as well as the reasons they provided for their judgement
Participants then revise their earlier answers in light of replies of other members of the panel
Intention is to decrease range of answers & the group will converge towards a consensus
Potential disadvantage:
21
6) Interview
Process
Individuals are interviewed & the results collated by an independent external reviewer
Potential disadvantage:
22
7) Working group
Process
Small no. of interested individuals are tasked with considering a specific risk (or group of risk)
Potential disadvantage:
Specialist might want to work at a higher level of precision than the cost is justified
23
RI techniques
Factors to consider on techniques:
1. Who
2. How
Workshop, questionnaires
24
Risk Assessment
RA
Foundation setting
Deep dives, risk quantification & management
Business & EMR integration
Likelihood / Severity
See if the probability (or severity) of the risk event falls within some pre-set categories
Check level of accuracy required
Extent to which accurate estimation of the probabilities (severity) can be done
Quantification
Can use different probability distribution depending on the data available
Score frequency & severity:
0-25%, 25%-50%, etc
26
Low/mid/high, etc
Multiply together for a risk rating
RA
Step 1: Foundation setting
27
RA
Step2: RI & RA
Prioritize risks
28
RA
Step3: Deep dives, risk quantification & management
Determine RM strategies
29
RA
Step4: Business & EMR integration
Report on risk
30
Risk register, concepts
and mapping
Risk register
1. Labeling or numbering system to risk can be identify easily
2. Category of risk
4. Initial assessment of the likelihood & impact over an applicable time frame
7. Version control information (e.g. when was the last update & by whom)
32
Risk concepts
1. Exposure: Max loss in an event
2. Volatility: Variability within range of possible outcomes (for market risk it is σ of returns)
3. Probability: Likelihood of event
4. Severity: Loss in case of event occurring
5. Time horizon: Length of exposure to risk & recovery from risk
6. Correlations: Degree of different risks behavior similar to common events
7. Capital:
Manage cash flow (working K)
Help in growth (development K)
Cover unexpected loss (risk K)
33
Risk mapping
Plots each risk on the risk map
Axes are the frequency & severity
Combinations of low & high
Technique is used to illustrate the effect that each risk might have on an org.
Need to include all risks faced by the org.
A is the current level & A’ is the residual level
Probability axis doesn’t have to be continuous, can be broad like low/mid/high
34
Risk mapping - benefits
Get people across org. to talk about risk
Improves people’s understanding of the risk it faces
Improves effect of its RM activities
Shows which risk require further attention
Excellent visual tool for reporting to the Board
Show inherent risk & residual risk to show effectiveness of risk control
35
Risk mapping – Heat mapping
X axis is control environment rating & Y axis is Risk level
Risk level
Insignificant
Low
Moderate
Severe
36
Critical
Control environment rating
Tolerance levels Within established Within established Some established levels Some established Significant exceptions (or
levels levels with few exceptions levels with material no levels established)
exceptions
Risk controls Tested & functioning Tested & functioning Functioning effectively; Functioning Controls are not in place
effectively effectively but not fully tested effectively; but not or not functioning
fully tested effectively
Risk & return link Explicitly established Implicitly established Some Some None
Metrics & dashboard Comprehensive Developed but not full Some are in place Minimum Minimum or none
reporting
37
Emerging Risks
Emerging risks
Types of emerging risks
Change in nature of an existing or known risk (uncertainty & ambiguity increases)
Change in underlying effectiveness of RM approaches of an existing or known risk
Development of a new risk (no explicit allowance made in existing framework)
Importance
Knowledge of such risks will influence corporate strategy
May affect the profitability of the organization
May yield opportunities for a new product
39
Emerging risks – Interrelated trends
1. Globalization: Increased interdependence of the world’s economies & market
2. Technology: New operational risks from technology driven business
3. Changing market structures: As markets are deregulated & privatized
4. Restructuring: Effects of M&A, joint ventures, outsourcing & business re-engineering
40
Emerging risks - examples
ER of past are known risks today (e.g. cost of GA rates, health damage from asbestos)
Significant shift in power between world economies (& collapse of previously secure nations)
Contagion in asset markets
Claims from unexpected sources
Nanotech, Cyber, Mobile phone use
GMO food
Terrorism (shifts in level & sources)
Climate change
Prolonged power blackouts
Emerging infectious & pandemic diseases
Unexpected changes in mortality or longevity
Change in ways information is stored & distributed due to social media
Unexpected behavior of financial guarantees embedded products
Non linear dependencies between current known risks 41
Emerging risks - IT
1. Cyber security
Crime involving use of computer over a network
Financial theft: e.g. hacker accessing bank accounts to steal money
Data theft: customer data, confidential business information or proprietary technology
Attempts to disrupt a business: e.g. Denial of service attacks
2. Cloud computing
Shares similar risk to outsourcing
Reduce amount of control over data & increases reliance on RM capabilities of the 3 rd party provider
3. Social media
Rise of social media like Facebook & Twitter offer issues as part of emerging risks.
Virus & malware on corporate network
Reputation risk if there is careless or malicious communication from employees on websites
Employees become distracted by social media (productivity reduces)
42
Emerging risks - RI
Need a more holistic view to identify ER
Need to consider all possible impacts of the new risk
Ways of RI
1. Horizon Scanning
2. Weighing different underlying evidence
3. Additional source of uncertainty
43
Emerging risks - RI
Horizon Scanning
Systematic search for potential developments over the longer term
Emphasis on changes that are at the edges of current thinking
Requires input from experts that understand the underlying drivers
Rely on relevant external sources (e.g. academic journals)
44
Emerging risks - RI
Additional source of uncertainty
Future legal approaches to ER
Capacity of company to mitigate ER
Analysis of trends in ER
Monitor regulatory & lobbying activity in the sector by relevant experts
Keep dependencies in mind as changes can lead to reduction in diversification
45
Bias
Bias
Risks not being identified, assessed or reported in a true & honest way
Can be due to lack of supportive risk culture (or sub optimal culture)
Often in the context of project appraisal
Sources
Intentional bias:
Deliberate underestimation of risk to achieve a specific personal goal
Unintentional bias:
Inaccurate RA due to lack of experience or time
Encountering bias:
Reporting to Board about the ongoing risks facing the enterprise
Project appraisal where risk champions tend to minimize the risks in hope of getting approval
47
Bias of a project appraisal
Insufficient care to RI or analysis of risk
Omission of key risks (Accidental or deliberate)
Incorrect assumptions of independence
Underestimate likelihood due to inadequate past experience
Deliberately over optimistic CFs
Not accounting for future economic cycle
Inadequate attention to ERs
Not considering impact on sponsor’s other businesses
Credit taken for benefits not directly attributable to the project
Assumptions not correspond with BAM’s view
Spreadsheets error lead to failures of logic
48
Bias - Behavioral
Study of unintentional bias in finance
Looks at how a variety of mental biases & decision making errors affect financial decisions
Relates to psychology that underlies & drives financial decision making behavior
49
Bias - avoid
Built in checks & balances
Validate the appraisal work (esp. cash flow) by competent & independent checking
Reference where possible to the outcomes of similar projects
Build additional K cost: Load in a % to the capital cost based on past experience
Reduce estimated return
A large contingency allowance in K cost
50