Professional Documents
Culture Documents
And Controlling Areas or Events With A Potential For
And Controlling Areas or Events With A Potential For
And Controlling Areas or Events With A Potential For
• It is through risk management that risks to any 3. Risk assessment – assessing the potential severity
specific program are assessed and systematically of impact and the probability of occurrence.
managed to reduce risk to an acceptable level. Important in prioritizing the implementation of the
risk management plan.
Basic Principles of Risk Management
Elements of Risk Management
Risk management should (ISO):
• Balancing resources to mitigate between risks with
1. Create value – cost vs. benefit high probability of occurrence but with lower loss
2. Address uncertainty and assumptions versus risks with high loss but with lower probability
3. Be an integral part of the organizational processes of occurrence
and decision-making
4. Be dynamic, iterative, transparent, tailorable, and • Ideal risk management – minimize spending of
responsive to change manpower and at the same time minimizing the
5. Create capability of continual improvement and negative effect of risks (Benefit > Cost).
enhancement considering the best available
information and human factors • Performance of assessment methods: (TADIP)
6. Be systematic, structured, and continually or
periodically reassessed. 1. Identification, characterization, and assessment
Process of Risk Management of threats
2. Assessment of the vulnerability of
Risk Management – Principles and Guidelines on critical assets to specific threats
Application (ISO 31000) (EIR) 3. Determination of the risk
1. Establishing the Context 4. Identification of ways to reduce those risk
a. Identification of risk in a selected domain of 5. Prioritization of risk reduction measures based
interest on a strategy
b. Planning the remainder of the process Relevant Risk Terminologies
c. Mapping out the following:
i. Social scope I. Risk Associated with Investments
ii. Identity and objectives of stakeholders a. Business Risk
iii. Basis upon which risks will be evaluated - Uncertainty about the rate of return caused
by the nature of the business
- Business risk is related to sales volatility as rate of return (Premium on part of investee,
well as to the operating leverage of the firm Loss on part of investor)
caused by fixed operating expenses
II. Risks Associated with Manufacturing, Trading,
b. Default Risk and Service concerns
- Probability that some or all of the initial
investment will not be returned.
- Related to the financial condition of the
company issuing the security and the
security’s rank in claims on assets in the event
of default or bankruptcy.
d. Liquidity Risk
- Associated with uncertainty created by the
inability to sell the investment quickly for
cash.
- Examples:
▪ Illiquid Asset House
▪ Liquid Asset Treasury Bill
▪ Complex Ordinary equity shares
e. Management Risk
- Decisions made by a firm’s management and
board of directors materially affect the risk
faced by investors.
4. People
Hiring new employees, losing key people, poor
succession planning, or weak people
management can all create dislocation, but the
main danger is behavior: fraud and error
5. External Factors
Changes to regulation and political, economic or
social developments can all affect strategic
decisions by bringing to the surface the risks
that may have lain hidden.
Consider the Acceptable Nature of Risk • First: Assess and analyze the risks resulting from a
decision by systematically identifying and
• 1st Step: Determine the nature and extent of the quantifying them.
risks the business will accept. This involves assessing
the likelihood of risks becoming reality an the effect Second: Consider how to best avoid or mitigate
they would have if they did. them
• There is also an opportunity cost with risk: avoiding Third: Take action to manage control and monitor
a risk may mean avoiding a potentially big the risks
opportunity.
First: Assess and analyze the risks resulting from a
• Sometimes the greatest risk is to do nothing decision by systematically identifying and quantifying
them.
Understand why risks become reality
A. Risk Assessment and Analysis
• 2nd Step: Rank according to their potential impact ▪ Risks that lead to frequent losses can often be
and the likelihood of them occurring. solved using past experience
▪ Unusual or infrequent losses are harder to
• Five most significant types of risk catalyst: quantify
1. Technology ▪ Risks with little likelihood of occurring in the
New hardware, software or system next five years are not important to a company
configurations can trigger risks, as can new focused on meeting the shareholder’s shorter-
demands on existing information systems and term expectations.
technology.
B. Risk Management and Control from vendors, joint ventures, licensing and agency
▪ Risk management procedures and techniques agreements)
should be well-documented, clearly
communicated, regularly reviewed and • Information Needed. Risk management relies on
monitored. accurate and timely information.
Assessing and Mapping Risk. Risk falling into 2. Create a Positive Climate for Managing Risks
the top-right quadrant require urgent action,
but those in the bottom-right quadrant • The ethos of an organization should recognize and
(total/significant control, major/critical impact) reward behavior that manages risk. This requires a
should not be ignored because complacency, commitment by senior managers and the resources
mistakes, and lack of control can turn the risk to match.
into reality.
• Misconception to Control Systems. Too often,
▪ Risk Control. Once the inherent risks in a control systems are seen as an additional overhead
decision are understood, the priority is to and not as something that can add value by
exercise control ensuring the effective use of assets, the avoidance
of waste, and the success of key decisions.
All employees must be aware that unnecessary
risk taking is unacceptable. They should 3. Overcoming the Fear of Risk
understand what the risks are, where they lie
and their role in controlling them. • Employees need to understand better what the real
risks are, to share responsibility for the risks being
Second: Consider how to best avoid or mitigate them taken and to see risk as an opportunity, not a threat.
1. Avoid or mitigate them • Another approach is to look for ways to use the risk
to achieve success by adding value or outstripping
• Non-trading risks – Risk that result only on costs and competitors – or both.
should be reduced or eliminated first (No benefits
that can be derived). These can be thought as the Third: Take action to manage control and monitor the
fixed cost of risk. risks