CHAPTER 11: RISK MANAGEMENT
Defining a framework for the activity and an
Risk Management
• It is the process of measuring or assessing risks and
developing strategies to manage it.
• It is a systematic approach in identifying, analyzing,
and controlling areas or events with a potential for
causing unwanted change.
• It is the identification, assessment, and
prioritization of risks followed by coordinated and
economical application of resources to minimize,
monitor and control the probability and/or impact of
unfortunate events and to maximize the realization
of opportunities (International Organization of
Standards).
• It is through risk management that risks to any
specific program are assessed and systematically
managed to reduce risk to an acceptable level.
Basic Principles of Risk Management
Risk management should (ISO):
1. Create value – cost vs. benefit
2. Address uncertainty and assumptions
3. Be an integral part of the organizational processes
and decision-making
4. Be dynamic, iterative, transparent, tailorable, and
responsive to change
5. Create capability of continual improvement and
enhancement considering the best available
information and human factors
6. Be systematic, structured, and continually or
periodically reassessed.
Process of Risk Management
Risk Management – Principles and Guidelines on
Application (ISO 31000) (EIR)
1. Establishing the Context
a. Identification of risk in a selected domain of
interest
b. Planning the remainder of the process
c. Mapping out the following:
i. Social scope
ii. Identity and objectives of stakeholders
iii. Basis upon which risks will be evaluated
d.
agenda for identification
e. Developing an analysis of risks involved in the
process
f. Mitigation or solution of risks using available
technological, human and organizational
resources
2. Risk Identification – can start with analysis of the
source of problem or with the analysis of the
problem
▪ Common methods:
a. Objective-based risk
b. Scenario-based risk
c. Taxonomy-based risk
d. Common-risk checking
e. Risk charting
3. Risk assessment – assessing the potential severity
of impact and the probability of occurrence.
Important in prioritizing the implementation of the
risk management plan.
Elements of Risk Management
• Balancing resources to mitigate between risks with
high probability of occurrence but with lower loss
versus risks with high loss but with lower probability
of occurrence
• Ideal risk management – minimize spending of
manpower and at the same time minimizing the
negative effect of risks (Benefit > Cost).
• Performance of assessment methods: (TADIP)
1. Identification, characterization, and assessment
of threats
2. Assessment of the vulnerability of
critical assets to specific threats
3. Determination of the risk
4. Identification of ways to reduce those risk
5. Prioritization of risk reduction measures based
on a strategy
Relevant Risk Terminologies
I. Risk Associated with Investments
a. Business Risk
- Uncertainty about the rate of return caused
by the nature of the business
 - Business risk is related to sales volatility as rate of return (Premium on part of investee,
well as to the operating leverage of the firm Loss on part of investor)
caused by fixed operating expenses
II. Risks Associated with Manufacturing, Trading,
b. Default Risk and Service concerns
- Probability that some or all of the initial
investment will not be returned.
- Related to the financial condition of the
company issuing the security and the
security’s rank in claims on assets in the event
of default or bankruptcy.

c. Interest Rate Risk

- Because money has time value, fluctuations
in interest rates will cause the value of an
investment to fluctuate also.
- Most commonly associated with bond price
movements

d. Liquidity Risk
- Associated with uncertainty created by the
inability to sell the investment quickly for
cash.
- Examples:
▪ Illiquid Asset House
▪ Liquid Asset Treasury Bill
▪ Complex Ordinary equity shares

- Some have greater liquidity than

other due to thin market which
occurs when there are relatively few
outstanding shares and investor
trading interest is limited resulting
to a large price spread

e. Management Risk
- Decisions made by a firm’s management and
board of directors materially affect the risk
faced by investors.

f. Purchasing Power Risk

- More difficult to recognize than the other
types of risk
- Inflation erodes the purchasing power of the
peso and increases investor risk.
- In periods of inflation, Treasury bills or
savings accounts’ inflation adjusted rate of
return will be less than the nominal or stated
III. Risk Associate with Financial Institution
D. Risk Retention
- Accepting the loss or benefit of gain from a risk
when it occurs.
- Self insurance falls in this category. Any
amounts of potential loss over the amount
insured is retained risk.
- Acceptable if the chance of a very large loss is
small or if the cost to insure for greater
coverage involves a substantial amount that
could hinder the goals of the organization.

AREAS OF RISK MANAGEMENT

The most commonly encountered areas of risk
management include

1. Enterprise Risk Management

2. Risk management activities as applied to:
a. Project management
b. Megaprojects
c. Information technology
d. Petroleum and natural gas
Potential Risk Treatments
RISK MANAGEMENT FRAMEWORK
ISO 31000:
• Risk management policy is part and parcel of a
A. Avoidance
corporation’s corporate strategy. The Board is
B. Reduction
responsible for defining the company’s level of risk
C. Sharing
tolerance and providing oversight over its risk
D. Retention
management policies and procedures.
A. Risk Avoidance
- Including performing an activity that could • The risk management framework should guide the
carry risk Board in identifying units/business lines and
- Avoiding risk, however, also means losing out enterprise-level risk exposures, as well as the
on the potential gain that accepting the risk effectiveness of risk management strategies.
may have allowed.
• Subject to a corporation’s size, risk profile, and
B. Risk Reduction complexity of operations, the Board should
- Reducing the severity of the loss or the establish a separate Board Risk Oversight
likelihood of the loss from occurring. Committee (BROC) that should be responsible for
- Optimizing risk means finding a balance the oversight of a company’s ERM System to ensure
between the negative risk and the benefit of its functionality and effectiveness.
operation or activity; and between risk STEPS IN RISK MANAGEMENT PROCESS
reduction and effort applied.
1. Set up a separate risk management committee
C. Risk Sharing chaired by a board member
- Means sharing with another party the burden 2. Ensure that a formal comprehensive risk
of loss or the benefit of gain, from a risk, and management system is in place
the measures to reduce a risk.
3. Assess whether the formal system possess the
necessary elements
4. Evaluate the effectiveness of the various steps in
the assessment of the comprehensive risks faced by
the business firm

5. Assess if management has developed and

implemented the suitable risk management
strategies and evaluate their effectiveness

6. Evaluate if management has designed and

implemented risk management capabilities

7. Assess management’s efforts to monitor overall

company risk management performance and to
improve continuously the firm’s capabilities

8. See to it that best practices as well as mistakes are

shared by all

9. Assess regularly the level of sophistication of the

firm’s risk management system

10. Hire experts when needed

 CHAPTER 12: PRACTICAL GUIDELINES IN
REDUCING AND MANAGING BUSINESS RISKS
Practical Guidelines in Managing and Reducing
Enterprise-wide Risk inherent in business activity is best
achieved by applying the principles and techniques
appropriate to the situation.
Understand the Nature of Risk
Consider the Acceptable Nature of Risk
• 1st Step: Determine the nature and extent of the
risks the business will accept. This involves assessing
the likelihood of risks becoming reality an the effect
they would have if they did.
• There is also an opportunity cost with risk: avoiding
a risk may mean avoiding a potentially big
opportunity.
• Sometimes the greatest risk is to do nothing
Understand why risks become reality
• 2nd Step: Rank according to their potential impact
and the likelihood of them occurring.
• Five most significant types of risk catalyst:
1. Technology
New hardware, software or system
configurations can trigger risks, as can new
demands on existing information systems and
technology.
2. Organizational change
Risks are triggered by new management
structures on reporting lines, new strategies
and commercial agreements.
3. Processes
New products, markets, and acquisitions all
cause change and can trigger risk.
4. People
Hiring new employees, losing key people, poor
succession planning, or weak people
management can all create dislocation, but the
main danger is behavior: fraud and error
5. External Factors
Changes to regulation and political, economic or
social developments can all affect strategic
decisions by bringing to the surface the risks
that may have lain hidden.
Apply a Simple Risk Management Process
• 3rd Step: Managing the enterprise-wide risk inherent
in decisions
• First: Assess and analyze the risks resulting from a
decision by systematically identifying and
quantifying them.
Second: Consider how to best avoid or mitigate
them
Third: Take action to manage control and monitor
the risks
First: Assess and analyze the risks resulting from a
decision by systematically identifying and quantifying
them.
A. Risk Assessment and Analysis
▪ Risks that lead to frequent losses can often be
solved using past experience
▪ Unusual or infrequent losses are harder to
quantify
▪ Risks with little likelihood of occurring in the
next five years are not important to a company
focused on meeting the shareholder’s shorter-
term expectations.
B. Risk Management and Control
▪ Risk management procedures and techniques
should be well-documented, clearly
communicated, regularly reviewed and
monitored.
Assessing and Mapping Risk. Risk falling into
the top-right quadrant require urgent action,
but those in the bottom-right quadrant
(total/significant control, major/critical impact)
should not be ignored because complacency,
mistakes, and lack of control can turn the risk
into reality.
▪ Risk Control. Once the inherent risks in a
decision are understood, the priority is to
exercise control
All employees must be aware that unnecessary
risk taking is unacceptable. They should
understand what the risks are, where they lie
and their role in controlling them.
Second: Consider how to best avoid or mitigate them
1. Avoid or mitigate them
• Non-trading risks – Risk that result only on costs and
should be reduced or eliminated first (No benefits
that can be derived). These can be thought as the
fixed cost of risk.
✓ Property damage risks
✓ Legal and contractual liabilities
✓ Business interruption risks
• Solution for reduction of non-trading risks:
✓ Quality assurance programs
✓ Environmental control processes
✓ Enforcing health and safety regulations
✓ Installing accident prevention and emergency
equipment and training people to use it
✓ Taking security measures to prevent crime,
sabotage, espionage, and threats to people and
systems
• Risk Sharing. Risk can be reduced or mitigated by
sharing them. (i.e. Acceptable service agreements
from vendors, joint ventures, licensing and agency
agreements)
• Information Needed. Risk management relies on
accurate and timely information.
2. Create a Positive Climate for Managing Risks
• The ethos of an organization should recognize and
reward behavior that manages risk. This requires a
commitment by senior managers and the resources
to match.
• Misconception to Control Systems. Too often,
control systems are seen as an additional overhead
and not as something that can add value by
ensuring the effective use of assets, the avoidance
of waste, and the success of key decisions.
3. Overcoming the Fear of Risk
• Employees need to understand better what the real
risks are, to share responsibility for the risks being
taken and to see risk as an opportunity, not a threat.
• Another approach is to look for ways to use the risk
to achieve success by adding value or outstripping
competitors – or both.
Third: Take action to manage control and monitor the
risks
C. Controlling and Monitoring Enterprise-wide Risk
o Where are the greatest areas of risk relating to
the most significant strategic decisions?
o What level of risk is acceptable for the company
to bear?
o What are the potentially disclosing events that
could inflict the greatest change on your
organization?
o What are the risks inherent in the organization’s
strategic decisions and what is the organization’s
ability to reduce their incidence and impact on
the business?
o What is the overall level of exposure to risk? Has
this been assessed and is it being actively
monitored?
(cont… page 187-188)
Practical Considerations in Managing and
Reducing Financial Risk
• Finance is the lifeblood of a business, heavily
influencing strategies and decisions at every level
• Profitability, cash flow, long-term shareholder
value and risk all need to be considered when
setting and reviewing strategy.
• Practical guidance about financial decisions on
how to:
1. Improve profitability
2. Avoid pitfalls in decision making
3. Reduce financial risk
• IMPROVING PROFITABILITY
A. Variance Analysis
- Interpreting differences between actual and
planned performance. It should be used in a
practical, pragmatic, and cost-effective way.
- Variance analysis is used to
(a) Monitor results of past decisions
(b) Manage the results of past decisions
(c) Assess the current situation
(d) Highlight solution
- Common Causes of Variances:
(a) Inefficiency, poor and flawed planning
(b) Poor communication
(c) Interdependence between departments
and random factors
B. Assessment of Market Entry and Exit Barriers
- Entry Barriers include the need to compete
with businesses that enjoy economies of scale,
or established differentiated products.
- Other Barriers include:
(a) Capital requirements
(b) Access to distribution channels
(c) Factors independent of scale
(d) Regulatory requirements
C. Break-even Analysis
- Break-even point – exist when sales cover cost,
where neither profit nor loss is made.
- CVP Analysis is used to decide whether to
continue developing a product, alter the price,
provide or adjust a discount, or change
suppliers to reduce cost. It also helps in
managing the sales mix, cost structure and
production capacity, as well as forecasting and
budgeting.
D. Controlling Costs
To control costs:
1. Focus on the big items of expenditure.
- Categorize cost into major or peripheral items
2. Be cost aware
- Casualness is the enemy of cost control
3. Maintain a balance between cost and quality
- Getting the best value means achieving a
balance between the price paid and the
quality received.
4. Use budgets for dynamic financial management
- Budgets provide a starting point for cash flow
forecasts and revenues, and they also play an
essential role in monitoring costs and
revenues
5. Develop a positive attitude to budgeting
6. Eliminate waste
- They achieve this by using techniques such as
process analysis, mapping, and reengineering
Practical Techniques to Improve Profitability (See Page
191)
• AVOIDING PITFALLS
✓ Financial expertise must be widely available
✓ Consider the impact of financial decisions
✓ Avoid weak or budgetary control
Budgets are an active tool to help make
financial decisions, not merely a way to
measure performance
✓ Understand the impact of cash flow
Nonfinancial managers often ignore cash
flow and the time value of money.
✓ Know where the risk lies
Reduce Financial Risk Positive Replies to the Following
questions would assist Top Management to manage
financial risk (See Page 193)