z

Risk
Management
 z
What is a Risk

Anything that threatens the ability to

achieve a goal is considered a risk.
 z
Risk Management

§ The identification, assessment, and

prioritization of risks followed by coordinated
and economical application of resources to
minimize, monitor and control the probability
and/or impact of unfortunate events and to
maximize the realization of opportunities.
 z
Basic Principles of Risk Management

§ Create Value

§ Address uncertainty and assumption

§ Be an integral part of the organizational processes and decision-making.

§ Be dynamic, iterative, transparent, tailorable, and responsive to change.

§ Create capability of continual improvement and enhancement considering the best

available information and human factors.

§ Be systematic, structured and continually or periodically reassessed.

 z
Elements of Risk Management

§ Identification, characterization, and assessment of threats

§ Assessment of the vulnerability of critical assets to specific

threats

§ Determination of the risk (i.e. the expected likelihood and

consequences of specific types of attacks on specific assets)

§ Identification of ways to reduce those risks.

§ Prioritization of risk reduction measures based on strategy.

 z
Relevant Risk Terminologies

§ Risk Associated with Investment

§ Business Risk

§ Financial Risk

§ Liquidity Risk

§ Default Risk

§ Interest rate risk

§ Management Risk

§ Purchasing Power Risk

§ Risk Associated
z with Manufacturing, Trading and Service Concerns
§ Financial Risk

§ Operation Risk § Interest rates volatility

§ Market Risk
§ Foreign currency
§ Process Stoppage
§ Product Risk § Liquidity
§ Health and Safety
§ Complexity § Derivative

§ Obsolescence
§ After Sales Service § Viability
Failure
§ Research and Development § Business Risk
§ Environmental § Regulatory Change
§ Packaging
§ Technological § Reputation
§ Delivery of Warranties
Obsolescence § Political
§ Competitor Risk § Regulatory and legal
§ Integrity
§ Pricing Strategy § Shareholder Relations
§ Management
§ Market Share § Credit Rating
Fraud
§ Capital Availability
§ Market Strategy § Employee Fraud
§ Business Interruptions
§ Illegal Acts

z
Financial
§ Liquidity risk
§ Market Risk
§ Currency
§ Equity
§ Commodity
§ Credit Risk
§ Counterparty
§ Trading
§ Commercial
§ Loans
§ Guarantees
§ Market Liquidity Risk
§ Currency Rates
§ Interest Rates
§ Bond and Equity Prices
§ Hedged Position Risk
§ Portfolio Exposure Risk
§ Derivative Risk
§ Accounting Information Risk
§ Completeness
§ Accuracy
§ Financial Reporting Risk
§ Adequacy
§ Completeness
Risk Associated with Financial
Non Financial
§ Operational risk
Institutions
§ System
§ Information Processing
§ Technology
§ Customer Satisfaction
§ Human Resources
§ Fraud and illegal Acts
§ Bankruptcy
§ Regulatory Risk
§ Capital Adequacy
§ Compliance
§ Taxation
§ Changing Laws and Policies
§ Environment Risk
§ Politics
§ Natural Disasters
§ War
§ Terrorism
§ Integrity Risk
§ Reputation
§ Leadership Risk
§ Turnover
§ Succession
 z
ISO 31000 Risk Management Process
1. Establishing the Context
§ Identification of risk in selected domain of interest

§ Planning the remainder of the process

§ Mapping out the following:

§ The social scope of risk management

§ The identity and objectives of stakeholders

§ The basis upon which will be evaluated, constraints.

§ Defining a framework for the activity and an agenda for identification

§ Developing an analysis of risk involved in the process

§ Mitigation or solution of risk using available technological, human and organizational

resources.
 z
Potential Risk Treatment

2. Identification of potential risk.

Objective-based risk

Scenario -based risk

Taxonomy-based risk

Common-risk checking

Risk Charting

3. Risk Assessment
 z
ISO 31000 Risk Management Process
3. Risk Assessment
§ Identification of risk in selected domain of interest

§ Planning the remainder of the process

§ Mapping out the following:

§ The social scope of risk management

§ The identity and objectives of stakeholders

§ The basis upon which will be evaluated, constraints.

§ Defining a framework for the activity and an agenda for identification

§ Developing an analysis of risk involved in the process

§ Mitigation or solution of risk using available technological, human and organizational

resources.
z
Risk Treatments

§ Avoidance

§ Reduction

§ Sharing

§ Retention
 z
Enhancing Risk Management Oversight
§ Set up a separate risk management committee chaired by a board
member.

§ Ensure a formal comprehensive risk management system is in place

§ Assess whether the formal system possesses the necessary

elements.

§ Evaluate the effectiveness of the various steps in the assessment of

the comprehensive risks faced by the business firm.

§ Assess if management has developed and implemented the suitable

risk management strategies and evaluate their effectiveness.
 z
Enhancing Risk Management Oversight

§ Evaluate if management has designed and implemented risk management

capabilities.

§ Assess management’s efforts to monitor overall company risk management

performance and to improve continuously the firm’s capabilities.

§ See to it that best practices as well as mistakes are shared by all. This involves
regular communication of results and feedbacks to all concerned.

§ Assess regularly the level of sophistication of the firm’s risk management system

§ Hire experts when needed.

z
Practical Guides In Reducing and
Managing Business Risks

§ Variance Analysis

§ Assessment of Market Entry and Exit Barriers

§ Break-even Analysis

§ Controlling Costs
 z
Practical Techniques to Improve
Profitability
§ Focus decision making on the most profitable areas.

§ Decide how to treat the least profitability products.

§ Make sure new products enhance overall profitability.

§ Manage development production decisions.

§ Set the buying policy.

§ Consider how to create greater value from existing customers and products to enhance
profitability.

§ Consider how to increase profitability by managing people.

§ Avoid pitfalls