Concept of Risk

Domantay, Alexander S.

Risk
 Risk is a chance of losses. In broad terms, risk involves exposure to some type of danger and
the possibility of loss or injury.

Types of Risk

1. Business Risk - Is the possibilities a company will have lower than anticipated profits or
experience a loss rather than taking a profit.
Anything that threatens a company's ability to meet its target or achieve its financial goals is
called business risk.

2. Operational Risk- Operational risk is the prospect of loss resulting from inadequate or
failed procedures, systems or policies. Employee errors. Systems failures. Fraud or other
criminal activity. Any event that disrupts business processes.

3. Non-Compliance Risk - Audits-Non-compliance also invites unnecessary inspection and

audits, leading to waste of time and money. Financial Penalties-Non-adherence to statutory
Compliance leads to payment of heavy fines and indirect loss to companies.

4. Fraud Risk - Fraud, by definition, entails intentional misconduct, designed to evade

detection. As such, the fraud risk assessment should anticipate the behavior of a potential
fraud perpetrator.
 Five Risk Responses
Quiballo, Vanessa D.

Risk Response

Risk response is the process of developing strategic options, and determining actions, to
enhance opportunities and reduce threats to the project's objectives.

Five Risk Responses

1. Avoidance
One of the risk response strategies is risk avoidance. This strategy entails adjusting the
project plan so that the conditions triggering a risk event are no longer present and the risk is
eliminated. While this strategy cannot be applied to all project risks, it is most effective for
preventing risks.
Although often not possible, this is the easiest way of removing risk from a project. It
involves the removal of the tasks that contain the risk from the project.
Activities with a high likelihood of loss and large financial impact. The best response is to
avoid the activity.
2. Mitigation
Since risk is a function of probability and severity, both of these factors can be scrutinized
to reduce the risk of project failure.

 Probability of occurance. Take measures to reduce the likelihood of a risk

occurring. This is usually a more preferable option than reducing the severity because it’s
better not to experience the risk occurrance in the first place.
 Severity. Reduce the impact of the risk on the critical success factors of the project.

Difference of RISK AVOIDANCE AND RISK MITIGATION

Risk avoidance adjusts the project to try to make sure that the risk is eliminated. Risk
mitigation reduces the probability or the negative impact of the risk by reducing the likelihood
of it occurring or the impact it has on the project.

3. Transfer
Risk transfer refers to a risk management technique in which risk is transferred to a third
party. In other words, risk transfer involves a party assuming the liabilities of another party.
Purchasing insurance is a common example of transferring risk from an individual or entity to an
insurance company.

Risk transfer is a common risk management technique where the potential of an adverse
outcome faced by an individual or entity is shifted to a third party. To compensate the third party
for bearing the risk, the individual or entity will generally provide the third party with periodic
payments.

The most common example of risk transfer is insurance. When an individual or entity
purchases insurance, they are insuring against financial risks. For example, an individual who
purchases car insurance is acquiring financial protection against physical damage or bodily harm
that can result from traffic incidents.

As such, the individual is shifting the risk of having to incur significant financial losses in a
traffic incident to an insurance company. In exchange for bearing such risks, the insurance
company will typically require periodic payments from the individual.

4. Acceptance
If cost-benefit analysis determines the cost to mitigate risk is higher than cost to bear the
risk, then the best response is to accept and continually monitor the risk.
5. Creation
Similar to accepting the risk, this response can be used for major risks that carry a high
probability and/or severity, but must be accepted by the project. It involves the following two
things:

 Creating plans for monitoring the triggers that activate the risk.
 Building action plans that can be immediately mobilized upon occurrence of the risk.
 Risk Management and the Role of Board of Directors
Santos, Anna Marie R.

What is Risk Management?

Effective corporate governance cannot be attained without the organization mastering the art of
risk management. The risk management is one of the important competencies needed by the
board of Directors of modern organizations, large as well as small and medium sized business.
Risk Management is used to evaluate the business risks involved if any changes occur in the
business operations, system and process. Risk management is a systematic approach in
identifying, analyzing and controlling areas or events with a potential for causing unwanted
change.

Awareness- to be able to identify risks and hazards, employees need to be aware of the unique
risks of their environment.
Identify- SWOT analysis is a tool for systematic risk identification consisting of four elements:
strengths, weaknesses, opportunities, and threats.
Evaluate- How severe the risk.
Control- is the set of methods by which firms evaluate potential losses and take action to reduce
or eliminate such threats
Implement- It is the process of putting a strategic plan of managing identified threats and
exploiting opportunities into action is called the implementation of the risk management plan
Monitor- Monitoring and review should be a planned part of the risk management process and
involve regular checking or surveillance. The results should be recorded and reported externally
and internally, as appropriate.

The Role of Board of Directors

 The board is the highest policy making body in corporation.
 It exercises and discharges its responsibility of high-level policy formulation, monitoring
and evaluation and control using corporate governance system.
Legal Functions of Board of Directors
I. Duty of Loyalty
 Avoiding conflict of interest
 Fairness
 Corporate opportunity
 Confidentiality
II. Duty of Care
 A director performs his duties in good faith- in a manner that he serves for the best
interest of the corporation, and as an ordinary person in a like position under certain
circumstances.
 Attention at meetings- Reliance on management and professional information and
Delegation
 Decision making- exercise reasonable business judgement

Duties and Responsibilities of Board of Directors

1. Trusteeship- The board of directors’ act as trustees to the property and welfare of
the company. Hence, the board must use the company’s property for the long-run
gain of the company, but not for their personal use.
2. Formulation of Mission, objection and policies- Board of directors must see the
long run view and have long run perspective of the company. The board formulates,
reviews and reformulates the company’s mission, objectives and policies which
forms the basis for strategy formulation and implementation.
3. Designing organizational structure - The board designs the structure of the
organization based on the objectives, policies, environmental factors, degree of
competition, role of quality, expectations of employees etc.
4. Selection of top executives - The board should assume the responsibility of
screening and selecting the top executives who can formulate and implement the
strategies. Chief executives are key personnel in the process of strategy
implementation.
5. Financial sanctions- The important financial decisions like sanctioning of finances
to various projects, reserves, distribution of profit to shareholders and repayment of
loans and advances etc., are taken by the board. Further, the board reviews the
financial performance of the company from time to time and reformulates the
financial policies.
6. Feedforward and feedback- The board must obtain information from the external
environmental factors and feed that information forward to various key points in the
company in order to prevent possible hurdles and mistakes in the process of
achieving organizational goals.
7. Link between the company and external environment- The board acts a vital and
continuous link between the company and external environment like government,
other companies, social and economic institutions etc.
 Risk Management Structure
Magday, Eugene L.

All company promotes risk management. In order to maintain management soundness and
achieve certain and consistent operating result, the company evaliates various risks and
appropriately manages those risks. That' why they established Risk Management Structure.
BOARD

Internal Control Committee

Department for Category-Specific Risk Management

Credit Liquidit Marke Human

y t Resourc
Risk Risk Risk e
Risk

The Board of director is ultimately responsible for the oversightand management of the risks.
They ensure the existence of risk management. The board, through Internal Control Committee
maintains the overall responsibility for risk overnight.
And the Internal Control Committee shall work with the Board. Internal Control
Committee is responsible for comprehensively studying the matter relating to overall risk
management and disclose those information to the Board of Directors.
The Group categorizes risks that occur in the course of operations into a number of
categories: credit risk, market risk, liquidity risk, and Human Resource risk. Risks are managed
according to their specific characteristics
Credit Risk Management
 The Company transacts only with recognized and creditworthy third parties
 The Group’s receivables are monitored on an ongoing basis resulting to manageable
exposure to bad debts
 Real estate buyers are subject to standard credit check procedures, which are calibrated
based on thepayment scheme offered
Liquidity Risk Management
 Company monitors its cash flow position, debt maturity profile and overall liquidity
position inassessing its exposure to liquidity risk
 The Company maintains a level of cash deemed sufficient to finance its cash
requirements.
Market Risk Management
Example: In Investing
Diversify your investments
"Do not put all your eggs in one basket"
Human Resource Management
 Ensure that the employees are competent and developed.
 Risk Management Policies
Martelino, Kristine Aivy

Risk Management is the process of evaluating the chance of loss or harm and then taking the
steps to combat the potential risk.
Policies are the principles, rules and guidelines formulated or adopted by an organization to
reach it's long term goals.
A Risk Management Policy statement is the documentation of the risks involved in performing a
specific action. Because any activity can have some risk involved, companies create a risk
management policy statement as a way of defining those risks. It also informs the person
performing that activity of the associated risks.

Two main purposes:

 to identify, reduce and prevent undesirable incidents or outcomes and
 to review past incidents and implement changes to prevent or reduce future incidents.
Importance:

 They provide something like a strategic vision, identifying what a risk and control
environment should look like.
 This helps to shape direction, so an organization can move from a “check-the-box,”
compliance-first mindset
 Provide a basis for an organization to analyze how to get from their existing state to a
target state.
Knowing how to write a risk management policy is a central part of an organization or business's
strategic planning and growth. Follow these steps and learn how to write a risk management
policy.

1.Identify the potential risks involved in the context of your work and for all the stakeholders.
2.Analyze all the potential risks that you have identified.
3. Assess all the past incidences that your organization has encountered and how these
occurrences were handled.
4. Estimate the likelihood of each risk re-occurring.
5. Develop a treatment plan for all of the risks that you have identified.
6. Calculate and include a cost estimation.
7. Prepare a report for both internal and external stakeholders.
8. Create a data tracking system.
9. Set up a regular monitoring process.
10.Revisit the risk management policy.
 Enterprise Risk Management (ERM)
Bulatao, Nicole

Enterprise Risk Management (ERM) - is a plan-based business strategy that aims to identify,
assess, and prepare for any dangers, hazards, and other potentials for disaster—both physical
and figurative—that may interfere with an organization's operations and objectives.
There are 8 components of an Enterprise Risk Management which are interrelated:
1. Internal Environment - If you take companies in banking industry, each company will
have different ways in which they operate, even though they belong to the same industry.
This purely depends on the management, and their employees and how they run their
business. They will have their own set of integrity, ethical values, risk appetite and their
risk management philosophy.
2. Objective Setting - Before proceeding to define and formulate a risk management plan
for the organization, it is very essential for the organization to set an objective. The risk
management plan has to be aligned with the entity's overall objective.
3. Event Identification - The events could be internal or external which will affect the
strategy implementation and achievement of its objectives. While identifying, the entity
will come across many events, some of which will be threat, some events will bring in
some opportunities to the entity and some will be a combination of both.
4. Risk Assessment - After risk identification, the next step is to analyze the risk to manage
them effectively. On analysis, the management will usually come with a range of output
and the probability of their occurrence.
5. Risk Response - Once risks aligned with the organization’s tolerance and appetite levels
are chosen, a review of the response is to be made. The personnel usually comes up with
different plans, some to avoid risks, some to accept risk, plans to reduce them in certain
cases and plans to share risk
Reduce
Accept
Avoid
Transfer

6. Control Activities - Control activities are not something wholly concerned with the
control of risks, but regulations and policies are put in place to make sure that responses
do not exceed the predetermined scope of things.
7. Information and Communication - The communication is supposed to be timely and in
the manner or form defined earlier. This means that a staff has to communicate such
things only in the manner specified and if some of the information are not supposed to be
communicated orally, then the staffs and other middle level managers have to abide by
these set policies.
8. Monitoring - On implementing the risk management plan, it cannot be left as such, but
should be monitored on periodical basis to ensure that it is consistent, stays relevant for
the period, is not outdated. If requires, these plans have to be modified or altered
accordingly
 Sarbanes-Oxley Act of 2002
Legaspi, Geraldine D.

What is the Sarbanes-Oxley Act of 2002?

Is a law the United States Congress passed on July 30 2002, named after – Sen. Paul S. Sarbanes
(D-Md) and Rep. Michael G. Oxley (R-Ohio), who were its main architects. It is also known as
the SOX Act of 2002 and the Corporate Responsibility Act of 2002, which help protect investors
from fraudulent financial reporting by corporations. A response to financial scandals in the early
2000’s involving publicly traded companies such as Enron Corporation, Tyco International plc,
and WorldCom.

The new law set out reforms and additions in four principal areas:
1. Corporate Responsibility
2. Increased Criminal Punishment
3. Accounting Regulation
4. New Protections

Key Provisions:

The Sarbanes-Oxley Act is arranged in eleven titles and as far as compliance is concerned, the
most important sections within these are often considered to be 302, 401, 404, 409 and 802.

Sarbanes-Oxley Act Section 302 – mandates that senior corporate officers personally certify in
writing that the company’s financial statements “comply with SEC disclosure requirements and
fairly present in all material aspects the operations and financial condition of the issuer.”
Officers who sign off on financial statements that they know to be inaccurate are subject to
criminal penalties, including prison terms.
Sarbanes-Oxley Act Section 401 – financial statements published by issuers are required to be
accurate and presented in a manner that does not contain incorrect statements or admit to state
material information. These financial statements shall also include all material off-balance sheet
liabilities, obligations or transactions. The Commission was required to study and report on the
extent of off=balance transactions resulting transparent reporting. The Commission is also
required to determine whether generally accepted accounting principles or other regulations
result in open and meaningful reporting by issuers.
Sarbanes-Oxley Act Section 404 – requires that management and auditors establish internal
controls and reporting methods to ensure the adequacy of those controls. Some critics of the law
have complained that the requirements in Section 404 can have a negative impact on publicly
traded companies because it’s often expensive to establish and maintain necessary internal
controls.
Sarbanes-Oxley Act Section 409 – Issuers are required to disclose to the public, on an urgent
basis, information on material changes in their financial condition or operations. These
disclosures are to be presented in terms that are easy to understand supported by trend and
qualitative information of graphic presentations as appropriate.
Sarbanes-Oxley Act Section 802 – contains the three rules that affect recordkeeping. The first
deals with destruction and falsification of records. The second strictly defines the retention
period for storing records. The third outlines the specific business records that companies need
to store, which includes electronic communications.
 Tarlac State University
College of Business and Accountancy
San Roque, Tarlac City
A. Y. 2019-2020

Narrative
Report
(Risk Management)

Group 5
Domantay, Alexander S.
Quiballo, Vanessa D.
Santos, Anna Marie R.
Magday, Eugene L.
Martelino, Kristine Aivy
Bulatao, Nicole
Legaspi, Geraldine D.