AFM – Financial Strategy Formulation

The Rationale for Risk Management in a Company

RATIONALE FOR RISK MANAGEMENT

● The role of corporate risk management is:

○ To assure that the risk factors to which a given business activity is exposed do not damage the
business effort connected with this activity; and

○ To maintain uncertainty at a level which is acceptable by an organisation and its shareholders.

● Investors generally require higher returns on more risky projects.

● After reaching a certain level of riskiness, the increased return does not counterbalance the probability of
a project’s failure.

● A risk management system enables decision-makers to select those investment opportunities which
provide the level of return required by shareholders without taking on excessive risk.

● Risk management is a tool which helps ensure that management is taking investment decisions that are
in line with the expectations of shareholders.

● Without an effective risk management system, management could be tempted to take decisions which
maximise their own value rather than shareholder value.

RISK APPETITE
● Risk appetite is the overall level of risk that an organisation accepts in pursuit of its business goals.

● It is essential that the maximum tolerated risk be defined and understood before any management
decisions are taken in the area to which the risk is inherent.

● Risk appetite differs across industries and organisations.

● When defining its risk appetite, an organisation has to consider the volatility of the industry in which it
operates.

RISK MANAGEMENT FRAMEWORK

 ● Process of risk identification, assessment and monitoring, as well as strategies for dealing with risks
identified.

● Risk assessment is largely dependent on the quality of estimates used to forecast the outcome of an
investment.

● Risk framework emphasises the awareness of factors which could affect projections, as well as the
quantification of their probability and impact.

RISK CLASSIFICATION
● Strategic risks:

○ Risks that affect the overall direction of a project.

○ For example: macroeconomic and political changes.

● Tactical risks:

○ Risks that impact only a significant part of a project.

○ For example: changes in the supply chain or in the timing of payments.

● Operational risks:

○ Risks connected with the day-to-day management of the investment project.

○ For example: breakdowns in equipment.

● A potential approach to the management of these risks can be based on designing appropriate
measures to deal with risk factors, depending on the likelihood of occurrence and significance of impact.

INFORMATION SYSTEMS
● The primary function of information systems is the collection of data on identified risk factors and on
actions taken by managers at the appropriate level of the company’s hierarchy.

● Internal audit function also plays a significant role in risk identification.

● Types of information systems:

○ Management information system (MIS):

■ Provides operational data, allowing a company to make decisions regarding identified

risk factors and perform detailed risk analyses.

○ Executive information system (EIS):

■ Provides more high-level and summarised information regarding the key aspects of risk
management to the senior executives in the organisation.
RISK CONTROL STRATEGIES
● Mitigation: The impact of risk factors is reduced as a result of implementing control procedures
(preventive, detective and corrective controls).

● Hedging: The risk factor is neutralised by means of a transaction which creates an exposure to the
same or similar risk as the hedged exposure (financial derivatives).

● Diversification: Reducing the impact of a given risk factor by including and mixing a number of different
investments (portfolio).

RISK RESPONSES