risk management — recognized as one of the most uncertainty about the firm's sales and operating POTENTIAL RISK
POTENTIAL RISK TREATMENTS
important competencies needed by the board of
directors
Risk management — is the of measuring or assessing
risk and developing strategies to manage it.
— is a systematic approach in identifying, analyzing
and controlling areas or events with a potential for
causing unwanted change.
—is the act or practice of controlling risk. includes
risk planning, assessing risk areas, developing risk
handling options, monitoring risks to determine how
risks have changed and documenting overall risk
management program.
According to International Organization of
Standardization (ISO 31000), Risk Management is
the identification, assessment, and prioritization of
risks followed by coordinated and economical
application of resources to minimize,
BASIC PRINCIPLES OF RISK MANAGEMENT
(ISO) identifies the basic principles of risk
management.
1. create value resources spent to mitigate risk should
be less than the consequence of inaction, i.e., the
benefits should exceed the costs
2. address uncertainty and assumptions
3. be an integral part of the organizational processes
and decision-making
4. be dynamic, iterative, transparent, tailorable, and
responsive to change
5. create capability of continual improvement and
enhancement considering the best available
information and human factors
6. be systematic, structured and continually or
periodically reassessed
PROCESS OF RISK MANAGEMENT
1. Establishing the Context. This will involve
a. Identification of risk in a selected domain of interest
b. Planning the remainder of the process.
c. Mapping out the following:
i. the social scope of risk management
ii. the identity and objectives of stakeholders
iii.the basis upon which risks will be evaluated,
constraints.
d. Defining a framework for the activity and an agenda
for identification.
e. Developing an analysis of risks involved in the
process.
f. Mitigation or Solution of risks using available
technological, human and organizational resources.
2. Identification of potential risks. Risk
identification can start with the analysis of the source
of problem or with the analysis of the problem itself.
Common risk identification methods are:
a. Objective-based risk
b. Scenario-based risk
c. Taxanomy-based risk
d. Common-risk checking
e. Risk charting
3. Risk assessment, Once risks have been identified,
their potential severity of impact and the probability of
occurrence must be assessed. The assessment process
is critical to make the best educated decisions
ELEMENTS OF RISK MANAGEMENT
1. identification, characterization, and assessment of
threats
2. assessment of the vulnerability of critical assets to
specific threats
3. determination of the risk (i.c. the expected
likelihood and consequences of specific types of
attacks on specific assets)
4. identification of ways to reduce those risks
5. prioritization of risk reduction measures based on a
strategy
I. Risks Associated With Investments
Business risk —refers to the uncertainty about the rate
of return caused by the nature of the business. The
most frequently discussed causes of business risk are
expenses. 1.Risk Avoidance— This includes performing an
Default risk —is related to the probability that some activity that could carry risk. however, also means
or all of the initial investment will not be returned. losing out on the potential gain that accepting
Financial risk —The firm's capital structure or (retaining) the risk may have allowed.
sources of financing determine financial risk.
Interest rate risk —Because money has time value, 2.Risk reduction or optimization— involves
fluctuations in interest rates will cause the value of an reducing the severity of the loss or the likelihood of
investment to fluctuate also. Although interest rate risk the loss from occurring.
is most commonly associated with bond price Optimizing risks —means finding a balance between
movements, the negative'risk and the benefit of the operation or
Liquidity risk — is associated with the uncertainty activity; and between risk reduction and effort applied.
created by the inability to sell the investment quickly Outsourcing example
for cash.
(1) What price will be received? (2) How long will it 3. Risk sharing --- means sharing with another party
take to sell the asset? the of loss risk.
thin market— occurs when. there are relatively few 4.Risk retention —involves accepting the loss or
shares outstanding and investor trading interest is benefit of gain from a risk when it Self insurance falls
limited. in this category. All risks that are not avoided are
transferred or by default.
Management risks— Decisions made by a firm's
management and board of directors materially affect The Basel II framework breaks risks into market risk
the risk faced by investors. from product innovation (price risk), credit risk and operational risk
and production methods (business risk) and financing
(financial risk) to acquisitions. AREAS OF RISK MANAGEMENT
1. Enterprise risk management
Purchasing power risk — is perhaps, more difficult 2. Risk management activities as applied to project
to recognize than the other types of risk. It is easy to management
observe the decline in the price of a stock or but it is 3. Risk management for megaprojects
often more difficult to recognize that the purchasing 4. Risk management of information technology
power of the return you have earned 5. Risk management techniques in petroleum and
natural gas
II. Risks Associated With Manufacturing, Trading
And Service Concerns
A. Market Risk
+Product Risk
Complexity
Obsolescence
Research and Development
Packaging
Delivery of Warranties
+Competitor Risk
Pricing Strategy
Market Share
Market Strategy
B. Operations Risk
Process Stoppage
Health and Safety
After Sales Service Failure
Environmental
Technological Obsolescence.
+Integrity
Management Fraud
Employee Fraud
Illegal Acts
C. Financial Risk
Interest Rates Volatility
Foreign Currency
Liquidity
Derivative
Viability
D.Business Risk
Regulatory Change
Reputation
Political
Regulatory and Legal
Shareholder Relations
Credit Rating
Capital Availability SEC Code of Governance Recommendations 2.11
Business Interruptions "The Board — should oversee that a sound enterprise
risk management (ERM) framework is in place to
effectively identify, monitor, assess and manage
key business risks.
The risk management framework— should
guide the Board in identifying units/business lines
and enterprise-level risk exposures, as well as the
effectiveness of risk management strategies.
Risk management policy —is part and parcel of
a corporation's corporate strategy.
The Board— is responsible for defining the
company's level of risk tolerance and providing
oversight over its risk management policies and
procedures."
Principle 12 —deals with strengthening the
Internal Control System and Enterprise Risk
Management Framework

Board Risk Oversight Committee (BROC) — that
should be responsible for the oversight of a company's
Enterprise Risk system
— should be composed of at least three members, the
majority of whom should be independent directors,
including the Chairman. The Chairman should not be
the Chairman of the Board or of any other committee.
At least one member of the committee must have
relevant thorough knowledge and experience on risk
and risk management.
documented, clearly communicated, regularly
reviewed and monitored.
+Avoiding and mitigating risks
+Create a Positive Climate for Managing Risk
+Overcoming the Fear of Risk
non-trading risks— risks that result only in costs:
These can be thought of as the fixed costs of risk and
might include property damage risks, legal and
contractual liabilities and business interruption risks.
Principles to help avoid pitfalls
 +Financial expertise must be widely available
 +Consider the impact of financial decisions
 +Avoid weak budgetary control
 +Understand the impact of cash flow
 +Know where the risk lies

STEPS IN THE RISK MANAGEMENT PRACTICAL CONSIDERATIONS IN

PROCESS
1. Set up a separate risk management committee
chaired by a board member.
2. Ensure that a formal comprehensive risk
management system is in place. —This fully
documented formal system will provide a clear vision
of the board's desire
3. Assess whether the formal system possesses the
necessary elements.
The key elements that the company-wide risk
management system should possess are
a) goals and objectives
b) risk language identification
c) organization structure and
d) the risk management process documentation.
The risk organizational structure should include
formal charters, levels of authorization reporting lines
and job description.
The risk management process shall include the
following steps:
a) Assessment risks: Identification; Determination of
their source.
b) Development actions plans: Reduce, avoid, retain,
transfer or exploit
c) Implementation of action plans
d) Monitoring and reporting risk management
performance.
e) Continuous improvement risk management
----continuation of steps
4. Evaluate the effectiveness of the various steps in the
assessment of the comprehensive risks faced by the
business firm.
5. Assess if management has developed and
implemented the suitable risk management strategies
and evaluate their effectiveness.
risk profile— highlights all the significant possible
risks
6. Evaluate if management has designed and
implemented risk management capabilities.
7. Assess management's efforts to monitor overall
company risk management performance and to
improve continuously the firm's capabilities.
8. See to it that best practices as well as mistakes are
shared by all. This involves regular communication of
results and feedbacks to all concerned.
9. Assess regularly the level of sophistication of the
firm's risk management system.
10. Hire experts when needed.
CHAP 12
MANAGING AND REDUCING FINANCIAL
RISK
Finance— is the lifeblood of a business, heavily
influencing strategies and decisions at every level.
1.Improving Profitability
A. Variance Analysis - used to monitor and manage
the results of past decisions, assess the current
situation and highlight solutions.
B. Assessment of Market Entry and Exit Barriers
— include the need to compete with businesses that
enjoy economies of scale, or established differentiated
products.
Other barriers include capital requirements, access to
distribution channels, factors independent of scale
C. Break-even Analysis
The break-even point— is when sales cover costs,
where neither a profit nor a loss is made.
Break-even analysis— (cost-volume-profit or CVP
analysis) is used to decide whether to continue
developing a product, alter the price, provide or adjust
a discount, or change suppliers to reduce costs. It is
also helps in managing the sales mix, cost structure
and production capacity, as well as in forecasting and
budgeting.
D. Controlling Costs
 Focus on the big items of expenditure.
 Be cost aware— Casualness is the enemy of cost
control.
 Maintain a balance between costs and quality.
 Use budgets for dynamic financial management—
Budget early so financial requirements are known
as soon as possible.
 Develop a positive attitude to budgeting.
 Eliminate waste
Practical Techniques to Improve Profitability
 Focus decision-making on the most profitable
areas.
 Decide how to treat the least profitable products.
 Make sure new products enhance overall
profitability.
 Manage development and production decisions.
 Set the buying policy.
 Consider how to create greater value from existing
customers and products to enhance profitability.
 Consider how to increase profitability by managing
people.
 Avoiding Pitfalls

5 MOST SIGNIFICANT TYPES OF RISK

CATALYST
1.Technology. New hardware, software or system
configurations
2. Organizational change. new management
structures or reporting lines, new strategies
3. Processes. New products, markets and acquisitions
4. People. Hiring new employees, losing key people,
poor succession planning,
5. External factors. Changes to regulation and
political, economic or social

APPLY A SIMPLE RISK MANAGEMENT

PROCESS
A. Risk Assessment and Analysis
—It is more difficult to assess the risks inherent in a
business decision than to identify them. Can also be
solved through past experiences
B. Risk Management and Control
— Risk should be actively managed and given a high
priority across the whole organization. Risk
management procedures and techniques should be well