Chapter 11 It is through risk management that risks to any specific program are assessed and

systematically managed to reduce risk to an acceptable level. Risks can come from:
Risk Management
1. Uncertainty in the financial market
INTRODUCTION
2. Project failures
Effective governance cannot be attained without risk management because the latter is 3. Legal liabilities
recognized as one of the most important competencies needed by the board of directors of 4. Credit risk
modern organizations, large and SMEs. 5. Accidents
6. Natural causes
The levels of risks faced by businesses increased because of the growing sophistication of
7. Disasters
organizations, globalization, modern technology, and the impact of corporate scandals. Top
8. Deliberate attack from adversary or events of uncertain or unpredictable root – cause.
management should consider adequate knowledge of risk management.
BASIC PRINCIPLES OF RISK MANAGEMENT
RISK MANAGEMENT DEFINED
ISO identifies basic principles of risk management:
M A D
It should: ABCs
It is the process of measuring and assessing risk and developing strategies to manage it.
✓ Address uncertainty and assumptions.
I A C
✓ Be dynamic, iterative, transparent, tailorable, and responsive to change.
It is a systematic approach to identifying, analyzing, and controlling areas or events with a ✓ Be an integral part of the organizational processes and decision-making.
potential for causing unwanted change. ✓ Be systematic, structured, and continually or periodically reassessed.
✓ Create capability of continual improvement and enhancement considering the best
It is the act or practice of controlling risk including risk planning, assessing risk areas,
available information and human factors.
developing risk handling options, monitoring risks to determine how risks have changed, and
✓ Create value – resources spent to mitigate risk should be less than (<) the
documenting the overall risk management program.
consequences of inaction, and benefits should exceed the cost.
INTERNATIONAL ORGANIZATION OF STANDARD (ISO 31000)
DEFINITIONS:
According to ISO 31000,
▪ Risk - effect of uncertainty on objectives.
DEFINITION: Risk management is the identification, assessment, and prioritization of risks ▪ Risk management - coordinated activities to direct and control an organization
followed by the coordinated and economical application of resources to minimize, monitor, concerning risk.
and control the probability and/or impact of unfortunate events and to maximize the realization ▪ Event - occurrence or change of a particular set of circumstances.
of opportunities. I A & P C E 2 M M C & M ▪ Consequence - the outcome of an event affecting objectives.
Likelihood - chance of something happening.
 PROCESS OF RISK MANAGEMENT
Standard ISO 3100 “Risk management – Principles and Guidelines on Implementation” the
process of risk management consists of several steps as follows:
PURPOSE OF RISK MANAGEMENT
1. Establishing the Context
✓ Creation and protection of value
a. Identification of risk in a selected domain of interest
✓ Improves performance, encourages innovation, and
b. Planning the remainder of the process
supports the achievement of objectives.
c. Mapping out the:
• The social scope if risk management
• The identity and objectives of stakeholders
• The basis upon which risks will be evaluated, constraints.
d. Defining a framework for the activity and an agenda for identification
e. Developing an analysis of risks involved in the process.
• Integrated - risk management is an integral part of all organizational activities.
f. Mitigation or Solution of risks using available technological, human, and
• Structured and comprehensive - a structured and comprehensive approach to risk
organizational resources.
management contributes to consistent and comparable results.
2. Identification of potential risks. Risk identification can start with the analysis of the
• Customized - the risk management framework and process are customized and
source of the problem or with the analysis of the problem itself. Common risk
proportionate to the organization’s external and internal context related to its objectives.
identification methods are:
• Inclusive - appropriate and timely involvement of stakeholders enables their knowledge,
a. Objective–based risk
views, and perceptions to be considered. This results in improved awareness and informed
b. Scenario-based risk
risk management.
c. Taxonomy–based risk
• Dynamic - risks can emerge, change, or disappear as an organization’s external and
d. Common – risk checking
internal context changes. Risk management anticipates, detects, acknowledges, and
e. Risk charting.
responds to those changes and events in an appropriate and timely manner.
3. Risk assessment. Once risks have been identified, their potential severity of impact and
• Best available information - the inputs to risk management are based on historical and the probability of occurrence must be assessed. The assessment process is critical to
current information, as well as on future expectations. Risk management explicitly make the best-educated decisions in prioritizing the implementation of the risk
considers any limitations and uncertainties associated with such information and management plan.
expectations. Information should be timely, clear, and available to relevant stakeholders.
• Human and cultural factors - human behavior and culture significantly influence all
aspects of risk management at each level and stage.
• Continual improvement - risk management is continually improved through learning and
experience.
 RELEVANT RISK TERMINOLOGIES
I. Risks Associated With Investments
An integral part of management and decision-making Although a single risk premium (call premium) must compensate the investor for all the
and integrated into the structure, operations, and uncertainty associated with the investment, numerous factors may contribute to investment
processes of the organization. uncertainty:
Applied at strategic, operational, program, or project
levels. • Business risk
• Financial risk
• Liquidity risk
• Default risk
• Interest rate risk
• Management risk
ELEMENTS OF RISK MANAGEMENT • Purchasing power risk
In practice, the process of assessing overall risks can be difficult, and balancing resources to BUSINESS RISK
mitigate between risks with a high probability of occurrence but lower loss versus a risk with
It refers to the uncertainty about the rate of return caused by the nature of the business. It is
high loss but lower probability of occurrence can often be mishandled. Ideal risk
related to the sales volatility as well as to the operating leverage of the firm caused by fixed
management should minimize spending on manpower or other resources and at the same time
operating expenses.
minimize the negative effect of risks.
The most frequently discussed causes of business risk are:
The performance of assessment methods should consist of the following elements:
• Firm’s sales – not guaranteed and will fluctuate as the economy fluctuates or the nature
1. Identification, characterization, and assessment of threats
of the industry changes.
2. Assessment of the vulnerability of critical assets to specific threats
• Operating expenses – firm’s income is related to its operating expenses. If all operating
3. Determination of the risk (i.e. the expected likelihood and consequences of specific
expenses are variable, then sales volatility will be passed directly to operating income.
types of attacks on specific assets)
Most firms, have some fixed operating expenses (depreciation, rent, salaries) cause the
4. Identification of ways to reduce those risks
operating income to be more volatile than sales.
5. Prioritization of risk reduction measures based on a strategy
DEFAULT RISK
It is related to the probability that some or all of the initial investment will not be returned.
The degree of default risk is associated with the financial condition of the company that issues
the security and the security’s rank in claims on assets in the event of default or bankruptcy.
If bankruptcy occurs, creditors including bondholders have a claim on assets before the claim
of ordinary equity shareholders.
FINANCIAL RISK
The firm’s capital structure or sources of financing determine financial risk.
All equity financed – any variability in operating income is passed directly to net income on an
equal percentage basis.
Partially financed by debt that requires fixed interest payments or by preferred share that
requires fixed preferred dividend payments – these fixed charges introduce financial leverage.
This leverage causes net income to vary more than operating income. The introduction of
financial leverage causes the firm’s lenders and its stockholders to view their income streams
as having additional uncertainty. As a result of financial leverage, both investment groups
would increase the risk premiums that they require for investing in the firm.
INTEREST RATE RISK
Money has time value, the fluctuations in interest rates will cause the valuation of an
investment to fluctuate also. Interest rate risk is associated with bond price movements, and
rising interest rates cause bond prices to decline, and declining interest rates cause bond
prices to rise (inverse relationship, vice versa). Movements in interest rates affect investment
alternatives.
For example, as a change in interest rates will impact the discount rate used to estimate
present value of future cash dividends from ordinary shares. This change in the discount rate
will materially impact the analyst’s estimate of the value of a share of ordinary share.
LIQUIDITY RISK
It is associated with the uncertainty created by the inability to sell the investment quickly for
cash. An investor assumes that the investment can be sold at the expected price when future
consumption is planned.
As the investor considers the sale of investment, he or she faces two uncertainties:
1. What price will be received?
2. How long will it take to sell the asset?
Illiquid assets cannot be quickly or easily converted into cash for their fair market value, like
ancient musical instruments or paintings. They tend to be assets that are more unusual or for
which there are fewer buyers. Include houses and other real estate, cars, antiques, private
company interests and some types of debt instruments. Certain collectibles and art pieces are
often illiquid assets as well.
If the price is reduced sufficiently, it may sell, but the investor must make a selling price
concession for the transaction to occur. Lugi
Government treasury bills can be sold immediately with little concession on the selling price.
Such an investment can be converted to cash almost at will and for a price very close to the
price the investor expected.
Liquidity risk for ordinary shares – more complex because they are traded on organized and
active markets, ordinary equity shares can be sold quickly.
Some ordinary equity shares have greater liquidity risk than others due to the thin market. A
thin market occurs when there are relatively few shares outstanding and investor trading
interest is limited. Thin market results in a large price spread (the difference between the bid
price buyers are willing to pay and the ask price sellers are willing to accept). A large spread
increases the cost of trading to the investor which represents liquidity risk.
Investors considering the purchase of illiquid investments – ones that have no ready market or
require price concessions – will demand a rate of return that compensates for the liquidity risk.
MANAGEMENT RISK B. Operations Risk
• Process Stoppage
Decisions made by a firm’s management and board of directors materially affect the risk
• Health and Safety
faced by investors. Areas affected by decisions may include:
• After Sales Service Failure
• Product innovation • Environmental
• Production methods/ Operating leverage (business risk) • Technological Obsolescence
• Financing/ Financial Leverage (financing risk) • Integrity
• Acquisitions– defense decisions made by the management of such firms materially o Management Fraud
affect the risk of the holders of their companies’ securities. o Employee Fraud
o Illegal Acts
PURCHASING POWER RISK
C. Financial Risk
It is the most difficult to recognize than the other types of risk because it is easy to observe • Interest Rates Volatility
the decline in the price of stock or bond, but it is difficult to recognize that the purchasing • Foreign Currency
power of the return you have earned on investment has declined (risen) as a result of inflation • Liquidity
(deflation). • Derivative
It is important to remember that an investor expects to be compensated for forgoing • Viability
consumption today. If an individual is invested in peso – denominated assets (bonds, t-bills, or D. Business Risk
savings account) during the period of inflation, the real or inflation adjusted rate of return will • Regulatory Charge
be less than the nominal or stated rate of return. Thus, inflation erodes the purchasing power of • Reputation
the peso and increases investor risk. • Political
• Regulatory and Legal
II. Risks Associated With Manufacturing, Trading And Service Concern
• Shareholder Relations
A. Market Risk
• Credit Rating
• Product Risk
• Capital Availability Business Interruptions
o Complexity
o Obsolescence
o Research and Development
o Packaging
o Delivery of Warranties
• Competitor Risk
o Pricing Strategy
o Market Share
o Market Strategy
III. Risk Associated With Financial Institutions POTENTIAL RISK TREATMENTS

Financial Non – Financial ISO 31000 suggests that once risks have been identified and assessed, techniques to manage
• Liquidity Risk • Operational Risk risks should be applied. These techniques can fall into one or more of these four categories:
• Market Risk o Systems
1. Risk Avoidance – includes performing an activity that could carry risk. Avoiding risk
o Currency ▪ Information Processing also means losing out on the potential gain that accepting (retaining) the risk may have
allowed. Opportunity gain/loss.
o Equity ▪ Technology Examples:
o Commodity o Customer Satisfaction • Not buying a property or business to not take on legal liability that comes with it.
• Not entering a business to avoid the risk of loss also avoids the possibility of
• Credit Risk o Human Resources earning profits.
o Counterparty o Fraud and Illegal Acts 2. Risk Reduction – also known as optimization involves reducing the severity of the loss
o Trading o Bankruptcy or the likelihood of the loss from occurring. Optimizing risks means finding a balance
o Commercial • Regulatory Risk between the negative risk and the benefit of the operation or activity; and between risk
o Loans o Capital Adequacy reduction and effort applied.
o Guarantees o Compliance Examples:
• Market Liquidity Risk o Taxation • Outsourcing if the outsourcer can demonstrate a higher capability of managing
o Currency Rates o Changing Laws and Policies or reducing risk.
3. Risk Sharing – Sharing with another party the burden of loss or the benefit of gain
o Interest Rates • Environment Risk from a risk, and the measures to reduce a risk.
o Bond and Equity Prices o Politics 4. Risk Retention – Involves accepting the loss or benefit of gain from a risk when it
occurs. Self-insurance falls in this category. All risks that are not avoided are
• Hedged Positions Risk o Natural Disasters transferred or retained by default or any amount of potential loss over the amount
• Portfolio Exposure Risk o War insured is retained risk. This is acceptable if the chance of a very large loss is small or if
• Derivative Risk o Terrorism the cost to ensure greater coverage involves a substantial amount that could hinder the
• Accounting Information Risk • Integrity Risk goals of the organization.

o Completeness o Reputation
o Accuracy • Leadership Risk
• Financial Reporting Risk o Turnover
o Adequacy o Succession
o Completeness
AREAS OF RISK MANAGEMENT SEC Requirement Relative to Enterprise Risk Management of Publicly–Listed Corporation
Applied to corporate finance, risk management is the technique for measuring, monitoring SEC Code of Governance Recommendations 2.11 and its corresponding explanation provide
and controlling the financial or operational risk on a firm’s balance sheet. the following:
The Basel II Framework breaks risks into market risk (price risk), credit risk and operational “The Board should oversee that a sound enterprise risk management (ERM) framework
risk and specifies methods for calculating capital requirements for each these components. is in place to effectively identify, monitor, assess, and manage key business risks. The
risk management framework should guide the Board in identifying units/ business lines
The most encountered areas of risk management include:
and enterprise–level risk exposures, as well as the effectiveness of risk management
1. Enterprise risk management strategies.
2. Risk management activities.
Risk management policy is part and parcel of a corporation’s corporate strategy. The
3. Risk management for megaprojects.
Board is responsible for defining the company’s level of risk tolerance and providing
4. Risk management of information technology
oversight over its risk management policies and procedures.”
5. Risk management techniques in petroleum and natural gas
Principle 12 which deals with strengthening the Internal Control System and Enterprise Risk
A simplified framework for an Enterprise – wide Risk Management Process follows:
Management Framework states that:
“To ensure integrity, transparency and proper governance in the conduct of its affairs,
the company should have a strong and effective internal control system and enterprise
risk management framework.”
RISK MANAGEMENT FRAMEWORK
The Board should oversee that a sound enterprise risk management (ERM) framework is in
place to effectively identify, monitor, assess and manage key business risks. The risk
management framework should guide the Board in identifying units/business lines and
enterprise–level risk exposures, as well as the effectiveness of risk management strategies.
Subject to a corporation’s size, risk profile, and complexity of operations, the Board should
establish a separate Board Risk Oversight Committee (BROC) that should be responsible for
the oversight of a company’s Enterprise Management System to ensure its functionality and
effectiveness. The BROC should be composed of at least three members, the majority of
whom should be independent directors, including the Chairman. The Chairman should not
be the Chairman of the Board or of any other committee. At least one member of the
committee must have relevant thorough knowledge and experience on risk and risk
management.
Subject to its size, risk profile and complexity of operations, the company should have a
separate risk management function to identify, assess and monitor key risk exposures.
STEPS IN THE RISK MANAGEMENT PROCESS
To enhance management’s competence in their oversight role on risk management the
following steps must be followed:
1. Set up a separate risk management committee chaired by a board member.
• The creation of a risk management committee at a board level will demonstrate
the firm’s commitment to adopting an integrated company–wide risk
management system.
2. Ensure that a formal comprehensive risk management system is in place.
• This fully documented formal system will provide a clear vision of the board’s
desire for effective company–wide risk management as well as awareness of the
risks, internal and external, that the company faces.
3. Assess whether the formal system possesses the necessary elements.
• The key elements that the company-wide risk management system should
possess are:
− Goals and objectives
− Risk language identification
− Organization structure
− The risk management process documentation
• The risk organization structure should include formal charters, levels of
authorization reporting lines, and job descriptions.
• The risk management process shall include the following steps:
• Assessment risks: Identification; Determination of their source,
• Development action plans: Reduce, avoid, retain, transfer, or exploit.
• Implementation of action plans
• Monitoring and reporting risk management performance.
• Continuous improvement of risk management capabilities
4. Evaluate the effectiveness of the various steps in the assessment of the
comprehensive risks faced by the business firm.
• Risk assessment step which includes risk identification and determination of
their sources and measurement, represents the foundation for the rest of the
procedures. This step is performed by responsible managers (finance officers,
production managers marketing managers, and human resource managers.
• This process culminates in the presentation of the risk profile or risk map to the
board of directors.
5. Assess if management has developed and implemented suitable risk management
strategies and evaluate their effectiveness.
• The risk profile highlights all the significant possible risks identified, prioritized,
and measured by the risk management system.
• Strategies are developed to manage and resolve these identified risks. These
will include the process, people, management feedback methodologies, and
systems.
• Strategies may include avoidance, reduction, transfer, exploitation, and
retention of risks.
6. Evaluate if management has designed and implemented risk management
capabilities.
• Directors must continue to monitor and assess if management has been
implementing designed risk management capabilities.
• Risk management capabilities include processes, people, reports,
methodologies, and technologies needed. These components should be
complete and aligned for the risk management structure to function effectively.
7. Assess management’s efforts to monitor overall company risk management
performance and to continuously improve the firm’s capabilities.
• Risk management performance must be monitored continuingly and
organizations must be ready to innovate their approaches to be in line with the
changing lines.
• Monitoring is done by all concerned parties such as senior managers, process
owners, and risk owners.
• An independent reviewer can also be appointed to validate results.
8. See to it that best practices as well as mistakes are shared by all.
• This involves regular communication of results and feedbacks to all concerned.
 • These should be an open communication channel to ensure that all risk
management participant particularly senior management, are informed of risk
incidents or threat of risk incident. This will go a long way towards attaining the
company’s risk management vision.
9. Regularly assess the level of sophistication of the firm’s management system.
10. Hire experts when needed.
SEC Code of Governance, Recommendation 2.11:
The Board should oversee that a sound enterprise risk management (ERM) framework is in
place to effectively identify, monitor, assess and manage key business risks. The risk
management framework should guide the Board in identifying units/business lines and
enterprise-level risk exposures, as well as the effectiveness of risk management strategies.
SEC Code of Governance, Recommendation 3.4:
Subject to a corporation’s size, risk profile, and complexity of operations, the Board should
establish a separate Board Risk Oversight Committee (BROC) that should be responsible for
the oversight of a company’s Enterprise Risk Management system to ensure its functionality
and effectiveness. The BROC should be composed of at least three members, the majority of
whom should be independent directors, including the Chairman. The Chairman should not be
the Chairman of the Board or of any other committee. At least one member of the committee
must have relevant thorough knowledge and experience on risk and risk management.
Steps in the risk management process
1. Identify the Potential Risks
2. Analyze and Prioritize the Potential Risks (impact/consequence and
probability/likelihood)
3. Plan for Mitigation or Elimination (for the prioritized risks)
4. Review and Improve
CHAPTER 12
PRACTICAL GUIDELINES IN REDUCING AND MANAGING RISKS
You can’t identify and manage risks without Objectives. If you know what you are achieving,
you could also know what a hindrance for those could be.
Practical Guidelines in Managing and Reducing Enterprise–wide Risk inherent in business
activity are best achieved by applying the principles and techniques appropriate to the
situation.
UNDERSTAND THE NATURE OF THE RISK
The willingness and readiness to take personal and financial risks is a defining characteristic of
the entrepreneurial decision-maker. A study found that European strategies focus on avoiding
and hedging risk, while Anglo–American companies view risk as an opportunity and accept risk
management as necessary to achieve their goals.
Successful businessmen and decision–makers make sure that the risks resulting from their
decisions are measured, understood, and as far as possible, eliminated. They also go beyond
the direct financial perspective and actively manage risk as it affects the whole organization.
Accepting that risks exist is a starting point, but it is most important to create right climate for
risk management. We need to understand why control systems are needed; requires
communication and leadership skills so that standards and expectations are set clearly and
understood.
IDENTIFY AND PRIORITIZE RISKS
Identification of significant risks both within and outside the organization is crucial and allows
to make informed decisions which makes it easier to avoid unnecessary surprises.
Humans are also a considerable factor because people behave differently and inconsistently
when making decisions involving risk. They may be overconfident, overly concerned, or may
overlook the issue risk.
Risk is always with us, “to be alive at all involves some risk”. Identifying risks helps with defining
the categories which they fall. It allows for a more structured analysis and reduces the chances
of a risk being overlooked.
Table 12.1: Typical Areas of Organizational Risk UNDERSTAND WHY RISKS BECOME REALITY

Financial Commercial Strategic Technical Operational Once risks are identified they can be ranked according to their potential impact and the
Accounting Loss of key Marketing, Failure of Product or likelihood of them occurring. This highlight not only where things might go wrong and what their
decisions and personnel and pricing, and plant or design failure, impact would be, but also how, why, and where these catalysts might be triggered.
practices tacit market entry equipment including failure
Five important types of risk catalyst:
knowledge decisions to maintain
supply 1. Technology New hardware, software or system configurations can trigger risks, as can
Treasury risk Failure to Market changes Accidental Client failure new demands on existing information systems and technology. Example: Metro Manila
comply with affecting or negligent Development Authority Chair introduced a congestion change for traffic using the centre of
legal commercial actions
the city.
regulations or decisions (due (such as fire,
2. Organizational change Risks are triggered by new management structures or reporting
codes of to customers pollution,
practice and/or floods) lines, new strategies and commercial agreements (mergers, agency or distribution
competitors) agreements).
Fraud Contract Political or Breakdown in 3. Processes New products, markets and acquisitions all cause change and can trigger
conditions regulatory labour relations risks. Example: launch of New Coke by Coca-Cola.
developments 4. People Hiring new employees, losing key people, poor succession planning, or weak
Robustness of Poor brand Resource Corporate people management can all create dislocation, but the main danger is behavior: from
information management building and malpractice laziness to fraud, exhaustion and simple human error can trigger this risk.
management or handling of resource (such as sex 5. External factors Changes to regulation and political, economic or social developments
systems crisis allocation discrimination) can all affect strategic decisions by bringing to the surface risks that may have lain hidden.
decisions Example: SARS and COVID-19 spread.
Inefficient Market Political
cash changes change APPLY A SIMPLE RISK MANAGEMENT PROCESS
management
The stages of managing the enterprise-wide risk inherent in decisions are simple.
Inadequate
insurance 1. Assess and analyze the risks resulting from a decision by systematically identifying and
CONSIDER THE ACCEPTABLE LEVEL OF RISK quantifying them.
First step is to determine the nature and extent of the risks the business will accept. This 2. Consider how best to avoid or mitigate them.
involves assessing the likelihood of risks becoming reality and the effect they would have if 3. In parallel with the second stage, take action to manage control and monitor the
they did. When this is understood, measures can be taken to minimize the incidence and risks.
impact of such risks.
A. Risk Assessment and Analysis
There is also an opportunity cost associated with risk: avoiding a risk may mean avoiding
potentially big opportunity. Sometimes the greatest risk is to do nothing. It is more difficult to assess the risks inherent in a business decision than to identify them.
Risk that leads to frequent losses (such as increasing incidence of employee-related problems
or difficulties with suppliers) can often be solved using past experience.
Unusual or infrequent losses are harder to quantify. Risks with little likelihood of occurring in
the next years are not important to a company focused on meeting shareholders’ shorter-
term expectations. Thus, it is sensible to quantify the potential consequences of identified
risks and then define courses of action to remove or mitigate them.
Each category of risk can be mapped in terms of both likely frequency and potential impact,
with the potential consequences being ranked on a scale ranging from inconvenient to
catastrophic.
B. Risk Management and Control
Risk should be actively managed and given a high priority across the whole organization. Risk
management procedures and techniques should be well documented, clearly communicated,
regularly reviewed, and monitored. To successfully manage risks, you must know what they are,
what factors affect them, and their potential impact.
Risks falling in the top-right quadrant require urgent action. Risks in the bottom-right quadrant
(total/significant control, major/critical impact) should not be ignored because complacency,
mistakes and a lack of control can turn the risk into a reality.
Once the inherent risks in a decision are understood, the priority is to exercise control. All
employees must know that unnecessary risk-taking is unacceptable. They should
understand what risks are, where they lie, and their role in controlling them.
To achieve this they must:
• share information.
• prepare and communicate clear guidelines.
• establish control procedures and risk measurement systems.
Avoiding and Mitigating Risks
Start by reducing or eliminating those risks that result only in costs: the non-trading risks.
It can be thought of as fixed costs of risk (might include property damage risks, legal and
contractual liabilities, and business interruption risks). Reducing these risks can be achieved
through quality assurance programs, environmental control processes, enforcing health and
safety regulations, installing accident prevention and emergency equipment and training
people to use it, and taking security measures to prevent crime, sabotage, espionage, and
threats to people and systems. Reducing risk may also mean that the cost of insuring against it
goes down.
Risks can be reduced or mitigated by sharing them. Example: acceptable service
agreements from vendors, joint ventures, and licensing and agency agreements. To reduce the
chance of things going wrong, focus on the quality of what people do (doing the right things
reduces risks and costs).
Risk management relies on accurate, timely information. Management information systems
should provide details of the likely areas of risk, and the information needed to control the risks.
The information must reach the right people at the right time so that they can investigate and
take corrective action.
Create a Positive Climate for Managing Risk
Recognizing the need to manage risk is not enough. The ethos of an organization should
recognize and reward behavior that manages risk. This requires a commitment by senior
managers and the resources (including training) to match.
At times, control systems are seen only as an additional overhead and not as something that
can add value by ensuring the effective use of assets, the avoidance of waste, and the success
of key decisions.
Overcoming the Fear of Risk
Taking risks is needed to keep ahead of the competition. Employees need to understand better
what the real risks are, share responsibility for the risks being taken, and see risk as an
opportunity, not a threat. Understanding how organizations manage risk effectively is
important, but managing risk is only one strategy.
Another approach is to look for ways to use the risk to achieve success by adding value or
outstripping competitors – or both. To do this, organizations need to stop taking the fun out of
risk by controlling it in ways that are perceived as bureaucratic and stifling. Risk is both
desirable and necessary. It provides opportunities to learn and develop and compels people to
improve and effectively meet the challenge of change.
C. Controlling and Monitoring Enterprise-Wide Risk
The following questions should be answered truthfully and positively will assist managers in
deciding how to manage the risks that confront the business enterprise.
o Where are the greatest areas of risk relating to the most significant strategic decisions?
o What level of risk is acceptable for the company to bear?
o What are the potentially disclosing events that could inflict the greatest damage on your
organization?
o What are the risks inherent in the organization’s strategic decisions and what is the
organization’s ability to reduce their incidence and impact on the business?
o What is the overall level of exposure to risk? Has this been assessed and is it being
actively monitored?
o What are the costs and benefits of operating effective risk management controls?
o What review procedures are in place to monitor risk?
o Are there risks inherent in strategic decisions (such as acquiring a new business
developing a new product or entering a new market) adequately understood?
o At what level in the organization are the risks understood and actively managed? Do
people fully realize the potential consequences of their actions and are they equipped
to understand avoid control or mitigate risk?
o To what extent would be company be exposed if key staff left?
o If there have been major developments such as a new management structure or
reporting arrangements are the new responsibilities understood and accepted?
o Are management information systems keeping pace with demands? Are there
persistent block spots - priority areas where the system needs to be improved their
overhauled?
o Do employees resent risk or are they encouraged to view certain risks as opportunities?
PRACTICAL CONSIDERATIONS IN MANAGING AND REDUCING FINANCIAL RISK
Finance is the lifeblood of a business, heavily influencing strategies, and decisions at every
level.
Many managers find it difficult to get to grips with financial issues and, as the 2008 global
financial crisis revealed, many lost touches with basic financial ground rules.
Profitability, cash flow, long-term shareholder value, and risk all need to be considered
when setting and reviewing strategy. This section provides practical guidance about financial
decisions and explains how to:
• Improve profitability
• Avoid pitfalls in making financial decisions;
• Reduce financial risk
Improving Profitability
Entrepreneurial flair and financial rigor are as much about attitude as skill. Nonetheless, certain
skills will ensure that decisions are focused on commercial success.
• Variance Analysis
Interpreting the differences between actual and planned performance is crucial. Variance
analysis is used to monitor and manage the results of past decisions, assess the current
situation, and highlight solutions.
Common causes of variances include inefficiency, poor or flawed planning (relying on
historically inaccurate information), poor communication, interdependence between
departments, and random factors. Every business should use variance analysis but in a
practical pragmatic and cost-effective way.
• Assessment of Market Entry and Exit Barriers
How easy or difficult it is to either enter or leave a market is crucial in strategic decision-making.
Entry barriers include:
• The need to compete with businesses that enjoy economies of scale.
• Established differentiated products.
Other barriers include:
• capital requirements.
• access to distribution channels.
• factors independent of scale (technology or location)
• regulatory requirements
When markets are difficult or costly for competitors to enter and relatively easy and
affordable to leave, firms can achieve high, stable returns, while still being able to leave for
other opportunities. Consider where the barriers to entry lie for your market sector, how
vulnerable you are to new entrants, and whether you can strengthen and entrench your market
position.
• Break-even Analysis
The break-even point is when sales cover costs, where neither a profit nor a loss is made. It
is calculated by dividing the costs of the project by the gross profit at specific dates, making
sure to allow for overhead costs.
Break-even analysis (cost-volume-profit or CVP analysis) is used to decide whether to:
• continue developing a product.
• alter the price.
• provide or adjust a discount.
• change suppliers to reduce costs.
It also helps in managing the sales mix, cost structure, and production capacity, as well as in
forecasting and budgeting.
• Controlling Costs
To control costs:
o Focus on the big items of expenditure. Categories cost into major or peripheral items.
Often, undue emphasis is given to 80% of activities accounting for 20% of costs.
o Be cost aware. Casualness is the enemy of cost control. Focusing on major items of
expenditure can cut the cost of peripheral items. Costs can be reduced over the
medium to long term by managers’ attitudes to cost control and the effects of expenses
on cash flow.
o Maintain a balance between costs and quality. Having the best value means
achieving a balance between the price paid and the quality received.
o Use budgets for dynamic financial management. Budget early so financial
requirements are known as soon as possible. Consider the best time period for the
budget. Some larger firms have moved to rolling budgets, getting managers to forecast
the budget needed. Budgets provide a starting point for cash flow forecasts and
revenues, and they also play an essential role in monitoring costs and revenues.
o Develop a positive attitude to budgeting. People need to understand, accept, and use
the budget, feeling a sense of ownership and responsibility for developing, monitoring,
and controlling it.
o Eliminate waste. For decades, leading Japanese companies have directed much of
their cost-management efforts toward waste elimination. They achieve this by using
techniques such as process analysis, mapping, and re-engineering.
Practical Techniques to Improve Profitability
Some practical techniques to improve profitability:
o Focus decision-making on the most profitable areas. Concentrate on products and
services with the best margin to protect and enhance profitability. It involves redirecting
sales and advertising activities.
o Decide how to treat the least profitable products. These often drift, with dwindling
profitability. Turn around a poor performer (by reducing costs, raising prices, altering
discounts, or changing the product) or abandon it to prevent the drain on resources and
reputation. The shelf-life and appeal of the product must be considered when deciding
to continue or discontinue it.
o Make sure new products enhance overall profitability. New product development
focuses on market needs or the production process, with insufficient regard to cost,
price, sales volume, and overall profitability, which are inextricably linked.
o Manage development and production decisions. The amount spent on research, as
well as the priorities and methods used, affect profitability. Too little expenditure may
increase costs in the long term.
o Set the buying policy. For example, should there are small number of preferred
suppliers or a bidding system among a wider number of potential suppliers? Also,
consider techniques for controlling delivery charges, monitoring exchange rates,
improving quality control, reducing inventory, and improving production lead times.
o Consider how to create greater value from existing customers and products to
enhance profitability. Ask:
− How can customer loyalty (and repeat purchasing) be enhanced?
− How can the sales proposition be made more competitive relative to
the opposition?
− How can existing markets, sales channels, products, brand reputation,
and other resources be adapted to exploit new markets and new
opportunities?
− How can sales expenses be reduced?
− How can the effectiveness of marketing activities be increased?
 • Consider how to increase profitability by managing people. Successful leadership is
a prerequisite for profitability. People need to be motivated and supported, and this
means rewarding them fairly for their work, training and developing them, providing a
clear sense of direction, and focusing on the needs of the team, the task, and the
individual.
There are many techniques for assessing the likely profitability of an investment. One of the
most used is to apply discounted cash flows in evaluating capital investment programs.
• Avoiding Pitfalls
Many managers have financial responsibilities, and their decisions will often be influenced by
or have an impact on other parts of the business. The following principles will help avoid
flawed financial decision-making:
Financial expertise must be widely available
Every manager needs to understand why successful financial management increases
profits. People need to own their part of the financial control process, to have the
information and expertise needed to routinely make the best financial decisions.
• Reduce Financial Risk Positive Replies to the Following Questions Would Assist Top
Management to managing financial Risk
a. Are the most effective and relevant performance measures in place to monitor
and assess the effectiveness of financial decisions?
b. Have you analyzed key business ratios recently? How useful are your
performance indicators? What are the main issues? Are you measuring the right
things?
c. Is there a positive attitude to budgets and budgeting?
d. Does decision-making focus on the most profitable products and services, or is
it preoccupied with peripheral issues?
e. What are the least profitable parts of the organizations? How will they
improved?
f. Are market and customer decisions focused on improving profitability? Too
often, attention if given to non-financial objectives, such as increasing market
share, without adequately considering the financial risks and alternatives.
g. How efficiently is cash managed? Do your strategic business decisions take
account of cash considerations, such as the time value of money?

Consider the impact of financial decisions

Do not ignore or underestimate the wider impact of finance issues upon other departments and
decisions.

Avoid weak budgetary control

Budgets are an active tool to help make financial decisions, NOT merely a way to measure
performance.

Understand the impact of cash flow

Non-financial managers often ignore cash flows and the time value of money. Everyone should
be aware of the importance of cash to the organization.

Know where the risk lies

Identifying risks and how to reduce them is crucial to successful financial decision-making. For
example, managers need to know not only where the break-even point is, but also how and
when it will be reached.