RISK MANAGEMENT

• The process of measuring or assessing risk and developing

strategies to manage it.

• A systematic approach in identifying, analyzing and controlling

areas or events with a potential for causing unwanted change.

• The act or practice of controlling risk; includes risk planning,

assessing risk areas, developing risk handling options, monitoring
risks to determine how risks have changed and documenting
overall risk management program.

• For International Organization of Standardization (ISO 31000), it is

the identification, assessment, and prioritization of risks followed by
coordinated and economical application of resources to minimize,
monitor and control the probability and/or impact of unfortunate
events and to maximize the realization of opportunities.
Basic Principles of Risk Management
For ISO 31000, risk management should:
1. Create value. The resources spent to mitigate risk should be less
than the consequences of inaction, i.e. the benefits should exceed
the costs.
2. Address uncertainty and assumptions.

3. Be an integral part of the organizational processes and decision-

making..

4. Be dynamic, iterative, transparent, tailorable, and responsive to

change.

5. Create capability of continual improvement and enhancement

considering the best available information and humn factors.

6. Be systematic, structured and continually or periodically

reassessed.
Elements of Risk Management

For the most part, the performance of assessment methods should

consist of the following elements.

1. Identification, characterization, and assessment of threats.

2. Assessment of the vulnerability of critical assets to specific threats.

3. Determination of the risk (i.e. the expected likelihood and

consequences of specific types of attacks on specific assets.

4. Identification of ways to reduce those risks.

5. Prioritization of risk reduction measures based on strategy.

Relevant Risk Terminologies
1. Risks Associated with Investments
• Business Risk
- refers to the uncertainty about the rate of return caused by
the nature of the business.
• Default Risk.
- related to the probability that some or all of the initial
investment will not be returned.
• Financial Risk
- determined by the firm’s capital structure or sources of
financing.
• Interest Rate Risk
- fluctuations in interest rates will cause the value of
investment to fluctuate also.
• Liquidity Risk
- associated with the uncertainty created by inability to sell the
investment quickly for cash.
 • Management Risk
- decisions made by the firm’s management and board of
directors materially affecting the risk faced by investors.
• Purchasing Power Risk
- the purchasing power of the return earned on investment
could rise or decline as a result of inflation or deflation.
2. Risks Associated with Manufacturing, Trading, and Service
Concerns
A. Market Risk
- this includes Product Risk (complexity, obsolescence, research
and development, packaging, delivery of warranties) and
Competitor Risk (pricing strategy, market share, market
strategy).
B. Operations Risk
- this involves Process Stoppage, Health and Safety, After Sales
Service Failure, Environmental, Technological Obsolescence,
and Integrity (Management Fraud, Employee Fraud, Illegal Acts)
 C. Financial Risk
- concerns with Interest Rates Volatility, Foreign Currency,
Liquidity, Derivative, Viability.
D. Business Risk
- this is about Regulatory Change, Reputation, Political,
Regulatory and Legal, Shareholder Relations, Credit Rating,
Capital Availability, Business Interruptions.
3. Risks Associated with Financial and Non-Financial Institutions
A. Financial Institutions
- deals with Liquidity Risk, Market Risk (Currency, Equity,
Commodity), Credit Risk (Counterparty, Trading, Commercial
such as Loans and Guarantees), Market Liquidity Risk
(Currency Rates, Interest Rates, Bond and Equity prices),
hedged Positions Risk, Portfolio Exposure Risk, Derivative Risk,
Accounting Information Risk (Completeness, Accuracy) and
Financial Reporting (Adequacy and Completeness)
 A. Non-Financial Institutions
- refers to Operational Risk (Systems including Information
Processing and Technology, Customer Satisfaction, Human
Resources, Fraud and Illegal Acts, and Bankruptcy), Regulatory
Risk (Capital Adequacy, Compliance, Taxation, Changing Laws
and Policies), Environment Risk (Politics, Natural Disasters,
War, Terrorism), Integrity Risk (Reputation), and Leadership
Risk (Turnover and Succession).
Potential Risk Treatments
1. Risk Avoidance
- refers to performing an activity that could carry risk.
2. Risk Reduction
- Also an optimization, this involves reducing the severity of the
loss or the likelihood of the loss from occurring.
3. Risk Sharing
- Means sharing with another party the burden of lost or the
benefit of gain, from a risk, and the measures to reduce a risk.
4. Risk Retention
- This involves accepting the loss or benefit of gain from a risk when
it occurs.
Most Commonly Encountered Areas of Risk Management
1. Enterprise risk management.
2. Risk management activities as applied to project management.
3. Risk manage for megaprojects.
4. Risk management of information technology.
5. Risk management techniques in petroleum and natural gas.

Steps in the Risk Management Process

1. Set up a separate risk management committee chaired by a board
member.
2. Ensure that a formal comprehensive risk management system is in
place.
3. Assess whether the formal system possesses the necessary elements.
4. Evaluate the effectiveness of the various steps in the assessment of
the comprehensive risks faced by the business firm.
5. Assess if management has developed and implemented the suitable
risk management strategies and evaluate their effectiveness.
6. Evaluate if management has designed and implemented risk
management capabilities.
7. Assess management’s efforts to monitor overall company risk
management performance and to improve continuously the firm’s
capabilities.
8. See to it that best practices as well as mistakes are shared by all.

9. Assess regularly the level of sophistication of the firm’s risk

management system.
10. Hire when needed.