Professional Documents
Culture Documents
Lecture 1 Risk and Insurance Lec. 1
Lecture 1 Risk and Insurance Lec. 1
SERVICE EXCELLENCE
LECTURE OBJECTIVES
• Describe different meaning of risk
• Describe internal control measures in identifying and
managing risk
• Analyze the relevance of internal control systems as a
management tool in dealing with risk.
• Study the main classification of internal controls
• Understanding of Risk appetite and risk tolerance
• Exploring the role of risk management committee
SERVICE EXCELLENCE
DIFFERENT MEANING OF
• RISKof meanings in business
The term risk has a variety
and everyday life. At its most general level, risk is
used to describe any situation where there is
uncertainty about what outcomes will occur.
SERVICE EXCELLENCE
Cont.
• In other situations, the term risk may refer to the
expected losses associated with a situation. In
insurance markets e.g. it is common to refer to high-
risk policy holders. (meaning of risk in this context is
that the expected value of losses to be paid by the
insurer is high)
SERVICE EXCELLENCE
Cont.
• Risk as defined by the International Standards
ISO31000 as the ‘effect of uncertainty on
objectives, whether positive or
negative.
• Risk management is concerned with:
• 1. the identification, assessment and prioritisation
of risk and
• 2. measures to minimize, control and monitor the
probability or impact of adverse risk events or to
maximize benefits from opportunities.
SERVICE EXCELLENCE
Risk Management: the Board perspective
SERVICE EXCELLENCE
Cont.
• Essentially, risk management occurs anytime an investor or
fund manager analyzes and attempts to quantify the
potential for losses in an investment and then takes the
appropriate action (or inaction) given their investment
objectives and risk tolerance.
SERVICE EXCELLENCE
• The responsibility of the board effective risk
management came under close scrutiny following
the banking crisis in 2007-2008.
• Many banks were criticised for getting into
financial difficulty because of reckless business
strategies and failing to recognise the business
risk they were taking.
• Business risks are risk to profitability and
financial security that arise from factors in the
business environment, including competition,
over which management has no direct control.
SERVICE EXCELLENCE
• A business must take risk to make profit, but how
much risk should it be prepared to tolerate, and
would it be able to withstand ‘shocks’ in the
business environment if an unexpected event or
development were to occur. (COVID 19)
• The BOD has the responsibility for strategic
decisions on risk, and an important aspect of
corporate governance is for the board to
recognise its responsibilities and ensure that the
risk management system in the firm is effective
SERVICE EXCELLENCE
INTERNAL CONTROL
SERVICE EXCELLENCE
Cont.
SERVICE EXCELLENCE
• Internal controls are part of the internal control systems.
SERVICE EXCELLENCE
The purpose of internal control system and
internal controls
• 1. there should be controls to ensure that the
organization, its systems and procedures operate
in the way that is intended, without disruption or
disturbance.
• 2. There should be controls to ensure that assets
are safeguarded. E.g. There should be controls to
ensure that money received is banked and is not
stolen and that operating assets such as
equipment and computers are not damaged or lost
SERVICE EXCELLENCE
Cont.
• 3. controls should include measures to reduce risk
of fraud
• 4. financial controls should ensure the
completeness and accuracy of accounting records,
and timely preparation of financial information.
• Controls should be in place to ensure compliance
with key regulations such as health, and safety
regulations or in the case of banks, anti-money
laundering regulations
SERVICE EXCELLENCE
CLASSIFICATION OF INTERNAL CONTROLS
SERVICE EXCELLENCE
ELEMENT OF INTERNAL CONTROL SYSTEM
SERVICE EXCELLENCE
Cont.
• It is the responsibility of the board of the
company to ensure that the internal control
systems are effective in preventing losses from
risk event, or identifying risk event and taking
corrective actions when they occur.
SERVICE EXCELLENCE
Risk management specialist
• A risk management specialist is someone who is
responsible for keeping a business on its feet and
bringing in profit.
• However, any business strategy involves taking risk and actual profit may be
higher or lower than expected.
• When very big risks are taken, a company might even become insolvent and
go out of business if actual events turn out much worse than anticipated.
SERVICE EXCELLENCE
• Bad corporate governance can result in
insolvency and collapse of a company, and
excessive risk taking is one aspects of poor
governance.
• The board should take risk into consideration
when it makes strategic business decisions.
• It should choose policies that are expected to be
profitable, but should limit the risk to a level that
it considers acceptable and should also take the
returns into consideration.
SERVICE EXCELLENCE
Significance of Risk Mgt.
SERVICE EXCELLENCE
Risk appetite and risk tolerance
SERVICE EXCELLENCE
Cont.
SERVICE EXCELLENCE
Cont.
• Risk tolerance is therefore a quantified expression of the amount of
risk a company’s board allows the company to accept.
• Risk tolerance is the maximum loss that the board would be willing
to accept on a particular venture if events turn out bad. This type of
risk management is mostly found in banking and risk measures such
as Value at Risk (VaR) are used.
SERVICE EXCELLENCE
Institute of Risk Management(IRM): Risk
appetite and risk tolerance
• The IRM in 2011 issued guidelines on risk appetite and risk
tolerance, which provide some useful insights.
SERVICE EXCELLENCE
Cont.
SERVICE EXCELLENCE
IRM 5 guidelines test for Board to review
company's appetite for risk
• 1. Do managers, when they make decisions, understand the degree to which
they individually are permitted to expose the company to consequences of
an adverse risk event or situation?
• 2. Do managers understand their aggregate interlinked level of risk, so that
they can decide whether the company’s exposure to risk is acceptable or not.
• 3. does the board understand the aggregated risk for the company as a
whole?
• 4. Do managers understand that risk appetite is not constant and that the
board may change its risk appetite as the business environment and
conditions change?
• 5. Are risk decisions made with full consideration of the potential rewards or
returns?
SERVICE EXCELLENCE
The Nature Of Risk
• Risk refers to the possibility that something unexpected or not
planned for will happen. This can be positive or negative.
• BUSINESS RISK: STRATEGIC AND OPERATING RISK
• Business Risk is the possibility a company will have lower
than anticipated profits or experience a loss rather than taking
a profit.
• Business risk is influenced by numerous factors, including
sales volume, per-unit price, input costs, competition, the
overall economic climate and government regulations.
• A company with a higher business risk should choose a
capital structure that has a lower debt ratio to ensure it can
meet its financial obligations at all times.
SERVICE EXCELLENCE
Cont.
• Strategic risks are risks that occur and arise in the external
business environment in which a company operates. The risks
faced by a company are determined by the strategies that the
company pursues.
• Strategic risk is the risk that failed business decisions, or
lack thereof, may pose to a company
• Operating risks are risks of losses that arise through
ineffective controls within the processes and systems of a
company’s business operations.
• Operating risk is risk within an organization; strategic risk is
risk in the external environment. Operating risk can be
classified into three types of risk: operational risk, financial
risk (especially reporting risk), and compliance risk.
SERVICE EXCELLENCE
Categories of Strategic Risk
• Reputation risk. The risk of loss in customer loyalty or customer support
following an event that damages the company’s reputation. Reputation risk
is often associated with risks arising from unethical behavior by a
company, including policies and practices that damage the environment or
affect human rights. This is considered in more detail in the chapter on
corporate social responsibility
• Competition risk. The risk that business performance will differ from
expected performance because of actions taken (or not taken) by business
rivals.
• Business environment risks. These are risks of significant changes in the
business environment from political and regulatory factors, economic
factors, social and environmental factors and technology factors (the so-
called ‘PEST’ factors). For example, business performance may be affected
by the introduction of new regulations, political upheaval in a country,
economic decline or growth, environmental issues, unexpected changes in
social habits, or technological change.
SERVICE EXCELLENCE
Cont.
• Risks from external events. These are risks
that financial conditions may change, with
adverse changes in interest rates or exchange
rates, higher losses from bad debts or changes
in prices in financial markets (such as changes
in share prices).
• Liquidity risk. This is the risk that the
company will have insufficient cash to settle
all its liabilities on time, and so may be forced
out of business.
SERVICE EXCELLENCE
• Each industry and each company within an industry faces different
risks. The questions that management should ask are as follows.
• 1.What risks does this company face?
• 2. How can these risks be measured? It may be possible to assess
the risk in a business in terms of unpredictable variations in key
factors such as sales demand or market prices. High volatility is
associated with high business risk
• 3.For each of these risks, how would the company be affected if the
worst outcome came about, or if a fairly bad outcome happened?
• 4.What is the likelihood of a bad outcome for that risk item?
• 5.What is the company’s risk appetite or risk tolerance?
• 6. What should the company be doing to manage the risk, either by
avoiding it altogether or planning to deal with the problems that
will arise in the event of a bad outcome?
SERVICE EXCELLENCE
Risk Committees and Risk Managers
• Risk committees:
• Responsibilities for risk management vary between companies. An
important distinction should be made between the arrangements
whereby responsibilities for risk management are fulfilled by:
• 1. the board; and
• 2. executive management.
• At board level, responsibility for reviewing the effectiveness of the
risk management system may be delegated by the board to the audit
committee, which is also likely to have responsibility for reviewing
the internal control system.
• Alternatively, the board may prefer to establish a separate risk
committee of the board
SERVICE EXCELLENCE
The advantages of having a separate risk committee
1. It can focus on risk issues and reviewing the company’s risk management
system, without having to concern itself with other issues (such as the
external auditors). It can give advice to the board on matters such as risk
appetite and risk strategy.
2. The composition of the board is not restricted by requirements of the
corporate governance code.
A risk committee should ideally consist mainly of Non Executive Directors
(NEDs) but should also have the finance director as a member.
If the audit committee had responsibility for the oversight of risk
management, the finance director could not be a committee member
(although he or she could be invited to meetings of the audit committee to
give their views).
At executive management level, however, there may be a risk committee
consisting of senior executives, chaired by the CEO. This committee
would be responsible for risk management at an operational level and
should report (through the CEO) to the board on risk matters.
SERVICE EXCELLENCE
The role of a risk committee
• The role of a risk committee may include the following
responsibilities:
• 1. Providing assurance to the board that risk management
and processes for control over risk are effective.
• 2. Where risk areas seem to require particular attention,
making recommendations to the board.
• 3. Providing information to the board to help with strategy
formulation, for example with regard to risk appetite in the
company’s strategy.
• This is achieved by helping the board to understand the key
risks facing the company, its risk tolerances and its defenses
against those risks
SERVICE EXCELLENCE
Risk management policies, systems and
procedures
• To enable the board of directors to carry out its responsibilities
for risk management effectively, there are two essential
requirements.
• 1 Board members should have an understanding of risks and
risk management.
• 2 There should be a risk management system in place that the
board as a whole or the appropriate board committee can review.
• Training in risk management should be particularly important
for members of the board committee (audit committee or risk
committee) with responsibility for reviewing the risk
management system.
SERVICE EXCELLENCE
7 elements in an effective risk management system
Component
1 Internal there must be a culture within the
environment company that recognizes the
importance of risk management and
also ethical behavior
SERVICE EXCELLENCE
• Risk assessment :The assessment of risks calls for
procedures to assess the potential size of the risk. The
expected losses that could occur from adverse events or
developments depend on the:
• 1. probability that an adverse outcome will occur; and
• 2. size of the loss in the event of an adverse outcome.
• Where a risk is unlikely to materialize into an adverse
outcome, and the loss would in any case be small, no
management action might be necessary.
• Where the risk is higher, measures should be taken to
protect the organization so that the remaining exposure to
risk is within the company’s tolerance level and consistent
with its risk appetite.
SERVICE EXCELLENCE
• Risk responses: Risk responses are the measure taken to deal with
strategic risks that have been identified and assessed. The measures
taken to deal with each risk are decided by management, which is
accountable to the board for the measures they take.
• In broad terms, strategic risks can be dealt with by avoiding them
or by taking steps to limit the exposure.
• Some risks can be avoided. For example, a car manufacturer might
be concerned about the risk of losses at a subsidiary specializing in
car repairs, due to the strength of competition in the car repair
industry. It could decide to avoid the risk by selling the subsidiary.
• Many risks have to be accepted as an inevitable feature of
business. For significant risks, a company should decide what
measures might be necessary to reduce the risk to acceptable
proportions. Strategic risks may be reduced through any of the
following measures (some- times called the ‘4 Ts’).
SERVICE EXCELLENCE
• For strategic risks, the possible responses are to:
• 1.Tolerate. Accept the risk, because it is not a significant threat, or because
they are external risks (such as regulatory risks and market risks) over which
the company has no control.
• 2. Transfer. Move some or all of the risk to someone else, for example by
entering joint ventures to share risk or by purchasing insurance against risk
events.
• 3. Trim. Take suitable measures to reduce the risks – by reducing the
probability of an adverse risk event or by reducing the impact if a risk event
occurs
• 4. Terminate. Avoid the risk entirely, by withdrawing from the area of business
operations where the risk exists.
• Measures to manage risk may reduce the risk without eliminating the risk
entirely. When his happens, there is some residual risk, but this should be
within the level or limit that the board is prepared to tolerate. From a corporate
governance perspective, it should be a responsibility of the board to make sure
that risks are reviewed regularly and that management take suitable measures
to deal with them.
SERVICE EXCELLENCE
SERVICE EXCELLENCE