Risk Management Mid Assignment

A project by Wikipedia’s team

SUBMITTED BY “WIKIPEDIA’S”

NO STUDENT NAME ROLL NUMBER1 ABDUL REHMAN 132622 ZEESHAN AHMAD 13235

3 AHMAD NUMAN 132714 TAHIRA SIDIQUI 133045 WAQAS 13270

SUBMITTED TOSIR ASIF MASOOD

TOPICSTRATEGIC RISK

SUBMISSION DATE29/OCTOBER /2015

Superior University Lahore

R I S K M A N A G E M E N T


ACKNOWLEDGEMENT

First of all we are thankful to Almighty Allah who in spite

of all our weaknesses enabled us for this type of project.

We are also indebted to our teacher “SIR ASIF” for their

kind of guidance and supervision. Under their direction

we get the opportunity to polish our concealed qualities

and skill moreover, their timely help paved a way for us

to complete our work. It was surely their method of

teaching & eagerness for imparting knowledge that we

did not find much difficulty to give in to our thoughts and

information. They motivated us to work hard and to

achieve high-level performance. The development of this

project has enabled us to better understand the contents

of the course. We feel highly privilege to ascribe the most

and ever burning flame of our gratitude and deep scene

of devotion to MR ASIF who taught us “RISK

MANAGEMENT” with heart and also gave guidelines to

this work.

Further on, we are grateful to our parents it is the result

of their prayers that we are succeeded.



We dedicate this project to our highly regarded teacher Mr. Asif who provided us with all the guidelines to prove ourselves. We are grateful to him for giving us this opportunity to explore new dimensions which will help us in a long run. He guided us and taught us with different techniques, which enabled us to complete this project, as well as for unconventional style of teaching and maintaining very open and competitive atmosphere within the class, which made the subject very interesting for us the most important thing is that the knowledge which



we have studied in our subject was all that same which we observed practically.

What is risk?

A probability or threat of damage, injury, liability, loss, or any other negative

occurrence that is caused by external or internal vulnerabilities, and that may be

avoided through preemptive action.

The probability that an actual return on an investment will be lower than the expected

return.

The possibility that something bad or unpleasant (such as an injury or a loss) will

happen that may cause something bad or unpleasant to happen a person or thing

(By Merriam-Webster)

Business risks are the factors that could prevent or hinder the achievement of organizational

goals and objectives

Definition of risk according to different aspects

Finance:



The possibility that an actual return on an investment will be lower than the expected

return.

Insurance:

A situation where the probability of a variable (such as burning down of a building) is known

but when a mode of occurrence or the actual value of the occurrence (whether the fire will

occur at a particular property) is not. A risk is not an uncertainty (where neither the probability

nor the mode of occurrence is known), a peril (cause of loss), or a hazard (something that

makes the occurrence of a peril more likely or more severe).

Securities trading:

The probability of a loss or drop in value.

Workplace:

Product of the consequence and probability of a hazardous event or phenomenon. For

example, the risk of developing cancer is estimated as the incremental probability of developing

cancer over a lifetime as a result of exposure to potential carcinogens (cancer-causing

substances).

Examples of risk

A teenager knows that she will be grounded if she chooses to invite friends over after

school instead of doing her homework, but also knows that the likelihood of her parents

finding out she did so is slight. If the teenager chooses to invite her friends over she is

taking a risk of getting in trouble with her parents.

A 55-year old man wants to quickly increase his retirement fund. In order to do so at a

rapid pace, he must change his investments to those that could either yield higher

results or completely fail, in which case he would lose his retirement. If the man chooses



to move his investments to those in which he could possibly lose his money, he is a

taking a risk.

What is risk management?

Risk management refers to the practice of identifying potential risks in advance, analyzing them

and taking precautionary steps to reduce/curb the risk. The identification, analysis, assessment,

control, and avoidance, minimization, or elimination of unacceptable risks is risk management.

The Risk Management Process involves:

1. Identify Potential Exposures To Loss

2. Measure Frequency and Severity

3. Examine Alternatives

4. Decide Which Alternatives To Use

5. Implement The Chosen Techniques

6. Monitor Results

Why manage risks?

There are many reasons for managing risk. Here are some:

Saves resources: people, income, property, assets, time



Protects public image

Protects people from harm

Prevents/reduces legal liability

Protects the environment

Risk management standards

A number of standards have been developed worldwide to help organizations implement risk

management systematically and effectively. These standards seek to establish a

common view on frameworks, processes and practice, and are generally set by

recognized international standards bodies or by industry groups.

ISO 31000 2009 – Risk Management Principles and Guidelines

IRM/Alarm/AIRMIC 2002 – developed in 2002 by the UK’s 3 main risk organizations.

ISO/IEC 31010:2009 - Risk Management - Risk Assessment Techniques

COSO 2004 - Enterprise Risk Management - Integrated Framework

Strategies to manage risk

Avoid it

Reduce it

Transfer it

Accept it

Each strategy has its own advantages and disadvantages, and you’ll probably end up using all

four. Sometimes it may be necessary to avoid a risk, and other times you’ll want to reduce it,

transfer it, or simply accept it. Let’s look at what those terms mean, and how to decide on the

right classification to use for each of your own business risks.

Avoid the Risk

Sometimes, a risk will be so serious that you simply want to eliminate it, for example by

avoiding the activity altogether, or using a completely different approach. If a particular



type of trading is very risky, you may decide it’s not worth the potential reward, and

abandon it.

The advantage of this strategy is that it’s the most effective way of dealing with a risk. By

stopping the activity that’s causing the potential problems, you eliminate the chance of

incurring losses. But the disadvantage is that you also lose out on any benefits too. Risky

activities can be very profitable, or perhaps have other benefits for your company. So this

strategy is best used as a last resort, when you’ve tried the other strategies and found that the

risk level is still too high.

Reduce the Risk

If you don’t want to abandon the activity altogether, a common approach is to reduce the

risk associated with it. Take steps to make the negative outcome less likely to occur, or to

minimize its impact when it does occur.

With our earlier case, “Key client XYZ Corp is late paying its invoice”, for example, we could

reduce the likelihood by offering an incentive to the client to pay its bills on time. Maybe a 10%

discount for early payment, and a penalty for late payment. Dealing with late-paying customers

can be tricky, and we covered it more in our tutorial on managing cash flow more efficiently,

but these are a couple of options. In the same example, we could reduce the impact by

arranging access to a short-term credit facility. That way, even if the client does pay late, we

don’t run out of money. For more on short-term borrowing options like factoring and lines of

credit, see our tutorial on borrowing money to fund a business.

Transfer the Risk

We’re all familiar with the concept of insurance from our everyday lives, and the same

applies in business. An insurance contract is basically a transfer of risk from one party to

another, with a payment in return.

When you own a home, for example, there’s a big risk of losses from fire, theft, and other

damage. So you can buy a home insurance policy, and transfer that risk to the insurance



company. If anything goes wrong, it’s the insurance company that bears the loss, and in

return for that peace of mind, you pay a premium. When you own a business, you have the

option to transfer many of your risks to an insurance company as well. You can insure your

properties and vehicles, and also take out various types of liability insurance to protect yourself

from lawsuits. We’ll look at insurance in more detail in the next tutorial in the series, but it’s a

good option for dealing with risks that have a large potential impact, as long as you can find an

affordable policy.

Accept the Risk

As we’ve seen, risk management comes at a price. Avoiding a risk means constricting your

company’s activities and missing out on potential benefits. Reducing a risk can involve costly

new systems or cumbersome processes and controls. And transferring a risk also has a cost,

for example an insurance premium.

So in the case of minor risks, it may be best simply to accept them. There’s no sense investing in

a whole new suite of expensive software just to mitigate a risk that wouldn’t have had a very

big impact anyway. For the risks that received a low score for impact and likelihood, look for a

simple, low-cost solution, and if you can’t find one, it may be worth simply accepting the risk

and continuing with business as usual.

Types of risks

Businesses face all kinds of risks, some of which can cause serious loss of profits or even

bankruptcy. The main types of risk to consider are:

Strategic risk

Compliance risk Financial risk

Operational risk

Reputational risk

Other risks

Strategic risk



It’s the risk that your company’s strategy becomes less effective and your

company struggles to reach its goals as a result. It could be due to technological

changes, a powerful new competitor entering the market, shifts in customer

demand, spikes in the costs of raw materials, or any number of other large-scale

changes. Strategic risks result directly from operating within a specific industry at a specific

time. So shifts in consumer preferences or emerging technologies that make your product-line

obsolete--eight-track, anyone--or other drastic market forces can put your company in danger.

To counteract strategic risks, you’ll need to put measures in place to constantly solicit feedback

so changes will be detected early.

Compliance risk

Risks associated with compliance are those subject to legislative or bureaucratic rule and

regulations, or those associated with best practices for investment purposes. These can

include employee protection regulations like those imposed by the Occupational Safety and

Health Administration (OSHA), or environmental concerns like those covered by the

Environmental Protection Agency (EPA) or even state and local agencies.

Financial risk

Direct financial risks have to do with how your business handles money. That is, which

customers do you extend credit to and for how long? What is your debt load? Does

most of your income come from one or two clients who might not be able to pay?

Financial risks also take into account interest rates and if you do international business,

foreign exchange rates.

Operational risk

Operational risks result from internal failures. That is, your business’s internal

processes, people or systems fail unexpectedly. Therefore, unlike a strategic risk or a

financial risk, there is no return on operational risks. Operational risks can also result

from unforeseen external events such as transportation systems breaking down, or a supplier

failing to deliver goods.



Reputational risk

There are many different kinds of business, but they all have one thing in common: no matter

which industry you’re in, your reputation is everything. Loss of a company’s

reputation or community standing might result from product failures, lawsuits or

negative publicity. Reputations take time to build but can be lost in a day. In this

era of social networking, a negative Twitter posting by a customer can reduce earnings

overnight. According to Matt McGee, a search engine optimization consultant, “One negative

blog post or product review can spread online in a flash and change the direction of a

company.”

Other risk

Other risks are more difficult to categorize. They include risks from the environment, such as

natural disasters. Difficulties in maintaining a trained staff that has up-to-date skills to operate

your business is sometimes called employee risk management. Health and safety risks not

covered by OSHA or state agencies fall into this category as do political and economic instability

in countries you import from or export to. Other risks include: environmental risks, including

natural disasters, employee risk management, such as maintaining sufficient staff numbers and

cover, employee safety and up-to-date skills, political and economic instability in any foreign

markets you export goods to, health and safety risks and commercial risks including the failure

of key suppliers or customers.

Strategic risk

Strategic risks can be defined as the uncertainties and untapped opportunities embedded in

your strategic intent and how well they are executed. As such, they are key matters for the

board and impinge on the whole business, rather than just an isolated unit. Strategic risk might

arise from making poor business decisions, from the substandard execution of decisions, from



inadequate resource allocation, or from a failure to respond well to changes in the business

environment.

Strategic risk relates to risk at the corporate level, and it affects the development and

implementation of an organization’s strategy. An example is the risk resulting from an incorrect

assessment of future market trends when developing the initial strategy. In developing a

strategy, an organization makes an assessment of market conditions today. It then goes on to

forecast the various changes that will occur in the market over a period of time. For example, a

company manufacturing personal computers (PCs) might decide to adopt a strategy to include

the development and introduction of faster and faster operating speeds. In doing so the

company will presumably analyses the current market and decide that market research

indicates that there will be a continuing high demand for faster and faster PCs. The strategic

risk element applies in terms of whether or not that strategic decision was correct. It is

reasonable to say that one example of strategic risk is the risk that the strategic decision is

wrong. Strategic risk includes risk relating to the long-term performance of the organization.

This includes a range of variables such as the market, corporate governance and stakeholders.

The market is highly variable and can change at relatively short notice, as can the economic

characteristics of the country or countries in which a given organization is operating The

corporate governance risk of the organization includes risk relating to the reputation of the

organization and the ethics with which it operates. Examples include the reputation of the

organization and its desire to maintain that reputation, perhaps at the expense of innovation or

new developments. Stakeholder risk includes the risk associated with the shareholders,

business partners, customers and suppliers. Shareholder attitudes can change quickly if

dividends fall.

Some typical examples of strategic risks are listed below.

1. The strategic plan might be incorrect.

Incorrect assumptions may have been made.

The environment may have been incorrectly assessed.

Sufficient resources may not be available.



2. The original strategic plan may have been correct but internal changes may have

compromised it.

Internal reorganizations may have led to a loss of efficiency.

Required changes in operational processes may not have been introduced.

Planned changes may not have delivered what was required.

3. The original strategic plan may have been correct but external changes may have

compromised it.

The external environment may have changed significantly.

New competitors may have emerged.

New competing products may have been released.

Statutory controls may have changed.

The plan might not actually represent where the organization really wants to go Strategic risks

are typically external or affect the most senior management decisions. As such, they are often

missed from many risk registers. Board has a responsibility to make sure all these types of risks

are included in their key strategic discussions.

Strategic risks are those that arise from fundamental decisions that directors take concerning

an organization’s objectives. Essentially, strategic risks are the risks of failing to achieve these

business objectives.

Strategic risk is generally more difficult to manage than operational or change/project risk.

Strategic risk tends to be applicable over a long term and is therefore very much time

dependent. Most operational processes tend to continue without significant change over

relatively long periods of time. Many small- to medium-sized change projects are designed and

implemented within a relatively short timescale. They are unlikely to be affected by long-term

changes in the political or economic environment. Strategic risks also tend to be more complex

and difficult to model and assess than operational and change/project risk. It is relatively simple

to analyses attendance records for employees and from that make a prediction on likely

sickness and absenteeism rates through the course of a project. It is much more difficult to



assess the likelihood of occurrence of a significant change in the level of competition that is

characteristic of a given sector. This depends on a whole range of complex and long-term

variables that are very difficult to consider in a form that can be used for modelling and

extrapolation.

Strategic risk rises due to following business factors and reasons as follow:

The risk that insiders (employees) won't act in the best interest of the owners

(stockholders) of a firm.

The risk that business strategy execution will fail.

The risk that your business strategy will be off the mark. For example, invalid sales

forecasts.

The risk of a decline in competitive advantage.

An inability to innovate (failed innovation investments). Some firms struggle to establish

an innovation culture.

The risk that your technology strategy will fail. For example, that your technology KPI

will fall behind the competition.

The risk of intellectual property loss and liability.

Integrating firms is almost always a high risk activity.

The risks associated with organizational change.

The risks associated with program & project failures. In some industries more than 50%

of projects fail.

The risk that marketing and sales forecasts and metrics will fall short of expectations.

For example, the risk of new product development failure.

The risk of operations failures. For example, the risk that logistical problem will cause

orders to be canceled.

The risk of losing key talent to the competition.

The risk of an information security incident. Information security incidents can damage

reputation, cause compliance issues and result in the loss of intellectual property.

The risk that your products, services or corporate execution leads to legal liability issues.



The risk of non-compliance with regulations and law.

The risk of missing sustainability targets or non-compliance with environment laws and

regulations. Sustainability is increasingly important to reputation. It's a central theme of

the principles and ethics of many firms.

The risk of bad publicity or negative relationships with employees, customers, partners,

counterparties and regulators. Reputational risk can be a serious threat to the assets of

a firm.

Risks to the financial health of your firm. For example, the risk that you'll be unable to

raise sufficient capital to fund operations.

The risk of collapse of the global financial system or the financial system of a country.

The risk that the political environment will turn hostile to your firm.

Responsibility for strategic risk management

Strategic risks are determined by board decisions about the objectives and direction of the

organization. Board strategic planning and decision-making processes, therefore, must be

careful.

The UK Cadbury report recommends that directors establish a formal schedule of matters that

are reserved for their decision these should include significant acquisitions and disposals of

assets, investments, capital projects and treasury policies.

To take strategic decisions effectively, boards need sufficient information about how the

business is performing, and about relevant aspects of the economic, commercial, and

technological environments. To assess the variety of strategic risks the organization faces, the

board needs to have a wideness of vision; hence governance reports recommend that a board

be balanced in skills, knowledge, and experience.

For example, the severe problems that the UK’s Northern Rock bank faced were not caused by

a lack of formality. Northern Rock’s approach to risk management was traditional for banking



regulations, but its strategy was based on the assumption that it would continually be able to

access the funds it required. In 2007, its funding was disrupted by the global credit crisis

resulting from problems in the US subprime mortgage market, and UK Government action was

required to rescue the bank.

Managing strategic risks

According to facts and figures and different researches Strategic risk management is a CEO and

board-level priority. Two thirds (67%) of the surveyed companies say the CEO, board or board

risk committee has oversight when it comes to managing strategic risk. The survey shows that

the vast majority of companies (81%) are now explicitly and actively managing strategic risks –

and the results were quite consistent across all regions and industries. What’s more, many

companies are taking a broader view that doesn’t just focus on the risks that might cause a

particular strategy to fail, but on whatever key risks could affect a company’s long-term

positioning and performance. Companies aren’t just increasing their focus on managing

strategic risks; they are changing how they do it. In fact, nearly all respondents (94%) have

changed their approach to strategic risk management over the past three years. The numbers

were slightly lower in EMEA (91%) and slightly higher in Asia/Pacific (96%). Perhaps the biggest

change is that more companies are integrating strategic risk analysis into their overall business

strategy and planning processes. And their efforts seem to be paying off. The survey results

show that 61% of companies now believe their risk management programs are performing at

least reasonably well in supporting the development and execution of business strategy. The

numbers are lower in EMEA (51%) and slightly higher in the Americas (67%) and Asia/ Pacific

(63%). That’s not to say there isn’t significant room for improvement. According to the overall

results, only 13% of companies rate their risk management programs 5 out of 5 in terms of

supporting the development and execution of strategy, and 40% consider them inadequate.

The results are significantly worse in EMEA, where only 5% rate their risk management

programs 5 out of 5 and 49% rate them inadequate.

Strategic risks are often risks that organizations may have to take in order (certainly) to expand

and even to continue in the long term. For example, the risks connected with developing a new



product may be very significant – the technology may be uncertain, and the competition

facing the organization may severely limit sales. However, the alternative strategy may be to

persist with products in mature markets, the sales of which are static and ultimately likely to

decline

An organization may accept other strategic risks in the short term, but take action to reduce or

eliminate those risks over a longer timeframe. Question 2 in the December 2007 exam included

a good example of this sort of risk, concerning fluctuations in the world supply of a key raw

material used by a company in its production. In the scenario, as the problem was global, the

business appeared unable to avoid it, in the short term, by changing supplier. However, by

redesigning its production processes over the longer term, it could reduce or eliminate its

reliance on the material.

Ultimately, some risks should be avoided and some business opportunities should not be

accepted, either because the possible impacts are too great (threats to physical safety, for

example) or because the probability of success is so low that the returns offered are insufficient

to warrant taking the risk. Directors make what are known as ‘go errors’ when they unwisely

pursue opportunities, risks materialize, and losses exceed returns.

However, directors also need to be aware of the potentially serious consequences of ‘stop

errors’ – not taking opportunities that should have been pursued. A competitor may take up

these opportunities, and the profits made could boost its business. So a strategic risk could be

minimize by keeping an active eye on market scenarios by top management and take any

decision with full mutual understanding and proper research and by getting expertise of

specialists in the market.

In considering strategic risk management, the organization is looking to move from current

position A to desired position B as shown in Figure



Current and desired positions Point

A: current position. This is where the company is now. The position is determined by a number

of factors including market position, size, vulnerability, gearing, asset base and so on. Point

B: desired position. This is where the company directors want to be in X years' time. Again, this

position can be determined and described using a wide range of variables.

The direct route to B represents the course upon which the company wishes to progress. In

charting this course, the strategic risk manager can appreciate that there will be a range of both

foreseeable and unforeseeable risks impinging upon this course. Some will be large risks; some

will be small. Some may occur and some may not. Each one that does occur will affect the

course of progression of the organization from A to B. The organization’s strategy to get from A

to B is really the collective management of these numerous competing risks, as shown in

second Figure.

The risks that stand between position A and position B cannot be accurately determined. They

may affect the achievement of the strategy more in some areas than in others. Wholly

unforeseen events might affect the feasibility of navigate between A and B. The net result is

that the company growth suffers deflections as it attempts to implement the strategy or stay on

course. Some risks have a greater impact than the strategy foresaw. Some have a lesser impact.

The net result is a general divergence or ‘set’ from the desired course, as shown in third Figure

below.



In addition, new strategies may be formed within the organization. These may serve to

reinforce or deflect the original strategy.

In order to take account of these variations, most strategies allow a variance envelope. This

permits divergence up to a certain limit, after which a warning is sounded. The variance

envelope typically contracts as a function of time. As the company nears desired position B, the

allowable margin of error must diminish, as shown in forth Figure

Strategy implementation variance envelope

In forth Figure the early shifts from course are acceptable as they remain within the overall

limits of acceptability for the variance envelope. The later divergences, in this case C3 and D,

move outside the limits of acceptability.



Our learningThere are collection of things which we learned during this kind of

project the first thing which is worth mentioning here that how to

coordinate with others and how much it is necessary for

successfulness of any task, our collective learning experience was

advantageous we learn a lot of things which we never have an

idea or experienced before and we just read it out theoretically

on books. We learn what is risk exactly its types how much

strategic risk and its management is necessary for corporate and

get to know its importance and worth. By and large, it was a pleasant and useful

experience. Adding on, we learn how to act as a team in a professional way. We

all learnt the clarity, roles and contribution in a group. We learnt how to mutually

work as a team. We further gain knowledge of how time management is

important while you are engage in any sort of activity, how to execute things on

time and how to plan them so that we can achieve them on time.We also find out



that how conflicts can be tackle out during your work and how collective team

work is important when you are working in a project. By and large, it will prove

fruitful for all of us in future.

Appendices

Websites

business.tutsplus.com/.../the-main-types-of-business-risk--cms-22693

www.simplilearn.com › Free Resources › Finance Management Articles

www.rmahq.org/risk-management

catalog.flatworldknowledge.com/bookhub/1?e=baranoff-ch01_s04

www.munichre.com/en/ir/shareholder-information/.../risk-management

www.rmahq.org/risk-management

www.munichre.com/en/ir/shareholder-information/.../risk-management

https://www.gov.uk/government/publications/strategic-risk-management

www.pwc.com/gx/en/.../risk/.../sharpening-strategic-risk-management/

www.accaglobal.com/content/dam/acca/gb/graduates/risk.pdf

www.bath.ac.uk/management/research/pdf/2006-01.pdf

www.businessinsider.com/9-strategic-risks-

www.protiviti.com/en-us/.../pov/pov-analyzing-strategic-risks-protiviti.pdf

www.strategicrisks.com/



www.stern.nyu.edu/~adamodar/pdfiles/

papers/strategicrisk.pdf

www.conferenceboard.ca/networks/src/

default.aspx


Risk Management Mid Assignment

Documents

Transcript of Risk Management Mid Assignment