Risk Management Mid Assignment
description
Transcript of Risk Management Mid Assignment
Page
1A project by Wikipedia’s team
SUBMITTED BY “WIKIPEDIA’S”
NO STUDENT NAME ROLL NUMBER1 ABDUL REHMAN 132622 ZEESHAN AHMAD 13235
3 AHMAD NUMAN 132714 TAHIRA SIDIQUI 133045 WAQAS 13270
SUBMITTED TOSIR ASIF MASOOD
TOPICSTRATEGIC RISK
SUBMISSION DATE29/OCTOBER /2015
Superior University Lahore
R I S K M A N A G E M E N T
Page
2A project by Wikipedia’s team
ACKNOWLEDGEMENT
First of all we are thankful to Almighty Allah who in spite
of all our weaknesses enabled us for this type of project.
We are also indebted to our teacher “SIR ASIF” for their
kind of guidance and supervision. Under their direction
we get the opportunity to polish our concealed qualities
and skill moreover, their timely help paved a way for us
to complete our work. It was surely their method of
teaching & eagerness for imparting knowledge that we
did not find much difficulty to give in to our thoughts and
information. They motivated us to work hard and to
achieve high-level performance. The development of this
project has enabled us to better understand the contents
of the course. We feel highly privilege to ascribe the most
and ever burning flame of our gratitude and deep scene
of devotion to MR ASIF who taught us “RISK
MANAGEMENT” with heart and also gave guidelines to
this work.
Further on, we are grateful to our parents it is the result
of their prayers that we are succeeded.
R I S K M A N A G E M E N T
Page
3A project by Wikipedia’s team
We dedicate this project to our highly regarded teacher Mr. Asif who provided us with all the guidelines to prove ourselves. We are grateful to him for giving us this opportunity to explore new dimensions which will help us in a long run. He guided us and taught us with different techniques, which enabled us to complete this project, as well as for unconventional style of teaching and maintaining very open and competitive atmosphere within the class, which made the subject very interesting for us the most important thing is that the knowledge which
R I S K M A N A G E M E N T
Page
4A project by Wikipedia’s team
we have studied in our subject was all that same which we observed practically.
What is risk?
A probability or threat of damage, injury, liability, loss, or any other negative
occurrence that is caused by external or internal vulnerabilities, and that may be
avoided through preemptive action.
The probability that an actual return on an investment will be lower than the expected
return.
The possibility that something bad or unpleasant (such as an injury or a loss) will
happen that may cause something bad or unpleasant to happen a person or thing
(By Merriam-Webster)
Business risks are the factors that could prevent or hinder the achievement of organizational
goals and objectives
Definition of risk according to different aspects
Finance:
R I S K M A N A G E M E N T
Page
5A project by Wikipedia’s team
The possibility that an actual return on an investment will be lower than the expected
return.
Insurance:
A situation where the probability of a variable (such as burning down of a building) is known
but when a mode of occurrence or the actual value of the occurrence (whether the fire will
occur at a particular property) is not. A risk is not an uncertainty (where neither the probability
nor the mode of occurrence is known), a peril (cause of loss), or a hazard (something that
makes the occurrence of a peril more likely or more severe).
Securities trading:
The probability of a loss or drop in value.
Workplace:
Product of the consequence and probability of a hazardous event or phenomenon. For
example, the risk of developing cancer is estimated as the incremental probability of developing
cancer over a lifetime as a result of exposure to potential carcinogens (cancer-causing
substances).
Examples of risk
A teenager knows that she will be grounded if she chooses to invite friends over after
school instead of doing her homework, but also knows that the likelihood of her parents
finding out she did so is slight. If the teenager chooses to invite her friends over she is
taking a risk of getting in trouble with her parents.
A 55-year old man wants to quickly increase his retirement fund. In order to do so at a
rapid pace, he must change his investments to those that could either yield higher
results or completely fail, in which case he would lose his retirement. If the man chooses
R I S K M A N A G E M E N T
Page
6A project by Wikipedia’s team
to move his investments to those in which he could possibly lose his money, he is a
taking a risk.
What is risk management?
Risk management refers to the practice of identifying potential risks in advance, analyzing them
and taking precautionary steps to reduce/curb the risk. The identification, analysis, assessment,
control, and avoidance, minimization, or elimination of unacceptable risks is risk management.
The Risk Management Process involves:
1. Identify Potential Exposures To Loss
2. Measure Frequency and Severity
3. Examine Alternatives
4. Decide Which Alternatives To Use
5. Implement The Chosen Techniques
6. Monitor Results
Why manage risks?
There are many reasons for managing risk. Here are some:
Saves resources: people, income, property, assets, time
R I S K M A N A G E M E N T
Page
7A project by Wikipedia’s team
Protects public image
Protects people from harm
Prevents/reduces legal liability
Protects the environment
Risk management standards
A number of standards have been developed worldwide to help organizations implement risk
management systematically and effectively. These standards seek to establish a
common view on frameworks, processes and practice, and are generally set by
recognized international standards bodies or by industry groups.
ISO 31000 2009 – Risk Management Principles and Guidelines
IRM/Alarm/AIRMIC 2002 – developed in 2002 by the UK’s 3 main risk organizations.
ISO/IEC 31010:2009 - Risk Management - Risk Assessment Techniques
COSO 2004 - Enterprise Risk Management - Integrated Framework
Strategies to manage risk
Avoid it
Reduce it
Transfer it
Accept it
Each strategy has its own advantages and disadvantages, and you’ll probably end up using all
four. Sometimes it may be necessary to avoid a risk, and other times you’ll want to reduce it,
transfer it, or simply accept it. Let’s look at what those terms mean, and how to decide on the
right classification to use for each of your own business risks.
Avoid the Risk
Sometimes, a risk will be so serious that you simply want to eliminate it, for example by
avoiding the activity altogether, or using a completely different approach. If a particular
R I S K M A N A G E M E N T
Page
8A project by Wikipedia’s team
type of trading is very risky, you may decide it’s not worth the potential reward, and
abandon it.
The advantage of this strategy is that it’s the most effective way of dealing with a risk. By
stopping the activity that’s causing the potential problems, you eliminate the chance of
incurring losses. But the disadvantage is that you also lose out on any benefits too. Risky
activities can be very profitable, or perhaps have other benefits for your company. So this
strategy is best used as a last resort, when you’ve tried the other strategies and found that the
risk level is still too high.
Reduce the Risk
If you don’t want to abandon the activity altogether, a common approach is to reduce the
risk associated with it. Take steps to make the negative outcome less likely to occur, or to
minimize its impact when it does occur.
With our earlier case, “Key client XYZ Corp is late paying its invoice”, for example, we could
reduce the likelihood by offering an incentive to the client to pay its bills on time. Maybe a 10%
discount for early payment, and a penalty for late payment. Dealing with late-paying customers
can be tricky, and we covered it more in our tutorial on managing cash flow more efficiently,
but these are a couple of options. In the same example, we could reduce the impact by
arranging access to a short-term credit facility. That way, even if the client does pay late, we
don’t run out of money. For more on short-term borrowing options like factoring and lines of
credit, see our tutorial on borrowing money to fund a business.
Transfer the Risk
We’re all familiar with the concept of insurance from our everyday lives, and the same
applies in business. An insurance contract is basically a transfer of risk from one party to
another, with a payment in return.
When you own a home, for example, there’s a big risk of losses from fire, theft, and other
damage. So you can buy a home insurance policy, and transfer that risk to the insurance
R I S K M A N A G E M E N T
Page
9A project by Wikipedia’s team
company. If anything goes wrong, it’s the insurance company that bears the loss, and in
return for that peace of mind, you pay a premium. When you own a business, you have the
option to transfer many of your risks to an insurance company as well. You can insure your
properties and vehicles, and also take out various types of liability insurance to protect yourself
from lawsuits. We’ll look at insurance in more detail in the next tutorial in the series, but it’s a
good option for dealing with risks that have a large potential impact, as long as you can find an
affordable policy.
Accept the Risk
As we’ve seen, risk management comes at a price. Avoiding a risk means constricting your
company’s activities and missing out on potential benefits. Reducing a risk can involve costly
new systems or cumbersome processes and controls. And transferring a risk also has a cost,
for example an insurance premium.
So in the case of minor risks, it may be best simply to accept them. There’s no sense investing in
a whole new suite of expensive software just to mitigate a risk that wouldn’t have had a very
big impact anyway. For the risks that received a low score for impact and likelihood, look for a
simple, low-cost solution, and if you can’t find one, it may be worth simply accepting the risk
and continuing with business as usual.
Types of risks
Businesses face all kinds of risks, some of which can cause serious loss of profits or even
bankruptcy. The main types of risk to consider are:
Strategic risk
Compliance risk Financial risk
Operational risk
Reputational risk
Other risks
Strategic risk
R I S K M A N A G E M E N T
Page
10
A project by Wikipedia’s team
It’s the risk that your company’s strategy becomes less effective and your
company struggles to reach its goals as a result. It could be due to technological
changes, a powerful new competitor entering the market, shifts in customer
demand, spikes in the costs of raw materials, or any number of other large-scale
changes. Strategic risks result directly from operating within a specific industry at a specific
time. So shifts in consumer preferences or emerging technologies that make your product-line
obsolete--eight-track, anyone--or other drastic market forces can put your company in danger.
To counteract strategic risks, you’ll need to put measures in place to constantly solicit feedback
so changes will be detected early.
Compliance risk
Risks associated with compliance are those subject to legislative or bureaucratic rule and
regulations, or those associated with best practices for investment purposes. These can
include employee protection regulations like those imposed by the Occupational Safety and
Health Administration (OSHA), or environmental concerns like those covered by the
Environmental Protection Agency (EPA) or even state and local agencies.
Financial risk
Direct financial risks have to do with how your business handles money. That is, which
customers do you extend credit to and for how long? What is your debt load? Does
most of your income come from one or two clients who might not be able to pay?
Financial risks also take into account interest rates and if you do international business,
foreign exchange rates.
Operational risk
Operational risks result from internal failures. That is, your business’s internal
processes, people or systems fail unexpectedly. Therefore, unlike a strategic risk or a
financial risk, there is no return on operational risks. Operational risks can also result
from unforeseen external events such as transportation systems breaking down, or a supplier
failing to deliver goods.
R I S K M A N A G E M E N T
Page
11
A project by Wikipedia’s team
Reputational risk
There are many different kinds of business, but they all have one thing in common: no matter
which industry you’re in, your reputation is everything. Loss of a company’s
reputation or community standing might result from product failures, lawsuits or
negative publicity. Reputations take time to build but can be lost in a day. In this
era of social networking, a negative Twitter posting by a customer can reduce earnings
overnight. According to Matt McGee, a search engine optimization consultant, “One negative
blog post or product review can spread online in a flash and change the direction of a
company.”
Other risk
Other risks are more difficult to categorize. They include risks from the environment, such as
natural disasters. Difficulties in maintaining a trained staff that has up-to-date skills to operate
your business is sometimes called employee risk management. Health and safety risks not
covered by OSHA or state agencies fall into this category as do political and economic instability
in countries you import from or export to. Other risks include: environmental risks, including
natural disasters, employee risk management, such as maintaining sufficient staff numbers and
cover, employee safety and up-to-date skills, political and economic instability in any foreign
markets you export goods to, health and safety risks and commercial risks including the failure
of key suppliers or customers.
Strategic risk
Strategic risks can be defined as the uncertainties and untapped opportunities embedded in
your strategic intent and how well they are executed. As such, they are key matters for the
board and impinge on the whole business, rather than just an isolated unit. Strategic risk might
arise from making poor business decisions, from the substandard execution of decisions, from
R I S K M A N A G E M E N T
Page
12
A project by Wikipedia’s team
inadequate resource allocation, or from a failure to respond well to changes in the business
environment.
Strategic risk relates to risk at the corporate level, and it affects the development and
implementation of an organization’s strategy. An example is the risk resulting from an incorrect
assessment of future market trends when developing the initial strategy. In developing a
strategy, an organization makes an assessment of market conditions today. It then goes on to
forecast the various changes that will occur in the market over a period of time. For example, a
company manufacturing personal computers (PCs) might decide to adopt a strategy to include
the development and introduction of faster and faster operating speeds. In doing so the
company will presumably analyses the current market and decide that market research
indicates that there will be a continuing high demand for faster and faster PCs. The strategic
risk element applies in terms of whether or not that strategic decision was correct. It is
reasonable to say that one example of strategic risk is the risk that the strategic decision is
wrong. Strategic risk includes risk relating to the long-term performance of the organization.
This includes a range of variables such as the market, corporate governance and stakeholders.
The market is highly variable and can change at relatively short notice, as can the economic
characteristics of the country or countries in which a given organization is operating The
corporate governance risk of the organization includes risk relating to the reputation of the
organization and the ethics with which it operates. Examples include the reputation of the
organization and its desire to maintain that reputation, perhaps at the expense of innovation or
new developments. Stakeholder risk includes the risk associated with the shareholders,
business partners, customers and suppliers. Shareholder attitudes can change quickly if
dividends fall.
Some typical examples of strategic risks are listed below.
1. The strategic plan might be incorrect.
Incorrect assumptions may have been made.
The environment may have been incorrectly assessed.
Sufficient resources may not be available.
R I S K M A N A G E M E N T
Page
13
A project by Wikipedia’s team
2. The original strategic plan may have been correct but internal changes may have
compromised it.
Internal reorganizations may have led to a loss of efficiency.
Required changes in operational processes may not have been introduced.
Planned changes may not have delivered what was required.
3. The original strategic plan may have been correct but external changes may have
compromised it.
The external environment may have changed significantly.
New competitors may have emerged.
New competing products may have been released.
Statutory controls may have changed.
The plan might not actually represent where the organization really wants to go Strategic risks
are typically external or affect the most senior management decisions. As such, they are often
missed from many risk registers. Board has a responsibility to make sure all these types of risks
are included in their key strategic discussions.
Strategic risks are those that arise from fundamental decisions that directors take concerning
an organization’s objectives. Essentially, strategic risks are the risks of failing to achieve these
business objectives.
Strategic risk is generally more difficult to manage than operational or change/project risk.
Strategic risk tends to be applicable over a long term and is therefore very much time
dependent. Most operational processes tend to continue without significant change over
relatively long periods of time. Many small- to medium-sized change projects are designed and
implemented within a relatively short timescale. They are unlikely to be affected by long-term
changes in the political or economic environment. Strategic risks also tend to be more complex
and difficult to model and assess than operational and change/project risk. It is relatively simple
to analyses attendance records for employees and from that make a prediction on likely
sickness and absenteeism rates through the course of a project. It is much more difficult to
R I S K M A N A G E M E N T
Page
14
A project by Wikipedia’s team
assess the likelihood of occurrence of a significant change in the level of competition that is
characteristic of a given sector. This depends on a whole range of complex and long-term
variables that are very difficult to consider in a form that can be used for modelling and
extrapolation.
Strategic risk rises due to following business factors and reasons as follow:
The risk that insiders (employees) won't act in the best interest of the owners
(stockholders) of a firm.
The risk that business strategy execution will fail.
The risk that your business strategy will be off the mark. For example, invalid sales
forecasts.
The risk of a decline in competitive advantage.
An inability to innovate (failed innovation investments). Some firms struggle to establish
an innovation culture.
The risk that your technology strategy will fail. For example, that your technology KPI
will fall behind the competition.
The risk of intellectual property loss and liability.
Integrating firms is almost always a high risk activity.
The risks associated with organizational change.
The risks associated with program & project failures. In some industries more than 50%
of projects fail.
The risk that marketing and sales forecasts and metrics will fall short of expectations.
For example, the risk of new product development failure.
The risk of operations failures. For example, the risk that logistical problem will cause
orders to be canceled.
The risk of losing key talent to the competition.
The risk of an information security incident. Information security incidents can damage
reputation, cause compliance issues and result in the loss of intellectual property.
The risk that your products, services or corporate execution leads to legal liability issues.
R I S K M A N A G E M E N T
Page
15
A project by Wikipedia’s team
The risk of non-compliance with regulations and law.
The risk of missing sustainability targets or non-compliance with environment laws and
regulations. Sustainability is increasingly important to reputation. It's a central theme of
the principles and ethics of many firms.
The risk of bad publicity or negative relationships with employees, customers, partners,
counterparties and regulators. Reputational risk can be a serious threat to the assets of
a firm.
Risks to the financial health of your firm. For example, the risk that you'll be unable to
raise sufficient capital to fund operations.
The risk of collapse of the global financial system or the financial system of a country.
The risk that the political environment will turn hostile to your firm.
Responsibility for strategic risk management
Strategic risks are determined by board decisions about the objectives and direction of the
organization. Board strategic planning and decision-making processes, therefore, must be
careful.
The UK Cadbury report recommends that directors establish a formal schedule of matters that
are reserved for their decision these should include significant acquisitions and disposals of
assets, investments, capital projects and treasury policies.
To take strategic decisions effectively, boards need sufficient information about how the
business is performing, and about relevant aspects of the economic, commercial, and
technological environments. To assess the variety of strategic risks the organization faces, the
board needs to have a wideness of vision; hence governance reports recommend that a board
be balanced in skills, knowledge, and experience.
For example, the severe problems that the UK’s Northern Rock bank faced were not caused by
a lack of formality. Northern Rock’s approach to risk management was traditional for banking
R I S K M A N A G E M E N T
Page
16
A project by Wikipedia’s team
regulations, but its strategy was based on the assumption that it would continually be able to
access the funds it required. In 2007, its funding was disrupted by the global credit crisis
resulting from problems in the US subprime mortgage market, and UK Government action was
required to rescue the bank.
Managing strategic risks
According to facts and figures and different researches Strategic risk management is a CEO and
board-level priority. Two thirds (67%) of the surveyed companies say the CEO, board or board
risk committee has oversight when it comes to managing strategic risk. The survey shows that
the vast majority of companies (81%) are now explicitly and actively managing strategic risks –
and the results were quite consistent across all regions and industries. What’s more, many
companies are taking a broader view that doesn’t just focus on the risks that might cause a
particular strategy to fail, but on whatever key risks could affect a company’s long-term
positioning and performance. Companies aren’t just increasing their focus on managing
strategic risks; they are changing how they do it. In fact, nearly all respondents (94%) have
changed their approach to strategic risk management over the past three years. The numbers
were slightly lower in EMEA (91%) and slightly higher in Asia/Pacific (96%). Perhaps the biggest
change is that more companies are integrating strategic risk analysis into their overall business
strategy and planning processes. And their efforts seem to be paying off. The survey results
show that 61% of companies now believe their risk management programs are performing at
least reasonably well in supporting the development and execution of business strategy. The
numbers are lower in EMEA (51%) and slightly higher in the Americas (67%) and Asia/ Pacific
(63%). That’s not to say there isn’t significant room for improvement. According to the overall
results, only 13% of companies rate their risk management programs 5 out of 5 in terms of
supporting the development and execution of strategy, and 40% consider them inadequate.
The results are significantly worse in EMEA, where only 5% rate their risk management
programs 5 out of 5 and 49% rate them inadequate.
Strategic risks are often risks that organizations may have to take in order (certainly) to expand
and even to continue in the long term. For example, the risks connected with developing a new
R I S K M A N A G E M E N T
Page
17
A project by Wikipedia’s team
product may be very significant – the technology may be uncertain, and the competition
facing the organization may severely limit sales. However, the alternative strategy may be to
persist with products in mature markets, the sales of which are static and ultimately likely to
decline
An organization may accept other strategic risks in the short term, but take action to reduce or
eliminate those risks over a longer timeframe. Question 2 in the December 2007 exam included
a good example of this sort of risk, concerning fluctuations in the world supply of a key raw
material used by a company in its production. In the scenario, as the problem was global, the
business appeared unable to avoid it, in the short term, by changing supplier. However, by
redesigning its production processes over the longer term, it could reduce or eliminate its
reliance on the material.
Ultimately, some risks should be avoided and some business opportunities should not be
accepted, either because the possible impacts are too great (threats to physical safety, for
example) or because the probability of success is so low that the returns offered are insufficient
to warrant taking the risk. Directors make what are known as ‘go errors’ when they unwisely
pursue opportunities, risks materialize, and losses exceed returns.
However, directors also need to be aware of the potentially serious consequences of ‘stop
errors’ – not taking opportunities that should have been pursued. A competitor may take up
these opportunities, and the profits made could boost its business. So a strategic risk could be
minimize by keeping an active eye on market scenarios by top management and take any
decision with full mutual understanding and proper research and by getting expertise of
specialists in the market.
In considering strategic risk management, the organization is looking to move from current
position A to desired position B as shown in Figure
R I S K M A N A G E M E N T
Page
18
A project by Wikipedia’s team
Current and desired positions Point
A: current position. This is where the company is now. The position is determined by a number
of factors including market position, size, vulnerability, gearing, asset base and so on. Point
B: desired position. This is where the company directors want to be in X years' time. Again, this
position can be determined and described using a wide range of variables.
The direct route to B represents the course upon which the company wishes to progress. In
charting this course, the strategic risk manager can appreciate that there will be a range of both
foreseeable and unforeseeable risks impinging upon this course. Some will be large risks; some
will be small. Some may occur and some may not. Each one that does occur will affect the
course of progression of the organization from A to B. The organization’s strategy to get from A
to B is really the collective management of these numerous competing risks, as shown in
second Figure.
The risks that stand between position A and position B cannot be accurately determined. They
may affect the achievement of the strategy more in some areas than in others. Wholly
unforeseen events might affect the feasibility of navigate between A and B. The net result is
that the company growth suffers deflections as it attempts to implement the strategy or stay on
course. Some risks have a greater impact than the strategy foresaw. Some have a lesser impact.
The net result is a general divergence or ‘set’ from the desired course, as shown in third Figure
below.
R I S K M A N A G E M E N T
Page
19
A project by Wikipedia’s team
In addition, new strategies may be formed within the organization. These may serve to
reinforce or deflect the original strategy.
In order to take account of these variations, most strategies allow a variance envelope. This
permits divergence up to a certain limit, after which a warning is sounded. The variance
envelope typically contracts as a function of time. As the company nears desired position B, the
allowable margin of error must diminish, as shown in forth Figure
Strategy implementation variance envelope
In forth Figure the early shifts from course are acceptable as they remain within the overall
limits of acceptability for the variance envelope. The later divergences, in this case C3 and D,
move outside the limits of acceptability.
R I S K M A N A G E M E N T
Page
20
A project by Wikipedia’s team
Our learningThere are collection of things which we learned during this kind of
project the first thing which is worth mentioning here that how to
coordinate with others and how much it is necessary for
successfulness of any task, our collective learning experience was
advantageous we learn a lot of things which we never have an
idea or experienced before and we just read it out theoretically
on books. We learn what is risk exactly its types how much
strategic risk and its management is necessary for corporate and
get to know its importance and worth. By and large, it was a pleasant and useful
experience. Adding on, we learn how to act as a team in a professional way. We
all learnt the clarity, roles and contribution in a group. We learnt how to mutually
work as a team. We further gain knowledge of how time management is
important while you are engage in any sort of activity, how to execute things on
time and how to plan them so that we can achieve them on time.We also find out
R I S K M A N A G E M E N T
Page
21
A project by Wikipedia’s team
that how conflicts can be tackle out during your work and how collective team
work is important when you are working in a project. By and large, it will prove
fruitful for all of us in future.
Appendices
Websites
business.tutsplus.com/.../the-main-types-of-business-risk--cms-22693
www.simplilearn.com › Free Resources › Finance Management Articles
www.rmahq.org/risk-management
catalog.flatworldknowledge.com/bookhub/1?e=baranoff-ch01_s04
www.munichre.com/en/ir/shareholder-information/.../risk-management
www.rmahq.org/risk-management
www.munichre.com/en/ir/shareholder-information/.../risk-management
https://www.gov.uk/government/publications/strategic-risk-management
www.pwc.com/gx/en/.../risk/.../sharpening-strategic-risk-management/
www.accaglobal.com/content/dam/acca/gb/graduates/risk.pdf
www.bath.ac.uk/management/research/pdf/2006-01.pdf
www.businessinsider.com/9-strategic-risks-
www.protiviti.com/en-us/.../pov/pov-analyzing-strategic-risks-protiviti.pdf
www.strategicrisks.com/
R I S K M A N A G E M E N T
Page
22
A project by Wikipedia’s team
www.stern.nyu.edu/~adamodar/pdfiles/
papers/strategicrisk.pdf
www.conferenceboard.ca/networks/src/
default.aspx
R I S K M A N A G E M E N T