Risk ManagementUniversity of Economics, Kraków, 2012

Tomasz Aleksandrowicz

Risk TreatmentRisk monitoring & reporting

Ryanair case study

Process of RM

risk treatment (risk mitigation)

• selecting and implementing response to risks• in line with organizations risk approach and risk

appetite• decisions as to whether particular risks should be

avoided, reduced, shared (transferred) or accepted

risk treatment common methods

• avoidance• reduction – internal control• sharing (transfer)– insurance– portfolio diversification– hedging– outsourcing

• acceptance• other less common methods

risk avoidance

• hold back or exit risk related activities • in terms of product, geographical region, customer

segment, etc.• simple and commonly used method

risk reduction

• based on prioritization of risks by risk matrix• activities to reduce:– likelihood (probability) of a risk– severity (consequences) of a risk– both aspects

• costs and benefits taken into consideration• implemented mostly by internal control• could be performed by risk function (run by CRO),

internal audit or compliance

risk reduction – internal control

• system established to provide reasonable assurance of effective and efficient operation• internal controls:– financial (e.g. financial ratios, budgets, variance analysis)– non-financial quantitative (e.g. customer satisfaction,

wastage, personnel rotation)– qualitative (e.g. plans, procedures, rules, access to

computers or buildings, project management, corporate culture)

risk sharing – insurance

• protection against hazards by taking out an insurance policy against an uncertain event

• involves payment of a premium to an insurer which will compensate the loss in case of event occurance

risk sharing – diversification

• using idea of ”don't put all your eggs in one basket”• wider range of activities/investments lowers the risk

risk sharing – hedging

• in relation to ‘underlying’ factor (e.g. interest rate, currency exchange, commodity, share or bond price)

• protection from unfavorable movement of an ‘underlying’ while still benefit from favorable movement

• implemented by instruments with opposite-value movements to the ‘underlying’ (i.e. negative correlation)

risk sharing – outsourcing

• transfer activities or processes to third party

risk acceptance

• precise definition what could be accepted• no action taken in relation to the risk• should be covered by day-to-day business activities

and its budget

risk treatment less common methods

• quality management• lobbying• strategic alliances• mergers and acquisitions

RM processRisk treatment

Ryanair case – create risk treatment ideas

risk list

company related1. fuel costs and availability2. rapid growth of the company3. website or check-in systems breakdown

industry related4. some of government air travel taxes5. threat of terrorism6. currency exchange fluctuations

risk monitoring

• continuous process based on risk policy• could be performed by more than one organization

unit/function• many methods, commonly used: checklists, risk

register, information scanning, media monitoring• most important items form risk register are subject

of risk reporting

risk register – examples of criteria

• risk number (an unique identifier)• risk category• description of risk• date risk identified• name of person who identified risk• likelihood• consequences• a monetary value, if such can be allocated to the risk• interdependencies with other risks

risk reporting

• based on current data and monitoring process• should cover identified and analyzed risks along with

risk response • in line with financial reporting• information to management and the Board• meet regulatory reporting requirements (e.g. SOX or

Basel II)• part of investor relations reporting (in annual report)