7. Assessing and managing risk Flashcards
Discuss the relationship between organisational strategy and risk management
strategy?
Risk: Is a condition in which there exists a quantifiable dispersion in the possible results of an activity.
When formulating organisational strategy, the board of directors will give careful consideration to ensure that only those strategies which fall within the bounds of the organisation’s risk appetite are taken forward.
Organisations have to deal with many types of risks here list just some to name a few:
- *Fundamental risks:** which affect society in general no control
- *Particular risks:** Are which an individual may have some measure of control.
- *Speculative risks**: from which either good or harm may result. A business venture
- *Pure risks:** Are those whose only possible outcome is harmful.
Embedding risk: Ensuring that the approach to managing risks is considered at all times and in all roles by making it a part of the culture and values of an organisation.
What are the stages of the risk management process?
- *1. Set responsibilities
2. Set risk appetite
3. Identify risks
4. Assess risks
5. Respond to risks
6. Monitor and review the process and adapt if necessary
7. Start again!**
Who is responsible for risk? and what are there duties?
Ultimately the Board is responsible for risk, but they may delegate the process by setting up a risk committee.
Risk Committee’s duties include
- -Ensure system exists
- -Set a risk policy based on the appetite and capacity
- -Assess risks
- -Review internal Audit Work and other reports
- -Review Risk register, regularly
- -Advise the board
Risk manager: A role that supports the board by taking the lead on risk and developing policy and practice on managing risks.
- The leadership of enterprise risk management
- Establishing and promoting enterprise risk management
- Developing common risk management policies
- Establishing a common risk language
- Dealing with insurance companies
- Implementing risk indicators, (such as designing early warning systems)
- Allocation of resources based on risk
- Reporting to the CEO/board/risk committee as appropriate
Explain Risk Appetite?
- Risk appetite: Describes the nature and strength of risks that an organisation is prepared to bear.
-
Risk attitude: Is the directors’ views on the level of risk that they consider desirable.
- Risk averse: Accepting risks up to a certain point as long as they represent an acceptable return.
- Risk seeker: Pursuing the highest returns regardless of risks (within reason).
- Risk capacity: Describes the nature and strength of risks that an organisation is able to bear.
Name ways of identifying risks?
- *(a) Brainstorming and workshops
(b) Stakeholder consultation
(c) Benchmarking
(d) Scenario analysis
(e) Results of audits and inspections
(f) Use of standard checklists**
What are risk factors?
A key aspect of identifying risks is risk factors that could impact the successful implementation of a strategy or the achievement of a firm’s objectives.
- -External Factors
- -Internal factors
- -escalating triggers
- -leading even indicators
- -Related Risks
- -Correlated risks - Negative or Positive
What are Two main way to categorising risk?
- Strategic risk: The risk that arises from longer-term decisions or events.
- Operational risk: Risk that arises from the normal day-to-day activity of a company.
The main differences between strategic and operational risks related to:
- (a) Scope of impact
- (b) Source of risk
- (c) Duration of impact
- (d) Scale of financial and resource consequences
Examples of Strategic risks
- Changes in technology
- Market or industry sector changes
- Product or competitor issues
- The failure to innovate
- Macro-economic factors
- Issues with commodities
- Capital availability
Examples of Operational risks
- Internal control deficiencies
- Human error
- Fraud
- Business interruption
- Loss of key personnel
What is the Risk Register?
Organisations should have formal methods of collecting information on risks and responses.
A risk register lists and prioritises the main risks an organisation faces, and is used as the basis for decision making on how to deal with risks.
Details who is responsible for dealing with risks and the actions taken.
The register should show the risk levels before and after control action is taken, to facilitate a cost-benefit analysis of controls.
Once identified and categorised, risks can be included within the firm’s risk register and kept under review
How are risks assessed? and what is the key problem with risk assessment?
2.4.1 Techniques
Quantifying risks via
- value at risk
- regression analysis
- Financial simulation
- sensitivity analysis
- calculating accounting ratios
- expected values (EV)
Qualitative techniques are often used as well, such as visual techniques like risk mapping.
A risk map or heat map can be drawn, as a chart or graph, using risks from a risk register and each series of risks can be plotted on this map in order to decide on the best way to manage them. A typical risk map is a chart with one scale for severity or impact of loss and the other scale for frequency or likelihood of loss.
The key issue of risk assessment, they are decisions are based on Subjectivity
One problem with risk assessment is the problem of subjectivity – something like assessing the risk of getting ahead when tossing a coin can be assessed objectively, but estimating the risk of an accident occurring or its impact could still be heavily influenced by subjectivity.
How to respond to risk?
TARA: The model referred to when considering responses to risks – Transfer, Avoid, Reduce and Accept.
or
ALARP: Refers to ‘as low as reasonably practicable’ – a pragmatic approach to managing risks that seeks the most appropriate response to any risk by balancing cost and benefit.
Diversification of risks
- Correlated risks: Two risks that vary together. If positive correlation exists, the risks will increase or decrease together. If negative correlation exists, one risk will increase as the other decreases and vice versa.
- Related risks: Risks that are connected because the causes of the risk are the same.
- Diversification: Offsetting risks that are negatively correlated to balance their impact and likelihood regardless of the circumstances (sometimes called a ‘portfolio’ approach).
How is the risk management processes monitored?
- 6.1 Review the process
- 6.2 Dynamic nature of risks
- 6.3 Adapt if necessary
Explain why the risk assessment process starts again?