7 Risk Management Flashcards
Risk is when outcomes are not known, but probabilities can be estimated.
Uncertainty is when outcomes are not known and cannot be assigned probabilities.
There are a number of benefits of managing risk:
Cash flow predictability
Limitation of impacts of adverse events
Increased investor confidence
However, risk cannot necessarily be eliminated without undermining the whole basis of the business, so there will be a level of residual risk that cannot be eliminated.
Stakeholder views
Risk appetite may be influenced by the views of stakeholders on the risks the business is taking and the actions they can take that will affect the business:
Shareholders are likely to have different tolerances for risk and their views may be affected by how diversified their portfolios are
Debt providers will be concerned about threats to the amounts they have lent. Their unwillingness to lend or the conditions they impose may constrain the business from
implementing strategies that could threaten cash flows
Suppliers also may be concerned about threats to getting paid, so may limit credit
Customers will be concerned about not getting goods and services or not receiving value
Employees will be concerned about threats to their job prospects or well-being, and may leave the company or be demotivated
Governments and the community may be concerned particularly about the risks that would mean that the organisation did not act as a good corporate citizen
Risk attitude
An important decision is between risk-averse and risk-seeking businesses:
Risk-averse businesses seek to obtain sufficient returns for the level of risks they are prepared to take and have upper limits on the risks they are prepared to take
Risk-seeking businesses focus on maximising returns and are not primarily concerned with the level of risk
What is strategic risk?
Strategic risk is the nature and type of risks caused by volatility of profits due to the nature and type of the business’s activities, for example:
Macroeconomic changes
Product obsolescence
Changes in technology
Adverse events or accidents
What is Operational Risk?
Operational risk is the risk of loss through a failure of business and internal control processes, for example:
Losses from internal control systems or audit inadequacies
Non-compliance with regulations or internal procedures
Information technology failures
Human error
Loss of key-person risk
Fraud
Business interruptions
Reputational damage
Financial reporting implications of risk
IAS 10 Events after the reporting period
IAS 10 requires disclosure of circumstances, for example exchange rate movements, that could lead to significant losses. What is viewed as significant will be determined by the business’s view of risks.
In relation to risk assessment, IAS 10 requires managers to make an explicit assessment of the entity’s ability to continue as a going concern by considering a number of financial, operating and other indicators.
IAS 36 Impairment of assets
Risk analysis of the external environment may identify evidence of loss of value of assets that should be accounted for under IAS 36.
IAS 37 Provisions, Contingent Liabilities and Contingent Assets
IAS 37 states that provision should only be recognised if:
Entity has present obligation to transfer economic benefit as a result of a past transaction or event
Transfer of economic benefits will probably be required to settle the obligation
Reliable estimate can be made of amount of obligation
An obligation can be legal or constructive (entity created valid expectation)
Risk assessment may help determine the probability of the transfer and the amount of the obligation.
An expected value calculation may determine the amount of the provision.
See chapter 21 for more detail on these accounting standards
Enterprise risk management
Enterprise risk management (ERM) is a process, operated by people at every of a business, designed to identify potential events that may affect the entity and manage risks to be in line with its risk appetite.
The committee of sponsoring organisations’ (COSO’s) framework is divided into 5 components:
Governance and culture
Strategy and objective-setting
Performance
Review and revision
Information communication and reporting
Performance
The most significant section of the COSO framework for SBM is performance, within which businesses should:
Identify risks
Assess the severity of risks
Prioritise risks
Implement responses to risks
Risk identification
The business should look at conditions that may result in risk materialising by, for example, physical
inspection, making enquiries or checklists.
The business should also look at major events that could have risk implications and examine key ratios
that indicate increased risk exposure.
How are risks identified?
The business should look at conditions that may result in risk materialising by, for example, physical inspection, making enquiries or checklists.
The business should also look at major events that could have risk implications and examine key ratios
that indicate increased risk exposure.
Risk assessment
This involves ascertaining the financial and non-financial effects of a risk materialising, which may
include:
Average or expected result or loss
Frequency of loss
Chances of loss
Largest predictable loss
This may also involve the use of statistical tools (see below)
Risk responses
There are four ways that a business may respond to risks, depending on their nature and how they are
prioritised:
Transfer (e.g. insurance, invoicing foreign sales in home currency)
Avoid
Reduce (through internal controls, hedging (see chapter 15), contingency planning, etc.)
Accept
Probability and types of event - what are the two types of event:
Mutually Exclusive
Independent events
How to calculate the mean (or expected value)
Where probabilities are given the mean (or expected value is calculated by taking all the possible values an event can take and multiplying these by their probability and summing all the resulting values.
Limitations of expected values
The probabilities used are likely to be estimates
Expected values are long term averages and may not be suitable for one-off decisions
They ignore attitude to risk
They may not take account of the time value of money
Standard deviation - what is it and how is it calculated?
It measures the variability of outcomes by calculating the average distance from the mean. Standard deviation gives an indication of risk - the higher the standard deviation of a project, the higher its risk (standard deviation = volatility)
Standard deviation - you won’t be expected to calculate this but very easy =STDEV(A1:A10)
What is the problem with standard deviation and what do we use instead?
Standard deviation is difficult to interpret without considering the size relative to the size of the data. STDEV will be higher simply because the values in the data are higher.
A more meaningful measure is the coefficient of variation.
Coefficient of variation - how is this calculated?
Is is the standard deviation of a distribution divided by the mean or expected value.
The result is a percentage :)
If you get given a standard deviation in the exam what are you going to do?
I’m going to check if I’ve been given a mean and I’m going to work out the coefficient of variation
What is normal distribution?
The normal distribution is used to calculated probabilitiy in a continuous distribution ie one where the outcomes can take any value within a continuous range eg height.
There is a diagram ( a curve) and probability of being within one standard deviation from the mean is 68.2%
What is the Z score?
The Z score shows how many standard deviations above the mean a particular point is. This is useful when performing calculations with normal distribution. Having calculated a Z score for a particular point it is possible to ascertain the probability of a variable taking a value between the mean and that point.
The Z score for X is calculated as
(X-mean)/standard deviation
What is a confidence interval
When we use a sample to estimate the population mean it is not likely that the sample mean will be exactly the same as the population mean.
If we know the population mean and standard error of sample mean we can define a range within which a certain proportion of sample means would lie.
This is a confidence interval. When we define a confidence interval we define the probability - eg. a 95% confidence interval would contain 95% of sample means.
As we know, 95% of values lie within 1.96 standard deviations of the mean, therefore our confidence interval at 95% is population mean plus or minus 1.96 standard deviations.
What is regression analysis
It aims to specify a straight line relationship between variables.
One of these variables is the dependent variable whose value depends on the independent variable.
Eg hours studying on the x axis, number of marks on the y axis.
You can put a line of best fit on the graph to see how close the relationship is between hours / marks.
There’s an equation you can look at y =ax+b
y= the predicted value of the dependent variable given the value of the independent variable.
a = the gradient shows how much the dependent variable changes for a unit change in the independent variable (how many extra marks for an extra hour of studying)
b = the intercept = shows what the value would be if the value of the independent variable is zero (how many marks would a student who did 0 hours studying get)
x = the independent variable
What is the correlation co-efficient
It shows how strong the relationship is between two variables (in regression analysis)
The coefficient can take any value between 1 and -1. A value of one means perfect correlation, a value of -1 also means perfect correlation except that as one variable increases the other falls. As the coefficient moves towards zero the relationship between the two variables is weaker.
What is the covariance?
It is a measure of how two distirbutions vary with eachother. Where the covariance is positive the two distributions vary positively (ie as the value of one distribution increases the value of the other also increases) where the covariance is negative the opposite is the case. The covatiance is determined by the ccorrelation between the two distributions.
(We are still talking about regression analysis).
Regression analysis can be useful in an investment appraisal how?
It can identify a set of factors that have a strong link to the returns of a project. The regression equation helps to build an understanding of the sensitivity of the project’s NPV to changes in these factors.
Eg the impact of sales volume on NPV could be modelled on a graph.
Limitations of linear regression
There will not always be a linear relationship between variables and outcomes - curves won’t work.
Basic linear regression models can only consider the impact of one variable at a time (you can use more complex ones)
Linear models may identify spurious relationships between variables and outcomes as they do not consider the difference between correlation and causation.
Results will be less meaningful if data collected is inaccurate.
Assurance on risk management systems
- establishing the purpose and nature of the control system and the controls within the system
- assessing the effectiveness of the design of the controls, and whether the controls as designed are sufficient for achieving the stated objectives of the control system
- assessing whether the controls, if suitably designed, are implemented effectively.
