7 Risk Management

Question 1

Risk is when outcomes are not known, but probabilities can be estimated.
Uncertainty is when outcomes are not known and cannot be assigned probabilities.
There are a number of benefits of managing risk:

Answer 1

 Cash flow predictability
 Limitation of impacts of adverse events
 Increased investor confidence
However, risk cannot necessarily be eliminated without undermining the whole basis of the business, so there will be a level of residual risk that cannot be eliminated.

Question 2

Stakeholder views
Risk appetite may be influenced by the views of stakeholders on the risks the business is taking and the actions they can take that will affect the business:

Answer 2

 Shareholders are likely to have different tolerances for risk and their views may be affected by how diversified their portfolios are
 Debt providers will be concerned about threats to the amounts they have lent. Their unwillingness to lend or the conditions they impose may constrain the business from
implementing strategies that could threaten cash flows
 Suppliers also may be concerned about threats to getting paid, so may limit credit
 Customers will be concerned about not getting goods and services or not receiving value
 Employees will be concerned about threats to their job prospects or well-being, and may leave the company or be demotivated
 Governments and the community may be concerned particularly about the risks that would mean that the organisation did not act as a good corporate citizen

Question 3

Risk attitude
An important decision is between risk-averse and risk-seeking businesses:

Answer 3

 Risk-averse businesses seek to obtain sufficient returns for the level of risks they are prepared to take and have upper limits on the risks they are prepared to take
 Risk-seeking businesses focus on maximising returns and are not primarily concerned with the level of risk

Question 4

What is strategic risk?

Answer 4

Strategic risk is the nature and type of risks caused by volatility of profits due to the nature and type of the business’s activities, for example:

 Macroeconomic changes
 Product obsolescence
 Changes in technology
 Adverse events or accidents

Question 5

What is Operational Risk?

Answer 5

Operational risk is the risk of loss through a failure of business and internal control processes, for example:

 Losses from internal control systems or audit inadequacies
 Non-compliance with regulations or internal procedures
 Information technology failures
 Human error
 Loss of key-person risk
 Fraud
 Business interruptions
 Reputational damage

Question 6

Financial reporting implications of risk

Answer 6

IAS 10 Events after the reporting period
IAS 10 requires disclosure of circumstances, for example exchange rate movements, that could lead to significant losses. What is viewed as significant will be determined by the business’s view of risks.

In relation to risk assessment, IAS 10 requires managers to make an explicit assessment of the entity’s ability to continue as a going concern by considering a number of financial, operating and other indicators.

IAS 36 Impairment of assets
Risk analysis of the external environment may identify evidence of loss of value of assets that should be accounted for under IAS 36.

IAS 37 Provisions, Contingent Liabilities and Contingent Assets
IAS 37 states that provision should only be recognised if:
 Entity has present obligation to transfer economic benefit as a result of a past transaction or event
 Transfer of economic benefits will probably be required to settle the obligation
 Reliable estimate can be made of amount of obligation
An obligation can be legal or constructive (entity created valid expectation)
Risk assessment may help determine the probability of the transfer and the amount of the obligation.
An expected value calculation may determine the amount of the provision.
See chapter 21 for more detail on these accounting standards

Question 7

Enterprise risk management
Enterprise risk management (ERM) is a process, operated by people at every of a business, designed to identify potential events that may affect the entity and manage risks to be in line with its risk appetite.

The committee of sponsoring organisations’ (COSO’s) framework is divided into 5 components:

Answer 7

 Governance and culture
 Strategy and objective-setting
 Performance
 Review and revision
 Information communication and reporting

Question 8

Performance
The most significant section of the COSO framework for SBM is performance, within which businesses should:

Answer 8

 Identify risks
 Assess the severity of risks
 Prioritise risks
 Implement responses to risks

Question 9

Risk identification

Answer 9

The business should look at conditions that may result in risk materialising by, for example, physical
inspection, making enquiries or checklists.
The business should also look at major events that could have risk implications and examine key ratios
that indicate increased risk exposure.

Question 9

How are risks identified?

Answer 9

The business should look at conditions that may result in risk materialising by, for example, physical inspection, making enquiries or checklists.
The business should also look at major events that could have risk implications and examine key ratios
that indicate increased risk exposure.

Question 10

Risk assessment
This involves ascertaining the financial and non-financial effects of a risk materialising, which may
include:

Answer 10

 Average or expected result or loss
 Frequency of loss
 Chances of loss
 Largest predictable loss
This may also involve the use of statistical tools (see below)

Question 11

Risk responses
There are four ways that a business may respond to risks, depending on their nature and how they are
prioritised:

Answer 11

 Transfer (e.g. insurance, invoicing foreign sales in home currency)
 Avoid
 Reduce (through internal controls, hedging (see chapter 15), contingency planning, etc.)
 Accept

Question 12

Probability and types of event - what are the two types of event:

Answer 12

Mutually Exclusive
Independent events

Question 13

How to calculate the mean (or expected value)

Answer 13

Where probabilities are given the mean (or expected value is calculated by taking all the possible values an event can take and multiplying these by their probability and summing all the resulting values.

Question 14

Limitations of expected values

Answer 14

The probabilities used are likely to be estimates

Expected values are long term averages and may not be suitable for one-off decisions

They ignore attitude to risk

They may not take account of the time value of money

Question 15

Standard deviation - what is it and how is it calculated?

Answer 15

It measures the variability of outcomes by calculating the average distance from the mean. Standard deviation gives an indication of risk - the higher the standard deviation of a project, the higher its risk (standard deviation = volatility)

Standard deviation - you won’t be expected to calculate this but very easy =STDEV(A1:A10)

Question 16

What is the problem with standard deviation and what do we use instead?

Answer 16

Standard deviation is difficult to interpret without considering the size relative to the size of the data. STDEV will be higher simply because the values in the data are higher.

A more meaningful measure is the coefficient of variation.

Question 17

Coefficient of variation - how is this calculated?

Answer 17

Is is the standard deviation of a distribution divided by the mean or expected value.

The result is a percentage :)

Question 18

If you get given a standard deviation in the exam what are you going to do?

Answer 18

I’m going to check if I’ve been given a mean and I’m going to work out the coefficient of variation

Question 19

What is normal distribution?

Answer 19

The normal distribution is used to calculated probabilitiy in a continuous distribution ie one where the outcomes can take any value within a continuous range eg height.

There is a diagram ( a curve) and probability of being within one standard deviation from the mean is 68.2%

Question 20

What is the Z score?

Answer 20

The Z score shows how many standard deviations above the mean a particular point is. This is useful when performing calculations with normal distribution. Having calculated a Z score for a particular point it is possible to ascertain the probability of a variable taking a value between the mean and that point.

The Z score for X is calculated as
(X-mean)/standard deviation

Question 21

What is a confidence interval

Answer 21

When we use a sample to estimate the population mean it is not likely that the sample mean will be exactly the same as the population mean.

If we know the population mean and standard error of sample mean we can define a range within which a certain proportion of sample means would lie.

This is a confidence interval. When we define a confidence interval we define the probability - eg. a 95% confidence interval would contain 95% of sample means.

As we know, 95% of values lie within 1.96 standard deviations of the mean, therefore our confidence interval at 95% is population mean plus or minus 1.96 standard deviations.

Question 22

What is regression analysis

Answer 22

It aims to specify a straight line relationship between variables.

One of these variables is the dependent variable whose value depends on the independent variable.

Eg hours studying on the x axis, number of marks on the y axis.

You can put a line of best fit on the graph to see how close the relationship is between hours / marks.

There’s an equation you can look at y =ax+b
y= the predicted value of the dependent variable given the value of the independent variable.
a = the gradient shows how much the dependent variable changes for a unit change in the independent variable (how many extra marks for an extra hour of studying)

b = the intercept = shows what the value would be if the value of the independent variable is zero (how many marks would a student who did 0 hours studying get)

x = the independent variable

Question 23

What is the correlation co-efficient

Answer 23

It shows how strong the relationship is between two variables (in regression analysis)

The coefficient can take any value between 1 and -1. A value of one means perfect correlation, a value of -1 also means perfect correlation except that as one variable increases the other falls. As the coefficient moves towards zero the relationship between the two variables is weaker.

Question 24

What is the covariance?

Answer 24

It is a measure of how two distirbutions vary with eachother. Where the covariance is positive the two distributions vary positively (ie as the value of one distribution increases the value of the other also increases) where the covariance is negative the opposite is the case. The covatiance is determined by the ccorrelation between the two distributions.

(We are still talking about regression analysis).

Question 25

Regression analysis can be useful in an investment appraisal how?

Answer 25

It can identify a set of factors that have a strong link to the returns of a project. The regression equation helps to build an understanding of the sensitivity of the project’s NPV to changes in these factors.

Eg the impact of sales volume on NPV could be modelled on a graph.

Question 26

Limitations of linear regression

Answer 26

There will not always be a linear relationship between variables and outcomes - curves won’t work.

Basic linear regression models can only consider the impact of one variable at a time (you can use more complex ones)

Linear models may identify spurious relationships between variables and outcomes as they do not consider the difference between correlation and causation.

Results will be less meaningful if data collected is inaccurate.

Question 27

Assurance on risk management systems

Answer 27

• establishing the purpose and nature of the control system and the controls within the system
• assessing the effectiveness of the design of the controls, and whether the controls as designed are sufficient for achieving the stated objectives of the control system
• assessing whether the controls, if suitably designed, are implemented effectively.