Chapter 1 & 2 Flashcards
Name an organisations internal & external stakeholders
INTERNAL
Employees
Managers
Owners
EXTERNAL
Suppliers
Creditors
Shareholders
Government
Customers
Society
How can effective risk management add value to an organisations stakeholders?
Significant value is created by helping an organisation to achieve its objectives and protecting risk-adverse stakeholders from financial or physical harm.
What difference risk preferences can stakeholders have?
Risk-adverse
Risk-neutral
Risk-preferring
What are international risk standards for?
To improve the effectiveness of risk-management in organisations around the world.
What are the three most common areas for risk-management regulation?
Financial stability
Health & safety
Environmental protection
What is a risk?
A risk is an uncertain, random event which may occur in the future- it’s likelihood can only be estimated
A risk may prevent or delay the achievement of an organisations objectives/goals
Not all risks are bad and a certain level of risk can be good
Name 4 organisations that define risk and the key words
ISO 31000
Institute of Risk Management
Orange book form HMT
Institute of Internal Auditors
UNCERTAINTY/PROBABILITY/LIKELIHOOD
NEGATIVE/POSITIVE
CONSEQUENCES/IMPACT
What are the different types of risks?
FROGS
Financial
Reputational
Operational
Governance & Compliance
Strategic
Do stakeholders/shareholders want risk?
Most stakeholders will be more reluctant to take on unnecessary risk
Shareholders may have a greater appetite for risk because of
ASYMMETRIC RETURNS
LIMITED LIABILITY
DIVERSIFIED PORTFOLIOS
When may an organisation have to take risk? E.g. M&A
SUDS
Strategic
Undervalued
Defensive
Synergies
What can failure to manage risks lead to?
Bankruptcy
Legal & admin costs
Brand value depreciation
Selling assets below their market value
Losses to shareholder investments
Affected cash flow opportunities
Operation disruptions (e.g. fire, theft)
Environmental failure
Health and safety issues
Regulatory and government attention
Loss of talent
Missing opportunities
Name the different kinds of Risk Management regulation
Health and Saftey Regulation
Environmental Regulation
Legal Liability Regulations (compulsory insurance)
Industry specific - Financial Services
What is self-regulation?
Groups of organisations or professionals agree to set and enforce specific risk management standards.
Co-ordination and enforcement may be managed by a trade association or institute to help prevent the collapse of the self-regulatory agreement.
What are the advantages & Disadvantages to self-regulation?
Advantages:
1. Regulation is agreed and enforced by those being regulated.
2. Regulation is appropriate and proportionate,
3. Lower costs of compliance.
Disadvantages:
- Hard to sustain because of the limited incentives to enforce such an agreement.
- Many self-regulatory systems fail – such as financial services self-regulation in the UK in the 1980s and early 1990s
- Typically replaced by statutory regulation, enforced by a government-appointed regulatory body.
What forms of market/organisation opportunism and misconduct can affect stakeholders?
Asymmetric Information - Stakeholders do not have the same information on safety of a product as the organisation manufacturing it does.
Opportunism – Exploit of the customer’s lack of prior information by making products less safe/reliable than they could be. More savings but less safe. risks (e.g. Hover-boards being sold on Amazon – price ranging from 200 – 1000, fires cause by faulty batteries and wiring)
Public Goods – Risk management decisions which benefit the company but not the overall society. E.g. less investment in pollution prevention
What costs are involved in risk management regulation?
Balance is needed – e.g. shareholder to receive fair returns.
Excessive costs due to:
Over-regulation or
Ineffective regulation,
Over reduction of risk
Compliance costs:
1.Maintaining a compliance function
2. Providing information to regulators.
What is the purpose of global regulations?
A range of international laws and regulations that address the management of risk and tend to influence local laws/regulations.
These standards primarily help to share good practice, improving the effectiveness of risk management within organisations and delivering further value to their stakeholders.
These standards also help organisations to comply with international and local laws and regulations.
What does Environmental regulation cover?
As Pollution (ground/air/water) is not fixed to one location but can move across boundaries.
- air quality
- water quality
- waste management
- contaminant clean-up
- chemical safety.
Legally binding treaties and subsidiary protocols also exist - Kyoto protocoal on climate change. These are usually incorporated into EU Directives.
What can Financial instability trigger?
- worldwide economic problems
- restricting access to consumer and government credit,
- threatening the safety of saving deposits and disrupting payment systems.
What does Health & Saftey regulations focus on?
1.Work-related sickness
2. Disease
3. Injury
4. Harmful actions of organisations located near to their homes.
What are the different kinds of global regulation?
1.Rules
2. Guidance
3. Principles and outcomes based regulation
4. Risk-based regulation.
What are can happen if you breach global regulations?
Rules are direct legal requirements, The contravention of a rule will lead to enforcement action can result in:
1. Fines
2. Imprisonment,
3. Civil or criminal sanction.
What does ISO cover
The ISO provides a wide range of standards to help improve management practices
What are the components/principles of the COSO ERM
Intergrating with strategy and performance
GRIPS
1.governance and culture
2. Review & Revision
3. Information, Communication & reporting
4.Performance
5. Strategy & Objective setting
Summerise COSO ERM
Lengthy
Forcused on ERM
One Cube
Skewed to negative
Risk already exists
Risk and opportunites
more sequential process
Summerise ISO 31000
Short
General approach to managing risk
priciples, framework and process
risk can be positive & negative
risk tied to achieveing objectives
opportunities also source of risk
more iterative process
How does Corporate Governance link in with Risk Management?
Corporate governance = a system and related processes by which an organisation is directed and controlled
organisation needs to be directed and controlled in line with stakeholder expectations
Corporate Governance:
1. Set strategic objectives in line with stakeholders’ needs and expectations
2. Implement measures to identify, assess, monitor and control risks which could threaten their achievement.
Take all reasonable steps to ensure it determines the right to effectively, efficiently, and economically achieve its objectives
Should effectively manage, not eliminate risk and should ensure the long-term sustainability of the organisation
What is the difference between Corporate Governance vs Risk Management
Risk Management - limiting risk exposure via the control of risks to an organisation’s strategic objectives.
Corporate Governance - relates to strategic level risk taking and may involve a significant increase in certain types of risk where there are opportunities to exploit.
Potential conflicts:
limiting risk Vs. increasing risk
What Risk Management Principles does the UK Corp Gov have?
Boards, in particular the NEDs, are responsible for ensuring that effective risk management and internal control systems are in place regular monitoring and an annual formal review of effectiveness.
A board audit committee / separate board risk committee should normally be in place.
Information on the organisation’s principal risks and the soundness of its risk management and internal control systems should be provided in the annual report.
The board’s work on risk management should include consideration of the organisation’s appetite for risk, as well as embedding the desired risk culture.
What are the principles of the OECD
- effective CG framework
- Rights of shareholder
- equitable treatment of shareholders
- Role of stakeholders in CG
- Disclosure and transparency
- Responsibilities of the Board
