Chapter 1 - Risk and Risk Exposure Flashcards
What is risk?
Quantifiable possibility that actual results will turn out different than expected
What is uncertainty?
Inability to predict the outcome from an activity due to lack of info
What is downside risk?
Risk that something could go wrong + effect is damaging
What is upside risk?
Things work out better than expected
What is fundamental risk?
Risks that affect society & beyond control of any one individual
E.g. Risk of atmospheric pollution
What is particular risk?
Risks over which individual have some measure of control
E.g. Risk attached to smoking
What is speculative risk?
Risks from which either good/ harm may result
E.g. Business venture which may earn losses or profits
What is pure risk?
Risk whose only possible outcome is harmful
E.g. Loss of data on computer systems due to a fire
Describe the nature of risk:
- Nature of risk means it cannot be eliminated altogether, but can be managed as much as possible.
- Balancing act between upside- & downside risk = org may need to accept a degree of downside risk to pursue upside risk
What is the impact of risk factors?
- Risk factors could impact successful implementation of strategy or achievement of objectives
Typical risk factors could include:
- External events = economic changes, political developments + technological advances
- Internal events = equipment failure, human error or difficulties with products
- Leading event indicators = conditions that could give rise to event (overdue customer balances could lead to default)
- Escalation triggers = events happening/ levels being reached that require immediate action (making changes after deadline has passed)
Institute of Risk Management (IRM) risk drivers:
- Financial Risks:
* Externally driven = Interest rates, foreign exchange, credit
* Internally driven = Liquidity + cash flow - Strategic Risks:
* Externally driven = Competition, customer changes, industry changes, customer demand
* Internally driven = R + D, intellectual capital - Operational Risks:
* Externally driven = Regulations, culture, board compensation
* Internally driven = Recruitment, supply chain, accounting controls, info systems - Hazard Risks:
* Externally driven = Contracts, natural events, suppliers, environment
* Internally driven = Public access, employees, properties, products & services
Purposes of risk categorisation:
- Identifying risks that are interrelated
- Encouraging a systematic approach
- Making it easier to assign responsibility for managing risks + designing controls
- Assisting management review + reporting of risk
What is strategic risk?
- Potential volatility of performance over the longer-term caused by org’s decisions and events
- Key bearing on org’s situation in relation to its environment
What is operational risk?
- Risk of loss from failure of internal business and control processes (process risk)
- Risks that something could go wrong on day-to-day basis
- Not relevant to org’s key strategic decisions
Main differences between strategic & operational risks:
- Scope of impact
- Source of risk
- Duration of impact
- Scale of financial + resource consequences
Factors influencing strategic risk:
- Types of industries/markets
- State of economy
- Actions of competitors and possibility of mergers + acquisitions
- Stage in product’s life cycle
- Dependence upon inputs with fluctuating prices
- Level of operational gearing
- Flexibility of production processes
- Org’s R&D capacity and ability to innovate
- Significance of new technology
What is market risk?
- Risk of loss due to changes in value or availability of certain resources
- Risk of small price movements that change value of holder’s position
- Risk of losses relating to a change in maturity structure of an asset, passage of time or market volatility
Strategic risks include:
- Reputation and ethics
- Information risks
- Financial risks
- Interest rate risks
- Currency risk
- Market risk
Operational risks include:
- Losses from internal control system or audit inadequacies
- Non-compliance with regulations or internal procedures
- Information technology failures
- Human error
- Loss of key person risk
- Fraud
- Business interruptions