Chapter 5 - Introduction to Risk Management Flashcards
What is Risk?
Proportion variation in an outcome from what is expected to happen
What does variability mean?
Range of possible outcomes
What does expectation mean?
What we expect to happen (not what we hope will happen)
What does outcome mean?
What actually does happen
What is uncertainty?
Inability to predict outcomes because of a lack of information
What does Risk averse attitude mean?
An investment would be chosen if it has if it has more certainty but possibly a lower return than an alternative less certain, potentially higher return investment
What does Risk neutral attitude mean?
An investment would be chosen according to its expected return, irrespective of the risk.
What is the Risk seeker attitude
An investment would be chosen on the basis of it offering higher levels of risk, even if its expected return is lower than an alternative no-risk investment with a higher expected return.
What are the three types of risk?
- Business Risk?
- Financial Risk?
- Operational Risk?
What does business risk include?
- Strategy
- Enterprise
- Product
- Financial
- Sustainability
- and Climate*
- Operational
What does financial risk include
- Controllable
- Uncontrollable
What are the types of operational risk?
- Process
- People
- System
- Event*
- Cyber
What does sustainability and climate risk include?
- Increased occurrence of drought and/or flooding, extremes of temperature that cause damage to the supply chain and property
- Impact on reputation of business that is seen not to be acting sustainability or is damaging the environment
- If sustainability is not included in the strategic decisions making process
- The risk of not meeting regulations regarding emission and other climate related regulation
What is Event Risk?
- Disaster: catastrophe occurs such as a fire, flood etc
- Regulatory: New laws or regulations are introduced
- Reputation: Risk of damage to the business’s reputation
- Systemic: Failure by a participant in the business’s supply chain
What does Risk Measurement mean?
Identifies the probability of the risk occurring and quantifies the resultant impact and calculating the amount of potential loss using expected values for gross risks
What does probability mean
- Measures likelihoodW
What does impact mean?
- Measures the size of loss
What does exposure mean?
Measure of the way in which business is faced by risks
What does volatility
Measurement of the variability of a risk factor
What are descriptive statistics?
Used to describe a set of data. A set of data could be a whole population i.e. representative number of items of data.
What are the measures of central tendency
- Mean - Average
- Median - Middle
- Mode - Most common
What are the expected values?
An expected value is a long run average
Formula for expected value is EV = Sum of PX
P = Probability
X = Occurring
What are the three measures of dispersion or spread?
- Range - difference between high and low
- Deviation - How far from the mean (x-x̄)
- What does variance mean? average of the squared deviations of all the values in a data set.
What is the standard deviation?
Square root of the variance
What does the Coefficient of variation?
What does standard deviation divided by the mean
What is Risk management?
Identification, analysis and economic control of risks which threaten the assets or earning
What is the Risk management process?
- Risk awareness and identification
- Risk assessment and measurements
- Risk response and control
- Risk monitoring and reporting
What are the techniques of identifying risks?
- PEST/SWOT analysis
- External advisors
- Interviews/questionnaires
- Internal Audit
- Brainstorming
What are the five different categories of loss which can be considered?
- Property loss - property
- Liability loss - Loss occurring from legal liability to third parties
- Personnel loss - Due to injury, sickness and death of employees
- Pecuniary loss - as a result of defaulting debtors
- Interruption loss - being unable to operate.
What is the Risk Assessment
Considers the nature of each risk and the implication it might have for the business achieving its objectives
What is risk measurement
Identifies the probability of the risk occurring and quantifying the resultant impact consequences and calculating the amount of the potential loss using expected values for gross risk
What is gross risk
Potential loss associated with risk, calculated by combining the impact and the probability of the risk before taking any control measures into account.
What is the equation for gross risk?
Gross Risk = Probability x Impact
What is the Impact and Probability of Sharing Reduction
- High impact
- Low probability
What is the Impact and Probability of Accepted?
- Low impact
- Low probability
What is the Impact and Probability of Avoidance Reduction Share
- High impact
- High probability
What is the Impact and Probability of Reduction
- Low impact
- High probability
What is a risk management map?
Used to assess risk
What is the TARA model?
Provides an outline of general risk responses
- Transfer (Sharing)
- Transfer risk to a third party
- E.g. insurance, hedging - Acceptance (retention)
- Tolerating losses when they arise
- For small risks could be cheaper than insurance (self-insurance) - Reduction
- Retain the activity but take action to limit risk to acceptable levels
Mitigating controls:
- Preventative
- Corrective
- Directive
- Detective
- Avoidance
- Avoid downside by not undertaking/terminating risky activities
- Usually lose upside potential as well.
What does ALARP mean in Risk Responses
ALARP - All low as reasonably practicable
Employers are expected to take action to reduce risk faced by employees to a level that is reasonably practical
What does reasonably practical mean?
Risk of the event occurring reducing to a level that is proportional to cost required to reduce the risk any further. Which will outweigh the benefit
Why should we monitor risk?
- Measure effectiveness of current risk management process
- Whether risk profile is changing
What does the Corporate Governance Code required listed companies
- Determine the nature and extent of any risks the company is willing to take in order to achieve its objective
- Report risk management issues
What is a crisis
Unexpected event that threatens the wellbeing of a business, or a significant disruption to the business
What are the different types of crisis?
- Nature event e.g. earthquake causing physical disruption
- Industrial accident e.g. building collapse or fire
- Product or service failure e.g. produce recall or health scare
- Public relations disaster e.g. unwelcome media attention or adverse publicity
- Business crisis e.g. loss of key supplier or customer
- Management crisis e.g. hostile takeover bid or loss key management
- Legal/regulatory e.g. new regulation increases costs
What does crisis management involve?
Identifying a crisis, planning a response to crisis and confronting and resolving the crisis
What is business resilience?
- Considers an organisations ability to manage and survive
What are the two axes for understanding an organisations resilience
Axes 1: Processes and functions to protect the organisation
- Risk management
- Business continuity planning
- Security
- IT disaster recovery
- Health and safety
- Crisis management
- Internal audit
- Governance
Axes 2: General organisational characteristics driving resilience
- Employee trust in management
- Customers trust in the organisation
- Ability to innovate
- Clear values
- Values linked to behaviour
- Effective risk management
- Morale
- Leadership involvement
What are external changes?
Strict new laws, severe economic recession, politically uncertainties and disruptive technologies
What are planned changes?
Major overseas investment, closure of significant operation, launch of new strategic direction
What are common features of resilient organisations?
- Diversified resources to facilitate adaptability to deal with changes
- Strong internal and external network of relationships
- Rapid and decisive response to emerging crisis
- Self-review and adaptation to meeting changing circumstances
How can resilience measuring
- Compliance e.g. own internal policies and standards
- Completeness e.g. the breadth of their readiness
- Value e.g. qualitative and quantitative measures
- Comparability/capability e.g. testing and reviewing processes and procedures response to potential shocks
What is disaster?
When a business operation, or significant part of them, break down for some reason leading to potential losses of equipment, data or funds.
What are the types of disasters?
- Major crisis causing a breakdown in operations and resultant losses
- Event which results in serious consequences
What are disaster recovery plan?
- Define responsibilities
- Prioritise actions
- Establish back-up and standby arrangement
- Communicate with staff
- Establish PR
- Risk assessment
