D. Risk and control Flashcards
1
Q
what is the difference between risk and uncertainty?
A
risk is quantifiable, possible outcomes have associated probabilities and allow the use of mathematical techniques
uncertainty is unquantifiable and the outcome can’t be mathematically modelled. It is difficult to incorporate uncertainty into decision making models
2
Q
what is upside risk and downside risk?
A
downside: bad
upside: rewards better than risks
3
Q
how do we deal with risks in investment appraisal?
A
-add RISK PREMIUM to the discount rate to compensate for risk
-use PAYBACK period technique
sensitivity analysis
-using probability distributions to give an indication of risk
-Monte Carlo simulation-computerised system that extends sensitivity analysis
4
Q
how is sensitivity margin calculated?
A
NPV/PV of flow under consideration
5
Q
what is sensitivity analysis?
A
a ‘what if’ analysis
-see how much leeway before option becomes unviable
6
Q
what is the expected value?
A
all the different possible outcomes by a single weighted average
- long run average
- NOT most likely result
7
Q
what is a risk neutral decision maker?
A
consider all possible outcomes and will select the strategy that maximises the EXPECTED VALUE or benefit
8
Q
what is a risk seeker?
A
likely to select the strategy with the BEST possible outcomes, regardless of the likelihood that they will occur. They will apply the MAXIMAX criteria
9
Q
what is a risk averse decision maker?
A
try to AVOID RISK. Rather select a lower but certain outcome than risk going for a higher pay-off which is less certain to occur. They will apply the MAXIMIN criterion or the minimax regret approach
10
Q
what are the advantages of using expected value?
A
- takes risk into account
- easier decisions as single figure
- simple to calculate
11
Q
what are the disadvantaged of using expected value?
A
- probabilities are subjective
- little meaning for a one-off project
- ignores attitudes to risk
- the answer may not exist
12
Q
what is standard deviation?
A
measure of how far away on average the data points are from the means
- average variability about the mean
- measure of VOLATILITY
13
Q
what are the steps to calculating standard deviation?
A
- find the difference for each data value and mean
- square differences to get rid of negative differences
- work out the average squared difference (i.e variance)
- take the square root to get the standard deviation
14
Q
what is the Monte Carlo simulation?
A
computerised system that extends sensitivity analysis
15
Q
what is the Monte Carlo simulation method?
A
uses random numbers and probability statistics
- identify key variables in a decision
- assign random numbers to each variable in a proportion in accordance with the underlying probability distribution
- use a computer to repeat decision repeatedly until outcome starts to ‘settle down’ and gives management a view of the likely range and level of outcomes
- depending on the management’s attitude to risk, a more informed decision can be taken
16
Q
what is VaR?
A
value at risk
- measure of how the market value of an asset or of a portfolio of assets is likely to decrease over a certain time, the HOLDING PERIOD (usually one to ten days) under ‘normal’ market conditions
- amount of risk to be lost from an investment under usual conditions over a given holding period at a particular ‘confidence level’
17
Q
what is VaR measured by?
A
normal distribution theory
-typically used by IBs to measure market risk of their asset portfolios
18
Q
what does a 95% confidence level mean in VaR?
A
For a 95% confidence level, the VaP will give the amount that has a 5% chance of being lost
19
Q
what does a payoff table show?
A
illustrates al the different possible profits/losses that might arise
20
Q
what are the 2 axis of a payoff table?
A
demand and supply
21
Q
what are the probabilities in payoff tables used to calulcate?
A
expected values which are then used for decision making
22
Q
what is perfect information?
A
forecast of future outcome is always the correct prediction
-can undertake the most beneficial course of action
23
Q
what is imperfect information?
A
forecast is usually correct, but can be incorrect
-not as valuable as perfect information
24
Q
what is a decision tree?
A
diagrammatic representation of a multi-decision problem, where all possible courses of action are represented and every possible outcome of each course of action is shown
25
when should a decision tree be used?
where a problem involves a series of decisions being made and several outcomes arise during the decision-making process
26
what are some common symbols in a decision tree?
square=decision point
circle=chance point
branch=probability
27
how are probabilities of outcomes calculated in a decision tree?
'roll back' from end to circle/decision point
28
what is a conditional probability?
probability of an event whose calculation is based on the knowledge that some other even has occured
29
what does P(A/b) mean?
the probability of A occurring given that B has already occured
30
how are contingency tables created?
by taking the given probabilities, multiplying by some convenient number then drawing a table to show the various combinations of factors that may exist
31
what is a stress test?
a way of analysing a business to consider how well it could cope in difficult conditions
-assess the vulnerability of a position against hypothetical events
32
what needs to be considered when stress testing?
prioritisation
measurement
productivity
flexibility
33
what is scenario planning?
force managers to think about other potential future market positions
-identify key environmental factors and consider how these might change in the future
34
what is risk in business?
the chance that future events or results may not be as expected
35
what is purely bad risk known as?
pure or downside risk
36
what is good risk known as?
speculative or upside risk
37
why incur risk?
- to generate higher returns, a business may have to take more risk in order to be competitive. Conversely, not accepting risk tends to make a business less dynamic, an implies a 'follow the leader' strategy
- incurring risk also implies that the returns from different activities will be higher -'benefit' being the return for accepting risk
- benefits can be financial
- in both cases, these will lead to the business being able to gain competitive advantage
38
what are the different categories of risk?
- political, legal and regulatory
- business risk
- economic risk
- financial risk
- technology risk
- environmental risk
- corporate reputation risk
- fraud and employee malfeasance risk
- international risk
39
what is business risk?
the risk businesses face due to the nature of their operations and products
40
what is strategic risk?
risk that business strategies will fail
41
what is product risk?
risk of failure of new product launches/loss of interest in existing products
42
what is commodity price risk?
risk of a rise in commodity prices
43
what is product reputation risk?
risk of change in products' reputation or image
44
what is operational risk?
risk that business operations may be inefficient or business processes may fail
45
what is contractual inadequacy risk?
risk that the terms of a contract do not fully cover a business against all potential outcomes
46
what is fraud and employee malfeasance risk?
malfeasance means doing wrong, or committing an offence or fraud. this is the risk of actions by employees that result in fraud, an offence or crime
47
what is risk management?
'the process of understanding and managing the risks that the organisation is inevitably subject to in attempting to achieve its corporate objectives'
48
what are the 2 sides to risk management?
conformance and performance
49
what is conformance?
controlling threats or hazards
| -'bad things do happen'
50
what is performance?
maximising return or opportunity
| -'good things might not happen'
51
what is risk appetite?
the amount of risk an organisation is willing to accept in pursuit of value
-may be explicit in strategies, policies and procedures, or it may be implicit
52
what is risk appetite determined by?
- risk capacity
| - risk attitude
53
what is the TARA framework?
probability on y axis and impact on x
| -transfer, accept, reduce and avoid
54
what approach does the CIMA Code of Ethics have?
threats and safeguarding approach
55
what is the threats and safeguarding approach?
if identified threats are other than clearly significant, a management accountant should apply safeguards to eliminate the threats or reduce them to an acceptable level such that compliance with the FUNDAMENTAL PRINCIPLES is not compromised
56
what are the fundamental principles of the CIMA code of Ethics?
Integrity:straightforward, honest
Objectivity:no bias or conflict of interest
Professional competence and due professional knowledge and skill
Confidentiality: need specific authority
Professional behaviour:comply with law and avoid discrediting profession
57
what are the different types of threats to the Code of Ethics?
```
Intimidation
Familiarity
Advocacy
Self-interest
Self review
```
58
what is an inducement?
receiving/giving offers as incentive to encourage unethical behaviour
59
what is the distinguishing mark of a profession?
the acceptance of a responsibility to the public
60
the accountancy profession's public includes:
- clients
- credit providers
- governments
- employees
- employers
- investors
61
what is the public interest defined as?
that which supports the good of society as a whole, as opposed to what serves the interests of individual members of society or specific sectional interest groups
62
what makes an organisation a shaper of society?
must improve society, however that term is defined
63
when is an IS worth implementing?
when the value of information to the business is greater than the cost
64
what are the initial costs of an IS system?
- costs to design and develop system if software is bespoke
- purchase price of software if it is not bespoke
- purchase cost of new hardware
- cost of testing and implementations of the new system
- training costs
65
what are the running cost of an IS system?
- cost of labour time to run the system
- cost of materials e.g replacement parts
- cost of service support e.g IT helpdesk
66
what constitutes a risk to a computer system?
anything that prevents the managers getting the information they need from the system at the time that they need it
- loss of information
- loss of confidentiality
- business disruption
- loss of time and money
67
what are some examples of risks to IS systems?
- dissatisfied employees might deliberately modify or destroy information in the system
- a hacker or industrial spy might break into the system
- viruses or malicious software could be introduced
- accidental mistakes could be made on input to the system
- inadequate security of the hardware or data
- faults in the hardware system
68
what is big data?
extremely large collections of data that may be analysed to reveal patterns, trends and associations
69
how can performance management be enhanced with big data?
harness these vast amounts of information and transform them
-conventional methods of storing and processing data will not work
70
what are the risks associated with Big Data?
- SKILLS to use BD systems not always available
- SECURITY of data
- TIME spent measuring relationships that have no organisational value
- poor VERACITY leading to incorrect conclusions
- COST of establishing hardware and analytics software
- technical difficulties INTEGRATING BD systems with current systems
71
what are the 4 V's of BD?
VELOCITY: speed of flow
VOLUME: sources and amount of data
VARIETY:format of data
VERACITY:truthfulness of data
72
what are the strengths of sensitivity analysis?
- no complicated theory to understand
- information will be presented to management in a form which facilitates subjective judgement to decide the likelihood of the various possible outcomes considered
- identifies areas which are crucial to the success of the project. if the project is chosen, those areas can be carefully monitored
- indicated just how critical some of the forecasts which are considered to be uncertain are
73
what are the weaknesses of sensitivity analysis?
- assumes that changes to variables can be made independently
- only identifies how far variable needs to change, not probability
- not optimising technique, provides information on the basis of which decisions can be made
74
what technique allows us to change more than one variable at a time in sensitivity analysis?
simulation
| -often used in capital investment appraisal
75
what is utility theory?
the individual's risk attitude to certain risk profiles will depend on the amount of money involved
-attaches weights to the sums of money involved
76
what is the coefficient of variation?
- standard deviation divided by expected value
- measures RELATIVE SIZE of risk
- can use for comparison
77
```
what strategies do the following implement:
risk averse/pessimist
risk averse & sore loser
risk neutral
risk seeker/optimist
```
maximin:maximise min minimax regret
EV
maximax: maximise max return
78
what tactic does a risk averse, sore loser pick?
minimax regret as they aim to minimise regret from missing out
regret=opportunity cost
79
how is regret calculated in the minimax regret decision rable?
what we could earn - what we did
80
how do you find the value of information?
EV with perfect info - EV without perfect info
81
what is the link between Monte Carlo simulation and VaR?
the VaR distribution may well have been created by running a Monte Carlo simulation on the likely outcome over the next two weeks
82
what is a two way data table?
represent inter-related data in an easy understandable manner
-can be expanded to calculate expected contribution from different volume levels
83
what is the minimax regret strategy?
minimises the maximum regret
84
how is a outcome decided at a square?
highest between options
85
how is an outcome decided at a circle?
sum of outcomes
86
how do decision trees facilitate decision making?
consider the logical sequence of events
| -complex problem broken down into smaller, easier-to-handle sections
87
what factors need to be considered during decision tree-type problems?
- time value of money
- assumes risk neutrality
- sensitivity analysis
- oversimplification
88
what does P(A/B) means and how can it be re-written?
P(A and B)=P(A/B) x P(B)
89
what happens if stress test is failed?
reputational damage, reduce shareholder dividends to improve capital position
90
```
what 7 questions must be considered in the following key areas?
prioritisation
measurement
productivity
flexibility
```
prioritisation:
- primary customer?
- core values prioritise shareholders, employees and customers?
measurement:
- critical performance variables?
- strategic boundaries set?
productivity:
- how are you generating creative tension?
- how committed are your employees to helping each other?
flexibility:
-what strategic uncertainties keep you awake at night
91
what are the 7 steps involved in scenario planning?
1. IDENTIFY high-impact high-uncertainty factors in the environment. Relevant factors and driving forces could be identified through a strategic analysis framework such as a PEST analysis
2. For each factor, identify different possible futures
3. Cluster together different factors to identify various consistent future scenarios
4. 'Writing the scenario'-for the most important scenarios, build a detailed analysis to identify and assess future implications
5. For each scenario, identify and assess possible courses of action for the firm
6. Monitor reality to see which scenario is unfolding
7. Revise scenarios and strategic options as appropriate
92
what are the 3 potential future scenarios?
most likely scenario:reflects the majority of management' expectations of the future possibilities for the market
best case scenario:reflects a position where the key environmental factors move in a favourable direction for the organisation
worst case scenario: reflects a position where the environment turns agains the organisation
93
why do strategists argue its best to plan for only 2 scenarios in scenario planning?
2 strategies might distort managers' mind-sets with a 'most-likely' scenario
94
what is the aim of scenario planning?
help managers become more aware of what the key environmental factors are and how they might influence the organisation in the future
95
what is two-way risk?
speculative risk
| -could be better or worse than expected
96
how can uncertainty be reduced?
obtaining as much information as possible before making a decision
97
what types of risk does business risk include?
-strategic
-product
-commodity
-product reputation
-operational
-contractual inadequacy
fraud and malfeasance
98
what was the traditional view of risk management and how has it changed?
historically:avoiding downside risk
| new approach:benefit from upside risk by taking advantage of it
99
what is EY's model for quantifying shareholder value?
shareholder value=static NPV of existing business model + value of future growth options
-sum of the value of what a company does now and the value of what they could possibly do in the future
100
what are the 4 stages of good risk management Ey identifies?
1) Establish what shareholders value about the company
2) Identify the risks around the key shareholder value drivers
3) Determine the preferred treatment for the risks
4) Communicate risk treatments to shareholders
101
what is risk capacity?
amount of risk that the organisation can bear
| -quantitative
102
what is risk attitude?
overall approach to risk
| -qualitative
103
what is residual risk?
risk a business faces after its controls have been considered
i.e. cannot control
104
what is Transference in the TARA framework?
can transfer part or whole risk
-e.g. insurance
105
what is avoidance in the TARA framework?
avoid the risk altogether
| -sometimes unavoidable e.g. NFP orgs
106
what is Reduction/mitigation in the TARA framework?
reduce the risk by limiting exposure or attempting to decrease adverse eggects
107
what is Acceptance in the TARA framework?
accept the risk and decide to deal with the consequences
108
what is risk mapping?
qualitative way of assessing the risk
- identify impact
- provides framework for prioritising risks
- attend to higher impact/likelihood
- plot on TARA
109
what is the type of risk related to failing to adhere to fundamental principles?
reputation risk
110
who developed the CIMA code of ethics?
adopted based on the IFAC code of ethics which was developed with input from CIMA and the global accountancy profession
111
what are the 3 parts of the CIMA Code of Ethics?
PartA:fundamental principles
Part B: how conceptual framework applies to professional accountants in business
Part C: how conceptual framework applies to professional accountant in public practice
112
```
what are the following threats:
Intimidation
Familiarity
Advocacy
Self-interest
Self review
```
Intimidation:allowing external pressure to influence decision
Familiarity:allowing performance relationship to influence decision
Advocacy:acting for/against a position rather than impartial
Self-interest:putting your own interest ahead of whats right
Self review:not showing objectivity, ignoring own errors
113
what is CBA?
cost-benefit analysis can be used to assess the expected costs and benefits of a project e.g. of implementing IS
114
what is the general shape of a cost and benefit graph?
costs: diseconomies may set in at large frequencies
benefits: increase sharply but then tail off when information overload sets in and benefits actually start to decline (n shape)
115
what are the costs of internal information?
- direct data capture costs e.g. cost of barcode scanners in a supermarket
- processing costs
- indirect costs e.g. unnecessary info collected
116
what are the costs of external information?
- direct costs e.g. newspaper subscriptions
- indirect costs e.g. wasted time finding useful information
- management costs e.g. cost of processing information
- infrastructure costs e.g. of systems enabling internet searches
117
why is training/re-training expensive?
- cost of trainer
- wages for people being trained
- paying someone to do work while others are being trained
- paying for the costs of the training venue
- lost productivity whilst people are being trained
- slower productivity whilst people are 'on the job learning'
118
other than cost of labour and training, what are the other indirect costs of providing information?
- loss of staff morale
- delays caused in other projects in of the business
- general dislocation caused by system change
- upsetting customers from system change
- incompatibility with other systems
- unexpected costs of software amendments, tailoring and maintenance
- cost of failure due to inappropriate systems or faulty implementation
119
what are some intangible indirect costs of producing information?
- reduced quality of information, due to information overload
- poor decision making, due to information overload
- too many areas to focus on-so issues are not followed up
- focus on the wrong things i.e. only on those business areas and targets that are easy to measure and report on
120
what are the benefits of a new IS?
- enhanced efficiency and capacity
- better quality of information
- better access to information
- improved sharing of informatino
- improved communication
- better decision making and customer service
121
What is Data protection legislation?
some countries give individuals the right to seek compensation against an organisation that holds personal data about them if they suffer a loss through the improper use of data
e.g. GDPR
122
how does erroneous input result in doubts in the integrity of data?
- input overlooked or omitted or entered twice
| - errors in the data due to human error
123
what is hacking?
gathering of unauthorised access to a computer system
| -deliberate attempt
124
what is a virus?
a piece of software that seeks to infest a computer system, hiding and automatically spreading to other systems if given the oppurtunity
125
what are the 3 functions of a computer virus?
- avoid detection
- reproducing themselves
- causing damade
126
```
what are these viruses?
trojans
worms
trap doors
logic bombs
time bombs
```
trojans:whilst carrying on one program, secretly carry on another
worms:these replicate themselves within the systems
trap doors:undocumented entry points to systems allowing normal controls to be by-passed
logic bombs:triggered on the occurrence of a certain event
time bombs:which are triggered on a certain date
127
what are the advantages of an intranet/internet system?
- access to cast sources of external data, helps with quality of decision making
- can advertise on a website and provide info that helps promote image
- can use for purchasing
- means of operating an email system
- create opportunity for more flexible organisation of work
128
what are the disadvantages of an intranet/internet system?
- email system may become inefficient if overused
- emails can be disruptive, especially notifications
- senders often expect immediate response and delay can cause tension
- employees might waste too much time looking for information on the Internet
- w/o suitable controls, employees might spend large amounts of time on the Internet or emailing rather than carrying out work responsibilities
- hackers or industrial spies
- import of viruses and other malicious software
129
what is BD management?
storage, admin and control of vast quantities of both structures and unstructured data
130
what is BD analytics?
process of scrutinising BD to identify patterns, correlations, relationships and other insights
131
what is Hadoop?
open source programming framework which enables the processing of large data sets by utilising multiple servers simultaneously
132
what are the benefits of BD?
- driving innovation
- gaining competitive advantage
- improving productivity
133
what are the risks associated with BD?
- availability of skills
- security of data
- data protections
- difficulty in converting into useful data
