D. Risk and control

Question 1

what is the difference between risk and uncertainty?

Answer 1

risk is quantifiable, possible outcomes have associated probabilities and allow the use of mathematical techniques
uncertainty is unquantifiable and the outcome can’t be mathematically modelled. It is difficult to incorporate uncertainty into decision making models

Question 2

what is upside risk and downside risk?

Answer 2

downside: bad
upside: rewards better than risks

Question 3

how do we deal with risks in investment appraisal?

Answer 3

-add RISK PREMIUM to the discount rate to compensate for risk
-use PAYBACK period technique
sensitivity analysis
-using probability distributions to give an indication of risk
-Monte Carlo simulation-computerised system that extends sensitivity analysis

Question 4

how is sensitivity margin calculated?

Answer 4

NPV/PV of flow under consideration

Question 5

what is sensitivity analysis?

Answer 5

a ‘what if’ analysis

-see how much leeway before option becomes unviable

Question 6

what is the expected value?

Answer 6

all the different possible outcomes by a single weighted average

• long run average
• NOT most likely result

Question 7

what is a risk neutral decision maker?

Answer 7

consider all possible outcomes and will select the strategy that maximises the EXPECTED VALUE or benefit

Question 8

what is a risk seeker?

Answer 8

likely to select the strategy with the BEST possible outcomes, regardless of the likelihood that they will occur. They will apply the MAXIMAX criteria

Question 9

what is a risk averse decision maker?

Answer 9

try to AVOID RISK. Rather select a lower but certain outcome than risk going for a higher pay-off which is less certain to occur. They will apply the MAXIMIN criterion or the minimax regret approach

Question 10

what are the advantages of using expected value?

Answer 10

• takes risk into account
• easier decisions as single figure
• simple to calculate

Question 11

what are the disadvantaged of using expected value?

Answer 11

• probabilities are subjective
• little meaning for a one-off project
• ignores attitudes to risk
• the answer may not exist

Question 12

what is standard deviation?

Answer 12

measure of how far away on average the data points are from the means

• average variability about the mean
• measure of VOLATILITY

Question 13

what are the steps to calculating standard deviation?

Answer 13

1. find the difference for each data value and mean
2. square differences to get rid of negative differences
3. work out the average squared difference (i.e variance)
4. take the square root to get the standard deviation

Question 14

what is the Monte Carlo simulation?

Answer 14

computerised system that extends sensitivity analysis

Question 15

what is the Monte Carlo simulation method?

Answer 15

uses random numbers and probability statistics

• identify key variables in a decision
• assign random numbers to each variable in a proportion in accordance with the underlying probability distribution
• use a computer to repeat decision repeatedly until outcome starts to ‘settle down’ and gives management a view of the likely range and level of outcomes
• depending on the management’s attitude to risk, a more informed decision can be taken

Question 16

what is VaR?

Answer 16

value at risk

• measure of how the market value of an asset or of a portfolio of assets is likely to decrease over a certain time, the HOLDING PERIOD (usually one to ten days) under ‘normal’ market conditions
• amount of risk to be lost from an investment under usual conditions over a given holding period at a particular ‘confidence level’

Question 17

what is VaR measured by?

Answer 17

normal distribution theory

-typically used by IBs to measure market risk of their asset portfolios

Question 18

what does a 95% confidence level mean in VaR?

Answer 18

For a 95% confidence level, the VaP will give the amount that has a 5% chance of being lost

Question 19

what does a payoff table show?

Answer 19

illustrates al the different possible profits/losses that might arise

Question 20

what are the 2 axis of a payoff table?

Answer 20

demand and supply

Question 21

what are the probabilities in payoff tables used to calulcate?

Answer 21

expected values which are then used for decision making

Question 22

what is perfect information?

Answer 22

forecast of future outcome is always the correct prediction

-can undertake the most beneficial course of action

Question 23

what is imperfect information?

Answer 23

forecast is usually correct, but can be incorrect

-not as valuable as perfect information

Question 24

what is a decision tree?

Answer 24

diagrammatic representation of a multi-decision problem, where all possible courses of action are represented and every possible outcome of each course of action is shown

Question 25

when should a decision tree be used?

Answer 25

where a problem involves a series of decisions being made and several outcomes arise during the decision-making process

Question 26

what are some common symbols in a decision tree?

Answer 26

square=decision point
circle=chance point
branch=probability

Question 27

how are probabilities of outcomes calculated in a decision tree?

Answer 27

‘roll back’ from end to circle/decision point

Question 28

what is a conditional probability?

Answer 28

probability of an event whose calculation is based on the knowledge that some other even has occured

Question 29

what does P(A/b) mean?

Answer 29

the probability of A occurring given that B has already occured

Question 30

how are contingency tables created?

Answer 30

by taking the given probabilities, multiplying by some convenient number then drawing a table to show the various combinations of factors that may exist

Question 31

what is a stress test?

Answer 31

a way of analysing a business to consider how well it could cope in difficult conditions
-assess the vulnerability of a position against hypothetical events

Question 32

what needs to be considered when stress testing?

Answer 32

prioritisation
measurement
productivity
flexibility

Question 33

what is scenario planning?

Answer 33

force managers to think about other potential future market positions
-identify key environmental factors and consider how these might change in the future

Question 34

what is risk in business?

Answer 34

the chance that future events or results may not be as expected

Question 35

what is purely bad risk known as?

Answer 35

pure or downside risk

Question 36

what is good risk known as?

Answer 36

speculative or upside risk

Question 37

why incur risk?

Answer 37

• to generate higher returns, a business may have to take more risk in order to be competitive. Conversely, not accepting risk tends to make a business less dynamic, an implies a ‘follow the leader’ strategy
• incurring risk also implies that the returns from different activities will be higher -‘benefit’ being the return for accepting risk
• benefits can be financial
• in both cases, these will lead to the business being able to gain competitive advantage

Question 38

what are the different categories of risk?

Answer 38

• political, legal and regulatory
• business risk
• economic risk
• financial risk
• technology risk
• environmental risk
• corporate reputation risk
• fraud and employee malfeasance risk
• international risk

Question 39

what is business risk?

Answer 39

the risk businesses face due to the nature of their operations and products

Question 40

what is strategic risk?

Answer 40

risk that business strategies will fail

Question 41

what is product risk?

Answer 41

risk of failure of new product launches/loss of interest in existing products

Question 42

what is commodity price risk?

Answer 42

risk of a rise in commodity prices

Question 43

what is product reputation risk?

Answer 43

risk of change in products’ reputation or image

Question 44

what is operational risk?

Answer 44

risk that business operations may be inefficient or business processes may fail

Question 45

what is contractual inadequacy risk?

Answer 45

risk that the terms of a contract do not fully cover a business against all potential outcomes

Question 46

what is fraud and employee malfeasance risk?

Answer 46

malfeasance means doing wrong, or committing an offence or fraud. this is the risk of actions by employees that result in fraud, an offence or crime

Question 47

what is risk management?

Answer 47

‘the process of understanding and managing the risks that the organisation is inevitably subject to in attempting to achieve its corporate objectives’

Question 48

what are the 2 sides to risk management?

Answer 48

conformance and performance

Question 49

what is conformance?

Answer 49

controlling threats or hazards

-‘bad things do happen’

Question 50

what is performance?

Answer 50

maximising return or opportunity

-‘good things might not happen’

Question 51

what is risk appetite?

Answer 51

the amount of risk an organisation is willing to accept in pursuit of value
-may be explicit in strategies, policies and procedures, or it may be implicit

Question 52

what is risk appetite determined by?

Answer 52

• risk capacity

- risk attitude

Question 53

what is the TARA framework?

Answer 53

probability on y axis and impact on x

-transfer, accept, reduce and avoid

Question 54

what approach does the CIMA Code of Ethics have?

Answer 54

threats and safeguarding approach

Question 55

what is the threats and safeguarding approach?

Answer 55

if identified threats are other than clearly significant, a management accountant should apply safeguards to eliminate the threats or reduce them to an acceptable level such that compliance with the FUNDAMENTAL PRINCIPLES is not compromised

Question 56

what are the fundamental principles of the CIMA code of Ethics?

Answer 56

Integrity:straightforward, honest
Objectivity:no bias or conflict of interest
Professional competence and due professional knowledge and skill
Confidentiality: need specific authority
Professional behaviour:comply with law and avoid discrediting profession

Question 57

what are the different types of threats to the Code of Ethics?

Answer 57

Intimidation
Familiarity
Advocacy
Self-interest
Self review

Question 58

what is an inducement?

Answer 58

receiving/giving offers as incentive to encourage unethical behaviour

Question 59

what is the distinguishing mark of a profession?

Answer 59

the acceptance of a responsibility to the public

Question 60

the accountancy profession’s public includes:

Answer 60

• clients
• credit providers
• governments
• employees
• employers
• investors

Question 61

what is the public interest defined as?

Answer 61

that which supports the good of society as a whole, as opposed to what serves the interests of individual members of society or specific sectional interest groups

Question 62

what makes an organisation a shaper of society?

Answer 62

must improve society, however that term is defined

Question 63

when is an IS worth implementing?

Answer 63

when the value of information to the business is greater than the cost

Question 64

what are the initial costs of an IS system?

Answer 64

• costs to design and develop system if software is bespoke
• purchase price of software if it is not bespoke
• purchase cost of new hardware
• cost of testing and implementations of the new system
• training costs

Question 65

what are the running cost of an IS system?

Answer 65

• cost of labour time to run the system
• cost of materials e.g replacement parts
• cost of service support e.g IT helpdesk

Question 66

what constitutes a risk to a computer system?

Answer 66

anything that prevents the managers getting the information they need from the system at the time that they need it

• loss of information
• loss of confidentiality
• business disruption
• loss of time and money

Question 67

what are some examples of risks to IS systems?

Answer 67

• dissatisfied employees might deliberately modify or destroy information in the system
• a hacker or industrial spy might break into the system
• viruses or malicious software could be introduced
• accidental mistakes could be made on input to the system
• inadequate security of the hardware or data
• faults in the hardware system

Question 68

what is big data?

Answer 68

extremely large collections of data that may be analysed to reveal patterns, trends and associations

Question 69

how can performance management be enhanced with big data?

Answer 69

harness these vast amounts of information and transform them
-conventional methods of storing and processing data will not work

Question 70

what are the risks associated with Big Data?

Answer 70

• SKILLS to use BD systems not always available
• SECURITY of data
• TIME spent measuring relationships that have no organisational value
• poor VERACITY leading to incorrect conclusions
• COST of establishing hardware and analytics software
• technical difficulties INTEGRATING BD systems with current systems

Question 71

what are the 4 V’s of BD?

Answer 71

VELOCITY: speed of flow
VOLUME: sources and amount of data
VARIETY:format of data
VERACITY:truthfulness of data

Question 72

what are the strengths of sensitivity analysis?

Answer 72

• no complicated theory to understand
• information will be presented to management in a form which facilitates subjective judgement to decide the likelihood of the various possible outcomes considered
• identifies areas which are crucial to the success of the project. if the project is chosen, those areas can be carefully monitored
• indicated just how critical some of the forecasts which are considered to be uncertain are

Question 73

what are the weaknesses of sensitivity analysis?

Answer 73

• assumes that changes to variables can be made independently
• only identifies how far variable needs to change, not probability
• not optimising technique, provides information on the basis of which decisions can be made

Question 74

what technique allows us to change more than one variable at a time in sensitivity analysis?

Answer 74

simulation

-often used in capital investment appraisal

Question 75

what is utility theory?

Answer 75

the individual’s risk attitude to certain risk profiles will depend on the amount of money involved
-attaches weights to the sums of money involved

Question 76

what is the coefficient of variation?

Answer 76

• standard deviation divided by expected value
• measures RELATIVE SIZE of risk
• can use for comparison

Question 77

what strategies do the following implement:
risk averse/pessimist
risk averse & sore loser
risk neutral
risk seeker/optimist

Answer 77

maximin:maximise min minimax regret
EV
maximax: maximise max return

Question 78

what tactic does a risk averse, sore loser pick?

Answer 78

minimax regret as they aim to minimise regret from missing out
regret=opportunity cost

Question 79

how is regret calculated in the minimax regret decision rable?

Answer 79

what we could earn - what we did

Question 80

how do you find the value of information?

Answer 80

EV with perfect info - EV without perfect info

Question 81

what is the link between Monte Carlo simulation and VaR?

Answer 81

the VaR distribution may well have been created by running a Monte Carlo simulation on the likely outcome over the next two weeks

Question 82

what is a two way data table?

Answer 82

represent inter-related data in an easy understandable manner
-can be expanded to calculate expected contribution from different volume levels

Question 83

what is the minimax regret strategy?

Answer 83

minimises the maximum regret

Question 84

how is a outcome decided at a square?

Answer 84

highest between options

Question 85

how is an outcome decided at a circle?

Answer 85

sum of outcomes

Question 86

how do decision trees facilitate decision making?

Answer 86

consider the logical sequence of events

-complex problem broken down into smaller, easier-to-handle sections

Question 87

what factors need to be considered during decision tree-type problems?

Answer 87

• time value of money
• assumes risk neutrality
• sensitivity analysis
• oversimplification

Question 88

what does P(A/B) means and how can it be re-written?

Answer 88

P(A and B)=P(A/B) x P(B)

Question 89

what happens if stress test is failed?

Answer 89

reputational damage, reduce shareholder dividends to improve capital position

Question 90

what 7 questions must be considered in the following key areas?
prioritisation
measurement
productivity
flexibility

Answer 90

prioritisation:

• primary customer?
• core values prioritise shareholders, employees and customers?

measurement:

• critical performance variables?
• strategic boundaries set?

productivity:

• how are you generating creative tension?
• how committed are your employees to helping each other?

flexibility:
-what strategic uncertainties keep you awake at night

Question 91

what are the 7 steps involved in scenario planning?

Answer 91

1. IDENTIFY high-impact high-uncertainty factors in the environment. Relevant factors and driving forces could be identified through a strategic analysis framework such as a PEST analysis
2. For each factor, identify different possible futures
3. Cluster together different factors to identify various consistent future scenarios
4. ‘Writing the scenario’-for the most important scenarios, build a detailed analysis to identify and assess future implications
5. For each scenario, identify and assess possible courses of action for the firm
6. Monitor reality to see which scenario is unfolding
7. Revise scenarios and strategic options as appropriate

Question 92

what are the 3 potential future scenarios?

Answer 92

most likely scenario:reflects the majority of management’ expectations of the future possibilities for the market
best case scenario:reflects a position where the key environmental factors move in a favourable direction for the organisation
worst case scenario: reflects a position where the environment turns agains the organisation

Question 93

why do strategists argue its best to plan for only 2 scenarios in scenario planning?

Answer 93

2 strategies might distort managers’ mind-sets with a ‘most-likely’ scenario

Question 94

what is the aim of scenario planning?

Answer 94

help managers become more aware of what the key environmental factors are and how they might influence the organisation in the future

Question 95

what is two-way risk?

Answer 95

speculative risk

-could be better or worse than expected

Question 96

how can uncertainty be reduced?

Answer 96

obtaining as much information as possible before making a decision

Question 97

what types of risk does business risk include?

Answer 97

-strategic
-product
-commodity
-product reputation
-operational
-contractual inadequacy
fraud and malfeasance

Question 98

what was the traditional view of risk management and how has it changed?

Answer 98

historically:avoiding downside risk

new approach:benefit from upside risk by taking advantage of it

Question 99

what is EY’s model for quantifying shareholder value?

Answer 99

shareholder value=static NPV of existing business model + value of future growth options

-sum of the value of what a company does now and the value of what they could possibly do in the future

Question 100

what are the 4 stages of good risk management Ey identifies?

Answer 100

1) Establish what shareholders value about the company
2) Identify the risks around the key shareholder value drivers
3) Determine the preferred treatment for the risks
4) Communicate risk treatments to shareholders

Question 101

what is risk capacity?

Answer 101

amount of risk that the organisation can bear

-quantitative

Question 102

what is risk attitude?

Answer 102

overall approach to risk

-qualitative

Question 103

what is residual risk?

Answer 103

risk a business faces after its controls have been considered
i.e. cannot control

Question 104

what is Transference in the TARA framework?

Answer 104

can transfer part or whole risk

-e.g. insurance

Question 105

what is avoidance in the TARA framework?

Answer 105

avoid the risk altogether

-sometimes unavoidable e.g. NFP orgs

Question 106

what is Reduction/mitigation in the TARA framework?

Answer 106

reduce the risk by limiting exposure or attempting to decrease adverse eggects

Question 107

what is Acceptance in the TARA framework?

Answer 107

accept the risk and decide to deal with the consequences

Question 108

what is risk mapping?

Answer 108

qualitative way of assessing the risk

• identify impact
• provides framework for prioritising risks
• attend to higher impact/likelihood
• plot on TARA

Question 109

what is the type of risk related to failing to adhere to fundamental principles?

Answer 109

reputation risk

Question 110

who developed the CIMA code of ethics?

Answer 110

adopted based on the IFAC code of ethics which was developed with input from CIMA and the global accountancy profession

Question 111

what are the 3 parts of the CIMA Code of Ethics?

Answer 111

PartA:fundamental principles
Part B: how conceptual framework applies to professional accountants in business
Part C: how conceptual framework applies to professional accountant in public practice

Question 112

what are the following threats:
Intimidation
Familiarity
Advocacy
Self-interest
Self review

Answer 112

Intimidation:allowing external pressure to influence decision
Familiarity:allowing performance relationship to influence decision
Advocacy:acting for/against a position rather than impartial
Self-interest:putting your own interest ahead of whats right
Self review:not showing objectivity, ignoring own errors

Question 113

what is CBA?

Answer 113

cost-benefit analysis can be used to assess the expected costs and benefits of a project e.g. of implementing IS

Question 114

what is the general shape of a cost and benefit graph?

Answer 114

costs: diseconomies may set in at large frequencies
benefits: increase sharply but then tail off when information overload sets in and benefits actually start to decline (n shape)

Question 115

what are the costs of internal information?

Answer 115

• direct data capture costs e.g. cost of barcode scanners in a supermarket
• processing costs
• indirect costs e.g. unnecessary info collected

Question 116

what are the costs of external information?

Answer 116

• direct costs e.g. newspaper subscriptions
• indirect costs e.g. wasted time finding useful information
• management costs e.g. cost of processing information
• infrastructure costs e.g. of systems enabling internet searches

Question 117

why is training/re-training expensive?

Answer 117

• cost of trainer
• wages for people being trained
• paying someone to do work while others are being trained
• paying for the costs of the training venue
• lost productivity whilst people are being trained
• slower productivity whilst people are ‘on the job learning’

Question 118

other than cost of labour and training, what are the other indirect costs of providing information?

Answer 118

• loss of staff morale
• delays caused in other projects in of the business
• general dislocation caused by system change
• upsetting customers from system change
• incompatibility with other systems
• unexpected costs of software amendments, tailoring and maintenance
• cost of failure due to inappropriate systems or faulty implementation

Question 119

what are some intangible indirect costs of producing information?

Answer 119

• reduced quality of information, due to information overload
• poor decision making, due to information overload
• too many areas to focus on-so issues are not followed up
• focus on the wrong things i.e. only on those business areas and targets that are easy to measure and report on

Question 120

what are the benefits of a new IS?

Answer 120

• enhanced efficiency and capacity
• better quality of information
• better access to information
• improved sharing of informatino
• improved communication
• better decision making and customer service

Question 121

What is Data protection legislation?

Answer 121

some countries give individuals the right to seek compensation against an organisation that holds personal data about them if they suffer a loss through the improper use of data

e.g. GDPR

Question 122

how does erroneous input result in doubts in the integrity of data?

Answer 122

• input overlooked or omitted or entered twice

- errors in the data due to human error

Question 123

what is hacking?

Answer 123

gathering of unauthorised access to a computer system

-deliberate attempt

Question 124

what is a virus?

Answer 124

a piece of software that seeks to infest a computer system, hiding and automatically spreading to other systems if given the oppurtunity

Question 125

what are the 3 functions of a computer virus?

Answer 125

• avoid detection
• reproducing themselves
• causing damade

Question 126

what are these viruses?
trojans
worms
trap doors
logic bombs
time bombs

Answer 126

trojans:whilst carrying on one program, secretly carry on another
worms:these replicate themselves within the systems
trap doors:undocumented entry points to systems allowing normal controls to be by-passed
logic bombs:triggered on the occurrence of a certain event
time bombs:which are triggered on a certain date

Question 127

what are the advantages of an intranet/internet system?

Answer 127

• access to cast sources of external data, helps with quality of decision making
• can advertise on a website and provide info that helps promote image
• can use for purchasing
• means of operating an email system
• create opportunity for more flexible organisation of work

Question 128

what are the disadvantages of an intranet/internet system?

Answer 128

• email system may become inefficient if overused
• emails can be disruptive, especially notifications
• senders often expect immediate response and delay can cause tension
• employees might waste too much time looking for information on the Internet
• w/o suitable controls, employees might spend large amounts of time on the Internet or emailing rather than carrying out work responsibilities
• hackers or industrial spies
• import of viruses and other malicious software

Question 129

what is BD management?

Answer 129

storage, admin and control of vast quantities of both structures and unstructured data

Question 130

what is BD analytics?

Answer 130

process of scrutinising BD to identify patterns, correlations, relationships and other insights

Question 131

what is Hadoop?

Answer 131

open source programming framework which enables the processing of large data sets by utilising multiple servers simultaneously

Question 132

what are the benefits of BD?

Answer 132

• driving innovation
• gaining competitive advantage
• improving productivity

Question 133

what are the risks associated with BD?

Answer 133

• availability of skills
• security of data
• data protections
• difficulty in converting into useful data