D. Risk and control Flashcards
what is the difference between risk and uncertainty?
risk is quantifiable, possible outcomes have associated probabilities and allow the use of mathematical techniques
uncertainty is unquantifiable and the outcome can’t be mathematically modelled. It is difficult to incorporate uncertainty into decision making models
what is upside risk and downside risk?
downside: bad
upside: rewards better than risks
how do we deal with risks in investment appraisal?
-add RISK PREMIUM to the discount rate to compensate for risk
-use PAYBACK period technique
sensitivity analysis
-using probability distributions to give an indication of risk
-Monte Carlo simulation-computerised system that extends sensitivity analysis
how is sensitivity margin calculated?
NPV/PV of flow under consideration
what is sensitivity analysis?
a ‘what if’ analysis
-see how much leeway before option becomes unviable
what is the expected value?
all the different possible outcomes by a single weighted average
- long run average
- NOT most likely result
what is a risk neutral decision maker?
consider all possible outcomes and will select the strategy that maximises the EXPECTED VALUE or benefit
what is a risk seeker?
likely to select the strategy with the BEST possible outcomes, regardless of the likelihood that they will occur. They will apply the MAXIMAX criteria
what is a risk averse decision maker?
try to AVOID RISK. Rather select a lower but certain outcome than risk going for a higher pay-off which is less certain to occur. They will apply the MAXIMIN criterion or the minimax regret approach
what are the advantages of using expected value?
- takes risk into account
- easier decisions as single figure
- simple to calculate
what are the disadvantaged of using expected value?
- probabilities are subjective
- little meaning for a one-off project
- ignores attitudes to risk
- the answer may not exist
what is standard deviation?
measure of how far away on average the data points are from the means
- average variability about the mean
- measure of VOLATILITY
what are the steps to calculating standard deviation?
- find the difference for each data value and mean
- square differences to get rid of negative differences
- work out the average squared difference (i.e variance)
- take the square root to get the standard deviation
what is the Monte Carlo simulation?
computerised system that extends sensitivity analysis
what is the Monte Carlo simulation method?
uses random numbers and probability statistics
- identify key variables in a decision
- assign random numbers to each variable in a proportion in accordance with the underlying probability distribution
- use a computer to repeat decision repeatedly until outcome starts to ‘settle down’ and gives management a view of the likely range and level of outcomes
- depending on the management’s attitude to risk, a more informed decision can be taken
what is VaR?
value at risk
- measure of how the market value of an asset or of a portfolio of assets is likely to decrease over a certain time, the HOLDING PERIOD (usually one to ten days) under ‘normal’ market conditions
- amount of risk to be lost from an investment under usual conditions over a given holding period at a particular ‘confidence level’
what is VaR measured by?
normal distribution theory
-typically used by IBs to measure market risk of their asset portfolios
what does a 95% confidence level mean in VaR?
For a 95% confidence level, the VaP will give the amount that has a 5% chance of being lost
what does a payoff table show?
illustrates al the different possible profits/losses that might arise
what are the 2 axis of a payoff table?
demand and supply
what are the probabilities in payoff tables used to calulcate?
expected values which are then used for decision making
what is perfect information?
forecast of future outcome is always the correct prediction
-can undertake the most beneficial course of action
what is imperfect information?
forecast is usually correct, but can be incorrect
-not as valuable as perfect information
what is a decision tree?
diagrammatic representation of a multi-decision problem, where all possible courses of action are represented and every possible outcome of each course of action is shown
when should a decision tree be used?
where a problem involves a series of decisions being made and several outcomes arise during the decision-making process
what are some common symbols in a decision tree?
square=decision point
circle=chance point
branch=probability
how are probabilities of outcomes calculated in a decision tree?
‘roll back’ from end to circle/decision point
what is a conditional probability?
probability of an event whose calculation is based on the knowledge that some other even has occured
what does P(A/b) mean?
the probability of A occurring given that B has already occured
how are contingency tables created?
by taking the given probabilities, multiplying by some convenient number then drawing a table to show the various combinations of factors that may exist
what is a stress test?
a way of analysing a business to consider how well it could cope in difficult conditions
-assess the vulnerability of a position against hypothetical events
what needs to be considered when stress testing?
prioritisation
measurement
productivity
flexibility
what is scenario planning?
force managers to think about other potential future market positions
-identify key environmental factors and consider how these might change in the future
what is risk in business?
the chance that future events or results may not be as expected
what is purely bad risk known as?
pure or downside risk
what is good risk known as?
speculative or upside risk
why incur risk?
- to generate higher returns, a business may have to take more risk in order to be competitive. Conversely, not accepting risk tends to make a business less dynamic, an implies a ‘follow the leader’ strategy
- incurring risk also implies that the returns from different activities will be higher -‘benefit’ being the return for accepting risk
- benefits can be financial
- in both cases, these will lead to the business being able to gain competitive advantage
what are the different categories of risk?
- political, legal and regulatory
- business risk
- economic risk
- financial risk
- technology risk
- environmental risk
- corporate reputation risk
- fraud and employee malfeasance risk
- international risk
what is business risk?
the risk businesses face due to the nature of their operations and products
what is strategic risk?
risk that business strategies will fail
what is product risk?
risk of failure of new product launches/loss of interest in existing products
what is commodity price risk?
risk of a rise in commodity prices
what is product reputation risk?
risk of change in products’ reputation or image
what is operational risk?
risk that business operations may be inefficient or business processes may fail
what is contractual inadequacy risk?
risk that the terms of a contract do not fully cover a business against all potential outcomes
what is fraud and employee malfeasance risk?
malfeasance means doing wrong, or committing an offence or fraud. this is the risk of actions by employees that result in fraud, an offence or crime
what is risk management?
‘the process of understanding and managing the risks that the organisation is inevitably subject to in attempting to achieve its corporate objectives’
what are the 2 sides to risk management?
conformance and performance
what is conformance?
controlling threats or hazards
-‘bad things do happen’
what is performance?
maximising return or opportunity
-‘good things might not happen’
what is risk appetite?
the amount of risk an organisation is willing to accept in pursuit of value
-may be explicit in strategies, policies and procedures, or it may be implicit
what is risk appetite determined by?
- risk capacity
- risk attitude
what is the TARA framework?
probability on y axis and impact on x
-transfer, accept, reduce and avoid
what approach does the CIMA Code of Ethics have?
threats and safeguarding approach
what is the threats and safeguarding approach?
if identified threats are other than clearly significant, a management accountant should apply safeguards to eliminate the threats or reduce them to an acceptable level such that compliance with the FUNDAMENTAL PRINCIPLES is not compromised
what are the fundamental principles of the CIMA code of Ethics?
Integrity:straightforward, honest
Objectivity:no bias or conflict of interest
Professional competence and due professional knowledge and skill
Confidentiality: need specific authority
Professional behaviour:comply with law and avoid discrediting profession
what are the different types of threats to the Code of Ethics?
Intimidation Familiarity Advocacy Self-interest Self review
what is an inducement?
receiving/giving offers as incentive to encourage unethical behaviour
what is the distinguishing mark of a profession?
the acceptance of a responsibility to the public
the accountancy profession’s public includes:
- clients
- credit providers
- governments
- employees
- employers
- investors
what is the public interest defined as?
that which supports the good of society as a whole, as opposed to what serves the interests of individual members of society or specific sectional interest groups
what makes an organisation a shaper of society?
must improve society, however that term is defined
when is an IS worth implementing?
when the value of information to the business is greater than the cost
what are the initial costs of an IS system?
- costs to design and develop system if software is bespoke
- purchase price of software if it is not bespoke
- purchase cost of new hardware
- cost of testing and implementations of the new system
- training costs
what are the running cost of an IS system?
- cost of labour time to run the system
- cost of materials e.g replacement parts
- cost of service support e.g IT helpdesk
what constitutes a risk to a computer system?
anything that prevents the managers getting the information they need from the system at the time that they need it
- loss of information
- loss of confidentiality
- business disruption
- loss of time and money
what are some examples of risks to IS systems?
- dissatisfied employees might deliberately modify or destroy information in the system
- a hacker or industrial spy might break into the system
- viruses or malicious software could be introduced
- accidental mistakes could be made on input to the system
- inadequate security of the hardware or data
- faults in the hardware system
what is big data?
extremely large collections of data that may be analysed to reveal patterns, trends and associations
how can performance management be enhanced with big data?
harness these vast amounts of information and transform them
-conventional methods of storing and processing data will not work
what are the risks associated with Big Data?
- SKILLS to use BD systems not always available
- SECURITY of data
- TIME spent measuring relationships that have no organisational value
- poor VERACITY leading to incorrect conclusions
- COST of establishing hardware and analytics software
- technical difficulties INTEGRATING BD systems with current systems
what are the 4 V’s of BD?
VELOCITY: speed of flow
VOLUME: sources and amount of data
VARIETY:format of data
VERACITY:truthfulness of data
what are the strengths of sensitivity analysis?
- no complicated theory to understand
- information will be presented to management in a form which facilitates subjective judgement to decide the likelihood of the various possible outcomes considered
- identifies areas which are crucial to the success of the project. if the project is chosen, those areas can be carefully monitored
- indicated just how critical some of the forecasts which are considered to be uncertain are
what are the weaknesses of sensitivity analysis?
- assumes that changes to variables can be made independently
- only identifies how far variable needs to change, not probability
- not optimising technique, provides information on the basis of which decisions can be made
what technique allows us to change more than one variable at a time in sensitivity analysis?
simulation
-often used in capital investment appraisal
what is utility theory?
the individual’s risk attitude to certain risk profiles will depend on the amount of money involved
-attaches weights to the sums of money involved
what is the coefficient of variation?
- standard deviation divided by expected value
- measures RELATIVE SIZE of risk
- can use for comparison
what strategies do the following implement: risk averse/pessimist risk averse & sore loser risk neutral risk seeker/optimist
maximin:maximise min minimax regret
EV
maximax: maximise max return
what tactic does a risk averse, sore loser pick?
minimax regret as they aim to minimise regret from missing out
regret=opportunity cost
how is regret calculated in the minimax regret decision rable?
what we could earn - what we did
how do you find the value of information?
EV with perfect info - EV without perfect info
what is the link between Monte Carlo simulation and VaR?
the VaR distribution may well have been created by running a Monte Carlo simulation on the likely outcome over the next two weeks
what is a two way data table?
represent inter-related data in an easy understandable manner
-can be expanded to calculate expected contribution from different volume levels
what is the minimax regret strategy?
minimises the maximum regret
how is a outcome decided at a square?
highest between options
how is an outcome decided at a circle?
sum of outcomes
how do decision trees facilitate decision making?
consider the logical sequence of events
-complex problem broken down into smaller, easier-to-handle sections
what factors need to be considered during decision tree-type problems?
- time value of money
- assumes risk neutrality
- sensitivity analysis
- oversimplification
what does P(A/B) means and how can it be re-written?
P(A and B)=P(A/B) x P(B)
what happens if stress test is failed?
reputational damage, reduce shareholder dividends to improve capital position
what 7 questions must be considered in the following key areas? prioritisation measurement productivity flexibility
prioritisation:
- primary customer?
- core values prioritise shareholders, employees and customers?
measurement:
- critical performance variables?
- strategic boundaries set?
productivity:
- how are you generating creative tension?
- how committed are your employees to helping each other?
flexibility:
-what strategic uncertainties keep you awake at night
what are the 7 steps involved in scenario planning?
- IDENTIFY high-impact high-uncertainty factors in the environment. Relevant factors and driving forces could be identified through a strategic analysis framework such as a PEST analysis
- For each factor, identify different possible futures
- Cluster together different factors to identify various consistent future scenarios
- ‘Writing the scenario’-for the most important scenarios, build a detailed analysis to identify and assess future implications
- For each scenario, identify and assess possible courses of action for the firm
- Monitor reality to see which scenario is unfolding
- Revise scenarios and strategic options as appropriate
what are the 3 potential future scenarios?
most likely scenario:reflects the majority of management’ expectations of the future possibilities for the market
best case scenario:reflects a position where the key environmental factors move in a favourable direction for the organisation
worst case scenario: reflects a position where the environment turns agains the organisation
why do strategists argue its best to plan for only 2 scenarios in scenario planning?
2 strategies might distort managers’ mind-sets with a ‘most-likely’ scenario
what is the aim of scenario planning?
help managers become more aware of what the key environmental factors are and how they might influence the organisation in the future
what is two-way risk?
speculative risk
-could be better or worse than expected
how can uncertainty be reduced?
obtaining as much information as possible before making a decision
what types of risk does business risk include?
-strategic
-product
-commodity
-product reputation
-operational
-contractual inadequacy
fraud and malfeasance
what was the traditional view of risk management and how has it changed?
historically:avoiding downside risk
new approach:benefit from upside risk by taking advantage of it
what is EY’s model for quantifying shareholder value?
shareholder value=static NPV of existing business model + value of future growth options
-sum of the value of what a company does now and the value of what they could possibly do in the future
what are the 4 stages of good risk management Ey identifies?
1) Establish what shareholders value about the company
2) Identify the risks around the key shareholder value drivers
3) Determine the preferred treatment for the risks
4) Communicate risk treatments to shareholders
what is risk capacity?
amount of risk that the organisation can bear
-quantitative
what is risk attitude?
overall approach to risk
-qualitative
what is residual risk?
risk a business faces after its controls have been considered
i.e. cannot control
what is Transference in the TARA framework?
can transfer part or whole risk
-e.g. insurance
what is avoidance in the TARA framework?
avoid the risk altogether
-sometimes unavoidable e.g. NFP orgs
what is Reduction/mitigation in the TARA framework?
reduce the risk by limiting exposure or attempting to decrease adverse eggects
what is Acceptance in the TARA framework?
accept the risk and decide to deal with the consequences
what is risk mapping?
qualitative way of assessing the risk
- identify impact
- provides framework for prioritising risks
- attend to higher impact/likelihood
- plot on TARA
what is the type of risk related to failing to adhere to fundamental principles?
reputation risk
who developed the CIMA code of ethics?
adopted based on the IFAC code of ethics which was developed with input from CIMA and the global accountancy profession
what are the 3 parts of the CIMA Code of Ethics?
PartA:fundamental principles
Part B: how conceptual framework applies to professional accountants in business
Part C: how conceptual framework applies to professional accountant in public practice
what are the following threats: Intimidation Familiarity Advocacy Self-interest Self review
Intimidation:allowing external pressure to influence decision
Familiarity:allowing performance relationship to influence decision
Advocacy:acting for/against a position rather than impartial
Self-interest:putting your own interest ahead of whats right
Self review:not showing objectivity, ignoring own errors
what is CBA?
cost-benefit analysis can be used to assess the expected costs and benefits of a project e.g. of implementing IS
what is the general shape of a cost and benefit graph?
costs: diseconomies may set in at large frequencies
benefits: increase sharply but then tail off when information overload sets in and benefits actually start to decline (n shape)
what are the costs of internal information?
- direct data capture costs e.g. cost of barcode scanners in a supermarket
- processing costs
- indirect costs e.g. unnecessary info collected
what are the costs of external information?
- direct costs e.g. newspaper subscriptions
- indirect costs e.g. wasted time finding useful information
- management costs e.g. cost of processing information
- infrastructure costs e.g. of systems enabling internet searches
why is training/re-training expensive?
- cost of trainer
- wages for people being trained
- paying someone to do work while others are being trained
- paying for the costs of the training venue
- lost productivity whilst people are being trained
- slower productivity whilst people are ‘on the job learning’
other than cost of labour and training, what are the other indirect costs of providing information?
- loss of staff morale
- delays caused in other projects in of the business
- general dislocation caused by system change
- upsetting customers from system change
- incompatibility with other systems
- unexpected costs of software amendments, tailoring and maintenance
- cost of failure due to inappropriate systems or faulty implementation
what are some intangible indirect costs of producing information?
- reduced quality of information, due to information overload
- poor decision making, due to information overload
- too many areas to focus on-so issues are not followed up
- focus on the wrong things i.e. only on those business areas and targets that are easy to measure and report on
what are the benefits of a new IS?
- enhanced efficiency and capacity
- better quality of information
- better access to information
- improved sharing of informatino
- improved communication
- better decision making and customer service
What is Data protection legislation?
some countries give individuals the right to seek compensation against an organisation that holds personal data about them if they suffer a loss through the improper use of data
e.g. GDPR
how does erroneous input result in doubts in the integrity of data?
- input overlooked or omitted or entered twice
- errors in the data due to human error
what is hacking?
gathering of unauthorised access to a computer system
-deliberate attempt
what is a virus?
a piece of software that seeks to infest a computer system, hiding and automatically spreading to other systems if given the oppurtunity
what are the 3 functions of a computer virus?
- avoid detection
- reproducing themselves
- causing damade
what are these viruses? trojans worms trap doors logic bombs time bombs
trojans:whilst carrying on one program, secretly carry on another
worms:these replicate themselves within the systems
trap doors:undocumented entry points to systems allowing normal controls to be by-passed
logic bombs:triggered on the occurrence of a certain event
time bombs:which are triggered on a certain date
what are the advantages of an intranet/internet system?
- access to cast sources of external data, helps with quality of decision making
- can advertise on a website and provide info that helps promote image
- can use for purchasing
- means of operating an email system
- create opportunity for more flexible organisation of work
what are the disadvantages of an intranet/internet system?
- email system may become inefficient if overused
- emails can be disruptive, especially notifications
- senders often expect immediate response and delay can cause tension
- employees might waste too much time looking for information on the Internet
- w/o suitable controls, employees might spend large amounts of time on the Internet or emailing rather than carrying out work responsibilities
- hackers or industrial spies
- import of viruses and other malicious software
what is BD management?
storage, admin and control of vast quantities of both structures and unstructured data
what is BD analytics?
process of scrutinising BD to identify patterns, correlations, relationships and other insights
what is Hadoop?
open source programming framework which enables the processing of large data sets by utilising multiple servers simultaneously
what are the benefits of BD?
- driving innovation
- gaining competitive advantage
- improving productivity
what are the risks associated with BD?
- availability of skills
- security of data
- data protections
- difficulty in converting into useful data
