L13 Risk Management

Question 1

when do we consider risk

Answer 1

When deciding on a strategy

Question 2

Why is risk managemement important? (advantages)

Answer 2

1. Because the environment is so uncertain org’s need to have good robust risk management.
2. It is also part of corporate governance. The code has a part one of the importance of risk management, saying we need to have it.
   
   • International standards board also has a standard saying that risk management is crucial
   • Corporate governance codes require risk management as a way of protecting shareholder funds and interests.
3. Undertaking risk management will therefore also improve the chances that the company will be able to meet its strategic objectives.

Question 3

Risk appetitie?

Answer 3

i.e. business has appetite for taking on more or less risk.

Question 4

Ways to calculate risk?

Answer 4

Risk = Likelihood * impact

or

Risk = Likelihood * Financial consequences

Question 5

why is the formula for risk important?

Answer 5

Formula shows that you don’t worry about a risk that is unlikely to happen

Question 6

what does risk not equal, and why?

Answer 6

Risk does not certainty. Uncertainty can’t be quantified (though note that risk may be very poorly quantified)

It cant be quantified as you don’t know! You cant solve this, but you can hedge risk (try to reduce).

Question 7

how do we work out the potential of risk actually happening?

Answer 7

understanding environment and stakeholders is important, and market analysis etc.

Question 8

what terms should you be aware of, and be able to use when looking forward at future outcomes?

Answer 8

1. “Clear enough futures”
2. “Alternative futures”
3. “Range of futures”
4. “True ambiguity”

Question 9

explain “clear enough futures”

Answer 9

The idea of looking forward and being fairly clear of what is going to happen. As you can pretty much forecast what is going to happen and what you are going to do.

Question 10

explain “Alternative futures”

Answer 10

There is something that future events all hinders on

Question 11

Explain “range of futures”

Answer 11

The idea that the future depends on many things. e.g. who gets through in the sport tournament. Lots of ranges of answers that you need to try and consider.

Question 12

Explain “true ambiguity”

Answer 12

The idea that the future is completely unpredictable.

Question 13

What is the international standard for risk management

Answer 13

ISO 3100

Question 14

what does the ISO 3100 provide?

Answer 14

Guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector

Question 15

what can using ISO 3100 help companies do?

Answer 15

Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.

Question 16

what is a growing industry that companies think should be compulsory?

Answer 16

Risk audit.

Question 17

• What does establishing the context mean on the ISO 3100 framework?
• risk analysis stage?

Answer 17

• It means to look at your business.
• Put the risks in order. Which one is more likely to happen etc.? go through them all and see!

Question 18

What are the 4 stages for the process of risk management?

Answer 18

1. Risk Identification
2. RIsk assessment
3. Risk planning
4. Risk monitoring

Question 19

explain the 4 stages of the process of risk management

Answer 19

1. Risk id. What risks does the co face? E.g. no strawberries at wimbledon
2. Risk assessment – whats the likelihood of these risks to happen? What will the imapact me? Low likelihood of no strawbs, whats the impact?
3. Risk planning – plan around the risk you id’d. maybe import the strawberries. Its like risk avoidance its something you do in the event of the risk materialising
4. Risk monitering - maybe this is where you have the risk audit. Is there something you maybe misses? This means going back to the assessment stage as risk management is not static, it will always change and you need to adapt

Question 20

What does the risk management process diagram look like?

Answer 20

Question 21

4 ways to describe businesses and their approach to risk?

Answer 21

1. Defenders - risk averse, trying to maintain and protect their market position
2. Prospectors - proactive, looking for new opportunities and product developments
3. Analysers - balanced
4. Reactors - no strategy

In exam question you need to identify the type of business in terms of risk. How much risk does it take? Does it seem like its averse?

Question 22

Where is usually sourced from?

Answer 22

Externally

Can be beyond a company’s control (dust cloud, tsunami, war….)

note – many of the external risks are on the increase e.g. geo-political, environmental

Question 23

What is the danger for companies when it comes to risk identification?

Answer 23

There is a danger that you could spend all you time as an org worrying about things that might not ever happen. You need to have common sense and help understand what might happen and what is potentially a bit too far. You need to be able to assess the risk.

Question 24

Why is external risk becoming difficult to manage?

Answer 24

External risk more difficult to manage as we know so little about when and where in terms of the risk.

Question 25

What is strategic risk?

what is operational risk?

Which is more difficult to deal with?

Answer 25

1. Strategic Risks are risks arising from the consequences of strategic decisions. are things that affect the whole organisation.
   
   • Arise from the strategic positioning of the company in its environment
   • Risks include not enhancing old products and producing incorrect new products
2. Operational risk is day-to-day stuff that you can control, this isn’t really the stuff we mean in terms of strategic. It’s straight forward to deal with.

Strategic risk is much more difficult to take steps towards fixing/helping.

Question 26

e.g. Apples strategic risks? What risks do they have now? Are they changing?

Answer 26

One problem they have is people wont replace iphone as much as they did. So there is risk in terms of revenue as they will receive less. This is a strategic risk for Apple.

Question 27

What is the risk surrounding social media?

Answer 27

Risk that the law changes surrounding social media org. they gov is under pressure to make sure these org’s do the right thing., or they will have to change how it is regulated which could perhaps be through law.

Question 28

What are the types of risk? Explain.

i.e. these are the risks you can associate with an organisation.

Answer 28

1. Market - this is risk within your particular market because of what you do.
2. Credit - Risk that you cannot get credit in order to continue to trade (pay your bills)
3. Environment - for e.g. fines and damages for damaging the eco system.
4. Financial - risk you cant access Finance to run org. (not same as credit).
5. Legal - Risk you break the law. to do with complaince etc.
6. Technological - Risk that your technology is out of date.
7. Reputation - Risk you do something that the general public doesn’t agree with. e.g. brand
8. Business Probity - Risk that you do something dishonest with the business. And this can be linked with reputation risk.

Question 29

What does the risk assessment matrix do and why may it be used?

Answer 29

You can use this matrix as a low box exercise, ie likelihood and impact on each axis. And low and high on both ends.

Question 30

e.g. of an intolerable risk? How do you deal with it?

Answer 30

E.g. data breach, or cyber attack.

Anything that is intolerable needs to be planned. Something needs to be done about it, but co’s can’t spend money on them all. For e.g. severe weather, only so much you can do as an org to mitigate this.

Question 31

Why would you use the Risk assessment (TARA) graph?

Answer 31

Use it to come up with strategies of how to deal with risk.

Question 32

what does the Risk assessment (TARA) graph look like?

whats on each axis?

Answer 32

likelihood on the Y axis and the impact on the x axis.

Question 33

what are the four boxes in the TARA graph and explain? what are their likelihood and impacts?

Answer 33

1. Transfer - Transfer the risk to a 3rd party.
   
   • low likelihood, high impact.​​
   • In these situations you will get insurance. You get someone else to bare the risk. But, insurance providers don’t insure you on everything. Most people see this as an insurance plan, but you don’t always take insurance though. There are other ways to transfer the risk.
2. Avoid - avoid at all costs.​
   
   • ​​High likelihood, high impact.
3. Reduce - i.e. reduce the risk (HEDGE IT).
   
   • ​​High likelihood, low impact.
   • either by limiting exposure in a particular area or attempting to decrease the adverse effects should that risk actually crystallise.
4. Accept - low probability and impact so just accept as you cant really get any better.​
   
   • ​​The final strategy is to simply accept that the risk may occur and decide to deal with the consequences in that particularly situation

Question 34

quantitive and qualitive risk planning methods?

Answer 34

1. Quantitative – meaning you can actually measure the probability. You can put numbers on it and analyse whether it ever happens.
2. Qualitative – meaning asking people what they think will happen. E.g. co.’s asking MP’s but no one really knows what will happen.

Question 35

ways to plan for risk?

Answer 35

1. Risk profile
2. Companies are well advised to have contingency plans
3. Use of TARA
4. Scenario planning

Question 36

what is a contingency plan for risk? e.g.?

Answer 36

A contingency plan is executed when the risk presents itself. The purpose of the plan is to lessen the damage of the risk when it occurs. Without the plan in place, the full impact of the risk could greatly affect the project.

e.g. Government having injection for swine flu when they thought everyone was going to get it.

Question 37

Who scenario plans?

Answer 37

They are used by governments, regulators, EVERYONE. They have lots of scenarios to do with multiple different situations

Shell have been scenario planning for 50 years.

Question 38

How to monitor, review, and report on risk?

Answer 38

1. Regular review, don’t let it go “below radar”
2. Embed within systems e.g. use of IT
3. Easier with self contained projects
4. Embed a “risk aware” culture