Risk Management Flashcards
Risk management
- Analysing the probability of an event taking place then proactively taking initiative to minismise the damage or take advantage of the opportunity
- Risk can be an uncertainty, threat, or opportunity
- Ensuring a balance between business opportunity and threat
- Must be included in the businesses strategic planning(vission, mission, values, organisational structure, goals, objectives)
- Ensures the business strategy and operations are aligned
Business operations
- Implementing policies
- Managing processes
- Monitoring and controling daily activities
- Satisfying the needs of customers for profitability
Risk profile
- The length in which the business is willing to go to achieve business goals or in creating value
- Directly related to the strategy of the business
Risk culture
- The shared attitude toward taking/accepting risks
- Is the result of the business’s practices(reward for taking risks or risk-avoiding behaviour)
Types of risks
- Operational risk
- Financial risk
- Country risk
- Reputational risk
- Strategic risk
- Environmental risk
Operational risk
- Risk involved in the internal operations of the business
- Employees/management
- Processes/systems
- Organisational structure
- Product development
- Data storage and security
Country risk
- Risk associated with running the business in a certain country
- Political events
- Economic conditions
- Stability/instability within country
Environmental risk
- Can be business envirnment risk or physical environmental risk
- Physical environmental: floods, droughts, traffic, crime rate in certain areas
- Business environmental: Socio-economic factors like unemployment, competition, technological advancements
Financial risk
- Credit risk: debtors not paying
- Fluctuating exchange rates affecting imports/exports
- Sovency
- Increased interest rates
- Bad debt
Strategic risk
- Risk directly associated with the business strategy
- A poorly communicated vission/mission/value statement
- Unrealistic standards/goals
- Poor organisational structure
Reputational risk
- Damage to business’s reputation due to business practices
- Complaints on social media
- Associating with unethical businesses
- Causing damage to the environment
Managing risk
- Business must analyse the kind of risk and its potential impact it must develop strategies to deal with the risk
- Addressing the business’s weaknesses
- Capitalising on business’s strengths
- Exploiting competition’s weaknesses
Four steps of managing risk
- Risk assessment
- Risk management policy
- Risk response
- Risk reporting
Risk assessment
Identifying risk
- Identifying risk: looking at areas of uncertainty in business, implement a methodical approach to identify all significant activities n any risks that flow from them
- Stakeholder consultaion: is a third party is identified as a risk, a consultation must be held
- Auditor: internal and external auditor must identify any risks, could also check if business dealt w risk properly
- Scenario planning: Simulations to assess all “what ifs” n plan accordingly to all of them
- Survey: A survye could identify risks by asking questions to all relevant parties
Risk assessment
Description of risk
- Once risk has been identified it must be described in detail to ensure all parties understand
Risk assessment
Estimating impact of risk
Once impact has been assessed, it should be plotted on an Estimation Matrix
* Low probability-low impact: Business will most likey ignore
* High probability-low impact: May not be worth addressing
* Low probability-high risk: Won’t invest too many resources but if it does happen the business will act urgently
* High probability-high risk: Business will try to avoid it as much as possible
Estimation Tools
- Pros/cons list
- Decision trees
- PESTLE
- SWOT
Risk management policy
A comprehensive policy must be:
* drafted
* communicated to all relevant parties
* implemented by business
Risk response
- Risk avoidance: action is taken to prevent events that lead to the risk
- Risk reduction: action is taken to limit the possibility of the risk, usually through strict control mechanisms
- Risk acceptance: no action is taken to limit or deal with the risk, probably because it wouldnt be viable to invest resources into it or it is outside the control of the business
Choosing right response involves a risk plan to consider consequences
Risk response must be monitored on an ongoing basis
Risk reporting
- Reporting to internal Stakeholders: reporting risk management info to people who are involved in decision making or performance reviews( ie, informing internal stakeholders of safety procedures)
- Reporting to external Stakeholders: Reporting to the public and provide details on how the business will avoid risks in the future
