Risk Management

Question 1

What is the goal of ERM?

Answer 1

To create, protect and enhance shareholder value by managing uncertainties that could either negatively or positively influence achievement of the organization’s objectives.

Question 2

Explain why the fragmented approach to risk management is flawed.

Answer 2

Individual departments focus on the risks within its domain only (i.e. insurance group focuses on hazard risks). It’s unsuitable to the complex and interconnected business environment. The approach should be from an enterprise-wide perspective.

Question 3

List the five types of risks.

Answer 3

Hazard, financial, operational, strategic and business risks.

Question 4

What are hazard risks?

Answer 4

Risks that are insurable (i.e. natural disasters, terrorism, death of senior officers, etc.)

Question 5

What are financial risks?

Answer 5

Interest rate risk, exchange rate risk, commodity risk, credit risk, liquidity risk and market risk.

Question 6

What are operational risks?

Answer 6

Risks related to ongoing and day-to-day operations. They are the risks of loss from inadequate or failed internal processes, people and systems. Legal and compliance risks are also included.

Question 7

How to manage operational risks?

Answer 7

Have adequate internal control, business process reengineering and business continuity planning.

Question 8

What are strategic risks?

Answer 8

Global economic risk, political risk, regulatory risk, risks related to global market conditions. Reputation risk, leadership risk, brand risk and changing customer needs are also included.

Question 9

What are business risks?

Answer 9

Risk that a company will have a lower than anticipated profits or will incur a loss.

Question 10

How do volatility and time work in terms of risk?

Answer 10

When uncertainty increases, risk increases. Therefore, as volatility or duration of a project/investment increases, so does the associated risk.

Question 11

What are the key steps in risk management process?

Answer 11

1. Identify risks
2. Assess risks
3. Prioritize risks
4. Formulate risk responses
5. Monitor risk responses

Question 12

How are risks identified?

Answer 12

Every risk that may affect the achievement of the organization’s objectives (only those that could have an impact on the organization) must be considered. It must be performed for the entire organization down to its lowest operating unit because some occurrences may be inconsequential for the whole enterprise but disastrous for an individual unit.

Question 13

How are risks assessed?

Answer 13

Risk must be assessed as to its probability and potential impact. There are quantitative and qualitative (high, medium, low) techniques.

Question 14

Who is responsible to prioritize risks?

Answer 14

Top management may appoint an ERM committee to review identified risks and create response plans. The committee must include persons who are competent to make judgment and in a position to allocate the resources for adequate risk responses.

Question 15

What are the two most important sources of information for ongoing risk monitoring?

Answer 15

1. Those closest to the activities themselves (i.e. manager of the operating unit; however, the operating managers may not always be objective especially when they design a particular response strategy)
2. The audit function

Question 16

How to quantify expected value of a loss due to risk exposure?

Answer 16

Risk can be quantified as combination of severity and likelihood of occurrence.
Expected Loss = Potential Monetary Loss x Likelihood

Question 17

What is unexpected loss (maximum possible loss)?

Answer 17

It’s the potential loss amount that exceeds the expected amount.

Question 18

What is risk appetite?

Answer 18

It is the degree of willingness of top management to accept risk.

Question 19

List the strategies of risk responses.

Answer 19

Avoidance, retention, reduction, sharing and exploitation.

Question 20

What is risk avoidance?

Answer 20

To end the activity from which the risk arises.

Question 21

What is risk retention?

Answer 21

To accept the risk of an activity.

Question 22

What is risk reduction (mitigation)?

Answer 22

To lower the level of risk with an activity.

Question 23

What is risk sharing?

Answer 23

To transfer some of the potential loss to another party.

Question 24

List examples of risk sharing (transferring).

Answer 24

Purchasing insurance policies, engaging in hedging operations, outsourcing an activity, entering into joint ventures.

Question 25

What is risk exploitation?

Answer 25

To pursue risk for higher return on investment.

Question 26

When is a risk response ignored?

Answer 26

In the cost-benefit analysis of risk, management should ignore a risk response when the costs exceed benefits. Costs includes both direct (design, implementation and maintenance) and indirect (opportunity costs). Costs can be measured quantitatively or qualitatively.

Question 27

What is inherent risk?

Answer 27

Risk of an activity that arises from the activity itself.

Question 28

What is residual risk?

Answer 28

Risk of an activity remaining after the effects of any risk responses.

Question 29

What are the benefits of risk management?

Answer 29

Efficient use of limited resources: resources will be directed toward those with the greatest exposure.
Fewer surprises: odds that an incident that has never been considered are greatly reduced after comprehensive assessment.
Reassuring investors: strong risk management function probably means lower cost of capital.

Question 30

What is liability insurance?

Answer 30

It provides financial protection against damage caused to consumers or injury to persons suffered on the enterprises’ premises.

Question 31

What is hazard insurance?

Answer 31

Same as homeowner’s and auto insurance. It protects the organization against damage caused to its facilities by accidents or natural disasters.

Question 32

What is hedging?

Answer 32

It’s a form of financial risk management. It is to offset commitments to minimize or avoid the impact of adverse price movements.

Question 33

What is a sinking fund?

Answer 33

It’s a method for managing financial risk. An organization can establish a sinking fund to meet maturing bond obligations.

Question 34

What is maturity matching?

Answer 34

It’s a method for managing financial risk. An organization can establish policies regarding terms for short-term investment instruments to ensure that funds will be available to meet short-term obligations.

Question 35

List intuitive and thought-provoking methods for risk identification (3).

Answer 35

1. Ask “what aspects of the organization keep you up at night?”
2. Distribute to operating managers a list of generic risk areas in their domain
3. A brainstorming session among managers

Question 36

How is risk ranking necessary in an intuitive process for risk identification?

Answer 36

Managers have a “feel” for how much risk a given vulnerability presents to their domains.

Question 37

What is risk mapping?

Answer 37

A visual tool to show relative risks. The probabilities of identified events are graphed on one axis and the severity of the consequences on the other.