Study Notes - Chapter 1 - The Global Risk Environment

Question 1

Explain how risk is both an input and output of the strategic decision making process.

Answer 1

Risk is both an input into the strategic decision-making process and an output.

From an input perspective, the risk exposures that exist will influence the types of strategy that are chosen. For example, an organisation might launch
a new product to exploit a new market, or choose to merge to help address an increase in the cost of regulation or to survive in a competitive marketplace.

From an output perspective, strategic decisions may create risks that need to be managed (such as health and safety risks or environmental risks).

Question 2

Identify the key risks that the following stakeholder groups will wish to have managed effectively:
* creditors, customers & employees

Answer 2

Creditors are primarily exposed to the risk that an organisation will default on its loan repayments. This will mean a loss of some or all of the entire loan amount, plus the loss of interest payments.

Customers face three possible risks – the risk of INJURY as a result of their use of products or services;
the FAILURE OF PRODUCT OR SERVICE (such as a breakdown);
and the LOSS OF GUARANTEE OR WARRANTY. Guarantees and warranties may be lost if an organisation goes bankrupt.

Employees face HEALTH AND SAFETY-related risks, plus the LOSS OF THEIR ECONOMIC LIVLIHOOD in the event that an organisation becomes bankrupt or has to make staff redundant due to unforeseen losses.

Question 3

What are the three reasons that Shareholders may not behave in a risk averse way?

Answer 3

1.ASYMMETRIC RETURNS: shareholders may receive dividends and they may benefit from an increase in the value of the shares that they hold, allowing them to be sold for a profit. There is no theoretical limit on the size of these returns, meaning that they could be 100%, 1,000% or more. Generally, risk and return are positively correlated. The more risk an organisation takes, the more return it can generate: a return that should translate into increased dividends and share values. Shareholders may value an increase in risk, providing that there is the prospect of higher returns.
Such an increase in risk may result in a higher chance of bankruptcy, but shareholders are often protected from this because of their limited liability.
6 cgi.org.uk

2. LIMITED LIABILITY: the shareholders of most companies, whether public or private limited companies, have limited liability. In the event that the company becomes insolvent or goes bankrupt, shareholder liability is limited to the value of their investment stake. Limited liability shareholders cannot be forced to provide additional funds once they
   have invested in a company, as would be the case if shareholders had unlimited liability.
3. THE DIVERSIFICATION OF RISK: shareholders often choose to create diversified portfolios of investments. They purchase shares in multiple companies or some other form of investment asset (for example, bonds, commodities or property). Through diversification, shareholders can insulate their investment portfolio from company-specific risk events such as fires, frauds or a decline in sales. Diversification can be understood via the well-known proverb ‘do not put all your eggs in one basket’.

Question 4

Although there are reasons why shareholders may be risk-neutral or even risk-preferring, in practice most will value effective risk-management. Why would this be?

Answer 4

This may be because of

Ethical concerns
A desire to protect employees, third parties or
customers from harm.
Concerns about bankruptcy costs
The effect of cash-flow fluctuations on opportunities for growth.

Question 5

Explain why Shareholders may have concerns about Bankruptcy costs.

Answer 5

High levels of risk-taking may result in financial distress and ultimately bankruptcy. In theory, shareholders should be indifferent to bankruptcy, providing that the organisation can be sold and they receive back their investment stake.

In practice, shareholders rarely get back the money they have invested and almost certainly will not receive any of the appreciation they may have received on this investment (though well-informed investors may be able to sell their shares before they start to fall in value).

When an organisation becomes bankrupt it can incur a range of costs. These may include

legal costs, other administration costs and legal-liability claims.

In addition, the organisation will lose the value of any goodwill (such as brand value) that has been built up over time.

It also may have to sell assets at far below their market value.

Bankruptcy costs significantly decrease the chance that shareholders are repaid the capital that they have invested in a company. While they may have limited liability, they will still want to get back the funds that they have invested.

Shareholders will typically value risk-management activity that can help to prevent the costs associated with bankruptcy.

Question 6

Explain why Shareholders may have concerns about Cash Flow Fluctuations.

Answer 6

Almost all risks will affect an organisation’s cash flows.

Gains from risk-taking will help to increase the level of cash flowing into an organisation. In contrast, losses from risk-taking will result in cash flowing out of the organisation.

Fluctuations in cash flows can be very disruptive. A large, unexpected loss – such as from a fire or major fraud – could mean that there are insufficient funds to invest in profitable opportunities such as new product development or process efficiencies via the purchase of a new IT system.

From a cost perspective, large and unexpected losses may necessitate high-cost debt finance or lead to other financing and contractual costs, such as late-payment charges.

In contrast, companies with stable cash flows will be able to invest for the future and control their costs, generating higher profits and dividends for shareholders over the long term.

Shareholders will typically require much higher rates of expected return from organisations with less stable cash flows. This is known as the risk premium or ‘cost of risk’. The extra return is required to compensate for the higher level of cashflow volatility associated with increased risk. This is why venture capital organisations may choose to invest in high-risk
start-up companies, because they estimate that the level of return they should receive is sufficient to compensate them for the greater degree of cash-flow volatility.

Question 7

Give examples of how different Shareholders may have different risk objectives.

Answer 7

Shareholders look to maximise their dividends and the share price.

Creditors want the security of knowing that their loan will be repaid with the agreed level of interest, and consumers will prioritise safe, reliable products and
services.

Conflicts regarding the preferred type and level of risk exposure may arise even in the case of organisations
that do not have shareholders. For example, employees may be less concerned about the health and safety of the organisation’s customers than their own health and safety, and vice versa.

Question 8

Howe does effective risk management assists with Shareholders risk objectives?

Answer 8

Effective risk management is needed to help balance the conflicting interests of different stakeholder groups, weighing up different priorities and assessing the costs and benefits of different risk-management decisions and risk-exposure levels.

The board and senior management make these difficult decisions. These decisions will influence the riskiness of the strategy that the board chooses for the organisation, along with the level of investment in risk-management to help ensure that organisational objectives are met.

Question 9

What is the Cosec role in balancing risk decisions at Board level?

Answer 9

Company secretaries and other governance professionals (as well as an organisation’s specialist risk-management staff, where present) have a
role to play in supporting these decisions to ensure that any legal, regulatory or ethical concerns are considered.

Question 10

What is a self regulating system, and what problems does this face?

Answer 10

A self regulating system is where a group of organisations or professionals agree to
set and enforce specific risk-management standards. Co-ordination and enforcement may be managed by a trade association or institute to help prevent the collapse of the self-regulatory agreement.

Professional regulation in areas such as law and medicine often include an element of self-regulation that may cover aspects of risk-management practice by these professionals. Risk-management activities such as customer complaint handling can be self-regulatory in some countries, such as the Advertising Standards Authority in the UK.

ADVANTAGES
Regulation is agreed and enforced by those being regulated.
Ensures that the regulation is appropriate and proportionate, cutting down on the costs of compliance.

DISADVANTAGES
Hard to sustain because of the limited incentives to enforce such an agreement.
Organisations may be reluctant to punish their contemporaries because they may be next to receive enforcement action.

FAILURES

Many self regulatory systems fail – such as financial services self-regulation in the UK in the 1980s and early 1990s – and are replaced by statutory regulation, enforced by a government-appointed regulatory body.

HYBRID
The current UK governance code, issued by the Financial Reporting Council (FRC), has elements of self-regulation, though the FRC board members are appointed by the Department for Business, Energy & Industrial Strategy (BEIS), the FRC is an independent regulator and is not directly accountable to the UK government (such non-governmental organisations with regulatory power are sometimes called ‘quangos’ – quasi-autonomous non-governmental
organisations). However, this is expected to change. As the UK government is consulting on replacing the
FRC with a new government regulator, the ‘Audit, Reporting and Governance Authority’ (ARGA).

Question 11

What is the asymmetric information problem?

Answer 11

Stakeholders need to know the types and degrees
of risk to which they will be exposed in order to generate market incentives for effective risk-management. This can be hard to achieve in practice. Customers are unlikely to know how safe or reliable a product is before they purchase it, whereas the organisation manufacturing the product will have a much better understanding of the product’s safety and
reliability. This is known as the asymmetric information problem.

Question 12

What dangers can arise from an asymmetric information problem?

Answer 12

OPPPORTUNISM AND PUBLIC GOODS PROBLEMS

Opportunism - It may be that an organisation exploits a customer’s lack of prior safety information by making a product less safe or reliable than it could be, thus saving the organisation money but exposing the customer to an unacceptable level of risk.

Public Goods Problems - Public goods are products, services or other benefits that are enjoyed on a non-exclusive basis by all the members of a society. From
a risk-management perspective, key public goods are the ENVIRONMENT and the protection of SHARED SYSTEMS such as the global financial system.
The problem with these public goods is that individuals or organisations may make risk management decisions that benefit them, but which do not protect the wider environment or financial system.
In the case of the environment, an organisation may not invest as much in preventing pollution as required by society to preserve public health and wellbeing. This is because the organisation may only consider the costs and benefits to itself from managing pollution risks, not those to society as a whole.
The same can also be the case in financial organisations, which, left to their own devices, may not do enough to protect the financial system as a whole.

Question 13

What is the primary benefit of risk-management regulation?

Answer 13

The primary benefit of risk-management regulation is that it intends to help mitigate market failures and to protect the consequences of excessive risk exposures.

Question 14

What is the risk of over regulation or ineffective regulation?

Answer 14

COSTS of regulation come from over-regulation or ineffective regulation, where organisations are required to reduce risk below the optimum level that balances the needs of different stakeholder groups or where organisations face excessive costs related to compliance and enforcement, without much benefit.
Over-regulation is relatively rare, but
different groups of stakeholders have conflicting opinions on this. In all cases compliance costs can be considerable and these costs may both decrease the profitability of an organisation and increase the price of goods and services.

Compliance costs include the cost of maintaining a compliance function or providing information to regulators. This means that the stakeholder groups that regulation is designed to protect may end up paying some or all of the associated costs of compliance.

Question 15

What is the role of Compliance Management?

Answer 15

Compliance management ensures that an organisation’s risk-management arrangements and decisions are consistent with all applicable laws and regulations. This will often include ensuring that the organisation does not expose vulnerable
stakeholders to excessive levels of risk.

Question 16

Why is there a need for International regulation and standards?

Answer 16

International regulations and standards are required because risk exposures often cross national boundaries.

The removal of trade barriers, easier travel and resources such as the internet mean that organisations are now more multinational in terms of their operations and markets.

Major risks to public goods – such as the environment or the financial system – can have far-reaching effects.

Diverse risks may be connected: for example, major environmental pollution events and weather events may affect financial markets across the world.

In addition, problems in financial markets and institutions can affect the supply of credit and cause global economic problems, as is still happening in the
wake of the global financial crisis.

Question 17

What 4 key areas have International regulation and standards in relation to Risk Management?

Answer 17

corporate governance
environmental regulation
financial stability
health and safety

Question 18

Why is effective Corporate Governance an area which has International regulations and stds in risk management?

Answer 18

Weak corporate governance can lead to corruption, costly scandals, organisational failure and systemic breakdowns that damage the interests of all stakeholder groups.

International regulations and standards on corporate governance help to promote sustainable
economic growth on a global level, ensuring that stakeholders are treated fairly and that organisations have cost-effective access to global capital markets.

Without good governance, access to global capital would be limited.

One of the most influential international standards on corporate governance is the G20/Organisation for Economic Co-operation and Development (OECD) 2015 Principles of Corporate Governance.

These principles are often referenced by countries developing local governance codes or guidelines and have been adopted by international agencies such
as the World Bank and Financial Stability Board (FSB).

The principles exist to provide a worldwide benchmark for good corporate governance practice and supervisory assessments of this practice.

The principles cover issues such as the design of effective corporate governance arrangements, ensuring the fair treatment of shareholders and other
stakeholder groups, and the disclosure of corporate governance and associated risk-management information on key risk exposures.

Question 19

Why is Environmental Regulation an area which has International regulations and stds in risk management?

Answer 19

Environmental risks such as ground, water and air pollution, along with global warming, do not respect national borders and are therefore a key part of the global risk environment.

National regulation and standards in an area of significant global concern requires careful co-ordination to ensure that weaknesses in one national regulatory regime are not exploited to the detriment of stakeholders in other nations.

The laws and regulations cover, among other things, the following areas:
* air quality
* water quality
* waste management
* contaminant clean-up
* chemical safety.

While making and executing strategic business decisions, organisations should ensure that they comply with these international rules and regulations as otherwise they may face fines (or worse).

This is an integral part of good risk management.
International law and associated environmental regulation is complex. It consists of legally binding
treaties and subsidiary protocols, such as the Kyoto Protocol on climate change. For most organisations these laws and protocols are incorporated into national regulation or, in the case of the European Union (EU), EU Directives. This means that, except in complex multinational enterprises, it may not be necessary for organisations to understand in detail these international laws and regulations.

Question 20

Why is Financial Stability an area which has International regulations and stds in risk management?

Answer 20

The stability of the global financial system is a key source of risk for both financial and non-financial organisations. For non-financial organisations, a stable global financial system is necessary to ensure that they continue to have access to capital resources to help finance their activities.

Financial system instability can trigger worldwide economic problems, restricting access to consumer and government credit, threatening the safety of saving deposits, and disrupting payment systems. Ultimately, these problems can cause major economic recessions and even economic collapse of
businesses and nations alike.

There are few, if any, financial markets that are not interconnected in some way. Money markets are by their nature international, and stock markets such as the London Stock Exchange attract investors and other stakeholders from around the globe.

Most other financial markets – such as commodities markets, bond markets and derivative markets,
are also inherently international.

The net result of these interconnected markets is that financial problems in one country, or even in a single, large financial institution, can have global implications.

This is known as systemic risk and financial market contagion.

Question 21

What are the key agencies involved in ensuring global financial market instability?

Answer 21

The key international agencies are as follows:
* the OECD;
* the World Bank;
* the International Monetary Fund (IMF);
* the FSB
* the Bank for International Settlements (BIS).

Question 22

What is the primary source of regulation for global financial stability risks?

Answer 22

The primary source of regulation for global financial stability risks are the Basel Accords.

Under the patronage of BIS, these arrangements are negotiated by the Basel Committee, whose membership comes from representatives of the G20
countries.

The Basel Accords are adopted by most countries around the world.

The Basel Committee has produced a wide range of publications on the subject of financial market stability over the years. The main Basel Accord is now in its third iteration, known as Basel III.

The Accords are focused on internationally
active banks, as they are a key source of financial market instability. However, most countries apply the Accords to a wider range of financial institutions.

The requirements of the Accords can affect non-financial organisations via the availability of credit and the terms on which credit can be offered.

The Basel Accords include requirements relating to capital resources and risk-management practices.

Their aim is to prevent financial crises through effective risk-management, but, if that fails, the capital resource requirements help to provide a financial buffer.

The strictness of these requirements has increased significantly since the global financial crisis
of 2007–8. Banks now hold significant levels of cash as capital to ensure that funds are available to pay for most of the losses that they may incur.

Question 23

Why is Health and Safety an area which has International regulations and stds in risk management?

Answer 23

The protection of human rights is a major focus for international law and regulation.

This includes protecting people from work-related sickness, disease and injury, and from harmful actions of organisations located near to their homes.

Overall responsibility for international health-and-safety regulation rests with the International Labour Organization (ILO).

The ILO produces a wide range of standards and codes of practice. It also works to address areas of international concern, such as forced labour and child labour.

Question 24

Risk-management and compliance regulations across the world come in various forms. The nature of these regulations can affect the costs of compliance and the strictness with which they are enforced. What are the main types of regulation?

Answer 24

• rules - direct legal requirements which could result in fines, imprisonments or criminal / civil sanctions.
• guidance - standards or codes of practice. Guidance need not be complied with as strictly as rules. It is up to an organisation to decide how to interpret and implement guidance.
• principles and outcomes-based regulation - high-level regulatory principles and associated outcomes,
  such as ‘consumer protection’ or ‘maintaining financial stability’. The aim is to minimise the volume of detailed rules and guidance and to allow organisations more freedom when deciding how to apply the principles or how to achieve the intended outcomes in specific areas of regulation.
• risk-based regulation - The idea is that the higher the degree of risk, the stricter the level of regulation that is applied. This means that lower-risk organisations will generally be subject to lighter-touch regulation than high-risk ones.
  Risk-based regulation is common in financial services risk-management regulation, as well as in areas such as health and safety. For example, in the context of health and safety, an organisation working in chemical processing is subject to much greater safety regulation than one working in the service sector. This includes a greater volume of regulatory intervention and more severe penalties for non-compliance.

Question 25

In addition to targeted international regulations for specific areas of risk, such as financial stability or environmental pollution, there are a number of global standards for the practice of risk-management more generally. why do they exist?

Answer 25

Exist to help organisations evaluate and improve the effectiveness of their risk management
arrangements by sharing good practice on a global scale.

Stakeholders may encourage organisations to
follow these standards.

Organisations often use them to help benchmark their practices and find ways to improve the effectiveness of their risk-management arrangements.

Question 26

What are the main International Risk Management Stds?

Answer 26

ISO 31000:2018 - The ISO provides a wide range of standards to help improve management practices. The ISO 31000 standard, first published in 2009, and revised in 2018, provides guidelines for managing risk in all types of organisations, regardless of
their size, activities or industry sector.

COSO Enterprise Risk-Management – Integrated Framework 2004 and 2017. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of five private sector organisations in the USA.COSO was created to provide thought leadership on risk-management, internal control and fraud deterrence to help
improve organisational performance and governance. COSO is a US-based organisation, but its influence is global. Many organisations and regulatory agencies around the world base their governance and risk-management practices on the guidance provided by COSO.

ISO 19600:2014 – compliance-management systems - The international standard for compliance-management systems. The standard is closely related
to ISO 31000:2018 and is designed to help improve compliance-management practices in organisations.
The standard has been designed as general guidance and does not cover issues in relation to specific areas of compliance (such as health-and-safety compliance and so on).