The global risk environment

Question 1

Why is risk management essential?

How do organisations create and preserve value for stakeholders?

How does effective risk-management support this?

How an organisation balances risk and returns depends on what?

How can risk be an input and an output of strategic decision-making?

Answer 1

RM helps create and preserve value for stakeholders = organisation must take risks that can yield positive benefits for stakeholders, and reduce risks that could cause financial or physical harm

By meeting stakeholders needs = (not) taking the risks stakeholders (don’t) want the organisation to take through setting and achieving objectives that provide an appropriate balance between risk and return

Effective RM helps an organisation to achieve its objectives and protect risk-averse stakeholders from financial or physical harm

The company’s risk attitude and preference of stakeholders

Input = risk exposures that exist will influence the types of strategy that are chosen (e.g. launch a new product/exploit a new market to survive)

Output = strategic decisions may create risks that need to be managed (e.g. environmental risks)

Question 2

Who are external stakeholders and why? (6)

Who are internal stakeholders and why? (3)

What is special about shareholders?

Answer 2

External = implicit contract with the company and are outside the company

Regulators, creditors, public, customers, suppliers, and owners/shareholders

Internal = explicit contract with the company and are inside the company because they are employed by or own the company

Employees, directors, and owners/shareholders.

For large quoted companies, they are generally viewed as external stakeholders
For smaller companies where owners are involved in the management of the organisation, they are considered to be internal stakeholders

Question 3

Organisations exist as a nexus of stakeholders (serve to meet the needs of multiple stakeholder groups).

What are the key risks that the following stakeholder groups will wish to have managed:

1. Creditors
2. Customers (3)
3. Employees (2)

Despite the value-enhancing benefits of risk-management, organisations do not always invest the level of resources necessary to ensure effective risk-management. Why?

Why do stakeholders have different risk preferences?

Where stakeholders have different risk objectives, risk-management takes on a new objective to do what?

Answer 3

1. Creditors = risk that organisation will default on loan payment
2. Customers = risk of (1) injury from products/services, (2) failure of product/services, and (3) loss of guarantee/warranty if company goes bankrupt
3. Employees = risk of (1) health-and-safety, and (2) loss of their economic livelihood (salaries) if company goes bankrupt/has to make staff redundancies

Different stakeholder groups can have different risk preferences

Don’t all have the same type/level of investment (time, skills, money etc.) so expect different types of returns (salaries, dividends, interests)

To further protect and create value by managing conflicts and increasing the overall level of stakeholder satisfaction

Question 4

What is meant by risk averse?

What is meant by risk neutral?

What is meant by risk preferring?

What are public goods?

Answer 4

Risk averse = a reluctance to take or to be exposed to risk = will prefer certainty over risk and may require some form of financial premium in order to take risk

Risk neutral = an indifference to risk = unconcerned about exposure to risk and and will be indifferent to risk or certainty, providing the expected returns are identical

Risk preferring = a liking for risk and risk taking = prefer risk to certainty and typically pay a financial premium in order to take risk

Public goods = products, services, other benefits that are enjoyed on a non-exclusive basis by all the members of a society

Question 5

Most stakeholders are inherently risk-averse. What are the 3 reasons why shareholders may have a greater risk appetite compared to other stakeholders?

Name an example of when shareholders have behaved irresponsibly due to their greater risk-appetite.

What is the primary conflict of interest over risk-preference that can exist between shareholders and creditors?

Answer 5

Shareholders have different objectives to other stakeholders and have their own tools to manage risks:

1. Asymmetric returns = the more risk a company takes the greater the return it could generate = shareholders may want higher risks if prospect of increased dividends and share value
2. Limited liability = if company became insolvent or went bankrupt, shareholders’ liability is limited to value of their investment stake
3. Diversified portfolios = shareholders purchase shares from multiple companies to spread the risk = protects their portfolios from company-specific risks

Northern Rock Bank in Global Financial Crisis 2007-08 = institutional investors encouraged the bank to take high risks to increase their returns, but the level of risk was too great that the bank was forced to declare bankruptcy

Preference for short-term goals:
Shareholders = value short-term profits for larger dividend and share value (so can sell share for a profit)
Creditors = don’t want short-term profits at the expense of long-term viability (need company to make positive returns to pay back loan + interest)

Question 6

What are the 3 reasons why shareholders value effective risk-management (regardless of if they are risk-averse, risk-neutral, or risk-preferring?

What is risk premium (AKA cost of risk)?

Answer 6

1. Ethical concerns and a desire to protect employees, 3rd parties, and customers from harm
2. Bankruptcy cost concerns:
   Legal and administrative costs, legal-liability claims , loss of goodwill, possibly sell assets below market value etc. = decrease the chance shareholders are repaid their initial capital investment
3. Concerns about the effect of cash-flow fluctuations on opportunities for growth:
   A large, unexpected loss (fire/fraud) could lead to insufficient funds to invest in profitable opportunities = lower returns (profits and dividends) in the future

Shareholders will typically require higher rates of expected return from organisations with less stable cash flows = known as ‘risk premium’ or ‘cost of risk’

Question 7

RISK-MANAGEMENT REGULATION

Compliance with risk-management regulation can be time consuming and expensive but is necessary, because stakeholders can’t ensure an optimal level of risk-management on their own due to issues around what 2 things?

Answer 7

1. Self-regulation = groups of organisations or professionals agree to set and enforce specific RM standards
   Co-ordination and enforcement may be managed by a trade association or institute to help prevent the collapse of the self-regulatory agreement
2. Market failures (asymmetric information, opportunism, public good problems) = stakeholders need efficient markets to ensure that their risk preferences are reflected in the RM decisions made by organisations

Question 8

RISK-MANAGEMENT REGULATION - SELF-REGULATION

What are the 3 advantages to self-regulation?

What are the 3 disadvantages to self regulation?

Answer 8

A. Regulation is agreed and enforced by those being regulated
B. Regulation is appropriate and proportionate
C. Lower costs of compliance

1. Hard to sustain because of the limited incentives to enforce such an agreement
   (If one organisation enforces punishment they may then be the next one on the chopping block at a later date)
2. Many self-regulatory systems fail = e.g., financial services self-regulation in the UK in the 1980s and early 1990s
3. Typically replaced by statutory regulation, enforced by a government-appointed regulatory body

Question 9

RISK-MANAGEMENT REGULATION - MARKET FAILURE

Why do stakeholders need efficient markets?

What is the key factor to ensuring market efficiency?

What are the 3 forms of market failure?

Answer 9

To ensure that their risk preferences are reflected in the RM decisions made by organisations

Information = stakeholders need to know types and degrees of risk they will be exposed to, to generate market incentives for effective RM

1. Asymmetric information = stakeholders do not have the same information as organisations = less able to asses the level of risk that they are being exposed to by the organisation
   = may be exposed to excessive risk because they cannot properly price the cost of risk into their relationship with the firm (higher employee salary for low H&S/high-risk working conditions or lower consumer price for low H&S/quality product)

(Customers unlikely to know how safe/reliable a product is before they purchase it, but organisation manufacturing product will have a better understanding)

2. Opportunism = arises where there is asymmetric RM information = organisations exploit the customer’s lack of prior information by making products less safe/reliable than they could be = more savings but less safe
3. Public goods = organisations may take RM decisions which benefit them but not the overall society e.g., less investment in pollution prevention

Question 10

RISK-MANAGEMENT REGULATION

What are the 2 benefits to risk-management regulation?

What are the 2 problems with excessive risk-management?

Where do the costs of risk-management regulation come from? (2)

What are the 2 types of compliance costs?

What is the problem with compliance costs?

Answer 10

(1) Helps mitigate market failures and (2) protects stakeholders form the consequences of excessive risk exposures

(1) It’s rarely cost effective and (2) few risks can be reduced to 0 without stopping beneficial activities

1. Over-regulation = where organisations are required to reduce risks below the optimal level that balances the needs of different stakeholder groups
2. Ineffective regulation = where organisations face excessive compliance and enforcement costs, without much benefit

Compliance costs:
A. maintaining a compliance function
B. providing information to regulators

= decrease the profitability of an organisation and increase the price of goods and services
(stakeholders that the regulation is designed to protect may end up paying some/all of the associated costs of compliance)

Question 11

INTERNATIONAL RISK-MANAGEMENT REGULATION

What are the 4 reasons why international risk-management regulation and standards are needed?

What are the 4 key areas in risk-management that are subject to international regulations and standards?

Answer 11

1. Risk exposures often cross national boundaries (organisations are now more multinational in terms of operations and markets)
2. Major risks to public goods (e.g., the environment or the financial system) can have far-reaching effects
3. Diverse risks may be connected = major pollution events can affect financial markets across the world
4. Problems in financial markets and institutions can affect the supply of credit and cause global economic problems

A. Corporate governance
B. Environmental regulation
C. Financial stability
D. Health and safety

Question 12

INTERNATIONAL RISK-MANAGEMENT REGULATION - CORPORATE GOVERNANCE

What can weak corporate governance lead to?

What do international corporate governance regulations and standards help to promote?

What are the most influential international corporate governance standards?

What is the purpose of these standards?

Answer 12

Damage interests of all stakeholder groups = corruption, costly scandals, organisational failure and systemic breakdown

Sustainable economic growth on a global level = ensure stakeholders are treated fairly and organisations have cost-effective access to global capital markers

G20/Organisation for Economic Co-operation and Development (OECD) 2015 Principles of Corporate Governance

Provide a worldwide benchmark for good CG practice and supervisory assessments

Question 13

INTERNATIONAL RISK-MANAGEMENT REGULATION - ENNVIRONMENT

What are the 2 reasons why international environmental risk-management regulation is needed?

Name 3 areas that international laws and regulations on environmental risk-management cover.

International law and associated environmental regulation consists of what?

Name an example.

Answer 13

1. to help ensure that environmental risk events in one country do not affect stakeholders in other nations
   (pollution can move across boundaries)
2. to ensure a level playing field is created so that companies that do not have to adhere to stricter regulation cannot undercut the ones that do, thus introducing unfair competition
   (so that weakness in one regulatory regime are not exploited to the detriment of other nations)

(1) air quality, (2) water quality, (3) waste management

Legally binding treaties and subsidiary protocols = most are incorporated into national regulation or EU Directives

Kyoto Protocol on climate change

Question 14

INTERNATIONAL RISK-MANAGEMENT REGULATION - FINANCIAL STABILITY

Why is financial stability regulation needed? (2)

What is systemic risk (AKA financial market contagion)?

What is the primary source of regulation for global financial stability risks that has been adopted by most countries?

What is the main aim of this regulation?

Answer 14

A. the stability of the global financial system is a key source for both financial and non-financial organisations

B. most financial markets are interconnected in some way (LSE attracts investors and stakeholders from around the glove)

= financial problems in 1 country can have global implications e.g., Global financial crisis 2007-08

Basel Accords III

= prevent financial crises through effective RM, but, if that fails, the capital resource requirements hep to provide a financial buffer

Question 15

INTERNATIONAL RISK-MANAGEMENT REGULATION - HEALTH & SAFETY

What is the major focus for international health and safety law and regulation?

What does this include? (3)

What is the ILO and what is it responsible for?

What do the ILO produce?

Answer 15

Protection of human rights

Protecting people form work-related:
1. sickness/disease
2. injury
3. harmful actions of organisations located near their homes

International Labour Organisation = responsible for international H&S regulation

Wide range of standards and codes of practice, including to address forced and child labour

Question 16

NATURE OF RISK-MANAGEMENT REGULATION

The nature of regulation can affect what 2 things?

What are the 4 types of regulation?

What type of regulation is often used for international regulation and why?

Answer 16

(1) the costs of compliance, and (2) the strictness with which they are enforced

1. Rules = direct legal requirements that contravention of will lead to enforcement action (fine, imprisonment, civil or criminal sanction)
2. Guidance = standards and codes of practice that do not need to be complied with as strictly as rules (up to organisation to decide how to interpret and implement and then explain why)
3. Principles and outcomes-based regulation = minimises the volume of detailed rules and guidance and allows organisations more freedom deciding how to apply the principles / achieve the intended outcomes / comply with specific areas of regulation (depending on organisation’s nature, scale, and complexity)
4. Risk-based regulation = the higher the degree of risk, the stricter the level of regulation and penalties for non-compliance that is applied (may be combined with rules, guidance and principles and outcomes-based regulation)

International regulation is often principles-based and risk-based = allows it to be adapted to different situations and organisations

Question 17

INTERNATIONAL STANDARDS ON RISK-MANAGEMENT - ISO

Why is an international standard on risk-management needed? (2)

Who are the ISO and what does it provide?

What does ISO 31000:2018 provide?

Answer 17

1. primarily helps to share good RM practice from around the world = organisations use the standards to benchmark their practices and find way to improve effectiveness of their RM arrangements
2. stakeholders are becoming more international

ISO = International Organization for Standardization = provides a wide range of standards to help improve practices
* ISO 31000:2018 = the international standard for RM

ISO 31000:2018 = the standards provides internationally recognised principles and guidelines for managing risk in all types of organisations, regardless of size, activities or industry sector

Question 18

What is ISO Guide 73:2009?

What does IEC 31010:2009 do?

Answer 18

ISO Guide 73:2009 (RM Vocabulary) = collection of terms and definitions in relation to RM

IEC 31010:2009 (RM – Risk assessment techniques)
= examines risk assessment techniques and concepts

Question 19

INTERNATIONAL STANDARDS ON RISK-MANAGEMENT - COSO

What is COSO?

Why was COSO created?

What did COSO launch in 2004?

What did COSO release in 2017?

Answer 19

The Committee of Sponsoring Organizations of the Treadway Commission is a joint initiative of 5 private-sector organisations in USA

To provide thought leadership on RM, internal controls and fraud deterrence to help improve organisational performance and governance

2004 = launched initial guidance on enterprise risk-management (ERM) designed to ensure that organisations achieve their strategic objectives and balance the needs of different stakeholders in the LT

2017 = released a major update to its ERM - Integrated frameworks, highlighting the importance of considering risk in both strategy-setting process and driving performance

Question 20

What is ISO 19600:2014 and 4 things included in its content?

Answer 20

ISO 19600:2014 = the international standard for compliance-management systems (closely related to ISO 31000:2018) = general guidance = content includes:

1. leadership role of board and SM for compliance management
2. drafting a compliance-management policy
3. evaluation of compliance-management performance
4. dealing with non-compliance and improving the effectiveness of compliance management