UNIT 5.

RISK MANAGEMENT

Introduction
Risk managers, executives, line managers and middle managers, as well as all employees,
perform practices to prevent loss exposure through internal controls of people and
technologies. Risk management also relates to external threats to a corporation, such as the
fluctuations in the financial market that affect its financial assets. Unit 5 in this module will
discuss about risks in corporations, risk management, and the board and management’s
responsibilities in risk management.

Unit Learning Objective

Timing
For this unit, you are suggested to allocate 12 hours of your available time for this
unit.

5.1. Risks in Corporations

Every business and organization faces the risk of unexpected, harmful events that can
cost the company money or cause it to permanently close. We may find risks in the resources
we acquire if they are below standard quality requirements. There are risks in the business
environment were our customers, suppliers, dealers and especially competitors exists. Aside
from these, one has to consider the risks if we fail in making the right decisions and actions
when we are tasked to manage and run the company. Risks may affect sales or revenues. It may
affect the safety of our employees. Higher costs may be possible if risks are disregarded. Risks
may even affect public perception of the company
.Risk management allows organizations to attempt to prepare for the unexpected by
minimizing risks and extra costs before they happen.

5.2. What is Risk Management?

Risk management is the process of identifying any potential threats that may occur
during the investment process and doing anything possible to mitigate or eliminate those
dangers (Downloaded on June 27, 2020 from
https://www.myaccountingcourse.com/accounting-dictionary/risk-management). The
goal of risk management is identifying potential risks, analyzing risks to determine those
that have the greatest probability of occurring, identifying the risks that have the greatest
impact of the project if they should occur, and defining plans that help mitigate or lessen the
risk’s impact or avoid the risks while making the most of opportunity.

More specifically, risk management concerns these five areas (Heldman, 2005):

1. Identifying and documenting risks. The first step in risk management approach is
identifying and writing down all the potential risks that exist on your project. It
occurs throughout the life of the project. Every life-cycle phase brings its own
challenges and opportunities, which means more opportunity for project risk.
42
 2. Analyzing and prioritizing risks. It determines which risks require plans.
3. Performing risk planning. This concerns developing strategies on how to deal with
the risks if they occur. Not all risks require response plans. You may choose to live
with the consequences of a risk event if it occurs.
4. Monitoring risk plans and applying controls. This process involves evaluating the
risk response plans you’ve put into action and implementing any corrections needed
to make certain the plan is effective and the risks are handled appropriately and
timely.
5. Performing risk audit and reviews. This process is different from the previous one
because it is performed after the project is completed. Monitoring risks occurs
throughout the life of the project. Performing a risk audit is like documenting lesson
learned. You’ll document information as the project progresses, but the risk audit
analysis is performed at the end of the project.
Importance of Risk Management

By implementing a risk management plan and considering the various potential risks
or events before they occur, an organization can save money and protect their future. This
is because a robust risk management plan will help a company establish procedures to avoid
potential threats, minimize their impact should they occur and cope with the results. This
ability to understand and control risk enables organizations to be more confident in their
business decisions. Furthermore, strong corporate governance principles that focus
specifically on risk management can help a company reach their goals.
Other important benefits of risk management include:
1. Creates a safe and secure work environment for all staff and customers;
2. Increases the stability of business operations while also decreasing legal liability;
3. Provides protection from events that are detrimental to both the company and the
environment;
4. Protects all involved people and assets from potential harm; and
5. Helps establish the organization's insurance needs in order to save on unnecessary
premiums.
5.3. The Board and Management’s Responsibilities in Risk Management
The board of directors basically has the following responsibilities in risk
management:
1. Develops overall business strategy.
2. Creates units and appoint officers responsible for risk management.
3. Reviews and approves risk policies and procedures.
4. Identify risks through appropriate committees and officers.
5. Approves risk management plan and strategies.
6. Reviews effectiveness of the risk management system and compliance.
7. Reports to stakeholders on company risk management efforts.
With the aim of assisting corporations in attaining long term viability, competitiveness,
and profitability, our corporate governance code recognizes the important role of risk
management and has included the following provisions under the code:

(Rec 2.11) Oversee that a sound enterprise risk management (ERM) framework is
in place to effectively identify, monitor, assess and manage key business risks.
(Principle 12.) To ensure the integrity, transparency and proper governance in the
conduct of its affairs, the company should have a strong and effective internal control
system and enterprise risk management framework.

43
 (Rec 12.1) The Company should have an adequate and effective internal control
system and an enterprise risk management framework in the conduct of its business,
taking into account its size, risk profile and complexity of operations.
The board must ensure that the company’s internal control mechanism as
well as enterprise risk management is effective enough to address risks
identified with the company’s business.
(Rec 12.2) The Company should have in place an independent internal audit function
that provides an independent and objective assurance, and consulting services
designed to add value and improve the company's operations.
Explanation
A separate internal audit function is essential to monitor and guide the
implementation of company policies. It helps the company accomplish its objectives
by bringing a systematic, disciplined approach to evaluating and improving the
effectiveness of the company’s governance, risk management and control functions.
The following are the functions of the internal audit, among others:
a. Provides an independent risk-based assurance service to the Board, Audit
Committee and Management, focusing on reviewing the effectiveness of the
governance and control processes in
(1) promoting the right values and ethics,
(2) ensuring effective performance management and accounting in the
organization,
(3) communicating risk and control information, and
(4) coordinating the activities and information among the Board,
external and internal auditors, and Management
b. Performs regular and special audit as contained in the annual audit plan
and/or based on the company’s risk assessment;
c. Performs consulting and advisory services related to governance and control
as appropriate for the organization;
d. Performs compliance audit of relevant laws, rules and regulations, contractual
obligations and other commitments, which could have a significant impact on
the organization;
e. Reviews, audits and assesses the efficiency and effectiveness of the internal
control system of all areas of the company;
f. Evaluates operations or programs to ascertain whether results are consistent
with established objectives and goals, and whether the operations or
programs are being carried out as planned;
g. Evaluates specific operations at the request of the Board or Management, as
appropriate; and
h. Monitors and evaluates governance processes.
A company’s internal audit activity may be a fully resourced activity housed within the
organization or may be outsourced to qualified independent third party service providers.
The internal auditor should be free from undue influence from officials of the company.
The risk management function should be a separate function so as to have
proper concentration on addressing risk concerns. This is emphasized in Rec 12.4
(Rec 12.4) Subject to its size, risk profile and complexity of operations, the company
should have a separate risk management function to identify, assess and monitor key
risk exposures.
The risk management function involves the following activities, among others:
a. Defining a risk management strategy;

44
 b. Identifying and analyzing key risks exposure relating to economic,
environmental, social and governance (EESG) factors and the achievement of
the organization’s strategic objectives;
c. Evaluating and categorizing each identified risk using the company’s
predefined risk categories and parameters;
d. Establishing a risk register with clearly defined, prioritized and residual risks; e.
Developing a risk mitigation plan for the most important risks to the company,
as defined by the risk management strategy;
f. Communicating and reporting significant risk exposures including business
risks (i.e., strategic, compliance, operational, financial and reputational risks),
control issues and risk mitigation plan to the Board Risk Oversight
Committee; and
g. Monitoring and evaluating the effectiveness of the organization's risk
management processes.
In ensuring that the company’s Risk Management System functions as
expected, the board must appoint a Chief Risk Officer (CRO). This appointment
and functions of this officer are pointed out in Rec 12.5.
(Rec 12.5) In managing the company’s Risk Management System, the company should
have a Chief Risk Officer (CRO), who is the ultimate champion of Enterprise Risk
Management (ERM) and has adequate authority, stature, resources and support to
fulfill his/her responsibilities, subject to a company’s size, risk profile and complexity
of operations.
The CRO has the following functions, among others:
a. Supervises the entire ERM process and spearheads the development,
implementation, maintenance and continuous improvement of ERM processes
and documentation;
b. Communicates the top risks and the status of implementation of risk
management strategies and action plans to the Board Risk Oversight Committee;
c. Collaborates with the CEO in updating and making recommendations to the
Board Risk Oversight Committee;
d. Suggests ERM policies and related guidance, as may be needed; and
e. Provides insights on the following:
-Risk management processes are performing as intended;
-Risk measures reported are continuously reviewed by risk owners for
effectiveness; and
-Established risk policies and procedures are being complied with.
There should be clear communication between the Board Risk Oversight
Committee and the CRO.

Unit Summary
 Risks are as normal as life for any business entity. However, risks are not to be
neglected as its possible consequences can cause the failure of the company. This is why
risk management is considered part of the responsibility of the board of directors. Our
governance code allows the board to create necessary bodies and appoint officers for
effective risk management. These bodies and officers are vested with authority and
responsibilities to help address the various risks confronting the company.
impact of risks to a company and the responsibility of the board and management in
risk management.