Risk Management Process

What is a Risk?
1. Risk Identification: Identify potential risks.
• A risk is ANYTHING that may affect the achievement of
2. Risk Analysis or Assessment: Analyze and assess the
an organization's objectives.
identified risks.
• It is the UNCERTAINTY that surrounds future events and
3. Controls Assessment and Implementation: Implement
outcomes.
controls to mitigate risks.
• It is the expression of the likelihood and impact of an
4. Resource and Budget Allocation: Allocate resources
event with the potential to influence the achievement of
and budget for risk management.
an organization's objectives.
5. Risk Mitigation: Take actions to reduce or eliminate
What is Risk Management
risks.
• Risk Management is the process of measuring or
6. Risk Monitoring, Reviewing, and Reporting:
assessing risk and developing strategies to manage it.
Continuously monitor and review risks
• Risk Management is a systematic approach in
Relevant Risk Terminologies
identifying, analyzing and controlling areas or events with
• BUSINESS RISK
a potential for causing unwanted change.
• FINANCIAL RISK
Risk can come from uncertainty in financial market, project
• LIQUIDITY RISK
failures, legal liabilities, credit risks, accidents, natural
• DEFAULT RISK
causes and disasters as well as deliberate attack from
• INTEREST RATE RISK
adversary or events of uncertain or unpredictable root-
• MANAGEMENT RISK
cause.
• PURCHASING POWER RISK
Why do we need risk management?
BUSINESS RISK
• Without good risk management practices, government
• Business risk refers to the uncertainty about the rate
cannot manage its resources effectively. Risk management
of return caused by the nature of a business.
means more than preparing for the worst; it also means
• The most frequently discussed causes of business risk
taking advantage of opportunities to improve services or
are uncertainty about the firm’s sales and operating
lower costs.-Sheila Fraser, Auditor General of Canada
expenses.
• Clearly the firm’s sales are not guaranteed and will
Basic Principles of Risk Management
fluctuate as the economy fluctuates or the nature of the
• Risk management creates and protects value.
industry changes.
• Risk management is an integral part of all organizational
•A firm’s income is also related to its operating
processes.
expenses.
• Risk management is part of decision making.
• If all operating expenses are variable. Then sales
• Risk management explicitly addresses uncertainty.
volatility will be passed directly to operating income.
• Risk management is systematic, structured, and timely.
FINANCIAL RISK
• Risk management is a proactive approach that involves
• The firm’s capital structure or sources of financing
continuous monitoring and review.
determine financial risk.
 • If the firm is all equity financed, then any variability in from ordinary shares. This change in the discount rate will
operating income is passed directly to net income on an materially impact the analyst’s estimate of the value of a
equal percentage basis. share of ordinary share
• If the firm is partially financed by debt that requires MANAGEMENT RISK
fixed interest payments or by preferred shares that • Decisions made by a firm’s management and board of
requires preferred dividend payments, then these fixed directors materially affect the risk faced by investors.
charges introduces financial leverage. • Areas affected by these decisions ranged from product
• These leverage causes net income to vary more than innovation and production methods (business risk) and
operating income. financing (financial risk) to acquisitions.
LIQUIDITY RISK • For example, acquisition-defense decision made by the
• Liquidity risk is associated with the uncertainty created management of such firms materially affected the risk of
by the inability to sell the investment quickly for cash. the holders of their companies’ securities.
• An investor assumes that the investment can be sold PURCHASING POWER RISK
at the expected price when future consumption is • Purchasing power risk is perhaps, more difficult to
planned. recognize than the other types of risk.
DEFAULT RISK • It is easy to observe the decline in the price of a stock or
• Default risk is related to the probability that some or bond, but it is often more difficult to recognize that the
all the initial investment will not be returned. purchasing power of the return you have earned on an
• The degree of default risk is closely related to the investment has declined (risen) as a result of inflation
financial condition of the company issuing the security (deflation).
and security’s rank in claims on assets in the event of • It is important to remember that an investor expects to
default or bankruptcy. be compensated for going consumption today.
• For example, if a bankruptcy occurs, creditors • If an individual is invested in peso-dominated assets
including bondholders have a claim on assets prior to such as bonds, treasury bills, or saving accounts during
the claim of ordinary equity shareholders. the period of inflation, the real or inflation adjusted rate
INTEREST RATE RISK of return will be less than the nominal or stated rate of
• Because money has time value, fluctuations in interest return period, thus, inflation erodes the purchasing power
rates will cause the value of an investment to fluctuate of the peso and increases investor risk.
also. POTENTIAL RISK TREATMENT
• Although interest rate is most commonly associated ISO 31000 also suggest that once risks have been
with bond price movements, rising interest rates cause identified and assessed, techniques to manage the risks
bond prices to decline and declining interest rates cause should be applied. These techniques can fall into one or
bond prices to rise. more categories.
• Movements in interest rates affect almost all  AVOIDANCE
investments alternatives. For example, as a change in  REDUCTION
interest rates will impact the discount rate used to  SHARING
estimate the present value of future cash dividends re  RETENTION
RISK AVOIDANCE • People
• This includes not performing an activity that could carry ➢Hiring new employees, losing key people, poor
risk. succession, planning, or weak people management can
• An example would be not buying a property or business all create dislocation as well as behavior, everything
in order not to take on the legal liability that comes with from laziness to fraud, exhaustion and simple human
it. error can trigger risks.
• Avoiding risk, however, also means losing out on the • External Factors
potential gain that accepting (retaining) the risk may have ➢Changes to regulation and political, economic or
allowed. social developments can all affect strategic decisions by
• Not entering business to avoid the risk of loss also bringing to the surface risks that may have lain hidden.
avoids the possibility of earning profits.
RISK REDUCTION
• Risk reduction or optimization involves reducing the
severity of the loss or the likelihood of the loss from
occurring.
• Optimizing risk means finding a balance between the
negative risk and the benefit of the operation or activity;
and between risk reduction and effort applied.
Risk sharing means sharing with another party the
burden of loss or the benefit of gain, from a risk, and the
measures to reduce a risk.
RISK RETENTION
• Risk retention involves accepting the loss or benefit of
gain from a risk when it occurs. Self insurance falls in this
category.
SIGNIFICANT TYPES OF RISK CATALYST
• Technology:
➢New hardware, software or system configuration can
trigger risks as can new demands on existing information
systems and technologies.
• Organizational Change:
➢are triggered by new management structures or
reporting lines, new strategies, and commercial
agreements
• Processes:
➢New products, markets, and acquisitions all cause
change and can trigger risks .