Controlling risk


Published on

Published in: Business, Economy & Finance
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Controlling risk

  1. 1. Chapter 11<br />19 July 2011<br />Controlling risk<br />
  2. 2.
  3. 3. Role of Board<br />Significant role in risk mgmt<br />Consider strategic nature of risk<br />Define org’s risk appetite & approach<br />Responsible for driving risk mgmt process<br />Ensure risk mgmt supports strategic objectives<br />Determine level of risk that an org can accept- to match strategic objectives<br />Communicate risk mgmt strategies to the entire org- top/down approach<br />Ensure integration of risk mgmt in operations<br />Review risk and monitor progress of risk mgmt plans<br />Risk mgmt strategy- which risk will be accepted, declined, transferred<br />Appoint a risk committee<br />
  4. 4. Board consideration of risk<br />
  5. 5. Risk appetite comprises : <br />Risk attitude – overall character of the BOD (Risk averse & risk seeking).<br />Risk capacity- Amt of risk that an org can bear.<br /><ul><li>Risk appetite is a measure of the general attitude to risk</li></ul>Factors likely to affect risk appetite of BOD are:<br />Nature of product manufactured- amt of risk will vary depending on the product<br />Need to increase sales- <br />Background of the BOD<br />Amount of change in the market- eg mobile phones, new drugs<br />Reputation of the company- here BOD will be very cautious with risk positioning.<br />
  6. 6. Risk attitude<br />Risk averse<br />Avoid risk <br />Withdraw from risky ventures<br />Risk seeking<br />Seeking additional risk<br />See risk management as strategic<br />Invest in comprehensive risk mgmt system<br />High risk = high return<br />
  7. 7. Risk attitude- cont’d<br />Risk attitude depending on org.<br />3 factors to consider :<br />Size<br />Structure<br />Development<br />
  8. 8. SIZE<br />Small Size<br />Small size = higher risk for org= vulnerable.<br />Smaller product range- so adversely impacted in case if drop in sales.<br />There will be a tendency towards Risk averse strategy – to protect limited product ranges.<br />Large Size<br />Large size = lower risk<br />Wider product range<br />But large size may mean attempt to minimize reputational risk.<br />
  9. 9. Structure<br />Functional structure- who manages the risk. Normally decided at BOD level.<br />Large org manage risk across the globe.<br />Divisional structure<br /><ul><li>spread risk & diversified portfolio
  10. 10. Risk appetite determined by current portfolio of co’s , in terms of overall risk
  11. 11. A portfolio with limited risk means that more risky/daring investments can be made.
  12. 12. But high risk portfolios means that lower risk investments will be attractive.</li></li></ul><li>Development<br />Relates to the stages of development of an org.<br />Can be linked to the Product Life cycle stages. (P.L.C)<br />Initial stages of P.L.C are more risky.<br />New products & initial investments are highly risky.<br />But a risk seeker philosophy needed as new products need to be launched and innovation will always be risky.<br />
  13. 13. Risk committee<br />C.G codes don’t specify whether risk comm is needed.<br />If there is no formal risk comm, then the audit comm will take over<br />Roles<br />Update co’s risk profile & appetite<br />Oversee risk assurance process<br />Raise risk awareness<br />Establish policies for risk mgmt<br />Implement processes to monitor & report risk<br />Ensure proper communication of risks @ all levels<br />Ensure adequate training arrangements in place for awareness of all managers.<br />Obtain external advise to make sure risk mgmt process are up to date.<br />
  14. 14. Responsibilities of risk committees<br />Assess risk mgmt. procedures i.r.o change in operating environment. i.e identify, measure & control of key risk exposures.<br />Emphasize on benefits of risk based approach to internal control.<br />Risk audit report on critical business areas<br />Assess risks of new ventures/ alliances<br />Review credit risk, interest rate risk, liquidity risk, operational risk exposures, in light of board’s risk appetite.<br />Consider f/s disclosure i.r.o I.C.S , risk mgmt& key risk exposure<br />Make recommendations to the full board on matters pertaining to strategy & policies.<br />
  15. 15. Risk manager<br /><ul><li>Risk manager is supported & monitored by Risk mgmt committee
  16. 16. More operational role for the risk manager
  17. 17. The tone is set at the top by BOD & risk mgmt committee.</li></li></ul><li>Risk manager activities<br /><ul><li>Leadership function
  18. 18. Identify & evaluate risks- business, operations, policies
  19. 19. Implement risk mitigation strategies , i.e I.C.S.
  20. 20. Improve risk mgmt methodologies
  21. 21. Monitor status of R.M strategies & internal audits
  22. 22. Ensure compliance with legislation & regulations
  23. 23. Maintain good relationship / link between BOD & Risk mgmt committee
  24. 24. Develop/implement / manage risk mgmtprogrammes / initiatives
  25. 25. Establish risk mgmt awareness programme within the org
  26. 26. Establish risk indicators</li></li></ul><li>Risk awareness<br />Risk comm role- raise risk awareness<br />Lack of risk awareness = inappropriate risk mgmt strategy<br />
  27. 27. Risk awareness will be at 3 levels:<br /><ul><li>Strategic : High level monitoring of risk
  28. 28. Tactical : Monitoring at divisional level
  29. 29. Operational : Day to day monitoring</li></li></ul><li>Strategic level<br />Need for continued monitoring of risks for the org.<br />Lack of monitoring create competitive disadvantage.<br />Lack of monitoring creates going concern problems.<br />
  30. 30. Tactical level<br />Risks affecting divisional level.<br />Monitoring is required as it affects eg. continuity of supply<br />Lack of monitoring impact on continuity of process/operations<br />Eg – Resignation of staff leads to a break into normal chain- key process may be left incomplete<br />Staff motivation should be monitored to prepare for any future succession planning.<br />
  31. 31. Operational level<br />Monitor risk at day-to-day level.<br />Lack of monitoring is a threat to the org.<br />Persistent lack of monitoring = reputational risk.<br />E.g . Lack of availability of certain goods in the long term will create , in the LT, increasing customer frustration.<br />
  32. 32. Embedding risk<br />Embedding risk mgmt : <br />ensure it is part of business’ DNA.<br />Part of the way of doing biz- part of the philosophy.<br />Process of embedding risk management:<br />
  33. 33. Embedding risk- cont’d<br />Risk is embedded in :<br />Systems<br />Culture<br />Embedding risk in systems<br />Ensure risk mgmt is included in control systems.<br />Control system will integrate all systems into a proper mechanism.<br />Risk mgmt is an integrated system.<br />Embedding risk in culture<br />This is related to the way people behave , think and act.<br />So employees must accept the need for a system of risk management in the enterprise.<br />
  34. 34. Embedding risk<br />Methods of embedding risk mgmt in culture & values<br />Align individuals’ goals with corporate goals<br />Make risk mgmt pervasive, include it in job descriptions<br />Establish reward systems – for those who take risks in practice- no blame game , no victims.<br />Establish metrics & KPI’s that can monitor risk & provide early alerts / trigger buttons.<br />
  35. 35. Embedding risk<br />Factors impacting on success of embedding risk in culture<br />Open/ closed culture<br />Overall commitment to risk mgmt policies throughout the org.<br />Attitude towards ICS<br />Governance- include risk mgmt in the org, to meet needs and expectations of external stakeholders.<br />Is risk mgmt a normal part of the org?<br />
  36. 36. Risk management- TARA<br />Risk planning & formulating risk mgmt strategies<br />Strategies<br />Transference<br />Avoidance<br />Reduction<br />Acceptance<br />
  37. 37. Transference<br />Trf part or 100% of the risk to a 3rd party.<br />E.g re-insurance / insurance , where 3rd party accepts full liability in case risk crystallise<br />There may also be alliance , strategic partnerships<br />
  38. 38. Avoidance<br />Avoid by not investing/ venturing<br />Risk averse strategy<br />But in business , not all risk can be avoided<br />
  39. 39. Reduction/mitigation<br />Reduce risk – e.g. limit exposure in specific area or decrease adverse effects , should the worse happen.<br />Effective ICS is necessary to reduce impact of risk.<br />Risk pooling<br /><ul><li>Pooling will cause some positive & negative effects to cancel out
  40. 40. Risks from many different txns are pooled together
  41. 41. Finally risks is considered from the “pool perspective” or cluster wise
  42. 42. E.g diversification investment portfolio.</li></ul>Reduce financial risk/ hedging<br />Hedging- offset risks . Used to manage exposures.<br />Hedging neutralise the risk / reduce risk<br />Forwards contracts- fix the price in advance of txn happening. Neutralise / eliminate the risk from unfavorable movement. Mainly used in purchase / sale of currency.<br />
  43. 43. Risk mapping & risk mgmt strategies<br />Risk mapping will determine risk mgmt strategy as shown in the table below:<br />
  44. 44. Further risk mgmt strategies<br />Risk avoidance<br />Risk strategy if avoiding the risk but not undertaking the activity<br />Org has low risk appetite<br />Strategy is to avoid risky ventures<br />Risk retention<br />Similar to concept of risk acceptance .<br />Strategy used where risk is minimal or where strategy of transference are expensive.<br />
  45. 45. Further risk mgmt strategies<br />Diversify/ spread risk<br />Reduce risk by diversifying into operations into different locations<br />Performance will net off – cross subsidise<br />Overall total risk will be reduced<br />Diversify- spread the risk; eg portfolio mgmt.<br />Risks can be spread by expanding portfolio through integration, thus linking with other co’s in the supply chain.<br />
  46. 46. Backward integration- Development concerned with the inputs into the org , eg raw mats, machinery, labour.<br />Forward integration- Development into activities concerned with org’s output e.g distribution, tpt, repairs.<br />Horizontal integration- Development into activities that compete with or complement an org’s present activities . E.g travel agent selling related products such as travel insurance & currency exchange services.<br />Unrelated diversification- development into a completely different area<br />
  47. 47. Risk strategy & ansoff matrix<br />
  48. 48. Risk auditing<br />Risk audit is not mandatory.<br />Risk audit is part of general awareness and will be concerned with understanding the risks that the org face.<br />Risk mgmt – is an internal function under resp of mgmt.<br />Internal auditors sometimes cumulate the functions of risk audit also<br />
  49. 49. Purpose of risk audit<br />Risk audit assist risk monitoring<br />Provide independent view of risks & controls<br />Fresh pair of eyes may identify errors in the original monitoring process<br />In some legislation, audit work is mandatory e.g SOX<br />After review , internal audit & external audit make recommendation to amend risk mgmt.<br />
  50. 50. Stages of risk audit<br />
  51. 51. Advantages of internal audit<br />Familiar with culture , procedure, policy<br />I.A can perform specific & focused risk assessment<br />Internal teams are flexible , mgmt will control their timetable<br />Internal teams focus their reports more than external audit teams<br />
  52. 52. Advantages of external audit( weaknesses of internal audit)<br />More independent / less bias<br />Reporting based on ACCA/ IFAC code of ethics<br />Create high degree of confidence for investors & regulators<br />Fresh pair of eyes<br />Outside in approach<br />Internal auditors are used to system and behavior and may not want to question basic established principles<br />External auditors have wide exposure, best practice can be introduced.<br />
  53. 53. Process of external reporting of Internal controls & risks<br />
  54. 54. Process of external reporting of Internal controls & risks<br />Reporting may be voluntary or by statute( US sec 404 SOX)<br />Some reporting systems are more for internal use – eg audit committee<br />Process of external reporting- imply compliance with ethical guidelines.<br />
  55. 55. Comparison SOX & UK external reporting<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.