5. What is it about RISK?
Risk as a cause – e.g. fire, theft, fraud
Risk as a likelihood – probability of occurrence
Risk as an object – the objects that constitute the risk, e.g.,
factory, aircraft, ship, young male drivers
Risk as an action – taking a risk by doing something or not
doing something
Risk is a condition in which there is a possibility of an
adverse deviation from a desired outcome that is expected
Risk is all pervasive of all human endeavour
8. TYPES OF RISK
Credit Risk: The risk of loss arising from loan default or unpaid
account receivables
Operational Risk: The risk of loss resulting from inadequate or failed
policy, processes and systems or from external events
Market Risk: The risk of loss resulting from adverse movements
in the market prices, interest rate, equities, commodities, or
currencies.
Liquidity Risk: The risk of loss to an entity arising from its
inability to meet its obligations as they fall due.
Legal Risk: The risk of loss arising from inability to enforce a
contract against a counterparty, or unfavourable legal
proceedings.
Compliance Risk: The Risk of loss arising from breach of
regulatory requirements
Strategic Risk, Reputational Risk etc.
10. Enterprise Risk Management (ERM)
ERM deals with risks and opportunities affecting value creation or
preservation
ERM “is a process, effected by an entity’s board
of directors, management and other personnel,
applied in strategy setting and across the
enterprise, designed to identify potential events
that may affect the entity, and manage risk to be
within its risk appetite, to provide reasonable
assurance regarding the achievement of entity
objectives.”
Source: COSO Enterprise Risk Management– Integrated Framework. 2004. COSO.
12. Benefits of ERM Implementation
Aligning risk appetite and strategy
Enhancing risk response decisions
Reducing operational surprises and losses
Improving overall risk rating
Improving deployment of capital
Complying with regulatory changes
Improving shareholder value
Facilitating long term survival
13. Risk Assessment Process
Identify relevant business objectives.
Identify events that could affect the achievement
of objectives.
Determine risk tolerance.
Assess inherent likelihood and impact of risks.
Evaluate the portfolio of risks and determine risk
responses.
Assess residual likelihood and impact of risks.
14. Risk Assessment (Cont’d)
Risks are analyzed, considering likelihood and impact,
as a basis for determining how they should be
managed
Risks are assessed on an inherent and a residual
basis.
RISK MAP
“Risk = (Probability of event occurring) X (impact of event occurring)”
5 LOW MED HIGH EXT EXT
4 LOW MED HIGH HIGH EXT
3 LOW MED MED HIGH HIGH
2 LOW LOW MED MED MED
1 LOW LOW LOW LOW LOW
LIKELIHOOD 1 2 3 4 5
CONSEQUENCE
L x C
Score 0 - 5 = Low
Score 6 - 10 = Medium
Score 12 - 16 = High
Score 20 - 25 = Extreme
15. Risk Response Actions
Accept = monitor
or
Avoid = eliminate (get out of the situation)
▪ Mitigate = institute controls
▪ Share = partner with someone (e.g. insurance)
▪ Residual risk (unmitigated risk)
16. Business Continuity Planning (BCP)
BCP is a roadmap for continuing operations under adverse
conditions such as fire incident, server crash etc.
Important documents should be duly protected with a back up
facility and kept in an offsite facility.
19. Concluding Quote
“For firms to succeed in this increasingly global
and competitive marketplace, risk management
must become a state of mind. A systematic and
proactive enterprise-wide approach to managing
risks is essential to making risk management an
integral part of the company’s DNA”
-NURAG SAKSENA –CRO, Freddie Mac
“There are risks and costs to a programme of
action; but they are far less than the long
range risks and costs of comfortable
inaction”
-John F. Kennedy
