This document discusses risk management strategies at Look, a large technology company. It covers: 1) Types of risks Look faces, including strategic, financial, operational and compliance risks from its global operations and investments. 2) Look's approach to risk management, which includes identifying risks, evaluating their potential impact, developing response strategies, and ongoing monitoring. 3) The roles and responsibilities of Look's management, board of directors, internal audit department and other functions in overseeing risk management and internal controls.

1. CIMA syllabusisinthe contextof Lookcase study.
P3
A. Identificationclassificationandevaluationof risks
1 Evaluationof risksandtheirresponse
a) Typesof risk facingan organization
 Upside anddownside risks- Internal auditdepartmentof lookbased oncompliance.
Currentlyinternal auditdepartmentisnotlookingformanipulatingupside risks.
International riskssuchascurrency,regulations,politicsare commontoLook.
b) Organization’sabilitytobearidentifiedrisks
 Competition- Lookistryingto compete byinvestingheavilyonnew technologies.(Look
lens)
 Investmentonnewbusinesses-Stongfinancialsof Lookenable themtoinvestinnew
businesses( profitof 18B last year,retainedearningsof 55B)
 Newtechnologies-highinvestmentonstartupsand R&D ,increasingpresence of Look
throughit’sproduct portfolio($8654m onR&D lastyear)
 Advertisingrevenue-Lookcanlowerthe pricesforadvertisementsif there are adverse
economicconditions
 Regulationsand scrutiny- Lookisalwaysfollowinglawsandregulations.
 Political motives –Bargainingpowerof Lookishighbut so far we have beensuccessful
inkeepingsoundpolitical situation.
 Legal liability –Opentoclaims, Makingbackupsand upgradingsecuritysystems
 Jointliability –Lookcan ensure the qualityof the qualityof the productsorsuppliedby
theirlinkedthirdpartiesbyputting agreement,avoidpartnershipsorbusinesswith
whoare not adheringtoLook’spolicies
 Manufacturingand supplychain – Alwayshavingpreferredsupplybase andhaving
back up suppliers,ensuringthirdpartiesare followinglaborlaws
 Securityandqualityof service –Havingstrong firewallsanddataencryptioncansecure
the data
 Interruptionof communications- Havingemergencyplanningscenarioplanningand
havinga testrun for disastersimulation
 Keypersonnel –Lookhas highdemandfromqualityprogrammersandengineers
 Ad blocking–Look isnot puttingtoomany advertisements andtheyare givingmore
prioritytoadvertisementswhichare actually demandedbypeople
c) Responsestoidentifiedrisks
 TARA modal
 Transfer- Usingthirdparty to keepbackups
 Avoidance –act accordingto privacylaws
 Reduction- highsecuritymeasurestoreduce threatof hacking
 Acceptance – disruptionstointernetservices.
 CIMA riskmanagementcycle
 Identifyriskareas
 Accessthe scale of risks

2.  Developriskresponsestrategy
 Implementstrategybyallocatingresponsibilities
 Monitorthe controlsthatyou have introduced
 Reviewandrefine process
( infofordecisionmaking)
2. Seniormanagementresponsibilityforimplementingriskmanagementandinternal controls
a) Techniquesof enablingboardtodischarge itsresponsibilitiesregardingmanagingrisks
 CurrentlyLookhasan internal auditdepartmentwhichhasofficesineverysite of the
group.Focus ison compliance audit.Usingriskbasedapproachtoplanningand
conductingitsinvestigations.Headof internal auditreporttononexecutiveChairman,(
Charleswhochairsthe auditand remunerationcommittees)
b) Advisingboardon itsresponsibilityof reportingrisktoshareholdersandstakeholders
 Establishwhatshareholdersvalue aboutthe company.Identifythe risksaroundthe key
shareholdervalue drivers.Determine the preferredtreatmentforthe risks.
Communicate risktreatmentstostakeholders.
3. Ethical impactof risk
a) Ethical,social andenvironmentissuesarisingfromriskmanagement
 Look’sapproach of act alonggovernmentshasbeencriticizedasbeingpolitically
biased.
B Responsestostrategicrisks
1. Tools andprocessesrequiredforstrategyimplementation
a) Appropriate measuresforstrategiccontrol anddirection
 Look searchismanagingtwo data centersandtwoprogrammingcenters
 Look Space,LookMedia andLook cloudare heavyusersof programminganddata
storage.
 Look search – 68% of revenue and90.5% of gross profit
 Look space- 15% of revenue ,9.4% of grossprofit
 Look OS– (-3.9%) of gross profit
 Look Apps – 2% of revenue ,0.3% of gross profit
 Look phones –5% of revenue,2.7% of gross profit
 Look lens – (3.4%) OF GROSSPROFIT
 Look Media– 7% of revenue ,5.9 % of grossprofit
 Look cloud – 3% of revenue ,(1.5%) of gross profit
 Data mininingisbeingusedbyLooktoidentifypatternsof usersandtocome up with
menaningfuldata.Thishasbeenusedeffectivelyinadvertising.
b) Solutionsforthe risksof dysfunctionalbehaviorarisingfromthe associatedmodelsof
performance measurement
 Looksattemptto compare themselveswithwebrunandwellfindcanbe misleadingas
Buyfindandfriendtime becomingtheirmaincompetitors

3. c) Risksinthe developmentstrategiesforinformationsystemsthatsupportorganization’s
strategicrequirement
 Cost overrun,toomanydata , sensitivedatastoredinsystemscanbe a source of
attractionfor hackers, too muchdependoninformationtechnology
2 Ethical issuesfacinganorganizationandit’semployees
a) Risksof unethical behavior
 CIMA code of ethics
 Integrity – Lookand employeesshouldbe straightforwardandhonestinall
businessrelationshipswithouthiddenagendas
 Objectivity –shouldnotallow biasorconflict,Look shouldnotbe biastowards
governmentstogaintheirapproval
 Professionalcompetence anddue care – by hiringengineersandprogrammers
withhighskillsandupto date knowledge,same withthe finance division
 Confidentiality - Informationof usersshouldnotbe soldtothirdparties
withoutproperapproval
 Professionalbehavior–complytorelevantlawsandavoidsactionsdiscrediting
the procession
 The general usersandgovernmentare expecting“Look“ to behave ethically.Onthe
otherhand ourshareholdersare fondof ourprestige asa ethical company.Thuswe
have a big responsibilitytoactethically.
3 Risksassociatedwithcorporate governance
a) Risksassociatedwithpoorgovernance structures
 The numberof directorsandNeds are equal inLook
 Jay Bride isthe CEO and CharlesAnstruther - NonexecutiveChairman
 Charleschairthe auditand remunerationcommittees ,Michael YipandAlisonGordon
are membersof AuditandremunerationcommitteesbutMaraReynoldsdoesnotsit
on anyboard committees.
 Mara Reyonoldsappointedasadirectordue to herlongservice .
C Internal controlstomanage risk
1. Control systemsfororganizational activitiesandresources
a) Appropriatenessof control systemsforthe managementof anorganization
 Lookssystemseemstobe openas it connectsthe informationandthe user.
 Howeversecuritysystemsinside mightbe closedrelevanttothe data collecting
systems
 Managementcontrol
 Managementcontrol- processesusedbyLookmanagerstoensure that
organizational goalsare achievedandproceduresare adhieredwhile
respondingtoopportunitiesinthe environment
 Feedbackcontrol- measuringdifferentbetweenplannedoutputandactual
outputachieved,andthe modificationof subsequentactionorplansto achieve
future requiredresults.
 Feedforwardcontrol – Forecastingof eventoutcomes,identifyingadverse
resultsinadvance andthe implementationof actionbefore the eventtoavoid
such results.

4.  Typesof control
 Managementinformation –infoneededforcontrol functionproducedfrom
manysourcesthenstandardized.(financial reports,status,marketing,
humanresources,managementaccounting)
 Evaluation – specifictype of managementinformationwhichneed separate
mentiondue toitscentral for measuringperformance
 Delegation –assignstasksto employeeswithauthoritytoacquire resources
 Financial management –informationusedformonitoringthe progressof
plansand resource consumption
 Qualitycontrol andoperational management –focuson intangibleattributes
like quality
 Policiesandprocedures –communicate whatbehaviorisexpectedornot
tolerate fromemployees.
 Managementcontrol system
2 Riskmanagementstrategiesandinternal controls
b) Essential featuresof internal control systemsforidentifyingassessingandmanagingrisks
 Fraud can be a issue thateffectlookinthe base of following
 Misrepresentingquality
 Falsifyingexpenses
 Usingstolencreditcards
 Tax invasion
 To preventfraudSPAMSOAPmodal canbe used
 Segregationof duties
 Physical control
 Authorizationandapproval
 Managementcontrol
 Supervision
 Organizationcontrol
 Accountingcontrols

5.  Personnel controls
 Fraud riskmanagementstrategy
 Fraud prevention( control )- anti-fraudculture,riskawareness,whistle
blowing,soundinternal control systems
 Identifyingfraud(earlyidentification)–performregularchecks,Lookfor
warningsigns,whistle blowerscandetectfrauds
 Respondingtoafraud (quickresponse)- internal disciplinaryaction,civil
action, criminal prosecution,individualresponsibilities
Mangers-agreedstandardresponse
Finance director-overallresponsibility
Auditcommittee-review andreport
Internal auditor-investigate fraud
External auditors-provide expertise
Legal advisors- advice onlegal implications
Publicrelation- maintainpublicattention
Police- prosecution
Insures-where claimisinvolved
 Reputationrisk – publicknow aboutfraudandwill affectreputationleadingto
share price fall,preventraising finance infuture
 Litigationrisk – if fraudidentifiedandtakentocourts
3 Purpose andprocessof auditin the contextof internal controls
a) Effective planningandmanagementof internal auditandinternalauditinvestigations
 Typesof audit
 Financial audit-trueandfaircomplywithstandards
 Compliance audit- currentlyLookhasthis
 Transactionsaudit-checksample tocheckaccuracy
 Systembasedaudit-focusonfunctioning
 Riskbasedaudit-include riskmanagement
 Value formoneyorperformance-business unitperformance
 Postcompletionaudit-measure successof capital expenditure project
 Environmental audit-how well anorganizationhelpstosafeguardthe
environment
 Managementaudit-objective andindependentappraisal of the effectiveness
of managers
 Internal audit- Lookhasofficesateverysite whichthe groupoperates.Focusison
compliance audit.Heavyemphasisoncompliance withItoperationstoensure the
securityandprivacyof data issafeguardedinaccordance withLook’sstandard
operatingprocedures.Use riskbasedapproachtoplanningandconductingits
investigations
 Scope of internal auditwork
 Reviewingaccountingandcontrol systems
 Examiningfinancialandoperationalinformation
 Reviewingeconomy,efficiencyandeffectivenessof operations
 Reviewingcompliance withlawsandotherexternal regulations
 Special investigations
 Assistantwithidentifyingsignificantrisks

6.  Assistingincarryoutexternal audit
 Structure of internal auditdepartment
 Internal auditshouldbe independentand executive managementshouldnot
reviewsystemstheydeveloped
 Headof internal control directlyreporttoauditcommittee
 Headof internal control shouldhave directaccesstoChairmanof BOD and
auditcommittee
 Auditcommittee shouldcontrol the appointment,terminationof headof
internal control
 Auditrisk
 Inherentrisk- accountnature of the item
 Control risk- existingcontrolsare notsufficient
 Detectionrisk-fail todetect
 Othermethodsof internal audit
 Physical inspection
 Corroboration
 Recalculationandreconciliation
 Testing- walkthrough,compliance ,substantive
D Managingrisksassociatedwithcashflows
1 Financial risksfacinganorganization
a) Financial risksfacinganorganization
 Exchange rate risk isa major concernfor Lookas it operates globally.
 Howevernetprofitof $18 Billionismakingstrongfinancial
 Typesof currency risks
 Transactionrisk – arisingdue totime lag betweenthe pointof enteringinto
transactionand pointof settingthe transaction
 Translationrisk – ariseswhencompaniesconverttheirforeigncurrency
dominatedassets,liabilities,revenuesandexpensestotheirlocal currencies
for consolidationandreportingpurposes
 Economicrisk – riskof future cashflowsof the companygettingaffecteddue
to exchange rate movements
 Interestrate risks – risksof gainsand lossesarisingfromchangesinthe interest
rates.Followingare the methodsof reducinginterestrate risks
 Forwardrate agreements
 Interestrate futures
 Interestrate options
 Interestrate swapping
2 Alternativeriskmanagementtools
a) Effectsof economic factors that affectfuture cashflowsfrominternational operations
 Factors affectingexchange rates
 Demandand supply
 Governmentpolicy
 Interestrates

7.  Interestrate paritytheory –thissuggestsnotradercan exploitadifferencein
interestratesintwocountriesandmake risksfree profits(arbitrage profits)
 Purchasingpowerparitytheory – thissuggestssame goodwhere evertheyare
tradedshouldhave the same price
 Arbitrage profits –thisis the exceptiontothe IRPwhere tradersexploitsthe
differencesbetweenthe interestratesandmake money.
b) Evaluate appropriate methodsforthe identificationandmanagementof financial risksassociated
withinternationaloperations
 Eliminatingriskof uncertainmovementsof exchange rate-Hedging
 Internal hedging- matching,Invoicinginowncurrency,leading/lagging
payments,netting(bilateral andmultilateral)
 External hedging– Forwards, futures,options, swaps
c) Evaluate appropriate methodsforthe identificationandmanagementof financial risksassociated
withdebtfinance
 LooksLong term borrowingsare $4800m.So there isnothingmuchto worryabout
E Managementof riskassociatedwithcapital investmentoptions
1 Risksarisingfromchangesinthe environmentforcapital investmentappraisal
a) Evaluate investmentprojects
 WhenevaluatingLooklenswe needtolookmore aboutthe viabilityof market
b) Evaluate conflictsthatmayarise fromcapital investmentdecisions
 Our shareholdersmaywanttomaximize their wealthwhileboardof directorstend
to increase profits,howeverwe needtostrike abalance
c) Outcomesof projectspostimplementationandpostcompletion
 Learningcan be transferredbydocumentingthe process.Thiscanbe usedinfuture
projectsto avoid disruptionsbytakingprecautionarymeasures.