Risk management

RISK MANAGEMENT OF COMPANIES
Page | 1
CHAPTER 1
INTRODUCTION
Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary. Several risk management standards have been developed including the Project Management Institute, the National Institute of Science and Technology, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.
The strategies to manage risk include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.
Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on risk even though the confidence in estimates and decisions increase.
Risk management, a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process can be very difficult, and balancing

Page | 2
between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled.
Intangible risk management identifies a new type of a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability. For example, when deficient knowledge is applied to a situation, a knowledge risk materializes. Relationship risk appears when ineffective collaboration occurs. Process-engagement risk may be an issue when ineffective operational procedures are applied. These risks directly reduce the productivity of knowledge workers, decrease cost effectiveness, profitability, service, quality, reputation, brand value, and earnings quality. Intangible risk management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity.
Risk management also faces difficulties in allocating resources. This is the idea of opportunity cost. Resources spent on risk management could have been spent on more profitable activities. Again, ideal risk management minimizes spending and minimizes the negative effects of risks.
In the current volatile markets at the beginning of the new millennium, where newspaper headlines inform us how much money has been wiped off the stock market in a bad day or lost in the bankruptcy of a company, risk management is a key phrase. But what do we mean by risk management and why are regulators so concerned with this topic? Risk management is the application of analysis techniques and the definition of measures to quantify the amount of financial loss (or gain) an organization is exposed to, when certain unexpected and random changes and events occur. These events range from changes in observable or derivable market data (such as prices, or price volatility), process related failures, or credit (payment default type) events. Risk is therefore all about uncertain rather than definite outcomes. This uncertainty is not an undesirable thing. It is, however, important that the organization is aware of the

Page | 3
impact of any outcomes that may occur and their implication for its profitability. For these risk measures or metrics to be of use, the calculated risks and actual losses arising should correlate. If this is not the case, the information on which the risk analysis is based, or the analysis itself, is either incorrect or inac- curate and must be rectified for the information to be of use. Even where it is thought that the risks are well understood, the risk manager needs to be constantly looking for previously unidentified risks, or inherent assumptions and failings in the calculation and management of those risks. This is especially true when these risks may only become
Evident in extreme market conditions. If these risks are not identified and controlled, the organization is likely to suffer the same fate as that of Long Term Capital Management (LTCM), the US hedge fund that came close to financial collapse due to unexpected market events and behaviour in 1998.1 Financial markets enable participants to raise capital and exchange risks, so that one participant’s risk becomes another’s potential reward or offsets a risk they already have. Market participants then structure and trade these risks so as to either remove (that is, hedge) or take on additional risk in return for a given benefit or expected return; this latter activity is known as speculating. Risk may also be retained or additional risk taken on if there is a belief that the market is mispricing the cost of taking on this risk. This activity is known as relative value or richness/cheapness analysis and can have varying levels of sophistication. The aim of this trading strategy is to try to benefit from any mispricing by buying or selling the instruments involved on the assumption that the market will correctly price them in the future (resulting in a greater than expected return). If these mispricing result in a transaction which leaves no residual risk but rather a guaranteed return or profit, then this is called arbitraging. Arbitraging can also cause (through variations in supply and demand resulting in changes in prices) the mispricing to disappear and so plays

Page | 4
a vital role in the financial markets in ensuring different financial instruments are fairly priced. The brokers or intermediaries in this process earn commission by linking the two sides of a transaction together, exposing themselves to the minimum level of indirect risk while participating in the process. Market makers, where they exist in certain financial markets, add liquidity to the market by always being willing to either buy or sell a given financial instrument. These market participants are all taking different risks and making profits based on their unique business model. For example, market makers will try to maintain a relatively flat trading book with limited downside risk, but will make their profit from the bid/ask spread (the difference between the price financial instruments are bought and sold at). As a result, the participants in financial markets all have unique definitions and appetites for risk and require different tools to manage it. This explains why asset managers, hedge funds, corporate treasury departments and investment banks all require different tools and information to manage and control their risk profile while supporting their business model. It is therefore difficult to provide a ‘one size fits all’ approach to risk management. In particular, even within investment banks, each trading style results in its own unique risks that may differ greatly from those of its competitors.

Page | 5
RISK MANAGEMENT SYSTEMS
Directly or indirectly, people will only take on additional risk if they believe they can profit from it. However, no one will knowingly take on risks that could (in the event of probable market events) result in the destruction of the organization. It is this systematic risk that regulatory authorities focus on, ensuring that the failure of any one financial institution does not result in a domino effect that causes the entire financial system to collapse. The importance of risk measurement in this process cannot be underestimated. It is only once risks can be measured that they can be managed and controlled. The role of technology in risk management cannot be overstated. More complex organizational processes and financial instruments, together with rapidly changing external market conditions, have led to the requirement for more advanced models and faster computers to ensure all the risks are captured, modelled and understood in a timely manner. Even when trading simple financial instruments, the number of positions (or net transactions) and their different characteristics require complex visualization and reporting tools in order to ensure that there are no excessive concentrations or unexpected correlated exposures. In the past, the unique requirements of an organization, its IT environment and source of competitive advantage have led to the assumption that unique solutions and sets of tools are required to manage risk. Such ground-up approaches have had a high likelihood of failure, with everything from process to underlying systems up for redevelopment. Consolidation in the financial industry, together with convergence in opinions and approaches, has however shown that this may no longer be the case. Although the context of this problem (whether technological, business model, organizational structure or political) is still often unique, the general core concepts and development approaches are becoming more standardized. As a result, the time is fast approaching for financial institutions to concentrate on

Page | 6
what is unique to them and leverage what is now commonly accepted as generic or best practice in the industry. Much of the functionality required to create a risk management solution may already exist within the organization or can be purchased from external software vendors.

Page | 7
CHAPTER 2
TYPES OF RISK
 Systematic and Unsystematic Risk
Unsystematic risk, also known as "specific risk," "diversifiable risk" or "residual risk," is the type of uncertainty that comes with the company or industry you invest in. Unsystematic risk can be reduced through diversification. For example, news that is specific to a small number of stocks, such as a sudden strike by the employees of a company you have shares in, is considered to be unsystematic risk. Systematic risk, also known as "market risk" or "un-diversifiable risk", is the uncertainty inherent to the entire market or entire market segment. Also referred to as volatility, systematic risk consists of the day-to-day fluctuations in a stock's price. Volatility is a measure of risk because it refers to the behavior, or "temperament," of your investment rather than the reason for this behavior. Because market movement is the reason why people can make money from stocks, volatility is essential for returns, and the more unstable the investment the more chance there is that it will experience a dramatic change in either direction.
Interest rates, recession and wars all represent sources of systematic risk because they affect the entire market and cannot be avoided through diversification. Systematic risk can be mitigated only by being hedged. Systematic risk underlies all other investment risks. If there is inflation, you can invest in securities in inflation-resistant economic sectors. If interest rates are high, you can sell your utility stocks and move into newly issued bonds. However, if the entire economy underperforms, then the best you can do is

Page | 8
attempt to find investments that will weather the storm better than the broader market. Popular examples are defensive industry stocks, for example, or bearish options strategies.
Beta is a measure of the volatility, or systematic risk, of a security or a portfolio in comparison to the market as a whole. In other words, beta gives a sense of a stock's market risk compared to the greater market. Beta is also used to compare a stock's market risk to that of other stocks. Investment analysts use the Greek letter 'ß' to represent beta. Beta is used in the capital asset pricing model (CAPM), as we described in the previous section. Beta is calculated using regression analysis, and you can think of beta as the tendency of a security's returns to respond to swings in the market. A beta of 1 indicates that the security's price will move with the market. A beta of less than 1 means that the security will be less volatile than the market. A beta of greater than 1 indicates that the security's price will be more volatile than the market. For example, if a stock's beta is 1.2, it's theoretically 20% more volatile than the market.
Many utility stocks have a beta of less than 1. Conversely, most high-tech Nasdaq-based stocks have a beta greater than 1, offering the possibility of a higher rate of return, but also posing more risk.
Beta helps us to understand the concepts of passive and active risk. The graph below shows a time series of returns (each data point labeled "+") for a particular portfolio R(p) versus the market return R(m). The returns are cash- adjusted, so the point at which the x and y axes intersect is the cash-equivalent return. Drawing a line of best fit through the data points allows us to quantify the passive, or beta, risk and the active risk, which we refer to as alpha.

Page | 9
The gradient of the line is its beta. For example, a gradient of 1.0 indicates that for every unit increase of market return, the portfolio return also increases by one unit. A manager employing a passive management strategy can attempt to increase the portfolio return by taking on more market risk (i.e., a beta greater than 1) or alternatively decrease portfolio risk (and return) by reducing the portfolio beta below 1. Essentially, beta expresses the fundamental tradeoff between minimizing risk and maximizing return. Let's give an illustration. Say a company has a beta of 2. This means it is two times as volatile as the overall market. Let's say we expect the market to provide a return of 10% on an investment. We would expect the company to return 20%. On the other hand, if the market were to decline and provide a return of -6%, investors in that company could expect a return of -12% (a loss of 12%). If a stock had a beta of 0.5, we would expect it to be half as volatile as the market: a market return of 10% would mean a 5% gain for the company. (For further reading, see Beta: Know The Risk.)
Investors expecting the market to be bullish may choose funds exhibiting high betas, which increase investors' chances of beating the market. If an investor expects the market to be bearish in the near future, the funds that have betas less than 1 are a good choice because they would be expected to decline less in value than the index. For example, if a fund had a beta of 0.5 and the S&P 500 declined 6%, the fund would be expected to decline only 3%. (Learn more about volatility in Understanding Volatility Measurements and Build Diversity Through Beta.)

Page | 10
 Credit or Default Risk
Credit risk is the risk that a company or individual will be unable to pay the contractual interest or principal on its debt obligations. This type of risk is of particular concern to investors who hold bonds in their portfolios. Government bonds, especially those issued by the federal government, have the least amount of default risk and the lowest returns, while corporate bonds tend to have the highest amount of default risk but also higher interest rates. Bonds with a lower chance of default are considered to be investment grade, while bonds with higher chances are considered to be junk bonds. Bond rating services, such as Moody's, allows investors to determine which bonds are investment-grade, and which bonds are junk. (To read more, see Junk Bonds: Everything You Need To Know, What Is A Corporate Credit Rating and Corporate Bonds: An Introduction To Credit Risk.)
 Country Risk
Country risk refers to the risk that a country won't be able to honor its financial commitments. When a country defaults on its obligations, this can harm the performance of all other financial instruments in that country as well as other countries it has relations with. Country risk applies to stocks, bonds, mutual funds, options and futures that are issued within a particular country. This type of risk is most often seen in emerging markets or countries that have a severe deficit. (For related reading, see What Is An Emerging Market Economy?)

Page | 11
 Foreign-Exchange Risk
When investing in foreign countries you must consider the fact that currency exchange rates can change the price of the asset as well. Foreign-exchange risk applies to all financial instruments that are in a currency other than your domestic currency. As an example, if you are a resident of America and invest in some Canadian stock in Canadian dollars, even if the share value appreciates, you may lose money if the Canadian dollar depreciates in relation to the American dollar.
 Interest Rate Risk
Interest rate risk is the risk that arises for bond owners from fluctuating interest rates. How much interest rate risk a bond has depends on how sensitive its price is to interest rate changes in the market. The sensitivity depends on two things, the bond's time to maturity, and the coupon rate of the bond.
Interest rate risk analysis is almost always based on simulating movements in one or more yield curves using the Heath-Jarrow-Morton framework to ensure that the yield curve movements are both consistent with current market yield curves and such that no riskless arbitrage is possible. The Heath-Jarrow- Morton framework was developed in the early 1991 by David Heath of Cornell University, Andrew Morton of Lehman Brothers, and Robert A. Jarrow of Kamakura Corporation and Cornell University.
There are a number of standard calculations for measuring the impact of changing interest rates on a portfolio consisting of various assets and liabilities. The most common techniques include:

Page | 12
1. Marking to market, calculating the net market value of the assets and liabilities, sometimes called the "market value of portfolio equity"
2. Stress testing this market value by shifting the yield curve in a specific way.
3. Calculating the Value at Risk of the portfolio
4. Calculating the multi period cash flow or financial accrual income and expense for N periods forward in a deterministic set of future yield curves
5. Doing step 4 with random yield curve movements and measuring the probability distribution of cash flows and financial accrual income over time.
6. Measuring the mismatch of the interest sensitivity gap of assets and liabilities, by classifying each asset and liability by the timing of interest rate reset or maturity, whichever comes first.
7. Analyzing Duration, Convexity, DV01 and Key Rate Duration.
Interest rate risk at banks
The assessment of interest rate risk is a very large topic at banks, thrifts, saving and loans, credit unions, and other finance companies, and among their regulators. The widely deployed CAMELS rating system assesses a financial institution's: (C)apital adequacy, (A)ssets, (M)anagement Capability, (E)arnings, (L)iquidity, and (S)ensitivity to market risk. A large portion of the (S) ensitivity in CAMELS is interest rate risk. Much of what is known about assessing interest rate risk has been developed by the interaction of financial institutions with their regulators since the 1990s. Interest rate risk is unquestionably the largest part of the (S)ensitivity analysis in the CAMELS system for most banking institutions. When a bank receives bad CAMELS rating equity holders, bond holders and creditors are at risk of loss, senior managers can lose their jobs and the firms are put on the FDIC problem bank list.

Page | 13
See the Sensitivity section of the CAMELS rating system for a substantial list of links to documents and examiner manuals, issued by financial regulators, that cover many issues in the analysis of interest rate risk.
In addition to being subject to the CAMELS system, the largest banks are often subject to prescribed stress testing. The assessment of interest rate risk is typically informed by some type of stress testing.
 Political Risk
Political risk is a type of risk faced by investors, corporations, and governments. It is a risk that can be understood and managed with reasoned foresight and investment.
Broadly, political risk refers to the complications businesses and governments may face as a result of what are commonly referred to as political decisions or “any political change that alters the expected outcome and value of a given economic action by changing the probability of achieving business objectives”. Political risk faced by firms can be defined as “the risk of a strategic, financial, or personnel loss for a firm because of such nonmarket factors as macroeconomic and social policies (fiscal, monetary, trade, investment, industrial, income, labour, and developmental), or events related to political instability (terrorism, riots, coups, civil war, and insurrection).” Portfolio investors may face similar financial losses. Moreover, governments may face complications in their ability to execute diplomatic, military or other initiatives as a result of political risk.
A low level of political risk in a given country does not necessarily correspond to a high degree of political freedom. Indeed, some of the more stable states are

Page | 14
also the most authoritarian. Long-term assessments of political risk must account for the danger that a politically oppressive environment is only stable as long as top-down control is maintained and citizens prevented from a free exchange of ideas and goods with the outside world.
Understanding risk partly as probability and partly as impact provides insight into political risk. For a business, the implication for political risk is that there is a measure of likelihood that political events may complicate its pursuit of earnings through direct impacts (such as taxes or fees) or indirect impacts (such as opportunity cost forgone). As a result, political risk is similar to an expected value such that the likelihood of a political event occurring may reduce the desirability of that investment by reducing its anticipated returns.
There are both macro- and micro-level political risks. Macro-level political risks have similar impacts across all foreign actors in a given location. While these are included in country risk analysis, it would be incorrect to equate macro-level political risk analysis with country risk as country risk only looks at national-level risks and also includes financial and economic risks. Micro- level risks focus on sector, firm, or project specific risk
 Market Risk
This is the most familiar of all risks. Also referred to as volatility, market risk is the day-to-day fluctuation in a stock's price. Market risk applies mainly to stocks and options. As a whole, stocks tend to perform well during a bull market and poorly during a bear market - volatility is not so much a cause but an effect of certain market forces. Volatility is a measure of risk because it refers to the behavior, or "temperament", of your investment rather than the reason for this behavior. Because market movement is the reason why people

Page | 15
can make money from stocks, volatility is essential for returns, and the more unstable the investment the more chance there is that it will experience a dramatic change in either direction.

Page | 16
CHAPTER 3
NEED OF RISK MANAGEMENT
Since we need to keep our corporate in the business and have to deal with the uncertainty in the future so that it is a risky business. Environment always keep on changing. New things and complex technologies could introduce new risks. Today we are in the economy-of-speed world. So we cannot get away of risk or cannot completely get rid of risk. For example, internet has been shrank the world into a single large market. Banking becomes a 24-hour market places so business continuity plan is required.
Effective risk management will help us to improve performance in creating value to the firm by contributing to better service delivery, more effective manage of change, more efficient use of resources, better project management, minimizing waste, fraud and poor value for money, supporting innovation. Risk management brings incentives with fair and transparent for staffs, supports both offensive and defensive strategies for executives and effective use of risk-based capital allocation.
Risk management has been an important component of hospital administration in the US since the malpractice insurance crisis of the 1970s. Many thought that great progress was being made in managing the risks that contributed to patient harm and error, but important questions have recently been raised about the real impact of risk management on the risk of patient harm. Many patients continue to be harmed, often as a result of problems and processes long identified as being faulty. Recent data published by the insurance industry suggest that malpractice verdicts and settlements are also, once again, on the rise.

Page | 17
The Institute of Medicine's report “To err is human: building a safer health care system” published in November 1999 has been billed by many as a breakthrough report, exposing the frailties and the realities of the current US healthcare delivery system. To many in risk management this report did not contain new information. It did, however, create a sense of real frustration and sadness for many.
The purpose of risk management is to:
 Identify possible risks.
 Reduce or allocate risks.
 Provide a rational basis for better decision making in regards to all risks.
 Plan.
Assessing and managing risks is the best weapon you have against project catastrophes. By evaluating your plan for potential problems and developing strategies to address them, you'll improve your chances of a successful, if not perfect, project.
Additionally, continuous risk management will:
 Ensure that high priority risks are aggressively managed and that all risks are cost-effectively managed throughout the project.
 Provide management at all levels with the information required to make informed decisions on issues critical to project success.
If you don't actively attack risks, they will actively attack you!!

Page | 18
CHAPTER 4 RISK MANAGEMENT PROCESS
1:- Establishing the context
This involves:
1. identification of risk in a selected domain of interest
2. planning the remainder of the process
3. mapping out the following:
o the social scope of risk management
o the identity and objectives of stakeholders
o the basis upon which risks will be evaluated, constraints.
4. defining a framework for the activity and an agenda for identification
5. developing an analysis of risks involved in the process
6. mitigation or solution of risks using available technological, human and organizational resources
2 :- Identification and assessment A first step in the process of managing risk is to identify potential risks. The risks must then be assessed as to their potential severity of loss and to the probability of occurrence.
After establishing the context, the next step in the process of managing risk is to identify potential risks. Risks are about events that, when triggered, cause problems or benefits. Hence, risk identification can start with the source of our problems and those of our competitors (benefit), or with the problem itself.

Page | 19
 Source analysis- Risk sources may be internal or external to the system that is the target of risk management (use mitigation instead of management since by its own definition risk deals with factors of decision-making that cannot be managed).
Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an airport.
 Problem analysis- Risks are related to identified threats. For example: the threat of losing money, the threat of abuse of confidential information or the threat of human errors, accidents and casualties. The threats may exist with various entities, most important with shareholders, customers and legislative bodies such as the government.
When either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. For example: stakeholders withdrawing during a project may endanger funding of the project; confidential information may be stolen by employees even within a closed network; lightning striking an aircraft during takeoff may make all people on board immediate casualties.
The chosen method of identifying risks may depend on culture, industry practice and compliance. The identification methods are formed by templates or the development of templates for identifying source, problem or event. Common risk identification methods are:
 Objectives-based risk identification- Organizations and project teams have objectives. Any event that may endanger achieving an objective partly or completely is identified as risk.
 Scenario-based risk identification - In scenario analysis different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or

Page | 20
an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk – see Futures Studies for methodology used by Futurists.
 Taxonomy-based risk identification - The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks.
 Common-risk checking- In several industries, lists with known risks are available. Each risk in the list can be checked for application to a particular situation.
 Risk charting - This method combines the above approaches by listing resources at risk, threats to those resources, modifying factors which may increase or decrease the risk and consequences it is wished to avoid. Creating a matrix under these headings enables a variety of approaches. One can begin with resources and consider the threats they are exposed to and the consequences of each. Alternatively one can start with the threats and examine which resources they would affect, or one can begin with the consequences and determine which combination of threats and resources would be involved to bring them about

Page | 21
Risk Assessment
Once risks have been identified, they must then be assessed as to their potential severity of impact (generally a negative impact, such as damage or loss) and to the probability of occurrence. These quantities can be either simple to measure, in the case of the value of a lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring. Therefore, in the assessment process it is critical to make the best educated decisions in order to properly prioritize the implementation of the risk management plan.
Even a short-term positive improvement can have long-term negative impacts. Take the "turnpike" example. A highway is widened to allow more traffic. More traffic capacity leads to greater development in the areas surrounding the improved traffic capacity. Over time, traffic thereby increases to fill available capacity. Turnpikes thereby need to be expanded in a seemingly endless cycles. There are many other engineering examples where expanded capacity (to do any function) is soon filled by increased demand. Since expansion comes at a cost, the resulting growth could become unsustainable without forecasting and management.
The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents. Furthermore, evaluating the severity of the consequences (impact) is often quite difficult for intangible assets. Asset valuation is another question that needs to be addressed. Thus, best educated opinions and available statistics are the primary sources of information. Nevertheless, risk assessment should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized. Thus, there have been several theories and attempts to

Page | 22
quantify risks. Numerous different risk formulae exist, but perhaps the most widely accepted formula for risk quantification is:
Rate (or probability) of occurrence multiplied by the impact of the event equals risk magnitude
Create the plan Decide on the combination of methods to be used for each risk
A business plan is a formal statement of a set of business goals, the reasons they are believed attainable, and the plan for reaching those goals. It may also contain background information about the organization or team attempting to reach those goals.
Business plans may also target changes in perception and branding by the customer, client, taxpayer, or larger community. When the existing business is to assume a major change or when planning a new venture, a 3 to 5 year business plan is required, since investors will look for their annual return in that timeframe.
Business plans are decision-making tools. There is no fixed content for a business plan. Rather, the content and format of the business plan is determined by the goals and audience. A business plan represents all aspects of business planning process declaring vision and strategy alongside sub-plans to cover marketing, finance, operations, human resources as well as a legal plan, when required. A business plan is a summary of those disciplinary plans.
For example, a business plan for a non-profit might discuss the fit between the business plan and the organization’s mission. Banks are quite concerned about

Page | 23
defaults, so a business plan for a bank loan will build a convincing case for the organization’s ability to repay the loan. Venture capitalists are primarily concerned about initial investment, feasibility, and exit valuation. A business plan for a project requiring equity financing will need to explain why current resources, upcoming growth opportunities, and sustainable competitive advantage will lead to a high exit valuation.
Preparing a business plan draws on a wide range of knowledge from many different business disciplines: finance, human resource management, intellectual property management, supply chain management, operations management, and marketing, among others. It can be helpful to view the business plan as a collection of sub-plans, one for each of the main business disciplines.
"A good business plan can help to make a good business credible, understandable, and attractive to someone who is unfamiliar with the business. Writing a good business plan can’t guarantee success, but it can go a long way toward reducing the odds of failure."
A plan defines everything about your build process, including what gets built, how the build is triggered and what jobs are executed.
This section describes how to:
 Create a new plan
 Clone an existing plan

Page | 24
Implementation Follow all of the planned methods for mitigating the effect of the risks. Purchase insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risks that can be without sacrificing the entity's goals, reduce others, and retain the rest. . Review and evaluation of the plan Initial risk management plans will never be perfect. Practice, experience, and actual loss results, will necessitate changes in the plan and contribute information to allow possible different decisions to be made in dealing with the risks being faced.

Page | 25
CHAPTER 5 TOOLS AND TECHNIQUES OF RISK MANAGEMENT Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories:  Avoidance  Reduction  Retention  Transfer Ideal use of these strategies may not be possible. Some of them may involve tradeoffs that are not acceptable to the organization or person making the risk management decisions. RISK AVOIDANCE Includes not performing an activity that could carry risk. An example would be not buying a property or business in order to not take on the liability that comes with it. Another would be not flying in order to not take the risk that the plane were to be hijacked. Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of earning the profits. RISK REDUCTION Involves methods that reduce the severity of the loss. Examples include sprinklers designed to put out a fire to reduce the risk of loss by fire. This

Page | 26
method may cause a greater loss by water damage and therefore may not be suitable. Halon fire suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy. RISK RETENTION Involves accepting the loss when it occurs. True self-insurance falls in this category. All risks that are not avoided or transferred are retained by default. Every profit-making organization assumes certain business risks every day it is in operation. Many businesses have begun to realize that they can also profitably assume some of the risks that they have in the past, transferred to an insurance company. In fact, there is greater predictability with some insurance risks than most business risks encountered.
The reasons risk retention can be beneficial are:
There is a charge for risk transfer to an insurance company, which is generally 40% to 50% more than is paid in losses, depending on the type of coverage and the amount of premium involved.
It is inordinately expensive to document and settle relatively small losses, particularly when management time is considered. The collection of small losses can frequently have an adverse effect on future insurance costs.
RISKS ALREADY RETAINED
Most organizations already retain some insurance risks. For example
They have deductibles applicable to portions of your existing property and income coverages. Have self-insured retention on some of their liability coverages.They have no insurance coverage on various catastrophes such as flood and earthquake

Page | 27
RISK TRANSFER
Definition of 'Transfer of Risk'
“The underlying tenet behind insurance transactions. The purpose of this action is to take a specific risk, which is detailed in the insurance contract, and pass it from one party who does not wish to have this risk (the insured) to a party who is willing to take on the risk for a fee, or premium (the insurer).
For example, whenever someone purchases home insurance, he or she is essentially paying an insurance company to take the risk involved with owning a home. In the event that something does happen to the house, such as property damage from a fire or natural disaster, the insurance company will be responsible for dealing with any resulting consequences.
In today's financial marketplace, insurance instruments have grown more and more intricate and complex, but the transfer of risk is the one requirement that is always met in any insurance contract.” Means causing another party to accept the risk, typically by contract. Insurance is one type of risk transfer. Other times it may involve contract language that transfers a risk to another party without the payment of an insurance premium. Liability among construction or other contractors is very often transferred this way. Some ways of managing risk fall into multiple categories. Risk retention pools are technically retaining the risk for the group, but spreading it over the whole group, involves transfer among individual members of the group. This is different from traditional insurance, in that no premium is exchanged between members of the group.

Page | 28
CHAPTER 6
CONTROVERSIAL ISSUES IN RISK MANAGEMENT
Risk analysis has become a routine procedure in assessing, evaluating, and managing harm to humans and the environment. However, there has been fierce debate over the legitimate role of risk analysis for regulatory decision making. The debate centers around
Five major themes.
1. Realism versus constructivism.
2. The relevance of public concerns revealed through perception studies as criteria for risk regulation.
3. The appropriate handling of uncertainty in risk assessments.
4. The legitimate role of
“Science-based”versus“precaution-based “management approaches.
5. The optimal integration of analytic and deliberative processes.
The following sections will first introduce each of these five themes in more detail and develop some major insights for risk evaluation and management.
These insights will then serve as heuristic tools for the presentation and explanation of our own approach to risk evaluation and management Realism Versus Constructivism.
The first major debate in the risk management community touches on the philosophical question of constructivism versus realism. For a philosophical review of the two “risk camps,” see Shrader-Frechette (1991), Bradbury (1989), and Clarke and Short (1993:379–382). Many risk scholars have questioned the possibility of conducting objective analysis of risk. The issue here is whether technical risk estimates represent “objective” probabilities of harm or reflect only conventions of an elite group of professional risk assessors that may claim no more degree of validity or universality than competing estimates of stakeholder groups or the lay public. Reviews of the implications of a

Page | 29
constructivist versus a realist concept of risk can be found in Bradbury (1989) and Renn(1992). A pronounced constructivist approach can be found in Hillgartner (1992), Luhmann (1993), Adams (1995), or in a recent German book by K. Japp,SoziologischeRisikotheorie(1996). Realist perspectives in the social sciences on risk and environment can be found in Catton (1980), Dunlap (1980), Dickens (1992), and Rosa (1998)
Public Concerns as Criteria for Risk Regulation The second major debate is closely linked to the first. It refers to the issue of inclusion. Many social scientists, in particular those who claim that risk is a social construction rather than a representation of real hazards, have argued in favor of integrating public concerns into the regulatory decision process (e.g. Freudenberg & Pastor, 1992). The key issue here is public involvement in defining tolerable risk levels
(Lynn, 1990). Since it is the people, so goes the argument, who are affected by the potential harm of technologies or other risk-inducing activities, it should be
their prerogative to determine the level of risk that they judge tolerable for themselves and their community (Webler, 1999; Harrison & Hoberg, 1994).
Many technical experts have argued forcefully against this proposition: they argue that sensational press coverage and intuitive biases may misguide public perceptions. Ignorance or misperceptions should not govern the priorities of risk management. Spending large sums of money for reducing minor risks that fuel public concerns and ignoring risks that fail to attract public attention may lead to a larger number of fatalties than necessary (cf. Leonard & Zeckhauser, 1986;
Cross, 1992;Okrent, 1996). If one spends a fixed budget in proportion to lives saved, the public at large would benefit the most.
The debate on the legitimate role of risk perception in evaluating and managing risks has been going on for the last two or three decades.7 Defining risk as a combination of hazard and outrage, as Peter Sandman suggested, has been the

Page | 30
fragile but prevailing compromise in this debate, at least in the United States(Sandman, 1988). Although the formula of “risk equals to hazard and outrage” does not provide any clue of how to combine scientific assessments with public perceptions, it provides a conceptual, though often ritual, foundation for the general attitude of risk management agencies. Again, the debate has not come to an end (and probably will never come to an end), but any reasonable risk management approach needs to address the question of inclusion
The Appropriate Handling of Uncertainty in Risk Assessments The third debate in the professional risk community centers around the handling of uncertainty (van Asselt, 2000). This topic has been one of the most popular themes in the professional community for many years, but is has reemerged in recent time for several reasons.
Philosophers of science and risk have pointed out that the term “uncertainty”
implies a portfolio of different aspects that are often ne-elected or amalgamated in risk analysis (cf.Funtowicz &Rivets, 1990).Advances in mathematics and modeling have made it possible to be more precise in calculating variability among humans or other risk targets. The general convention of using safety factors of 10 or 100 as a means to include inter individual variation can now be replaced by more precise and adequate modeling tech-inquest (Hattis & Markowitz, 1997).The new global risks such as climate change or sea-level rise have turned the attention of many analysts to issues of indeterminacy, stochastic effects, and nonlinear relationships. Although these topics are not new to the risk
Community, they have triggered a new debate over the umbrella term“uncertainty”and how it should be decomposed and handled (Wynne,1992; Lave & Dowlatabadi, 1993).Several suggestions have been made in the pastures to distinguish several components of uncertainty. It is obvious that probabilities themselves rep-resent only an approximation to predict uncertain Events. These

Page | 31
predictions are characterized, however, by additional components of uncertainty. It seems prudent to include these other uncertainty compo-nets in one’s risk management procedure. Which other components should be included? There is no established classification of uncertainty in the literal-
true (see von Hasselt, 2000, for a review; cf. Stirling,1998:102). Authors use different terms and descriptions, such as incertitude, variability, indeterminacy, ignorance, lack of knowledge, and others. A new risk management approach should look into these differ-end types of uncertainty and find appropriate ways of Risk-Based” Versus “Precaution Based” Management Approaches The fourth debate picks up the question of how to evaluate uncertainties and transfers this problem into the domain of risk management. As stated in Section1, the assessment of risks implies a normative man-date. Most people feel a moral obligation to prevent
harm to human beings and the environment. Risk an-lasts are asked to provide the necessary scientific in-put to assist risk managers in this task. Since there
are more risks in the world than society could handle at the same time, risk management always implies the task of setting priorities. The conventional solution to this problem has been to design risk reduction policies in proportion to the severity of the potential effects (Crouch & Wilson, 1982; Mazur, 1985).
Severity has been operationalized as a linear combo-nation of magnitude of harm and probability of occurrence. Risk-risk comparisons constitute the most
appropriate instrument in this perspective for set-ting risk management priorities (cf. Merkhofer, 1987;Wilson & Crouch, 1987; Cohen, 1991).
The most significant argument against the pro-portioned risk management approach comes from the analysis of uncertainty (Cooke, 1991; Marcus, 1988).
Most risk data constitute aggregate results over large segments of the population and long-time duration (Funtowicz&Rivets, 1987). In addition, there are
problems of extrapolation and dealing with random events and ignorance. The risk community has been

Page | 32
trying to respond to this challenge by sharpening its analytical tools, particularly with respect to character-sizing and expressing uncertainties. Progress has been
made, particularly in modeling variability, but some issues, such as the treatment of indeterminacies, re-main unresolved. An alternative approach has been to change man-agreement strategies and add new perspectives to the way of coping with uncertainties. Rather than in-vesting all efforts to gain more knowledge about the different components of uncertainty, one can try to develop better ways to live or co-exist with un-certainties and ignorance. The new key words here
are: resilience, vulnerability management, robust re-sponge strategies, and similar concepts (Collingridge,1996; WBGU, 2000). According to these concepts, risk management is driven by making the social sys-tem more adaptive to surprises and, at the same time, allowing only those human activities or inter-
venations that can be managed even in extreme situations (regardless of the probability of such extremes to occur).In the risk management literature these two approaches have been labeled science-based and precaution-based strategies (cf. O’Riordan &Cameron, 1994; Sterling, 1999; Klink & Renn,2001). This labelingis rather problematic since the second approach, which rests on precaution and resilience, needs at least as much scientific input asthefirst approach (cf. Charnley& Elliott, 2000). We prefer the term “risk- based strategy “for the first approach. With the denotation of “risk” it becomes clear that management relies on the numerical assessment of probabilities and potential damages, while the denotation of “precaution” implies prudent handling of uncertain or highly vulnerable situations. Over the last few years, advocates of risk-based and precaution-based approaches have launched a fierce debate over the legitimacy of each of their approaches. Advocates of the risk- based approach argue that precautionary strategies ignore scientific resultsand

Page | 33
lead to arbitrary regulatory decisions(Cross, 1996). The advocates of the precautionary approach have argued that precaution does no

Page | 34
CHAPTER 7
ADVANTAGES OF THE RISK MANAGEMENT The benefits of implementing a systematic risk management process are both long-term and short-term. In fact, each phase of the risk management effort, right from identifying risks, assessing risks to coming up with mitigation strategies, has its own benefits and they are listed as follows. Risk Identification Benefits: Identifying risks is by far the most crucial phase of the risk management process. The most obvious benefit is that all the risks that are identified at the start of a project are considered in the mitigation strategies. This in turn, implies all risks that are identified are most likely to be potentially resolved in a planned manner without affecting the objectives of the project and the end result. Another benefit of risk identification is that all assumptions are listed down and analyzed. Analysis of assumptions is an important step in removing potential inaccuracies and inconsistencies at the start of the process itself. Now, risks need not always be negative. Positive risks (opportunities that were not a part of the original project plan) are often stumbled upon during the identification phase and you can carry out appropriate actions to make the most of the occurrence of these "opportunity" risks. This will in turn have a positive impact on the entire project or business.
Risk Assessment Benefits:
This phase entails focusing on each identified risk and assessing its impact on the project or business. The measures planned to eliminate or minimize the risks assessed, are a result of a constructive debate or discussion among the various stakeholders. The greatest advantage of this process is that it serves to bring the various views onto the table and in the process of finalizing potential

Page | 35
solutions, everyone is brought to the same page. This in turn brings forth a sense of accountability in all stakeholders (including external vendors, contractors, etc.),which is one of the goals of risk management. Participation in the risk assessment activity also serves to promote an organizational culture where everyone is "risk aware" and able to appreciate how their performance is going to be measured and rewarded. In addition, as a result of the cost-benefit analysis, contractual procedures can be revised for pricing terms, deadlines etc., based on the assessed risk factors.
Risk Analysis and Evaluation Benefits:
It is a subset of the risk assessment process, where each risk is described along with its attributes such as significance and likelihood of occurrence, recommendation to minimize risks and stakeholder profiles, etc. Each risk is mapped to a business function or process which results in allocation of ownership of the risk. Changes to policy, setting up contingencies etc., are the benefits of a successful analysis and evaluation exercise.
Risk Treatment Benefits.
Once the risk profiles have been finalized, graded, prioritized and evaluated, the next step is to implement the plan. Through internal controls (including policy decisions) and compliance regulations the mitigation strategies are brought into action. Negative risks or "threats" are not met with shock or surprise and opportunity risks are not forsaken due to lack of preparation and planning. The important benefits of operational efficiencies and profitability are realized upon successful treatment of risks in this phase.

Page | 36
Risk Monitoring and Review Benefits
Risk management is not a one-time activity. Continuous risk monitoring and review of risk treatment plans underpin a successful business strategy. This activity provides long-term benefits in terms of lessons learned for better risk management strategies in future and the effectiveness of the risk treatment measures, which will undoubtedly come in handy for subsequent projects. In comparison to not having a risk strategy at all, the benefits of risk management to businesses are, in summary, as below.
Awareness of Significant Risks:
The most significant threat to a business i.e., total failure can be avoided by identifying and planning for the most significant risks and communicating them across the board to all stakeholders. Saving on Cost and Time: A preemptive approach to the threats in a project or business through risk management, always results in significant cost savings and prevents wastage of time and effort in firefighting.
Discovering Opportunities
Instead of being unprepared for the opportunities that unravel during the course of a project or business, risk management can help plan and prepare for them.
Harvesting Reusable Knowledge
Risk management is an exhaustive effort with inputs from various stakeholders and their experiences and insights. This collective know-how, or at least

Page | 37
significant parts of it, can be reused for future endeavors. A single risk management plan can provide ready templates for successive plans to start from, instead of reinventing the wheel. This is probably the single most useful long-term benefit.
Risk management helps in making better decisions by forecasting important threats and opportunities of a project or business. While some benefits are realized from the initial phases of a project, the "hidden" benefits often surface much later. There's no doubt that a good risk management plan is the cornerstone of successful enterprises.

Page | 38
CHAPTER 8
DISADVANTAGES OF RISK MANAGEMENT
Talking out a team-mate into something he strongly believes is a waste of time can be tricky. He is showing signs of cynicism which may not be healthy if you’re an idealist whose goal is to smooth sail a dream project into reality as possible. Let’s first break down the possible reasons why he just can’t bear giving risk management a chance.
Disadvantages of Risk Management:
 Cost
This module will shell out cash from the company funds. Companies will have to improve their cash generating tactics in order to provide means for training and maintenance for something that hasn’t happened yet.
 Training
The time spent for development and research will have to be allocated for training to ensure proper execution of risk management.
 Motivation.
Employees that are already accustomed to their mundane activities need to adjust to new measures.
 Underestimating Risk
Risk analyses can provide insight into potential liabilities, but no assessment is entirely accurate. A company’s estimates could be far off the mark. For example, a company might decide to put aside money to

Page | 39
cover its losses in the event of an earthquake. It might have financial predictions for how much damage an earthquake would do, but a record- breaking earthquake could cause damage that greatly exceeds those estimates. As a result of its underestimation, the company might not have the funds to cover the losses.
 Overestimating Risk
Risk can also be overestimated, resulting in steep opportunity costs. For instance, suppose the company puts aside large sums of money to cover losses due to an earthquake. If no earthquakes occur, or a quake causes much less damage than predicted, those reserved funds represent missed opportunities. Instead of reserving the money, the company could have invested it in research and development or in opening new locations to reach more customers. Overestimating risk can cause a company to overcompensate, thus losing money that could go into business opportunities.
 No Clear Path
Risk retention is often appropriate when the cost of insuring against a potential problem outweighs the financial burden the problem itself would impose. For example, it usually doesn’t make sense to buy insurance for a small risk. But that's another disadvantage of risk retention: It’s not always clear whether it’s better to buy insurance or retain risk. A company might lose money because it bought insurance, or it might lose money because it didn't buy insurance.

Page | 40
 Considerations
Insurance companies use advanced statistical analyses to guide their decisions, but small businesses don’t have their resources. As a result, sometimes retaining risk is just a guessing game. There’s just no simple recipe for deciding which risks you should transfer and which you should retain. If you’re not sure, the most effective approach is to ask experts in your industry to assess your risk profile and design a risk management plan.

Page | 41
CHAPTER 9
NESTLÉ (FOOD/BEVERAGE) NESTLÉ CHOOSE ACTIVE RISK MANAGER TO MANAGE ENTERPRISE RISK ACROSS ITS OPERATIONS WORLDWIDE AFTER IT EVALUATED 14 DIFFERENT RISK MANAGEMENT SOLUTIONS.
Overview
Nestlé was looking for a consistent method to manage risk across the multi- national operation. The fact that Active Risk Manager is web-based means that countries will be able to share information, update and monitor risk information in an effective and efficient way.
Marc Schaedeli, Head of Risk Management at Nestlé explained, “Of all those products evaluated, Active Risk Manager best suited our requirements. Other products could provide part of what was needed but not everything and many of them were also too complex. Active Risk Manager gave us what we were looking for.”
“We also felt that Active Risk Manager would be able to reflect the way we work. We did not want to change our process just to fit with a new system.” Marc Schaedeli continued, “We plan to use Active Risk Manager for both project risk assessment and business risk management. Nestlé products grow through innovation and renovation and Active Risk Manager will help us to manage many different types of project. Consolidating data will also enable us to get a better overview of the business processes and their potential risks.”
Charles Long ridge, Director of Business Development for EMEA at Sword Active Risk said, “We are very excited to be working with such a leading global manufacturer and will look to Nestlé as a key sector influencer in the supply-chain risk management and Sarbanes Oxley compliance. We look

Page | 42
forward to providing a positive return to Nestlé with improved risk mitigation strategies and increasing profit margins.”
Marc Schaedeli concluded, “We believe Active Risk Manager will provide the right information to the right people at the right time which will help Nestlé to fulfill its company priority – to bring highest quality products to people, wherever they are, whatever their needs, throughout their lives.”
About Nestlé
Nestlé, with headquarters in Vevey, Switzerland was founded in 1866 by Henri Nestlé and is today the world’s biggest food and beverage company with factories or operations in practically every country in the world.
Active Risk Manager
Active Risk Manager (ARM) is the world’s leading Enterprise Risk Management solution covering corporate, strategic, process, product, project, supply chain, business continuity, reputation, health and safety, incident management risks and opportunities, corporate governance and compliance.
ARM is widely used for risk management on major complex projects and by some of the world’s largest and most respected organizations across a range of industries.
Sword Active Risk, formerly Strategic Thought Group was founded in 1987 and has offices in the UK, USA, Australia and the Middle East, servicing customers worldwide directly and through a growing network of partners.

Page | 43
CHAPTER 10
RECOMMENDATION
1. Nestle can manage its market risk by introducing more innovative & diversifiable product. Currently Nestle is more focused in premium milk products like condense milk, curd, milk powder. Company can do so by going deeper in milk products which has good profit margins such as butter milk, Ghee, paneer, milk based drinks
2. Nestle can manage its financial risk by properly diversifying the funds in different sectors for example: by investing in Derivate instruments, Hedging products, Gold, Forex etc.
3. Nestle can transfer its risk related to assets, operations, products etc. by taking insurance products. For example Nestle can insured its assets by taking general insurance of the various assets, transit insurance of goods/products, key man insurance.

Page | 44
CHAPTER 11
CONCLUSION
The Risk Management Index is the first systematic and consistent international technique developed to measure risk management performance. The conceptual and technical bases of this index are robust, despite the fact that it is inherently subjective. The RMI permits a systematic and quantitative bench-marking of each country during different periods, as well as comparisons across countries. This index enables the depiction of disaster risk management at the national level, but also at the subnational and urban level, allowing the creation of risk management performance benchmarks in order to establish performance targets for improving management effectiveness.
The RMI is novel and far more wide-reaching in its scope than other similar attempts in the past. It is certainly the one that can show the fastest rate of change given improvements in political will or deterioration of governance.
This index has the advantage of being composed of measures that directly map sets specific decisions/actions onto sets of desirable outcomes. Al-though the method may be refined or simplified in the future, its approach is quite innovative because it allows the measurement of risk management and its feasible effectiveness.

Page | 45
CHAPTER 12
 BIBLIOGRAPHY
1. Strategic Risk Management - Goel publication.
2. Financial Risk Management - Pranana chanrda.
3. Risk Management – Financial Markets, Semester 6

Risk management

More Related Content

What's hot

Similar to Risk management

More from kartikganga

Recently uploaded

Risk management