Document

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 13

RISK MANAGEMENT DEFINED

Risk management is the process of measuring or assessing risk and developing strategies to
manage it. Risk management is a systematic approach in identifying, analyzing and controlling
areas or events with a potential for causing unwanted change. Risk management is the act or
practice of controlling risk. It includes risk planning, assessing risk areas, developing risk
handling options, monitoring risks to determine how risks have changed and documenting
overall risk management program.

BASIC PRINCIPLES OF RISK MANAGEMENT

Risk Management 165

The International Organization of Standardization (ISO) identifies the basic principles of risk
management.

Risk management should:

1. Create value resources spent to mitigate risk should be less than the consequence of
inaction, i.e., the benefits should exceed the costs

2. Address uncertainty and assumptions

3. Be an integral part of the organizational processes and decision-making

4. Be dynamic, iterative, transparent, tailorable, and responsive to change


5. Create capability of continual improvement and enhancement considering

The best available information and human factors

6. Be systematic, structured and continually or periodically reassessed

PROCESS OF RISK MANAGEMENT

According to the Standard ISO 31000 “Risk management Principles and Guidelines on
Implementation, “the process of risk management consists of several steps as follows:

1. Establishing the Context. This will involve

a. Identification of risk in a selected domain of interest

b. Planning the remainder of the process.

c. Mapping out the following:

i. The social scope of risk management

ii. the identity and objectives of stakeholders

the basis upon which risks will be evaluated, constraints.

d. Defining a framework for the activity and an agenda for identification.


e. Developing an analysis of risks involved in the process.

f. Mitigation or Solution of risks using available technological, human and


organizational resources.

2. Identification of potential risks. Risk identification can start with the analysis of the
source of problem or with the analysis of the problem itself. Common risk identification
methods are:

A. Objective-based risk

b. Scenario-based risk

c. Taxanomy-based risk

d. Common-risk checking

e. Risk charting

3. Risk assessment. Once risks have been identified, their potential severity of impact and
the probability of occurrence must be assessed. The assessment process is critical to make
the best educated decisions in prioritizing the implementation of the risk management
plan.

ELEMENTS OF RISK MANAGEMENT


For the most part, the performance of assessment methods should consist of the following
elements:

1. Identification, characterization, and assessment of threats

2. Assessment of the vulnerability of critical assets to specific threats

3. Determination of the risk (i.e. the expected likelihood and consequences of specific types
of attacks on specific assets)

4. Identification of ways to reduce those risks

5. Prioritization of risk reduction measures based on a strategy

I. Risks Associated With Investments

Although a single risk premium must compensate the investor for all the uncertainty
associated with the investment, numerous factors may contribute to investment uncertainty.
The factors usually considered with respect to investments are business risk

Financial risk

Liquidity risk

Default risk
Interest rate risk

Management risk

Purchasing power risk.

II. Risks Associated With Manufacturing, Trading And Service Concerns

A. Market Risk

Product Risk

O Complexity Obsolescence

0 Research and Development

O Packaging

O Delivery of Warranties

Competitor Risk

• Pricing Strategy

O Market Share
O Market Strategy

B. Operations Risk

Process Stoppage Health and Safety

After Sales Service Failure

Environmental

Technological Obsolescence

Integrity

• Management Fraud

O Employee Fraud

• Illegal Acts

C. Financial Risk

Interest Rates Volatility

Foreign Currency

Liquidity Derivative
Viability

D Business Risk

Regulatory Change

Reputation

Political

Regulatory and Legal

Shareholder Relations

Credit Rating

Capital Availability

Business Interruptions

POTENTIAL RISK TREATMENTS

ISO 31000 also suggests that once risks have been identified and assessed, techniques to
manage the risks should be applied. These techniques can fall into one or more of these four
categories:

Avoidance
Reduction

Sharing

Retention

AREAS OF RISK MANAGEMENT

Risk Management 173

As applied to corporate finance, risk management is the technique for measuring, monitoring
and controlling the financial or operational risk on a firm’s balance sheet.

The Basel II framework breaks risks into market risk (price risk), credit risk and operational
risk and also specifies methods for calculating capital requirements for each of these
components.

1. Enterprise risk management


2. Risk management activities as applied to project management

4. Risk management for megaprojects

5. Risk management of information technology

6. Risk management techniques in petroleum and natural gas


SEC Requirement Relative to Enterprise Risk Management of Publicly- Listed Corporation

SEC Code of Governance Recommendations 2.11 and corresponding explanation provide the
following

“The Board should oversee that a sound enterprise risk management (ERM)

Framework is in place to effectively identify, monitor, assess and manage key

Business risks. The risk management framework should guide the Board in identifying
units/business lines and enterprise-level risk exposures, as well as the effectiveness of risk
management strategies.

RISK MANAGEMENT FRAMEWORK

The Board should oversee that a sound enterprise risk management (ERM) framework is in place
to effectively identify, monitor, assess and manage key business risks. The risk management
framework should guide the Board in identifying units/business lines and enterprise-level risk
exposures, as well as the effectiveness of risk management strategies.

STEPS IN THE RISK MANAGEMENT PROCESS

To enhance management’s competence in their oversight role on risk management the following
steps may be followed:

1. Set up a separate risk management committee chaired by a board member.


• Creation of a risk management committee as board level will demonstrate the firm’s
commitment to adopt an integrated company-wide risk management system

2. Ensure that a formal comprehensive risk management system is in place. This fully
documented formal system will provide a clear vision of the board’s desire for an
effective company-wide risk management as well as awareness of the risks, internal and
external, that the company faces.

3. Assess whether the formal system possesses the necessary elements.

The key elements that the company-wide risk management system should possess are

a) Goals and objectives

b) Risk language identification

c) Organization structure and

d) The risk management process documentation.

The risk organizational structure should include formal charters, levels of authorization reporting
lines and job description.

The risk management process shall include the following steps:

a) Assessment risks: Identification; Determination of their


Source, b) Development actions plans: Reduce, avoid, retain, transfer or exploit

b) Implementation of action plans

c) Monitoring and reporting risk management performance.

d) Continuous improvement risk management capabilities.

176 Chapter 11

4. Evaluate the effectiveness of the various steps in the assessment of the comprehensive
risks faced by the business firm.

Risk assessment step which includes risks identification and determination of their sources and
measurement, represents the foundation for the rest of the procedures. This step is performed by
responsible managers, i.e., finance officers, production managers marketing managers and
human resource managers.

This process culminates in the presentation of the risk profile or risk map to the board of
directors.
5. Assess if management has developed and implemented the suitable risk management
strategies and evaluate their effectiveness.

The risk profile highlights all the significant possible risks identified, prioritized and measured
by the risk management system.

Strategies are developed to manage and resolve these identified risks. These will include the
process, people, management feedback methodologies and systems.
Strategies may include avoidance, reduction, transfer, exploitation and retention of risks.

6. Evaluate if management has designed and implemented risk management capabilities.

Directors must continue to monitor and assess if management has been implementing designed
risk management capabilities.

Risk management capabilities include processes, people, reports, methodologies and


technologies needed. These components should be complete, and aligned for the risk
management structure to function effectively.

7. Assess management’s efforts to monitor overall company risk management performance


and to improve continuously the firm's

Capabilities.

Risk management performance must be monitored on a continuing basis and organization must
be ready to innovate their approaches to be in line with the changing lines.

Risk Management 177

Monitoring is done by all concerned parties such as senior managers, process owners and risk
owners.

An independent reviewer can also be appointed to validate results.

8. See to it that best practices as well as mistakes are shared by all. This involves regular
communication of results and feedbacks to all concerned.
These should be an open communication channel to ensure that all risk management participant
particularly senior management, are informed of risk incidents or threat of risk incident. This will
go a long way towards attaining the company’s risk management vision.

9. Assess regularly the level of sophistication of the firm’s risk management system.

10. Hire experts when needed.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy