business risk management policy

7/30/2019 Business Risk Management Policy

1/19

R ISK AND ITS MANAGEMENT

The term Risk in simple

words means The

difference between an

expected return and the

realized return of the

business, of an investment

etc. Risk is always

attached with the business

or of an investment where

there is a chance of high

return for the principal

party

High Risk

High Return

Low Risk

Low Return

Businesses or individualsface variety of Risk or

Uncertainty during

decision making e.g. a

person want to invest his

two million rupees he can

deposit in National

Savings to earn fixed

monthly income and have

option to invest foreign

exchange like dollar to

earn more money. In later

case there is a chance of

more profit as well as

change of loss. The losses

can also be categories into

Direct losses Vs Indirect

losses

Direct losses are those

losses which cannot be

minimized or unavoidable

e.g. due to failure of

Electricity Company will

bear direct loss in the

form of direct labor cost,

wasted motions and

production of product but

on the other hand indirect

losses are those losses

which can be minimized

or avoidable. For abusiness concern indirect

losses

are extremely important

major types of indirect

losses arise from risks

faced by business

concerns are

1. Loss of normal

profit the

major

examples are


2/19

sudden

decrease in

earning

available for

common

stockholders

2. Extra

Operating

Expenses also

bear by the

organization in

the shape of

Repairs and

maintances,

expenses using

other

alternatives

e.g. generator

oil or diesel

expenses etc.

3. Higher cost of

funds and

foregone

investment

4. Bankruptcy

costs best

example in my

point of view

legal cases

against

company and

expenses in the

form of

lawyers fee

and legal

proceeding

fees etc

Risks facing Business &

individuals

Business risks are those

risks facing by a business

organization day to day

these risks are short term

and long term and

required effective

planning, decision making

to survive in the market.

Major types of business

risks are

Price risk: Relates to

prices i.e. input price and

output price that directly

affect the cash flows of

the business. Price risk is

a long term risks of the

business concern.

Input price risk: Price risk

that directly relates to the

Raw material, Labour and

Factory overhead e.g.

Manufacturing concern

facing day to day


3/19

variations in Input price

risk due to which

organizations faces price

competitions to survive in

the market.

Output price risk: output

price risk directly relates

to selling price that an

organization demands for

it goods and services like

Commodity price risk:

includes coal, copper,

electricity, oil & gas that

are inputs for some firms

and outputs for others.

Exchange price risk:

changes in price risk due

to the factor of foreign

exchange rates. Interest

Rate Risk: another factor

of change in output price

risk is changes in bank

interest rate due to which

cost of borrowing funds

increases that affects the

cash inflows and outflows

of the business.

Credit Risk: Credit risk

relates to the credit policy

of the organizations for

their customers and

suppliers e.g. mostly

business firms face some

credit risk in the shape of

bad debts on account

receivables accounts that

directly impact or reduce

the business cash inflows

as well as reduced the

business working capital.

Pure risk: pure risk

directly relates to the

business management and

affects business activity in

some cases e.g. Damage

of assets e.g. risk relates

to physical damage, theft

etc. Worker Injury: e.g.

risk related to injury and

disability of workers that

results in compensations.

Employ Benefit: e.g. those

obligations associated

with organization on

death, illness and

disability of employees.

Legal Liability: e.g. risk

associated with

organization due to non

compliances of country

laws and regulations.


4/19

Personal Risk: risk

associated with

individuals and families

are personal risk major

personal risks are: Earning

Risk: e.g. Potentional

fluctuation in the families

earnings due to disability,

aging, unemployment and

death of income earners.

Medical Risk: e.g. risk

that relate to health or life

of individual in case of

critical diseases like

AIDS. Physical Assets

and Liability: e.g. risk

faces by families incase of

loss or liability suits for

non payments of physical

assets that it owns like

home automobiles,

jewellery etc.

Financial Assets: e.g. risk

associated with

individuals in the form of

gain or loss on financial

assets like shareholders,

investments/bonds etc.

RISK MANAGEMENT

Risk management process

consists of identification,

evaluation and

measurement,

implementation and

monitoring of

management process

performance. This

management process is

general framework and is

applicable to business as

well as individual risks.

METHODS OF

MANAGEMENT

Loss Control:- loss

control consist two

general approaches to loss

control i-e. Reducing the

level of risky activities

e.g. business agreements

legally bound or shifting

attentions to less risk

product line from risk

product.

Loss Financing:-

management of business

potential risks through e.g.

insurance, hedging and

other contractual

agreements for risk

transfers like involvement

of banking sector.


5/19

Internal Risk

Reduction:- Management

of business risk associated

with internal processes

e.g. diversification their

activities like job

specialization concept or

putting right person for

the right job &

investment in information

to obtain superior forecast

of expected losses e.g.

MIS or Planning and

Budgeting forecasting

department are the best

examples of Investment in

information.

UNDERSTANDING

THE COST OF RISK

Cost risk of a business

reflects the upcoming

losses faces by the

organization during the

fiscal year because of

fluctuation of cost e.g. per

unit cost increase will

reduce earnings of the

business.

COMPONENTS

OFCOST RISK

Major cost of risk has five

main components

Expected cost of losses:

includes both direct &

indirect losses in direct

losses we consider e.g.

repairing, replacing,

damaged asset, and cost of

paying workers

compensation claims to

injured workers. Indirect

losses we considered e.g.

reduction in net profits

due to consequences of

direct losses.

Cost of loss control:

includes those cost that an

organization bears to

reduce the frequency and

severity of accidents e.g.

cost of testing the product

for safety prior to its

introduction/ marketing

Cost of loss financing:

cost of loss financing

reflects that cost that bear

on loss financing e.g.

insurance premium is the

best example of cost of

loss financing.


6/19

Cost of internal risk

management methods:

cost that an organization

utilize to reduce business

uncertainty internally e.g.

fee / charges of risk

manager appointed by

management for particular

project of business to

reduce uncertainty

Cost of residual

uncertainty: cost of

residual uncertainty is the

combination of loss

control cost, loss

financing cost, and

internal risk reduction cost

is collectively called cost

of residual uncertainty.

RISK FRAMEWORK

Obvious risk are no real

threat, given a reasonable

alert management

however it is unintended

consequences that

challenge our common

sense and experience

The risk framework is

composed of three major

domains of business risks.

Ownership risks: the risk

associated with acquiring,

maintaining and disposing

off assets considered other

number of group risks i-e.

external threats e.g.

competitors, govt

regulations, product

markets etc. custodial

risks e.g. obsolescence,

theft form store etc. and

other hazard/ disasters and

accidental losses & other

opportunity cost .

Process risk: the risk

associated with putting

assets to work to achieve

objectives considering

those groups of risks

hazard / accidental loss,

errors / omission, frauds

etc.

Behavioral risks: the risk

associated with both

acquiring, maintaining

and disposing of human

assets considering these

risks e.g. productivity

loss, dysfunctional

workplace and

opportunity cost etc.


7/19

MANAGING RISK

There are variety of ways

to manage the

organization risk which

includes

Diversity : the best

example of diversity is

Job specialization or


the right job.

Transfer : through

different businesses or

transactions insurances we

are able to transfer loss to

other party.

Control : through proper

internal control we can

also business risk of the

organizations internally.

Avoid : through avoid

policy we shifting our

product line from risky

product to less risky

product line.

Share : In share policy we

share our loss with

another party to reduce

risks.


8/19

CHAPTER 2

BUSINESS R ISK ANALYSIS

Business risk analysis is

an effective, efficient tool

for decision making that

also considering the

consequences of

alternatives. Today all

business decisions

considered after risk

analysis because everybusiness decision have

short term as well as long

term impact on the

business life. Business

risk analysis includes risk

assessment e.g.

identification and

measuring business risks

and risk management e.g.

includes how to

minimized the business

risk or how to managed or

tackle the business risks.

Risk Assessment:

Business risk assessment

includes quantitative and

qualitative evaluation of

exposures arising due to

some risky business

activity. In risk

assessment we considered

these groups of elements.

1. Risk identification:

In risk identification

we identify and

classify business risk

and the most

important their chart

eristic e.g. Externalrisk: includes

competitors risk,govt

policy for the industry

etc. and in Internal

risk: business strategy

of the business

regarding business

risks etc.

2. Risk measurement &

evaluations: we

considered what types

of losses faces by

organization in the

form of direct losses

and indirect losses and

trying to forecast the

possible

consequences.

3. Risk prioritization:

in risk prioritization


9/19

we prioritize the

business risks in direct

and indirect losses

form and find how the

risks are related to

each other e.g. failure

of electricity results

cuts of product

production which is

direct impact and must

be top priority how to

tackle this issue to

finish further other

indirect losses.

Risk Management

There is variety of ways to

manage the organization

risk which includes

Diversity : The best

example of diversity is

Job specialization or


the right job.

Share : In share policy we

share our loss with

another party to reduce

risks e.g. business

insurance policy is the

best example of share risk.

Transfer : Through

different businesses or

transactions insurances we

are able to transfer loss to

other party.

Control : Through proper

internal control we can

also business risk of the

organizations internally

e.g. organization

hierarchy/ Organization

structured.

STRATEGIC RISK

Strategic risk is defined as

the risk associated with

future business plans and

strategies, including e.g.

plans for entering new

business lines, expanding

existing services through

mergers and acquisitions,

enhancing infrastructure,

etc.

To mitigate strategic risk,

management should have

a strategic planning

process that addresses its

business goals and

objectives. Because

businesses often rely on

third-party service


10/19

providers the strategic

plan should also include a

comprehensive vendor

management program.

Different units in the

organization puts assets to

work through

management process and

internal control system

and unit objectives linked

to the organizations

overall goals. Risk in the

form of uncertain changes

in the environment, can

affect the assets and or the

management process. The

effects of risks depend

also in part on the nature

of the assets and the types

of management processes

and controls. Management

by its strategic risks

policy or through typically

monitors the organizations

through internal control or

auditor can tackle these

business risks.

Risk Terms: an

expression of the

probability that an event

or action may adversely

affect the organization

Risk may involve positive

or negative consequences

although most positive

consequences are know as

opportunities and most

negative consequences are

called threats or risks.

Consequences are tangible

outcomes/results

consequences of risk can

vary in severity depending

on a number of factors

e.g. the assets at risk, the

type of threat, the duration

of the consequences and

the effectiveness of

controls in place etc. the

risk of the business

particular activity may

high, medium or low

reflects infact probability

of occurrence which may

be great, average or

remote.

Risk and Opportunity:

Opportunity = What is

Possible? Opportunity is

the positive view of a

particular business

transaction / activity


11/19

where as Risk The

possibility of suffering

harm or loss; danger or A

factor, thing, element, or

course involving uncertain

danger; a hazard or The

danger or probability of

loss to an insurer etc.


12/19

CHAPTER 3

THE ROLE OF INTERNAL

CONTROL

Business controls are the

process to mitigate

business risk or in simple

words controls are set of

processes or procedures to

accomplish or achieving

our business goals and

objectives and prevent

from risky consequences

and alert management to

take corrective actions.

Internal controls are

categories into negative

controls and positive

controls. Negative

controls create obstacles

that slow the business

process from reaching its

objectives e.g.

unnecessary verification

of business transactions

by multiple authorities

such as govt. controls in

Pakistan where as positive

controls assist to

achieving the business

goals e.g. appointment of

internal auditors assist

stakeholders to show the

true and fair view of the

businesss financial

statements.

Models of internal

control

Committee of

sponsoring organization

(COSO)

Criteria of control

committee (COCO)

Committee of

sponsoring organization

(COSO): COSO was the

first general model of

internal control to be

accepted by a wide

professional audience

COSO published internal

control framework in

1992 COSO is based on

the principle of universal

applicability the internal

control process should

same from bottom to top

level e.g. job


13/19

specialization concept

policy putting right person

to the right jobs use this

concept in professional

organization today from

bottom to top level

management to increase

efficiency and

effectiveness and to

reduce wasted motions.

COSO report evaluates

internal control as a

process, affected by an

entitys board of directors,

management and other

personnel which is

designed to provide

reasonable assurance

regarding the achievement

of objectives in one or

more categories: e.g.

effectiveness and

efficiency of operations,

reliability of financial

reporting, compliance

with applicable laws and

regulations to the

company stakeholders

regarding safeguarding

assets from loss or

unauthorized use.

According to COSO

report internal control

having five components i-

e. monitoring, information

and communication,

control activities, risk

assessment e.g. SWOT

analysis of business, and

control environment e.g.

discipline and structure,

management s

philosophy, competence

of the entitys people etc.

COSO Sequence:

Establish Objectives

Assess Risk

Determine Control

Required

Explanation of

Establish Objectives

According to COSO

approach to effective &

efficient control required

to establish the business

objectives because the

main objective of internal

control is to ensure that

establish objectives are

achieved.

Explanation of Assess

Risk


14/19

Assess risk is the second

step in the COSO

sequence assess risk

consist of identification,

measurement and

prioritization of risky

events.

Explanation of

Determine Control

Required

Determine control

required is the third step

of the COSO sequence to

mitigate risks identified

and to reaching the goals

required.

Criteria of Control

Committee (COCO)

COCO model of internal

control developed by The

Canadian Institute of

Chartered Accountants

COCO focuses on four

important parts i-e. Do we

have the right objectives?

e.g. Companys Vision,

mission Statements. Do

we have appropriate

control activities? e.g.

SMART goals of the

business etc. Do we have

capability, commitment

and right environment in

place? e.g. job

specialization / putting

right person to the right

job, shared ethical values,

an atmosphere of mutual

trust etc. Do we monitor,

learn and adapt? e.g. 360O

performance evaluation

system etc.

Cadbury and Other

National Models

The Cadbury commission

in the Uk has focused

their effort on defining

internal financial control

nevertheless, they have

developed a control model

that is very close to the

general model used by

COSO. The Cadbury

model includes

safeguarding assets as part

of the effective and

efficient operations unlike

the original version of

COSO. The main point

covered by Cadbury

model


15/19

Monitoring and

corrective action

Control Activities

Identification of risks,

Control Priorities, and

objectives as defined in

COSO as well as in

COCO model.


16/19

CHAPTER 4

THE BUSINESS R ISK

ASSESSMENT

Business risk

assessment includes

quantitative and

qualitative evaluation of

exposures arising due to

some risky business

activity. In risk

assessment we assessed

the risk at three levels

Strategic Level

Project/ Program /

Process Level

Operational Level

Strategic Risk Assessment

Strategic risk is the

current and

prospective impact on

earnings or capital

arising from adverse

business decisions,

improper

implementation of

decisions, or lack of

responsiveness to

industry changes.

This risk is a function

of the compatibility

of an organizations

strategic goals, the

business strategies

developed to achieve

those goals, the

resources deployed

against these goals,

and the quality of

implementation. The

resources needed to

carry out business

strategies are both

tangible and


17/19

intangible. They

include

communication

channels, operating

systems, delivery

networks, and

managerial capacities

and capabilities. The

organizations

internal

characteristics must

be evaluated against

the impact of

economic,

technological,

competitive,

regulatory, and other

environmental

changes.

Here are the seven steps

for conducting a Strategic

Risk Assessment:

1. Achieve a deep

understanding of the

strategy of the

organization,

2. Gather views and data

on strategic risks,

3. Prepare a preliminary

Strategic Risk Profile,

4. Validate and finalize

the Strategic Risk Profile,

5. Develop a Strategic

Risk Management Action

Plan,

6. Communicate the

Strategic Risk Profile and

Strategic Risk

Management Action Plan,

and

7. Implement the Strategic

Risk Management Action

Plan.

These steps define a basic,

high-level process and

allow for a significant

amount of tailoring and

customization in their

execution to reflect the

maturity and capabilities

of the organization.

PROJECT RISK

ASSESSMENT

The benefits of risk

management in projects

are huge. You can gain a

lot of money if you deal

with uncertain project

events in a proactive

manner. The result will be

that you minimize the


18/19

impact of project threats

and seize the opportunities

that occur. This allows

you to deliver your project

on time, on budget and

with the quality results.

The 10 golden rules to

apply risk management

successfully in your

project

Make Risk

Management Part

of Your Project

Identify Risks Early inYour Project

Communicate About

Risks

Consider Both Threats

and Opportunities

Prioritise Risks

Analyse Risks

Plan and Implement

Risk Responses

Register Project Risks Track Risks and

Associated Tasks

OPERATIONAL RISK

MANAGEMENT:

An operational riskis, as

the name suggests, a risk

arising from execution of

a company's business

functions. It is a very

broad concept which

focuses on the risks

arising from the people,

systems and processes


19/19

through which a company

operates. It also includes

other categories such

as fraud risks, legal risks,

physical or environmental

risks. One of the best

method to risk assessment

done by a specialist

involved in workplace

risks.

Health risk: including

exposure to toxins,

radiation and infectious

organisms. Safety risks:

including exposure to

equipment, machinery and

work processes.

Environmental /Physical

risk: including exposure

to climate and terrain etc.
http://en.wikipedia.org/wiki/Fraudhttp://en.wikipedia.org/wiki/Legal_riskhttp://en.wikipedia.org/wiki/Fraudhttp://en.wikipedia.org/wiki/Legal_risk

business risk management policy

Documents