controlling risks - lecture 8

8/17/2019 Controlling Risks - Lecture 8

1/19

Controlling risks


2/19

Roles of risk manager

•Reports directly to the board.

• To oversee implementation of the board’s rismanagement policies.

• The risk manager is supported by the riskmanagement committee.

• The risk manager is not normally involved indetermining strategy.

• Has more of an operational role. This meansidentifying, evaluating and determining specrisks within the entity.


3/19

Responsibilities of risk man• verall leadership, vision and direction of !R".

•

!stablish an integrated risk management framework.• #romote !R" competence throughout the entity.

• $eveloping R" policies, including %uantication of managerisk appetite.

• !stablishing common risk management language, e.g. commeasures around likelihood and impact, and common risk c

• &mplementing a set of risk indicators and reports including incidents, key risk e'posures, and early warning indicators.

• $ealing with insurance companies. This is important becauincreased premium costs, etc.

• (llocating economic capital to business activities based on

• Communicating the company’s risk prole to key stakeholdas the board, regulators, stock analysts, rating agencies an

partners.


4/19

Roles of risk managementcommittee

•

(pproving the organi)ation’s risk managemestrategy and risk management policy.

• Reviewing reports on key risks.

• "onitoring overall e'posure to risks and ensremains within limits set by the board.

• (ssessing the e*ectiveness of the organi)atrisk management systems.

• #roviding early warning to the board on emerisks.

• Reviewing the company’s statement on &C.


5/19

Roles of internal auditors ande'ternal auditors

•

&nternal auditors+• they have to be familiar with the organi)ation, it

its regulations, etc

• need to provide value added services which helporgani)ation achieve its obectives. ( value adde

is monitoring recommendations for mitigating ris• may su*er from the disadvantage of lack of

independence and over-familiarity

• might be undermined by politics and divisions


6/19

Roles of internal auditors ande'ternal auditors

•

!'ternal auditors+• provide an unbiased view of risks

• risk assessments or recommendations provided e'ternal auditor should give a higher degree ofcondence to e'ternal shareholders

•

the e'ternal auditor’s knowledge of best’ practicbe more up-to-date.

• The e'ternal auditor may have a better awarenecertain risks than internal auditors do


7/19

Risk awareness at all levels iorganisation

•

Risk awareness should be embedded within an organprocesses, environment, culture, structure and system

• rgani)ations should issue a risk policy statement anmaintain a risk register.

• !mbedded means that the something is part of anorgani)ation.

•

/hen talking about risk awareness, then this means tawareness is taken for granted at all levels of the organd is a foundation of a control system.

• &f embedded then there is a greater chance that whenbecomes known, it will be properly dealt with.

• Risk management should be an integral part of the st

planning process, the budgetary cycle and the audit p


8/19

Risk awareness at all levels iorganisation

•

Risk management should be a part of every ob description.

• #ersonnel need to understand that they shoresist pressure from superiors to engage inimproper activities.

•

/histleblowing procedures should e'ist.• Risk management should be part of the ope

process.


9/19

How to embed risks inorgani)ation’s culture and va

•

Culture in an organi)ation is 0how we do things ahere.1

• &t is a key part of the internal control environmen

• The culture of an organi)ation can determine whrisk management is successful or not in any giveorgani)ation.

• 2ink risk management to ob descriptions.

• !thical and appropriate behavior is to be e'pecte

• Have e*ective sta* training.

• wnership of risks.

• Top-down communication as to what the companappetite is and what is e'pected from employee


10/19

3 ways to respond to risks 4T

•

Reduce 4treat5 the risk+ Take some action,• Transfer the risk+ 6est e'ample is insurance,

the risk of something going wrong has beentransferred.

• (void 4terminate5 the risk+ Companies take

immediate action to reduce severity and freof losses, e.g., charging higher prices to cusor ultimately abandoning activities.

• (ccept 4tolerate5 the risk. These risks are nosignicant. 7eep under view, but costs of de

with risks is unlikely to be worth the benets


11/19

Risk reduction

•

Treat the risk• ften risks can be avoided, but not avoided

together.

• This is true of many business risks, where thof launching a new product can be reduced

market research, advertising, etc.• 2o8,Hi#


12/19

Risk transference

•

Risk transference does not reduce the amountotal risk in total. &t simply moves it to anotheperson, such as an insurance company.

• Risks can be transferred to other internaldepartments, or e'ternally to suppliers, custoinsurers. !'ample of transferring risk to custo

• &nternal risk transfer can also cause problemsaway from departments with more clout’ 4e.gand towards departments such as nance whbe presumed to downplay risks e'cessively

• Hi8,2o#


13/19

Risk avoidance

•

Terminate the risks• rgani)ation has to consider whether the ris

be avoided, and if so, whether avoidance isdesirable.

• (n e'treme avoidance is the termination of

operations• Hi8,Hi#


14/19

Risk acceptance

•

Tolerate the risks• rgani)ation bears the risk itself, and if an

unfavorable outcome occurs, it su*ers the fu

• $ecision whether to retain or transfer risk derst on whether there is anyone to transfer a

• (n option sometimes associated with acceptrisks is self-insurance. This is putting moneycase something happens.

• 2o8,2o#


15/19

Risk acceptance

•

( more sophisticated method of self-insuransetting up a captive.

• ( captive, or captive insurer is an insurance comwholly owned by a commercial organi)ation, anddedicated solely to the underwriting of its parentcompany’s risks.

• (n organi)ation with a risk that it cannot carry, wcannot nd one or more insurers to take the bulkrisk from it, may form a captive insurer to carry t

• &ts premiums will not be unnecessarily large policy terms will be reasonable.


16/19

:actors determining managerisk appetite

•

#ersonal views• 8ome managers acknowledge the emotional satisfac

successful risk-taking.

• &ndividuals vary in their attitudes to risk and this is ltransferred to their roles in organi)ations.

• Response to shareholders’ demand

• 8hareholders demand a level of return that is consistaking a certain level of risk.

• "anagers respond to shareholders e'pectations by vrisk-taking as a key part of decision-making.

• "anagers therefore need to have an understanding

the level of return that satises shareholders.


17/19


•

rganisational in;uences• 2arger companies tend to have more formal systems

have to take account of varying risk appetites and inamong its operations

• Risk management system employed will be dependeorgani)ation’s management control systems that wi

on the formality of structure, the autonomy given tooperations and the degree of centrali)ation deemed

• (ttitudes of risk will change as the organi)ation deveits risk prole changes. :or e'ample, attitudes of nand gearing will change as di*erent sources of nanbecome necessary to fund larger developments.


18/19


•

National cultural infuences• 8tudy by Geert Hofstade shows that more individ

cultures 4aka


19/19

The necessity of incurring

• 6usiness by its very nature is risky. 6usinesses have risk in order to develop

• Concerning risk there are two possible e'treme viewrisk averse businesses and risk seeking businesses.

• Risk averse+ /illing to tolerate risk up to a point providedacceptable return.

• Risk seeking+ (re focused on ma'imi)ing returns and maworried about the level of risks that have to be taken to mreturns.

• 6usinesses will probably be somewhere between.

• "ost risk has to be managed to some e'tent, and soshould be eliminated as being outside the business.

•

!'ample9 6usiness in a high tech industry

controlling risks - lecture 8

Documents