controlling risks - lecture 8
TRANSCRIPT
-
8/17/2019 Controlling Risks - Lecture 8
1/19
Controlling risks
-
8/17/2019 Controlling Risks - Lecture 8
2/19
Roles of risk manager
•Reports directly to the board.
• To oversee implementation of the board’s rismanagement policies.
• The risk manager is supported by the riskmanagement committee.
• The risk manager is not normally involved indetermining strategy.
• Has more of an operational role. This meansidentifying, evaluating and determining specrisks within the entity.
-
8/17/2019 Controlling Risks - Lecture 8
3/19
Responsibilities of risk man• verall leadership, vision and direction of !R".
•
!stablish an integrated risk management framework.• #romote !R" competence throughout the entity.
• $eveloping R" policies, including %uantication of managerisk appetite.
• !stablishing common risk management language, e.g. commeasures around likelihood and impact, and common risk c
• &mplementing a set of risk indicators and reports including incidents, key risk e'posures, and early warning indicators.
• $ealing with insurance companies. This is important becauincreased premium costs, etc.
• (llocating economic capital to business activities based on
• Communicating the company’s risk prole to key stakeholdas the board, regulators, stock analysts, rating agencies an
partners.
-
8/17/2019 Controlling Risks - Lecture 8
4/19
Roles of risk managementcommittee
•
(pproving the organi)ation’s risk managemestrategy and risk management policy.
• Reviewing reports on key risks.
• "onitoring overall e'posure to risks and ensremains within limits set by the board.
• (ssessing the e*ectiveness of the organi)atrisk management systems.
• #roviding early warning to the board on emerisks.
• Reviewing the company’s statement on &C.
-
8/17/2019 Controlling Risks - Lecture 8
5/19
Roles of internal auditors ande'ternal auditors
•
&nternal auditors+• they have to be familiar with the organi)ation, it
its regulations, etc
• need to provide value added services which helporgani)ation achieve its obectives. ( value adde
is monitoring recommendations for mitigating ris• may su*er from the disadvantage of lack of
independence and over-familiarity
• might be undermined by politics and divisions
-
8/17/2019 Controlling Risks - Lecture 8
6/19
Roles of internal auditors ande'ternal auditors
•
!'ternal auditors+• provide an unbiased view of risks
• risk assessments or recommendations provided e'ternal auditor should give a higher degree ofcondence to e'ternal shareholders
•
the e'ternal auditor’s knowledge of best’ practicbe more up-to-date.
• The e'ternal auditor may have a better awarenecertain risks than internal auditors do
-
8/17/2019 Controlling Risks - Lecture 8
7/19
Risk awareness at all levels iorganisation
•
Risk awareness should be embedded within an organprocesses, environment, culture, structure and system
• rgani)ations should issue a risk policy statement anmaintain a risk register.
• !mbedded means that the something is part of anorgani)ation.
•
/hen talking about risk awareness, then this means tawareness is taken for granted at all levels of the organd is a foundation of a control system.
• &f embedded then there is a greater chance that whenbecomes known, it will be properly dealt with.
• Risk management should be an integral part of the st
planning process, the budgetary cycle and the audit p
-
8/17/2019 Controlling Risks - Lecture 8
8/19
Risk awareness at all levels iorganisation
•
Risk management should be a part of every ob description.
• #ersonnel need to understand that they shoresist pressure from superiors to engage inimproper activities.
•
/histleblowing procedures should e'ist.• Risk management should be part of the ope
process.
-
8/17/2019 Controlling Risks - Lecture 8
9/19
How to embed risks inorgani)ation’s culture and va
•
Culture in an organi)ation is 0how we do things ahere.1
• &t is a key part of the internal control environmen
• The culture of an organi)ation can determine whrisk management is successful or not in any giveorgani)ation.
• 2ink risk management to ob descriptions.
• !thical and appropriate behavior is to be e'pecte
• Have e*ective sta* training.
• wnership of risks.
• Top-down communication as to what the companappetite is and what is e'pected from employee
-
8/17/2019 Controlling Risks - Lecture 8
10/19
3 ways to respond to risks 4T
•
Reduce 4treat5 the risk+ Take some action,• Transfer the risk+ 6est e'ample is insurance,
the risk of something going wrong has beentransferred.
• (void 4terminate5 the risk+ Companies take
immediate action to reduce severity and freof losses, e.g., charging higher prices to cusor ultimately abandoning activities.
• (ccept 4tolerate5 the risk. These risks are nosignicant. 7eep under view, but costs of de
with risks is unlikely to be worth the benets
-
8/17/2019 Controlling Risks - Lecture 8
11/19
Risk reduction
•
Treat the risk• ften risks can be avoided, but not avoided
together.
• This is true of many business risks, where thof launching a new product can be reduced
market research, advertising, etc.• 2o8,Hi#
-
8/17/2019 Controlling Risks - Lecture 8
12/19
Risk transference
•
Risk transference does not reduce the amountotal risk in total. &t simply moves it to anotheperson, such as an insurance company.
• Risks can be transferred to other internaldepartments, or e'ternally to suppliers, custoinsurers. !'ample of transferring risk to custo
• &nternal risk transfer can also cause problemsaway from departments with more clout’ 4e.gand towards departments such as nance whbe presumed to downplay risks e'cessively
• Hi8,2o#
-
8/17/2019 Controlling Risks - Lecture 8
13/19
Risk avoidance
•
Terminate the risks• rgani)ation has to consider whether the ris
be avoided, and if so, whether avoidance isdesirable.
• (n e'treme avoidance is the termination of
operations• Hi8,Hi#
-
8/17/2019 Controlling Risks - Lecture 8
14/19
Risk acceptance
•
Tolerate the risks• rgani)ation bears the risk itself, and if an
unfavorable outcome occurs, it su*ers the fu
• $ecision whether to retain or transfer risk derst on whether there is anyone to transfer a
• (n option sometimes associated with acceptrisks is self-insurance. This is putting moneycase something happens.
• 2o8,2o#
-
8/17/2019 Controlling Risks - Lecture 8
15/19
Risk acceptance
•
( more sophisticated method of self-insuransetting up a captive.
• ( captive, or captive insurer is an insurance comwholly owned by a commercial organi)ation, anddedicated solely to the underwriting of its parentcompany’s risks.
• (n organi)ation with a risk that it cannot carry, wcannot nd one or more insurers to take the bulkrisk from it, may form a captive insurer to carry t
• &ts premiums will not be unnecessarily large policy terms will be reasonable.
-
8/17/2019 Controlling Risks - Lecture 8
16/19
:actors determining managerisk appetite
•
#ersonal views• 8ome managers acknowledge the emotional satisfac
successful risk-taking.
• &ndividuals vary in their attitudes to risk and this is ltransferred to their roles in organi)ations.
• Response to shareholders’ demand
• 8hareholders demand a level of return that is consistaking a certain level of risk.
• "anagers respond to shareholders e'pectations by vrisk-taking as a key part of decision-making.
• "anagers therefore need to have an understanding
the level of return that satises shareholders.
-
8/17/2019 Controlling Risks - Lecture 8
17/19
:actors determining managerisk appetite
•
rganisational in;uences• 2arger companies tend to have more formal systems
have to take account of varying risk appetites and inamong its operations
• Risk management system employed will be dependeorgani)ation’s management control systems that wi
on the formality of structure, the autonomy given tooperations and the degree of centrali)ation deemed
• (ttitudes of risk will change as the organi)ation deveits risk prole changes. :or e'ample, attitudes of nand gearing will change as di*erent sources of nanbecome necessary to fund larger developments.
-
8/17/2019 Controlling Risks - Lecture 8
18/19
:actors determining managerisk appetite
•
National cultural infuences• 8tudy by Geert Hofstade shows that more individ
cultures 4aka
-
8/17/2019 Controlling Risks - Lecture 8
19/19
The necessity of incurring
• 6usiness by its very nature is risky. 6usinesses have risk in order to develop
• Concerning risk there are two possible e'treme viewrisk averse businesses and risk seeking businesses.
• Risk averse+ /illing to tolerate risk up to a point providedacceptable return.
• Risk seeking+ (re focused on ma'imi)ing returns and maworried about the level of risks that have to be taken to mreturns.
• 6usinesses will probably be somewhere between.
• "ost risk has to be managed to some e'tent, and soshould be eliminated as being outside the business.
•
!'ample9 6usiness in a high tech industry