paper p3 risk management study notes -...

CIMAPaperP3RiskManagementStudyNotes

hwiseP3

hwiseQR Code

Publishedby:KaplanPublishingUK

Unit2TheBusinessCentre,MollyMillarsLane,Wokingham,BerkshireRG412QZ

Copyright2014KaplanFinancialLimited.Allrightsreserved.

Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeanselectronic,mechanical,photocopying,recordingorotherwisewithoutthepriorwrittenpermissionofthepublisher.

Acknowledgements

WearegratefultotheCIMAforpermissiontoreproducepastexaminationquestions.TheanswerstoCIMAExamshavebeenpreparedbyKaplanPublishing,exceptinthecaseoftheCIMANovember2010andsubsequentCIMAExamanswerswheretheofficialCIMAanswershavebeenreproduced.

Notice

ThetextinthismaterialandanyothersmadeavailablebyanyKaplanGroupcompanydoesnotamounttoadviceonaparticularmatterandshouldnotbetakenassuch.Norelianceshouldbeplacedonthecontentasthebasisforanyinvestmentorotherdecisionorinconnectionwithanyadvicegiventothirdparties.Pleaseconsultyourappropriateprofessionaladviserasnecessary.KaplanPublishingLimitedandallotherKaplangroupcompaniesexpresslydisclaimallliabilitytoanypersoninrespectofanylossesorotherclaims,whetherdirect,indirect,incidental,consequentialorotherwisearisinginrelationtotheuseofsuchmaterials.

Kaplanisnotresponsibleforthecontentofexternalwebsites.Theinclusionofalinktoathirdpartywebsiteinthistextshouldnotbetakenasanendorsement.

British Library Cataloguing in Publication Data

AcataloguerecordforthisbookisavailablefromtheBritishLibrary.

PrintedandboundinGreatBritain.

ii

Contents

Page

Chapter 1 Risk 1

Chapter 2 Riskmanagement 25

Chapter 3 Internalcontrol 95

Chapter 4 Riskandcontrolofinformationsystems 147

Chapter 5 Informationstrategy 181

Chapter 6 Managementcontrolsystems 239

Chapter 7 Fraud 283

Chapter 8 Ethics 309

Chapter 9 Corporategovernance 347

Chapter 10 Audit 397

Chapter 11 Financialrisk 457

Chapter 12 Currencyriskmanagement 487

Chapter 13 Interestrateriskmanagement 567

Chapter 14 Costofcapitalandcapitalinvestmentdecisions 609

Chapter 15 Managingconflict,implementationandpostcompletion

645

iii

Introduction

v

chapterIntro

How to use the materials TheseofficialCIMAlearningmaterialshavebeencarefullydesignedtomakeyourlearningexperienceaseasyaspossibleandtogiveyouthebestchancesofsuccessinyourObjectiveTestExamination.

Theproductrangecontainsanumberoffeaturestohelpyouinthestudyprocess.Theyinclude:

ThisStudyTexthasbeendesignedwiththeneedsofhomestudyanddistancelearningcandidatesinmind.Suchstudentsrequireveryfullcoverageofthesyllabustopics,andalsothefacilitytoundertakeextensivequestionpractice.However,theStudyTextisalsoidealforfullytaughtcourses.

Themainbodyofthetextisdividedintoanumberofchapters,eachofwhichisorganisedonthefollowingpattern:

adetailedexplanationofallsyllabusareas extensivepracticalmaterials generousquestionpractice,togetherwithfullsolutions.

Detailed learning outcomes.Thesedescribetheknowledgeexpectedafteryourstudiesofthechapterarecomplete.Youshouldassimilatethesebeforebeginningdetailedworkonthechapter,sothatyoucanappreciatewhereyourstudiesareleading.

Stepbystep topic coverage.Thisistheheartofeachchapter,containingdetailedexplanatorytextsupportedwhereappropriatebyworkedexamplesandexercises.Youshouldworkcarefullythroughthissection,ensuringthatyouunderstandthematerialbeingexplainedandcantackletheexamplesandexercisessuccessfully.Rememberthatinmanycasesknowledgeiscumulative:ifyoufailtodigestearliermaterialthoroughly,youmaystruggletounderstandlaterchapters.

Activities.Somechaptersareillustratedbymorepracticalelements,suchascommentsandquestionsdesignedtostimulatediscussion.

Question practice.Thetestofhowwellyouhavelearnedthematerialisyourabilitytotackleexamstandardquestions.Makeaseriousattemptateachquestion,butatthisstagedonotbetooconcernedaboutattemptingthequestionsinObjectiveTestExaminationconditions.ItismoreimportanttoabsorbthematerialthoroughlythantoobservethetimelimitsthatwouldapplyintheactualObjectiveTestExamination.

vivi

IfyouworkconscientiouslythroughthisOfficialCIMAStudyTextaccordingtotheguidelinesaboveyouwillbegivingyourselfanexcellentchanceofsuccessinyourObjectiveTestExamination.Goodluckwithyourstudies!

Qualityandaccuracyareoftheutmostimportancetoussoifyouspotanerrorinanyofourproducts,[email protected],orfollowthelinktothefeedbackforminMyKaplan.

OurQualityCoordinatorwillworkwithourtechnicalteamtoverifytheerrorandtakeactiontoensureitiscorrectedinfutureeditions.

Solutions.Avoidthetemptationmerelytoauditthesolutionsprovided.Itisanillusiontothinkthatthisprovidesthesamebenefitsasyouwouldgainfromaseriousattemptofyourown.However,ifyouarestrugglingtogetstartedonaquestionyoushouldreadtheintroductoryguidanceprovidedatthebeginningofthesolution,whereprovided,andthenmakeyourownattemptbeforereferringbacktothefullsolution.

Icon Explanations

DefinitionThesesectionsexplainimportantareasofknowledgewhichmustbeunderstoodandreproducedinanassessmentenvironment.

Key pointIdentifiestopicswhicharekeytosuccessandareoftenexamined.

Supplementary readingThesesectionswillhelptoprovideadeeperunderstandingofcoreareas.ThesupplementaryreadingisNOToptionalreading.Itisvitaltoprovideyouwiththebreadthofknowledgeyouwillneedtoaddressthewiderangeoftopicswithinyoursyllabusthatcouldfeatureinanassessmentquestion. Reference to this text is vital when self studying.

Test your understandingFollowingkeypointsanddefinitionsareexerciseswhichgivetheopportunitytoassesstheunderstandingofthesecoreareas.

IllustrationTohelpdevelopanunderstandingofparticulartopics.TheillustrativeexamplesareusefulinpreparingfortheTestyourunderstandingexercises.

Exclamation markThissymbolsignifiesatopicwhichcanbemoredifficulttounderstand.Whenreviewingtheseareas,careshouldbetaken.

vii

mailto:[email protected]

Study technique

Passingexamsispartlyamatterofintellectualability,buthoweveraccomplishedyouareinthatrespectyoucanimproveyourchancessignificantlybytheuseofappropriatestudyandrevisiontechniques.InthissectionwebrieflyoutlinesometipsforeffectivestudyduringtheearlierstagesofyourapproachtotheObjectiveTestExamination.Wealsomentionsometechniquesthatyouwillfindusefulattherevisionstage.

Planning

Tobeginwith,formalplanningisessentialtogetthebestreturnfromthetimeyouspendstudying.Estimatehowmuchtimeintotalyouaregoingtoneedforeachsubjectyouarestudying.Rememberthatyouneedtoallowtimeforrevisionaswellasforinitialstudyofthematerial.Youmayfindithelpfultoread'PassFirstTime!'secondeditionbyDavidR.HarrisISBN:9781856177986.Thisbookwillhelpyoudevelopprovenstudyandexaminationtechniques.Chapterbychapteritcoversthebuildingblocksofsuccessfullearningandexaminationtechniques.ThisistheultimateguidetopassingyourCIMAexams,writtenbyaCIMAexaminerandshowsyouhowtoearnallthemarksyoudeserve,andexplainshowtoavoidthemostcommonpitfalls.

Youmayalsofind'TheEWord:Kaplan'sGuidetoPassingExams'byStuartPedleySmithISBN:9780857322050helpful.StuartPedleySmithisaseniorlectureratKaplanFinancialandaqualifiedaccountantspecialisinginfinancialmanagement.Hisnaturalcuriosityandwiderinterestshaveledhimtolookbeyondthetechnicalcontentoffinancialmanagementtotheprocessesandjourneythatwecalleducation.Hehasbecomefascinatedbythewholeprocessoflearningandtheexamskillsandtechniquesthatcontributetowardssuccessintheclassroom.Thisbookisforanyonewhohastositanexamandwantstogivethemselvesabetterchanceofpassing.Itiseasytoread,writteninacommonsensestyleandfullofanecdotes,facts,andpracticaltips.Italsocontainssynopsesofinterviewswithpeopleinvolvedinthelearningandexaminingprocess.

Withyourstudymaterialbeforeyou,decidewhichchaptersyouaregoingtostudyineachweek,andwhichweeksyouwilldevotetorevisionandfinalquestionpractice.

Prepareawrittenschedulesummarisingtheaboveandsticktoit!

Itisessentialtoknowyoursyllabus.Asyourstudiesprogressyouwillbecomemorefamiliarwithhowlongittakestocovertopicsinsufficientdepth.Yourtimetablemayneedtobeadaptedtoallocateenoughtimeforthewholesyllabus.

viii

StudentsareadvisedtorefertothenoticeofexaminablelegislationpublishedregularlyinCIMAsmagazine(FinancialManagement),thestudentsenewsletter(Velocity)andontheCIMAwebsite,toensuretheyareuptodate.

TheamountofspaceallocatedtoatopicintheStudyTextisnotaverygoodguideastohowlongitwilltakeyou.Thesyllabusweightingisthebetterguideastohowlongyoushouldspendonasyllabustopic.

Tips for effective studying

(1) Aimtofindaquietandundisturbedlocationforyourstudy,andplanasfaraspossibletousethesameperiodoftimeeachday.Gettingintoaroutinehelpstoavoidwastingtime.Makesurethatyouhaveallthematerialsyouneedbeforeyoubeginsoastominimiseinterruptions.

(2) Storeallyourmaterialsinoneplace,sothatyoudonotwastetimesearchingforitemseverytimeyouwanttobeginstudying.Ifyouhavetopackeverythingawayaftereachstudyperiod,keepyourstudymaterialsinabox,orevenasuitcase,whichwillnotbedisturbeduntilthenexttime.

(3) Limitdistractions.Tomakethemosteffectiveuseofyourstudyperiodsyoushouldbeabletoapplytotalconcentration,soturnoffallentertainmentequipment,setyourphonestomessagemode,andputupyourdonotdisturbsign.

(4) Yourtimetablewilltellyouwhichtopictostudy.However,beforedivinginandbecomingengrossedinthefinerpoints,makesureyouhaveanoverallpictureofalltheareasthatneedtobecoveredbytheendofthatsession.Afteranhour,allowyourselfashortbreakandmoveawayfromyourStudyText.Withexperience,youwilllearntoassessthepaceyouneedtoworkat.Eachstudysessionshouldfocusoncomponentlearningoutcomesthebasisforallquestions.

(5) Workcarefullythroughachapter,makingnotesasyougo.Whenyouhavecoveredasuitableamountofmaterial,varythepatternbyattemptingapracticequestion.Whenyouhavefinishedyourattempt,makenotesofanymistakesyoumade,oranyareasthatyoufailedtocoverorcoveredmorebriefly.Beawarethatallcomponentlearningoutcomeswillbetestedineachexamination.

(6) Makenotesasyoustudy,anddiscoverthetechniquesthatworkbestforyou.Yournotesmaybeintheformoflists,bulletpoints,diagrams,summaries,mindmaps,orthewrittenword,butrememberthatyouwillneedtoreferbacktothematalaterdate,sotheymustbeintelligible.Ifyouareonataughtcourse,makesureyouhighlightanyissuesyouwouldliketofollowupwithyourlecturer.

(7) Organiseyournotes.Makesurethatallyournotes,calculationsetc.canbeeffectivelyfiledandeasilyretrievedlater.

ix

Objective Test

ObjectiveTestquestionsrequireyoutochooseorprovidearesponsetoaquestionwhosecorrectanswerispredetermined.

ThemostcommontypesofObjectiveTestquestionyouwillseeare:

IneverychapterofthisStudyTextwehaveintroducedthesetypesofquestions,butobviouslywehavehadtolabelanswersA,B,Cetcratherthanusingclickboxes.Forconveniencewehaveretainedquiteafewquestionswhereaninitialscenarioleadstoanumberofsubquestions.TherewillbequestionsofthistypeintheObjectiveTestExaminationbuttheywillrarelyhavemorethanthreesubquestions.

Guidance re CIMA onscreen calculator

AspartoftheCIMAObjectiveTestsoftware,candidatesarenowprovidedwithacalculator.Thiscalculatorisonscreenandisavailableforthedurationoftheassessment.ThecalculatorisavailableineachoftheObjectiveTestExaminationsandisaccessedbyclickingthecalculatorbuttoninthetoplefthandcornerofthescreenatanytimeduringtheassessment.

Allcandidatesmustcompletea15minutetutorialbeforetheassessmentbeginsandwillhavetheopportunitytofamiliarisethemselveswiththecalculatorandpractiseusingit,althoughtheycanalsouseaphysicalcalculator.

Candidatesmaypractiseusingthecalculatorbydownloadingandinstallingthepracticeexamathttp://www.vue.com/athena/.Thecalculatorcanbeaccessedfromthefourthsamplequestion(of12).

Multiplechoice,whereyouhavetochoosethecorrectanswerfromalistoffourpossibleanswers.Thiscouldeitherbenumbersortext.

Multiplechoicewithmorechoicesandanswers,forexample,choosingtwocorrectanswersfromalistofeightpossibleanswers.Thiscouldeitherbenumbersortext.

Singlenumericentry,whereyougiveyournumericanswer,forexample,profitis$10,000.

Multipleentry,whereyougiveseveralnumericanswers. True/falsequestions,whereyoustatewhetherastatementistrueor

false.

Matchingpairsoftext,forexample,matchingatechnicaltermwiththecorrectdefinition.

Othertypescouldbematchingtextwithgraphsandlabellinggraphs/diagrams.

x

http://www.vue.com/athena/

PleasenotethatthepracticeexamandtutorialprovidedbyPearsonVUEathttp://www.vue.com/athena/isnotspecifictoCIMAandincludesthefullrangeofquestiontypesthePearsonVUEsoftwaresupports,someofwhichCIMAdoesnotcurrentlyuse.

Fundamentals of Objective Tests

TheObjectiveTestsare90minuteassessmentscomprising60compulsoryquestions,withoneormoreparts.Therewillbenochoiceandallquestionsshouldbeattempted.

Structure of subjects and learning outcomes

Eachsubjectwithinthesyllabusisdividedintoanumberofbroadsyllabustopics. Thetopicscontainoneormoreleadlearningoutcomes,relatedcomponentlearningoutcomesandindicativeknowledgecontent.

Alearningoutcomehastwomainpurposes:

Thelearningoutcomesarepartofahierarchyoflearningobjectives.Theverbsusedatthebeginningofeachlearningoutcomerelatetoaspecificlearningobjective,e.g.

Calculatethebreakevenpoint,profittarget,marginofsafetyandprofit/volumeratioforasingleproductorservice.

Theverbcalculateindicatesalevelthreelearningobjective.Thefollowingtableslisttheverbsthatappearinthesyllabuslearningoutcomesandexaminationquestions.

(a) Todefinetheskillorabilitythatawellpreparedcandidateshouldbeabletoexhibitintheexamination.

(b) Todemonstratetheapproachlikelytobetakeninexaminationquestions.

xi

http://www.vue.com/athena/

CIMA VERB HIERARCHY

CIMAplacegreatimportanceonthedefinitionofverbsinstructuringObjectiveTestExaminations.Itisthereforecrucialthatyouunderstandtheverbsinordertoappreciatethedepthandbreadthofatopicandthelevelofskillrequired.TheObjectiveTestswillfocusonlevelsone,twoandthreeoftheCIMAhierarchyofverbs.Howevertheywillalsotestlevelsfourandfive,especiallyatthemanagementandstrategiclevels.Youcanthereforeexpecttobetestedonknowledge,comprehension,application,analysisandevaluationintheseexaminations.

Level 1: KNOWLEDGE

Whatyouareexpectedtoknow.

Forexampleyoucouldbeaskedtomakealistoftheadvantagesofaparticularinformationsystembyselectingalloptionsthatapplyfromagivensetofpossibilities.Oryoucouldberequiredtodefinerelationshipmarketingbyselectingthemostappropriateoptionfromalist.

Level 2: COMPREHENSION

Whatyouareexpectedtounderstand.

ForexampleyoumaybeaskedtodistinguishbetweendifferentaspectsoftheglobalbusinessenvironmentbydraggingexternalfactorsanddroppingintoaPESTanalysis.

VERBS USED

DEFINITION

List Makealistof.

State Express,fullyorclearly,thedetailsof/factsof.

Define Givetheexactmeaningof.

VERBS USED

DEFINITION

Describe Communicatethekeyfeaturesof.

Distinguish Highlightthedifferencesbetween.

Explain Makeclearorintelligible/statethemeaningorpurposeof.

Identify Recognise,establishorselectafterconsideration.

Illustrate Useanexampletodescribeorexplainsomething.

xii

Level 3: APPLICATION

Howyouareexpectedtoapplyyourknowledge.

Forexampleyoumayneedtocalculatetheprojectedrevenueorcostsforagivensetofcircumstances.

Level 4: ANALYSIS

Howyouareexpectedtoanalysethedetailofwhatyouhavelearned.

Forexampleyoumayberequiredtointerpretaninventoryratiobyselectingthemostappropriatestatementforagivensetofcircumstancesanddata.

VERBS USED

DEFINITION

Apply Puttopracticaluse.

Calculate Ascertainorreckonmathematically.

Demonstrate Provewithcertaintyorexhibitbypracticalmeans.

Prepare Makeorgetreadyforuse.

Reconcile Makeorproveconsistent/compatible.

Solve Findananswerto.

Tabulate Arrangeinatable.

VERBS USED

DEFINITION

Analyse Examineindetailthestructureof.

Categorise Placeintoadefinedclassordivision.

Compare/contrast Showthesimilaritiesand/ordifferencesbetween.

Construct Builduporcompile.

Discuss Examineindetailbyargument.

Interpret Translateintointelligibleorfamiliarterms.

Prioritise Placeinorderofpriorityorsequenceforaction.

Produce Createorbringintoexistence.

xiii

Level 5: EVALUATION

Howyouareexpectedtouseyourlearningtoevaluate,makedecisionsorrecommendations.

Forexampleyoumaybeaskedtorecommendandselectanappropriatecourseofactionbasedonashortscenario.

VERBS USED

DEFINITION

Advise Counsel,informornotify.

Evaluate Appraiseorassessthevalueof.

Recommend Proposeacourseofaction.

xiv

RiskChapter learning objectives

Indicative syllabus content

Lead Component

A1.Evaluatethetypesofriskfacinganorganisationandrecommendappropriateresponses.

(a) Identifythetypesofriskfacinganorganisation.

A3.Evaluatetheethicalimpactofrisk.

(a) Evaluateethical,socialandenvironmentalissuesarisingfromriskmanagement.

Upsideanddownsiderisksarisingfrominternalandexternalsourcesandfromdifferentmanagerialdecisions.

Risksarisingfrominternationaloperations,suchasculturaldifferencesanddifferencesbetweenlegalsystems.Note:Nospecificrealcountrywillbetested.

Strategicandoperationalrisks. Reputationalrisksassociatedwithsocialandenvironmental

impacts.

1

chapter

1

1What is risk?

Riskinbusinessisthechancethatfutureeventsorresultsmaynotbeasexpected.

Riskisoftenthoughtofaspurelybad(pureor'downside'risk),butitmustbeconsideredthatriskcanalsobegoodtheresultsmaybebetterthanexpectedaswellasworse(speculativeor'upside'risk).

Businessesmustbeabletoidentifytheprincipalsourcesofriskiftheyaretobeabletoassessandmeasuretherisksthattheorganisationfaces.

Risksfacinganorganisationarethosethataffecttheachievementofitsoverallobjectives,whichshouldbereflectedinitsstrategicaims.Riskshouldbemanagedandthereshouldbestrategiesfordealingwithrisk.

Risk

22

Risk and uncertainty

Why incur risk ?

Itisgenerallythecasethatfirmsmustbewillingtotakehigherrisksiftheywanttoachievehigherreturns:

Forsomerisksthereisamarketrateofreturne.g.quotedequitywhereashareholderinvestsinacompanywiththeexpectationofacertainlevelofdividendandcapitalgrowth.However,forotherriskstheremaynotbeamarketrateofreturne.g.technologyriskwhereacompanyinvestsinnewsoftwareinthehopethatitwillmaketheirinvoiceprocessingmoreefficient.Theimportantdistinctionhereisthatthemarketcompensatesfortheformertypeofrisk,butmightnotforthelatter.

Togeneratehigherreturnsabusinessmayhavetotakemoreriskinordertobecompetitive.

Conversely,notacceptingrisktendstomakeabusinesslessdynamic,andimpliesafollowtheleaderstrategy.

Incurringriskalsoimpliesthatthereturnsfromdifferentactivitieswillbehigherbenefitbeingthereturnforacceptingrisk.

Benefitscanbefinancialdecreasedcosts,orintangiblebetterqualityinformation.

Inbothcases,thesewillleadtothebusinessbeingabletogaincompetitiveadvantage.

chapter 1

3

Benefits of taking risks

2CIMA's risk management cycle

Riskmanagementshouldbeaproactiveprocessthatisanintegralpartofstrategicmanagement.

ThisperspectiveissummarisedinCIMAs risk management cycle,illustratedbelow:

Source:CharteredInstituteofManagementAccountants(2002),RiskManagement:AGuidetoGoodPractice,CIMA.

Theriskmanagementcycleisaveryimportanttoolforyourexam.

Risk

4

CIMAsRiskManagementCycleidentifiesvariousactivitiesthatshouldbeundertakenduringriskmanagement.

Whichofthefollowingoptionsshowsthestepsinthecorrectorder?

A IdentifyriskareasDevelopriskresponsestrategyAllocateresponsibilitiesEstablishriskmanagementgroup.

B EstablishriskmanagementgroupIdentifyriskareasAllocateresponsibilitiesDevelopriskresponsestrategy.

C AllocateresponsibilitiesIdentifyriskareasDevelopriskresponsestrategyEstablishriskmanagementgroup.

D EstablishriskmanagementgroupIdentifyriskareasDevelopriskresponsestrategyAllocateresponsibilities.

3Types and sources of risk for business organisations Identifying and categorising risks

Manyorganisationscategoriserisksintodifferenttypesofrisk.Theuseofriskcategoriescanhelpwiththeprocessofriskidentificationandassessment.

Thereisnosinglesystemofriskcategories.Theriskcategoriesusedbycompaniesandotherorganisationsdifferaccordingtocircumstances.Someofthemorecommonlyusedriskcategoriesaredescribedonthefollowingpage.

chapter 1

5

Test your understanding 1

Political, legal and regulatory

Thesearetherisksthatbusinessesfacebecauseoftheregulatoryregimethattheyoperatein.Somebusinessesmaybesubjecttoverystrictregulations,forexamplecompaniesthatcouldcausepollution,butevencompaniesthatdonotappeartobeinahighlyregulatedindustryhavesomeregulatoryrisk.Forexample,allcompaniesaresubjecttotheriskofemploymentlegislationchangingorcustomersbringinglitigation.

Thisriskcanbebrokenupintodifferenttypes:

Political risk Riskduetopoliticalinstability.Generallyconsideredtobeexternaltothebusiness.

Legal/litigation risk

Riskthatlitigationwillbebroughtagainstthebusiness.

Regulatory risk Riskofchangesinregulationaffectingthebusiness.

Compliance risk Riskofnoncompliancewiththelawresultinginfines/penalties,etc.

Risk

6

More on political, legal and regulatory risks

Business risk

Businessriskistheriskbusinessesfaceduetothenatureoftheiroperationsandproducts.Somebusinessesforinstancearereliantonasingleproductorsmallrangeofproducts,ortheycouldbereliantonasmallkeygroupofstaff.Theriskscanbeconsideredindifferentcategories:

Strategic risk Riskthatbusinessstrategies(e.g.acquisitions/productlaunches)willfail.

Product risk Riskoffailureofnewproductlaunches/lossofinterestinexistingproducts.

Commodity price risk Riskofariseincommodityprices(e.g.oil).

Product reputation risk

Riskofchangeinproductsreputationorimage.

Operational risk Riskthatbusinessoperationsmaybeinefficientorbusinessprocessesmayfail.

Contractual inadequacy risk

Riskthatthetermsofacontractdonotfullycoverabusinessagainstallpotentialoutcomes.

Fraud and employee malfeasance

Consideredseparatelylater.

Economic risk

Thisistheriskthatchangesintheeconomymightaffectthebusiness.Thosechangescouldbeinflation,unemploymentrates,internationaltraderelationsorfiscalpolicydecisionsbygovernment.Again,thisriskisconsideredtobeexternaltothebusiness.

Financial risk

Financialriskisamajorriskthataffectsbusinessesandthisriskisstudiedinmuchmoredepthinlaterchaptersofthistext.

Financialriskistheriskofachangeinafinancialconditionsuchasanexchangerate,interestrate,creditratingofacustomer,orpriceofagood.

chapter 1

7

The 'credit crunch'

More on business risks

Themaintypesoffinancialriskare:

Credit risk Riskofnonpaymentbycustomers.

Political risk Riskarisingfromactionstakenbyagovernmentthataffectfinancialaspectsofthebusiness.

Currency risk

Riskoffluctuationsintheexchangerate.

Interest rate risk

Riskthatinterestrateschange.

Gearing risk Riskinthewayabusinessisfinanced(debtvs.equity)(sometimesthisisconsideredpartofinterestraterisk).

Technology risk

Technologyriskistheriskthattechnologychangeswilloccurthateitherpresentnewopportunitiestobusinesses,oronthedownsidemaketheirexistingprocessesobsoleteorinefficient.

Environmental risk

Environmentalriskistheriskthatarisesfromchangesintheenvironmentsuchasclimatechangeornaturaldisasters. Somebusinessesmayperceivethisrisktobelow,butforothers,forexampleinsurancecompanies,itcanbemoresignificant. Insurancecompanieshavetotakeenvironmentalrisksintoaccountwhendecidingpolicypremiums,andunusualenvironmentalcircumstancescanseverelyaltertheresultsofinsurancebusinesses.

Risk

8

More on technology risk

The Japanese tsunami

More on environmental risk

More on financial risks

Fraud risk

Fraudrisk(atypeofoperationalbusinessrisk)isthevulnerabilityofanorganisationtofraud. Somebusinessesaremorevulnerablethanotherstofraudandasaresulthavetohavestrongercontrolsoverfraud. Fraudriskisariskthatisconsideredcontrollablebymostbusinesses.

Corporate reputation risk

Reputationriskisformanyorganisationsadownsideriskasthebetterthereputationofthebusinessthemoreriskthereisoflosingthatreputation.Agoodreputationcanbeveryquicklyerodedifcompaniessufferadversemediacommentsorareperceivedtobeuntrustworthy.

Thiscouldarisefrom:

environmentalperformance socialperformance health&safetyperformance.

DuringtheirworkonWorldcomandEnron,ArthurAnderson(charteredaccountantsandregisteredauditors)failedtoidentifyseriousirregularitiesinthesecompanies.Thisledtotheirdemise.Thiswasmainlydueto(pickONEanswer):

A Businessrisk

B Politicalrisk

C Environmentalrisk

D Reputationrisk

Employee malfeasance risk

Malfeasancemeansdoingwrongorcommittinganoffence.Organisationsmightbeexposedtorisksofactionsbyemployeesthatresultinanoffenceorcrime(otherthanfraud).This,likefraudrisk,isatypeofoperationalbusinessrisk.

chapter 1

9


More on corporate reputation risk

More on fraud risk

Risks in international operations

Internationalbusinessesaresubjecttoalltherisksabovebutalsohavetoconsiderextrariskfactors,whichcouldbeduetothefollowing:

Culture AUKbusinessmayfailinaventureoverseasbecauseitdoesnotadapttotheoverseasculture. Goodknowledgeoflocalculturecan,however,givecompaniesanadvantage.

Litigation Thereisagreaterdangeroflitigationriskinoverseasoperationsastheparentcompanymanagementmaynotunderstandthelegislationwellandthereforehavemoreriskofbreachingit.

Credit Thereisoftenagreaterdifficultyincontrollingcreditriskonoverseassales. Chasingdebtsismoredifficultandexpensive.

Items in transit

Thereisagreaterriskoflossesordamageintransitifcompaniesaretransportinggoodsgreatdistances

Financial risks

Theseincludeforeignexchangerisks,andwillbeconsideredinmoredetailinalaterchapter.

AcompanyhasperformedaSWOTanalysisandhasidentifiedtwomainthreats:

newlegislationcoveringoneoftheirproductsand thebankaskingfortheirloantoberepaidimmediatelysincethe

companyfailedtopaytheirmostrecentinstalmentaftertheinterestraterose.

Risk

10

More on risks in international operations

More on employee malfeasance


Whichcategoriesofriskaretheybestdescribedby?(Selectallthatapply.)

A Financialrisk

B Politicalrisk

C Reputationrisk

D Economicrisk

Whichofthefollowingwouldnormallybeclassifiedasanoperationalrisk?(Selectallthatapply.)

A Theriskthatanewproductwillfail

B Theriskofcompetitorscuttingcostsbymanufacturingoverseas

C Thelossofanexperiencedsupervisor

D Rawmaterialsbeingwastedduringtheproductionprocessduetountrainedstaff

Whichofthefollowingwouldnormallybeclassifiedasastrategicrisk?

A Humanerror

B Informationtechnologyfailure

C Fraud

D Stricterhealthandsafetylegislation

chapter 1

11



Riskidentificationandmanagementaretheresponsibilityof:(Selectallthatapply.)

A TheBoard

B Theriskmanager

C Internalaudit

D Nonexecutivedirectors

MineyplcisaglobalcompanyincorporatedinAmerica,extractingvaluablemineralsfromtheearth.Miningisariskybusinesswithadeathtollaveraging100deathsperannumintheUSalone.Mineyhasrecentlyhadacoalminecollapsekillingtwomenandtrappingfourothersforthreedays.TheaccidentmadethenationalnewseachdayandMineyplc.becameahouseholdname.Mineyisfinancedpurelybyequityandhasalargecashbalanceandnodebt.IthascometotheattentionoftheBoardthatthefuturepriceofcoalisforecasttofall,asrenewableenergysourcesbecomesmorereliable.

WhichTHREEofthefollowingriskswouldyouidentifyasmostcriticalforMineytoassess?

A Financialrisk

B Projectrisk

C Reputationrisk

D Productionrisk

E Healthandsafetyrisk

F Commoditypricerisk

Introduction

TheZXCcompanymanufacturesaircraft.ThecompanyisbasedinEuropeandcurrentlyproducesarangeoffourdifferentaircraft.ZXCsaircraftarereliablewithlowmaintenancecosts,givingZXCagoodreputation,bothtoairlineswhopurchasefromZXCandtoairlinescustomerswhoflyintheaircraft.

Risk

12



Test your understanding 8 ZXC (Case Study)

The future of ZXC

ZXCiscurrentlydevelopingthenextgenerationofpassengeraircraft,withthesellingnameoftheZXLiner.NewdevelopmentsinZXLinerincludethefollowing:

ManycomponentsuppliersarebasedinEuropealthoughZXCdoesobtainabout25%ofthesubcontractedcomponentsfromcompaniesintheUSA.ZXCalsomaintainsasignificantR&DdepartmentworkingontheZXLinerandothernewproductssuchasalternativeenvironmentallyfriendlyfuelforaircraft.

AlthoughtheZXLinerisyettoflyorbegrantedairworthinesscertificates,ZXCdoeshaveordersfor25aircraftfromtheHTScompany.However,oncurrenttestingschedulestheZXLinerwillbedeliveredlate.

Finance

ZXCcurrentlyhasabout4billionofloansfromvariousbanksandlastyearmadealossof2.3billion.

Required:

WriteareporttothedirectorsofZXCidentifyingthesourcesofriskthatcouldaffectZXC,andevaluatingtheimpactoftheriskonthecompany.

(30 minutes)

Twodecksalongtheentireaircraft(notjustpartasintheBoeing747series)enablingfasterloadingandunloadingofpassengersfrombothdecksatthesametime.However,thiswillmeanthatairportgatesmustbeimprovedtofacilitatedualloadingatconsiderableexpense.

20%decreaseinfuelrequirementsandfallsinnoiseandpollutionlevels.

Useofnewalloystodecreasemaintenancecosts,increasesafetyandspecificallytheuseofZitnim(anewlightweightconductingalloy)ratherthanstandardwiringtoenabletheflybywirefeaturesoftheaircraft.Zitnimonlyhasonesupplierworldwide.

chapter 1

13

Eisanelectricitycompanythathasalargenumberofcustomers.Allcustomershomeshaveelectricitymetersthathavemechanicaldialsthatturntorecordtheconsumptionofelectricity.Mosthomeshavetheirmetersindoors.CustomershavetoprovideEwithregularreadingsfromtheirmetersinordertoensurethattheyarebilledproperlyfortheirelectricityconsumption.CustomerscanlogintotheiraccountsonlinetoinputtheirreadingsortheycantelephoneEscallcentretogiveanoperatorareading.

Ehasapolicythatcustomersmustallowaninspectortoreadtheirelectricitymetersatleastonceperyear.Thisinspectionhastwopurposes.Thefirstistoensurethatthecustomerhasnotbeenconsistentlyunderstatingthefiguresinordertounderpayfortheirelectricityandthesecondistoensurethatthemeterhasnotbeentamperedwithinordertoreducethereadingsaccordingtothedials.Themetersaredesignedsothattheyaredifficulttodismantlewithoutcausingobviousdamageandtheyalsohaveasealthatismadeoutofsoftmetalthatwillbebrokenifthemeteriseveropened.

Esinspectorsgenerallyvisitallthehomeswithinaparticularareainthecourseofanevening.Mostcustomersareathomethenandsothatisanefficientwaytoconducttheannualchecks.Ifacustomerisnotathomethentheinspectorleavesacardtorequestanopportunitytoinspectthemeter.IfthecustomerdoesnotrespondtothecardwithinsevendaysEwillsenduptofourweeklyreminders.AlmostallcustomerscomplywiththeserequestsbutaverysmallminoritydonotrespondandEcanapplytothecourtsfortherighttoforceentrywhenthathappens.

Eisconsideringthereplacementofitselectricitymeterswithnew"smartmeters"whichwillbelocatedincustomershomes.Thesewillrecordconsumptionelectronicallyratherthanmechanically.Theinformationwillbestoredonthemeter.ThesamewiresthatcarryelectricitycanbeusedtotransmitdatatoandfromthemetersandEsITsystemwillsendcodedmessagestometerstorequestreadingsasandwhenrequired.Itisenvisagedthattheseelectronicreadingswillnormallybeonceeverythreemonths,butthereisverylittletopreventEfromreadingsomemetersfarmoreoften.

Eachmeterwillbefittedwithachipthatwilltransmitawarningifitistamperedwitheitherphysicallyorelectronically.Thememoryonthemetersisnotaffectedbypowercutsandthemeterscanrestartthemselveswithoutlosinganydataifapowercutoccurs.

Risk

14

Test your understanding 9 Smart meters (Case study)

Required:

WriteareporttotheBoardofEwhich:

(15 minutes)

(30 minutes)

(a) DiscussesthepotentialbenefitsforEthatmaycomeaboutfromtheintroductionofsmartmetersand

(b) EvaluatesFOURrisksthatmightarisefromtheintroductionofsmartmeters.Suggesthoweachriskmightbedealtwith.

Examquestionsmayaskcandidatestoaddressnovelsituationsthatareoutsidetheirexperience.Inadditiontoreadingthetext,candidatesshouldrefertothebusinesspressonaregularbasis.

chapter 1

15

4Chapter summary

Risk

16

Test your understanding answers

ThecorrectanswerisDPerCIMAsriskmanagementcycle,ariskmanagementgroupshouldbeformed,risksidentified,understandtheirscale,developastrategy,implementandallocateresponsibility,controlandreview.

ThecorrectanswerisDArthurAndersonconsequentlylosttheirreputationasbeingthenumberoneaccountancyfirmintheworldandconsequentlymanyoftheircustomers.

ThecorrectanswersareAandBNewlegislationiscoveredwithinpoliticalrisk.Therepaymentoftheloaniscoveredwithinfinancialrisk.

ThecorrectanswersareCandDAandBarestrategiclevelrisks.

ThecorrectanswerisDA,BandCareoperationalrisks.

ThecorrectanswersareA,B,CandDAllstaffinanorganisationareresponsibleforrisk.

chapter 1

17







C, E and F

A Financialrisklowriskduetolackofdebtfinance

B Projectrisklargeoneoffprojectsarenotamajoraspectofthecompany'sbusinessmodel

C Reputationriskhighduetoaccident

D Productionriskdespitetheaccidents,thereisnotahighriskofproductionshortages

E Healthandsafetyriskhighduetoaccidentandpotentialforinjuryintheindustry

F Commoditypriceriskhighduetothreatfromrenewablesources

To:ThedirectorsofZXC

From:A.N.Accountant

Date:Today

Subject:SourcesandevaluationofriskatZXC

ThisreportcoverstheidentificationofriskatZXCandevaluateseachriskinturn.Recommendationsforriskreductionarenotgivenatthistime.

Product/market risk

Thisistheriskthatcustomerswillnotbuynewproducts(orservices)providedbytheorganisation,orthatthesalesdemandforcurrentproductsandserviceswilldeclineunexpectedly.

ForZXC,thereistheriskthatdemandforthenewaircraftwillbelessthanexpected,eitherduetocustomerspurchasingtherivalairplaneorbecauseairportswillnotbeadaptedtotakethenewZXLiner.

Risk

18

Test your understanding 8 ZXC (Case Study)


Commodity price risk

Businessesmightbeexposedtorisksfromunexpectedincreases(orfalls)inthepriceofakeycommodity.

PartofthecontrolsystemsoftheZXLinerrelyontheavailabilityofthenewlightweightconductingalloyZitnim.Asthereisonlyonesupplierofthisalloy,thenthereisthedangerofthemonopolistincreasingthepriceorevendenyingsupply.Increaseinpricewouldincreasetheoverallcostofthe(alreadyexpensive)ZXLiner,whiledenialofsupplywouldfurtherdelaydeliveryoftheaircraft.

Product reputation risk

Somecompaniesrelyheavilyonbrandimageandproductreputation,andanadverseeventcouldputitsreputation(andsofuturesales)atrisk.

WhilethereputationofZXCappearsgoodatpresent,reputationwillsufferiftheZXLinerisdelayedsignificantlyoritdoesnotperformwellintestflights(whichhavestilltobearranged).Airlinecustomers,andalsotheircustomers(travellers)areunlikelytofeelcomfortableflyinginanaircraftthatisinherentlyunstable.

Currency risk

Currencyrisk,orforeignexchangerisk,arisesfromthepossibilityofmovementsinforeignexchangerates,andthevalueofonecurrencyinrelationtoanother.

ZXCiscurrentlybasedinEuropealthoughitobtainsasignificantnumberofpartsfromtheUSA.Ifthe/$exchangeratebecameworse,thenthecostofimportedgoodsforZXC(andallothercompanies)wouldincrease.Atpresent,therelativelyweakUS$isinZXCsfavourandsothisriskiscurrentlynegligible.

Interest rate risk

Interestrateriskistheriskofunexpectedgainsorlossesarisingasaconsequenceofariseorfallininterestrates.Exposurestointerestrateriskarisefromborrowingandinvesting.

AsZXCdohavesignificantbankloans,thenthecompanyisveryexposedtothisrisk.

chapter 1

19

Gearing risk

Gearingriskfornonbankcompaniesistheriskarisingfromexposurestohighfinancialgearingandlargeamountsofborrowing.

Again,ZXChassignificantamountsofbankloans.Thisincreasestheamountofinterestthatmustberepaideachyear.

Political risk

Politicalriskdependstoalargeextentonthepoliticalstabilityinthecountriesinwhichanorganisationoperates,thepoliticalinstitutionswithinthatcountryandthegovernment'sattitudetowardsprotectionism.

AsZXCoperatesinapoliticallystablecountrythisriskisnegligible.

Legal risk or litigation risk

Theriskarisesfromthepossibilityoflegalactionbeingtakenagainstanorganisation.

AtpresentthisriskdoesnotappeartobeathreatforZXC.However,iftheZXLinerisdelayedanyfurtherthereisariskforbreachofcontractforlatedeliverytotheHTScompany.

Regulatory risk

Thisisthepossibilitythatregulationswillaffectthewayanorganisationhastooperate.

Intermsofaircraft,regulationgenerallyaffectsnoiseandpollutionlevels.AstheZXLinerisdesignedtohavelowernoiseandpollutionlevelsthanexistingaircraftthenthisriskdoesnotappeartobeathreattoZXC.

Technology risk

Technologyriskarisesfromthepossibilitythattechnologicalchangewilloccurorthatnewtechnologywillnotwork.

GiventhatZXCiseffectivelyproducinganewproduct(theZXLiner)thathasnotactuallybeentestedyet,thereissometechnologyrisk.Atworse,theZXLinermaynotflyatallornotobtainthenecessaryflyingcertificates.

Risk

20

Economic risk

Thisriskreferstotherisksfacingorganisationsfromchangesineconomicconditions,suchaseconomicgrowthorrecession,governmentspendingpolicyandtaxationpolicy,unemploymentlevelsandinternationaltradingconditions.

Demandforairtravelisforecasttoincreasefortheforeseeablefuture,sointhatsensethereisademandforaircraftwhichZXCwillbenefitfrom.Theriskofproductfailureismoresignificantthaneconomicrisk.

Environmental risk

Thisriskarisesfromchangestotheenvironmentoverwhichanorganisationhasnodirectcontrol,suchasglobalwarming,tothoseforwhichtheorganisationmightberesponsible,suchasoilspillagesandotherpollution.

ZXCissubjecttothisriskandthereissignificantdebateconcerningtheimpactofairtravelonglobalwarming.Attheextreme,thereisathreatthatairtravelcouldbebanned,ormadeveryexpensivebyinternationaltaxationagreements,althoughthisappearsunlikelyatpresent.

Conclusion

ZXCwillsufferfrommanyriskswhichwillimpactonthecompany.Thelikelihoodandimpactofeachvaries,byriskandovertime.ZXCshouldimplementreductionstrategieswherepossible.

chapter 1

21

To:TheBoardofE

From:A.N.Accountant

Date:Today

Subject:Smartmetersandrisk

Introduction

ThisreportdiscussesthebenefitsofintroducingSmartMetersatE,andthenevaluatesfourrisksarisingfromthisaction.Recommendationsarethenmadetoreducetherisksidentified.

Smartmeterswillofferthepotentialtodramaticallyreduceoperatingexpenses.Ewillnotrequiremeterinspectorstovisitcustomershomes.Therewillbefarfewertransactionsinvolvingcallcentrestaffandsonumberscanbereducedtheretoo.

Thenewmetersmayreducecustomerfraudandsoenhancerevenues.Thefactthattheyareelectronicandnotmechanicalwillmakeitfarhardertotamperwithreadings.

Ewillbeabletogatheragreatdealofinformationaboutindividualcustomers.Atpresent,Ecantellhowmuchelectricityisbeingdrawnfromthegrid,butitcannotidentifythespecificcustomerswhoareusingit.Thenewmeterswillmakeitpossibletoidentifycustomerswhosedemandchangesinresponseto,say,amajorsportingevent.ThatmaymakeiteasierforEtopredictdemandinadvanceofsucheventsandsoplanmoreeasily.

Emayalsobeabletogathervaluablemarketinginformation.Forexample,somecustomerswillhavelargerincreasesinconsumptionwhentheweatheriscold.Ecouldtargetsuchcustomerswithoffersofalternativepricingplansordiscountsonhomeinsulation.

(a) The introduction of Smart Meters

Risk

22

Test your understanding 9 Smart meters (Case study)

Customer fraud

IfcustomerslearnhowtointerferewiththemetersthenEmaylosesignificantamountsofrevenue.Thenewmetersmaybemoredifficulttomanipulate,buthistorysuggeststhatelectronicsafeguardscanbedefeated.Forexample,mobilephonescanbeunlockedanddvdscanbepirateddespitesafeguards.

Ecouldcomparepatternsofenergyconsumptionwithinneighbourhoodsandcouldidentifycustomerswhosereadingsseemlow.Thosecustomersmeterscouldbeinspectedforanymodification.Eshouldpubliciseanycriminalprosecutionsasadeterrenttoothercustomers.

Installation

Theinstallationofthesenewmeterswillbeasignificantundertaking.Ewillhavetoarrangeaccesstoeverycustomershomeinordertofitthenewmeters.Thelogisticsofthiswillbecomplicatedbecauseofcustomersworkpatternsandavailabilitybecauseofworkandsoon.Theoldsystemwillhavetooperateinparallelwiththenewwhilethisworkisbeingundertakenandsostaffwillbestretched.

Emayofferdiscountsorrebatestocustomerswhoofferaccessatconvenienttimes.Thediscountsshouldbeselffinancingiftheyarefundedoutofthecostsavingsofmanagingacustomersaccountoncethesmartmeterhasbeeninstalled.

IT issues

ItwillbedifficultforEtofullytestthissystembeforeinstallation.Therewillbelargenumbersofsmartmetersinthesystemandtheywillbecommunicatingoverlongdistances.Therecouldbeunforeseenproblemswithdatabeingcorruptedorlost.Ifthathappensthentheoriginalmeterswillhavebeenremovedandtherewillbenoeffectivewaytoputthesystemback.

ItwouldbeidealifEcouldselectasystemthathasalreadybeenusedsuccessfullybyanotherelectricitycompany.Itwouldbepreferabletoapplyaprovensystemeveniftherearemoreuptodateversionsofthetechnologythatmightofferenhancements.

(b) Risks

chapter 1

23

Financial cost

Therewillhavetobeasignificantinvestmentinthisnewsystemandtheanticipatedbenefitsmaynotberealised.TheshareholdersandotherstakeholdersmaybeconcernedthatEistakingarecklessriskbymakingasubstantialinvestmentinanewtechnology.Anadverseoutcomecouldmeanlowerprofitsorhigherpricesforconsumers.

Ecouldpossiblytransfersomeoftheriskbypayingathirdpartytodesignandimplementthenewsystem.Thecontractcouldspecifypenaltiesforanyshortcomingsintheoperationofthenewsystem.

Conclusions

EwouldappeartobenefitfromtheintroductionofSmartMeters.However,severalrisksmayarisewiththeirintroduction.Theseriskscanbereduced,inpart,bythemeasuressuggestedinthisreport.

Risk

24

RiskmanagementChapter learning objectives

Lead Component

A1.Evaluatethetypesofriskfacinganorganisationandrecommendappropriateresponses.

(b) Evaluatetheorganisation'sabilitytobearidentifiedrisks.

(c) Recommendresponsestoidentifiedrisks.

A2.Evaluateseniormanagement'sresponsibilityfortheimplementationofriskmanagementstrategiesandinternalcontrols.

(a) Recommendtechniquesthatwillenabletheboardtodischargeitsresponsibilitieswithrespecttomanagingrisks

(b) Advisetheboardonitsresponsibiltiesforreportingriskstoshareholdersandotherstakeholders.

D1.Evaluatefinancialrisksfacinganorganisation.

(a) Evaluatefinancialrisksfacinganorganisation.

D2.Evaluatealternativeriskmanagementtools.

(a) Adviseontheeffectsofeconomicfactorsthataffectfuturecashflowsfrominternationaloperations.

25

chapter

2

Indicative syllabus content

Quantificationofriskexposures(impactifanadverseeventoccurs)andtheirexpectedvalues,takingaccountoflikelihood.

Riskmaprespresentationofriskexposuresasabasisofreportingandanalysingrisks.

Enterpriseriskmanagementanditscomponents. RiskmitigationincludingTARAtransfer,avoid,reduce,accept. Grossandnetrisks. Assurancemappingandsimilartechniquesfordescribingrisks

andtheirassociatedresponses.

Riskregister. Riskreportsandstakeholderresponses. Quantificationofriskexposures,theirsensitivitiestochangesin

externalconditionsandtheirexpectedvalues.

Valueatrisk.

Risk management

2626

1Risk management

Risk managementisdefinedas:

theprocessofunderstandingandmanagingtherisksthattheorganisationisinevitablysubjecttoinattemptingtoachieveitscorporateobjectives

CIMAOfficialTerminology

Thetraditionalviewofriskmanagementhasbeenoneofprotectingtheorganisationfromlossthroughconformanceproceduresandhedgingtechniquesthisisaboutavoidingthedownsiderisk.

Thenewapproachtoriskmanagementisabouttakingadvantageoftheopportunitiestoincreaseoverallreturnswithinabusinessbenefitingfromtheupsiderisk.

Thefollowingdiagramshowshowriskmanagementcanreconcilethetwoperspectivesofconformanceandperformance(asdiscussedpreviouslyinchapter1).

chapter 2

27

Source:IFAC(1999)EnhancingShareholderWealthByBetterManagingRisk

IFAChighlightedtwoaspectsofriskmanagementwhichlinkriskaversionandriskseekingactivities.Theyare:

A Complianceandstrategy

B Conformanceandperformance

C Complianceandconformance

D Performanceandstrategy

Risk management

28

Enterprise Risk Management (ERM)

Risk management and shareholder value


TheCommitteeofSponsoringOrganisations(COSO)outlinedsixkeyprinciplesofEnterpriseRiskManagement(ERM).Identifywhichofthefollowingis/areincluded.(SelectALLcorrectanswers).

A Considerationofriskmanagementinthecontextofbusinessstrategy

B Thecreationofariskawareculture

C Considerationofanarrowrangeofrisks,mainlyfinancial

D RiskmanagementistheresponsibilityoftheRiskCommittee

E Acomprehensiveandholisticapproachtoriskmanagement

The exam

Theframeworksanddiagramsinthischapterareausefulstartingpointforanexamquestion,butallentitieshavetodealwithrisksinanappropriatemannerandsoguidancecannotbedefinitive.

2Risk management strategy Formulation of a risk strategy

Aframeworkforboardconsiderationofriskisshownbelow:

Formanybusinessesthespecificformulationofariskstrategyhasbeenarecentdevelopment.

Inthepastaformalstrategyformanagingriskswouldnotbemadebutratheritwouldbelefttoindividualmanagerstomakeassessmentsoftherisksthebusinessfacedandexercisejudgementonwhatwasareasonablelevelofrisk.

Thishasnowchanged:failuretoproperlyidentifyandcontrolriskshasbeenidentifiedasamajorcauseofbusinessfailure(takeBaringsBankasanexample).

chapter 2

29


Formulating a risk management strategy

Risk appetitecanbedefinedastheamountofriskanorganisationiswillingtoacceptinpursuitofvalue. Thismaybeexplicitinstrategies,policiesandprocedures,oritmaybeimplicit. Itisdeterminedby: risk capacity theamountofriskthattheorganisationcanbear,

and

risk attitudetheoverallapproachtorisk,intermsoftheboardbeingriskaverseorriskseeking.

Thewaythattheorganisationdocumentsanddeterminesthespecificpartsofitsriskstrategywillhavetolinktothebusinessstrategyandobjectives.

Overalltheriskmanagementstrategyisconcernedwithtryingtoachievetherequiredbusinessobjectiveswiththelowestpossiblechanceoffailure. Thetougherthebusinessobjectives,however,themoreriskswillhavetobetakentoachievethem.

Residual riskistheriskabusinessfacesafteritscontrolshavebeenconsidered(seelaterinthischapterformoredetails).

Theamountofriskanorganisationiswillingtoacceptinthepursuitofvalueisknownastheir:

A Riskmap

B Riskappetite

C Riskculture

D Riskthermostat

Risk management

30


More on risk appetite

Features of a risk management strategy

InaCIMAandIFAC(InternationalFederationofAccountants)jointreportin2004 EnterpriseGovernancethefollowingkeyfeaturesofariskmanagementstrategywereidentified:

Statementoftheorganisationsattitudetoriskthebalancebetweenriskandtheneedtoachieveobjectives.

Theriskappetiteoftheorganisation. Theobjectivesoftheriskmanagementstrategy. Cultureoftheorganisationinrelationtorisk(andthebehaviourthe

organisationexpectsfromindividualswithregardtorisktaking).

Responsibilitiesofmanagersfortheapplicationofriskmanagementstrategy.

Referenceshouldbemadetotheriskmanagementsystemsthecompanyuses(i.e.itsinternalcontrolsystems).

Performancecriteriashouldbedefinedsothattheeffectivenessofriskmanagementcanbeevaluated.

3Identifying, measuring and assessing risks

Chapter2examinedthedifferenttypesofrisksfacedbyanorganisation.Itiskey,however,thatbusinessescanidentifytheriskstheyfaceandevaluatetheeffectoftherisksonthebusiness.Someriskswillberelativelyeasilybornebybusinesses,butotherswillbemoredifficultandmoreseriousintheirimplications.

Risk identification

Theriskidentificationprocesswilloftenbecontrolledbyarisk committeeorriskmanagementspecialists(seelaterinthischapter).

Therisksidentifiedintheprocessshouldberecordedinarisk register,whichissimplyalistoftherisksthathavebeenidentified,andthemeasures(ifany)thathavebeentakentocontroleachofthem.

Thereareavarietyofmethodsthatcanbeusedbybusinessestoidentifytherisksthattheyface:

chapter 2

31

An alternative risk management process

Theriskregisterisaveryimportantandpracticalriskmanagementtoolthatallcompaniesshouldhavethesedays.Ittakesseveraldays,ifnotweeks,toproduce,andneedstobereviewedandupdatedregularlymainlyannually(inconjunctionwithcorporategovernanceguidelines).

Theriskregisterisoftenlaidoutintheformofatabulardocumentwithvariousheadings:

(1) Therisk title statingwhattheriskmightbe.

(2) Thelikelihoodoftheriskpossiblymeasurednumericallyifascalehasbeensete.g.1isunlikely,5ishighlylikely.

(3) Theimpactoftheriskshoulditarise.Againthismightbegradedfrom,say,1(lowimpact)to5(highimpact).

(4) Therisk ownersnamewillbegivenusuallyamanagerordirector.

(5) Thedatetheriskwasidentifiedwillbedetailed.

(6) Thedatetheriskwaslastconsideredwillbegiven.

(7) Mitigation actionsshouldbelistedi.e.whatthecompanyhasdonesofartoreducetherisk.Thismightincludetraining,insurance,furthercontrolsaddedtothesystem,etc.

Risk management

32

The risk register

Forexample,usingthestepsdetailedabove,onerowofatabulatedriskregistermightshow:

(8) Anoverall risk ratingmightbegivene.g.110,sothatmanagementcanimmediatelyseewhichrisksaretheonestheyshouldbeconcentratingon.

(9) Further actionstobetakeninthefuturewillbelisted(ifany).

(10)The'action lead'namewillbedetailedi.e.whoisresponsibleformakingsurethatthesefutureactionsareimplemented.

(11)Adue datewillbestatedbywhentheactionhastobeimplemented.

(12)Arisk level targetmightbegiveni.e.ascorelowerthanthatgiveninstep8above.Thismightmeanthatbyimplementingacontrol,theriskratingisexpectedtolowerfrom,say,8to,say2(thetargetrisklevel).

(1) Lossofpersonaldatai.e.unsecureuseofmobiledevicescouldresultinpersonalidentifiableinformationbeinglost,stolenorunauthorisedaccessgained.

(2) Likelihood=3

(3) Impact=5

(4) Riskowner=MikeSmith(ITmanager)

(5) 1.1.12

(6) 2.2.14

(7) Staffreceivetrainingevery2yearswhichhighlightstherisks.Alllaptopsareencrypted.Regularauditsareundertaken.AnyincidentsarereportedtotheAuditCommittee.

(8) Overallriskrating=7

(9) Encryptiontechnologytobeimplementedwhichmeetsindustrystandard.

(10)MikeSmith

(11)31.7.14

(12)Riskleveltarget=3

chapter 2

33

Riskregisterswouldnormallydetailwhichofthefollowing:(Selectallthatapply.)

A Risklevelbeforecontrolsareimplemented

B Risklevelaftercontrolsareimplemented

C Responsibilityformanagingrisks

D Thetotalcostofacontrolbeingimplemented

Quantification of risk exposures

Quantificationofriskisimportantinunderstanding theextentandsignificanceoftheexposure.Thiscanbedonebymeasuringtheimpactoftheriskfactor(suchasexchangerates)onthetotalvalueofthecompany,oronanyindividualitemsuchascashfloworcosts.

Somequantitativetechniquesinclude:

Risksthatareidentifiedshouldbemeasuredandassessed.Theextenttowhichthiscanbedonedependsontheinformationavailabletotheriskmanager.

Insomecompanies,particularlyinthebankingandinsuranceindustries,manyriskscanbemeasuredstatistically,onthebasisofhistoricalinformation.

Inmanyothersituations,themeasurementandassessmentofriskdependsonmanagementjudgement.

expectedvaluesandstandarddeviation volatility valueatrisk(VaR) regressionanalysis simulationanalysis

Risk management

34

More on risk identification


Expected values and standard deviation

Expectedvalue=probX

whereprob=probability,X=outcome

Someriskscanbemeasuredbytheuseofexpectedvalues.

Thestandarddeviationisameasureofthedispersionofthepossiblevaluesofagivenfactor,suchascashflow,fromtheexpectedvalueormean. Thusthestandarddeviationprovidesameasureofvolatilitythegreaterthestandarddeviation,thegreatertheriskinvolved.

Volatility

Anotherwayofassessingriskmightbelookingatpotentialvolatility.Forexample,acompanymightcalculateanexpectedvaluebasedonarangeofprobabilitiesbutalsoassessthepotentialvariationfromthatexpectedoutcome(rangeorstandarddeviation).

Thefollowingaretheforecastpurchasesofrawmaterialsinafuturemonth:

Calculatetheupsideanddownsidevolatilityfromexpectedpurchases.

200,000 30%probability250,000 50%probability300,000 20%probability

Value at risk

VaRisbasedontheassumptionthatinvestorscaremainlyabouttheprobabilityofalargeloss.TheVaRofaportfolioisthemaximumlossonaportfoliooccurringwithinagivenperiodoftimewithagivenprobability(usuallysmall).

CalculatingVaRinvolvesusingthreecomponents:atimeperiod,aconfidencelevelandalossamountorpercentageloss.

chapter 2

35

Expected value of risk

Test your understanding 5 Volatility (Integration)

Statisticalmethodsareusedtocalculateastandarddeviationforthepossiblevariationsinthevalueofthetotalportfolioofassetsoveraspecificperiodoftime.

Makinganassumptionthatpossiblevariationsintotalmarketvalueoftheportfolioarenormallydistributed,itisthenpossibletopredictatagivenlevelofprobabilitythemaximumlossthatthebankmightsufferonitsportfoliointhetimeperiod.

Abankcantrytocontroltheriskinitsassetportfoliobysettingtargetmaximumlimitsforvalueatriskoverdifferenttimeperiods(oneday,oneweek,onemonth,threemonths,andsoon).

VaRmaybecalculatedasstandarddeviationZscore(wheretheZscorecanbefoundfromthenormaldistributiontables).

SupposeaUKcompanyexpectstoreceive$14millionfromaUScustomer.ThevalueinpoundstotheUKcompanywilldependontheexchangeratebetweenthedollarandpoundsresultingingainsorlossesastheexchangeratechanges.Assumethattheexchangeratetodayis$1.75/andthatthedailyvolatilityofthepound/dollarexchangerateis0.5%.

Calculatethe

Thevalueofthe$14milliontodayis8million($14million$1.75/)withadailystandarddeviationof40,000(0.5%8million).

(a) 1day95%VaR

(b) 1day99%VaR.

(a) Thestandardnormalvalue(Z)associatedwiththeonetail95%confidencelevelis1.645(seeNormalDistributiontables).Hence,the1day95%VaRis1.64540,000=65,800.Thismeansthatweare95%confidentthatthemaximumdailylosswillnotexceed65,800.Alternatively,wecouldalsosaythatthereisa5%(1outof20)chancethatthelosswouldexceed65,800.

(b) Thestandardnormalvalue(Z)associatedwiththeonetail99%confidencelevelis2.33(seeNormalDistributiontables).Hence,the1day99%VaRis2.3340,000= 93,200.Thus,thereisa1%(1outof100)chancethatthelosswouldexceed93,200.

Risk management

36

Example of VaR

Giventhe1dayVaR,wecaneasilycalculatetheVaRforlongerholdingperiodsas:

ndayVar=1dayVarnThus,wecancalculatethe5day95%VaRas:

5day95%VaR=1day95%VaR5=65,800x 2.236=147,133Thereisa5%chancethatthecompanysforeignexchangelosswouldexceed147,133overthenext5days.

Similarly,the30day99%VaRwouldbe:

1day99%VaR30=93,2005.477=510,477

Noticethatforagivenconfidencelevel,theVaRincreaseswiththeholdingperiod.Thus,thelongertheholdingperiod,thegreatertheVaR.

Abankhasestimatedthattheexpectedvalueofitsportfoliointwoweekstimewillbe$50million,withastandarddeviationof$4.85million.

Required:

Calculateandcommentuponthevalueatriskoftheportfolio,assuminga95%confidencelevel.

Regression analysis

Thiscanbeusedtomeasureacompanysexposuretovariousriskfactorsatthesametime. Thisisdonebyregressingchangesinthecompanyscashflowsagainsttheriskfactors(changesininterestrates,exchangerates,pricesofkeycommoditiessuchasoil).Theregressioncoefficientswillindicatethesensitivitiesofthecompanyscashflowtotheseriskfactors.

Thedrawbackwiththistechniqueisthattheanalysisisbasedonhistoricalfactorswhichmaynolongerbepredictorsofthecompanyinthefuture.

chapter 2

37

Test your understanding 6 Value at risk (Integration)

More on value at risk (VaR)

Simulation analysis

Thisisusedtoevaluatethesensitivityofthevalueofthecompany,oritscashflows,toavarietyofriskfactors. Theseriskfactorswillbegivenvarioussimulatedvaluesbasedonprobabilitydistributions,andtheprocedureisrepeatedanumberoftimestoobtaintherangeofresultsthatcanbeachieved.

Themeanandstandarddeviationarethencalculatedfromtheseresultstogiveanexpectedvalueandmeasureoftherisk.

Thistechniquecanbecomplexandtimeconsumingtocarryout,andislimitedbytheassumptionsoftheprobabilitydistributions.

Othermethodsofmeasuringorassessingtheseverityofanidentifiedriskinclude:

Drawbacks of the quantification of risk

Onceariskhasbeenquantified,thereisaproblemwhetheranyonereallyknowswhatitmeans.Unlessyouareatraineeorqualifiedaccountant(orsimilar)thisisunlikely,hencerisksareoftenleftunquantified.

Risk or assurance mapping

Acommonqualitativewayofassessingthesignificanceofriskistoproducearisk maporsometimescalledan'assurance map'.

scenarioplanningforecastingvariousoutcomesofanevent decisiontreesuseofprobabilitytoestimateanoutcome sensitivityanalysisusedtoask'whatif?'questionstotestthe

robustnessofaplan.Alteringonevariableatatimeidentifiestheimpactofthatvariable.

TheBoard,theRiskCommittee,theAuditCommitteeandseniormanagementfromvariousdepartmentswillallbeinvolvedinthepreparationofthemap.

Themapidentifieswhetherariskwillhaveasignificantimpactontheorganisationandlinksthatintothelikelihoodoftheriskoccurring.

Theapproachcanprovideaframeworkforprioritisingrisksinthebusiness.

Riskswithasignificantimpactandahighlikelihoodofoccurrenceneedmoreurgentattentionthanriskswithalowimpactandlowlikelihoodofoccurrence.

Awellstructuredriskmapwillhighlightwheretherearegapsinassurancesoversignificantriskareas.

Risk management

38

Also,duplicatedorpotentiallyburdensomeassuranceprocessesmaybeidentified.

Riskscanbeplottedonadiagram,asshownbelow.

Suggestariskthatcouldbeincludedineachquadrantforarestaurant.

Thelossoflowerlevelstaffwouldbestfitwhichcategoryofariskmap?

A Lowlikelihoodlowconsequence

B Highlikelihoodlowconsequence

C Lowlikelihoodhighconsequence

D Highlikelihoodhighconsequence

chapter 2

39

More on risk mapping

Test your understanding 7 Restaurant (Integration)


Theaxesofariskmapinclude:(Selectallthatmayapply.)

A Likelihood

B Volatility

C Consequences

D Certainty

4Risk response strategy

Sofarwehaveconsideredthetypesofriskacompanycouldbeexposedtoandthewayitmaychoosetoassess,measureandbearthoserisks.Thenextareaistolookattheformulationofastrategytorespondtothoserisks,thegeneralmethodsthatcanbeusedtotreatrisksandtheimplementationofsuchstrategy.

Themanagementofrisksinvolvestryingtoensurethat:

Theestimateofthepotentiallossforeachriskshouldbecomparedwiththeacceptablerisklimitforthecompany.Iftheriskisgreaterthantheacceptablelimit,thenextstageinriskmanagementistoconsiderhowtheriskshouldbemanagedorcontrolled,tobringitdowninsize.

Exposuretosevererisksisminimised. Unnecessaryrisksareavoided. Appropriatemeasuresofcontrolaretaken. Thebalancebetweenriskandreturnisappropriate.

Risk treatment (management) methods

Assumingthatthebusinessdoeswanttomanageitsrisksinsomewayanumberofmethodscanbeused.Thesemethodswilllimittherisks,andtheoverallriskmanagementstrategymaydefinehowtheriskswillbemanagedandthewaythesemethodswillinteract.

Avoid risk

Acompanymaydecidethatsomeactivitiesaresoriskythattheyshouldbeavoided.

Thiswillalwaysworkbutisimpossibletoapplytoallrisksincommercialorganisationsasriskshavetobetakentomakeprofits.

Risk management

40


Transfer risk

Pool risks

Diversification

Insomecircumstances,riskcanbetransferredwhollyorinparttoathirdparty.

Acommonexampleofthisisinsurance.Itdoesreduce/eliminaterisksbutpremiumshavetobepaid.

Risksfrommanydifferenttransactionscanbepooledtogether:eachindividualtransaction/itemhasitspotentialupsideanditsdownside.Theriskstendtocanceleachotherout,andarelowerforthepoolasawholethanforeachitemindividually.

Forexample,itiscommoninlargegroupstructuresforfinancialrisktobemanagedcentrally.

Diversificationisasimilarconcepttopoolingbutusuallyrelatestodifferentindustriesorcountries.

Theideaisthattheriskinoneareacanbereducedbyinvestinginanotherareawheretherisksaredifferentorideallyopposite.

Acorrelationcoefficientwithavaluecloseto1isessentialifriskistobenullified.

Riskreductioncanbeachievedusingwhichofthefollowingtheories?

A Managementtheory

B Systemstheory

C Portfoliotheory

D Contingencytheory

Evaluatewhetheritisalwaysagoodbusinessstrategyforalistedcompanytodiversifytoreducerisk.

chapter 2

41

Test your understanding 11 Diversification (Integration)


Managing risk by diversification

Risk reduction

Hedging risks

Risk sharing

Evenifacompanycannottotallyeliminateitsrisks,itmayreducethemtoamoreacceptablelevelbyaformofinternalcontrol.

Theinternalcontrolwouldreduceeitherthelikelihoodofanadverseoutcomeoccurringorthesizeofapotentialloss.

Thecostsofthecontrolmeasuresshouldjustifythebenefitsfromthereducedrisk.

Morewillbeseenoninternalcontrolsinchapter5.

Hedgingwillbeconsideredindetailwhenfinancialriskisexaminedinlaterchapters.

Theconceptofhedgingisreducingrisksbyenteringintotransactionswithoppositeriskprofilestodeliberatelyreducetheoverallrisksinabusinessoperationortransaction.

Acompanycouldreduceriskinanewbusinessoperationbysharingtheriskwithanotherparty.

Thiscanbeamotivationforenteringintoajointventure.

Risk mapping and risk responses

Riskmapscanprovideausefulframeworktodetermineanappropriateriskresponse:

Risk management

42

Risk management using TARA

Thedeathof,orseriousinjuryto,amemberofstaffatworkwouldbestfitwhichcategoryonariskmap?

A Lowlikelihoodlowconsequence

B Highlikelihoodlowconsequence

C Lowlikelihoodhighconsequence

D Highlikelihoodhighconsequence

Ariskidentifiedashavingalowfrequencyandahighseverityshouldbemanagedby:

A Avoiding

B Accepting

C Transferring

D Reducing

chapter 2

43



5The risk cube

Anotherwayofconsideringriskanditsmanagementistousetheriskcube.

Riskequalsthevolumeofthecube.

Riskisseenassomecombinationofathreat,exploitingsomevulnerability,thatcouldcauseharmtoanasset.

Residualriskisthecombinedfunctionof:

Managingtheriskcanbeundertakenbyreducingthethreat,reducingthevulnerabilityand/orreducingtheassetvalue.

Forexample,imagineacompanysellsmachinepartsoncredittoindustrialcustomers.

Thethreatmightbethatthecustomerdoesn'tpayfortheirmachineparts.

Thevulnerabilitymightbethatthesellingcompanyhasalowcashbalanceandthereforecoulddowiththefundstopayitsownsuppliers.

Theassetisthereceivableduein.

Thethreatreducingsafeguardsmightincludeperformingacreditcheckonallcustomers.

athreatlesstheeffectofthreatreducingsafeguards avulnerabilitylesstheeffectofvulnerabilityreducingsafeguardsand anassetlesstheeffectofassetvaluereducingsafeguards.

Risk management

44

Thevulnerabilityreducingsafeguardsmightincludeholdingaminimumcashbalanceatalltimestoensuresufficientcashisavailabletopaysuppliers.

Theassetreducingsafeguardsmightincludesettingalimitoneachreceivablebalance,sothatonceitisreachednofurthergoodswouldbesuppliedtoacustomeruntilpaymentwasmade.

Youarethemanagementaccountantofalargeprivatecompany,Twinkletoes.Twinkletoesmanufacturesahighvolumeofreasonablypricedshoesforelderlypeople.Thecompanyhasatradereceivablesledgerthatismaterialtothefinancialstatementscontainingfourdifferentcategoriesofaccount.Thecategoriesofaccount,andtherisksassociatedwiththem,areasfollows:

Receivableslistedunder(ii)to(iv)areroughlyevenlysplitbybothvalueandnumber.Allreceivablesaredealtwithbythesamemanagersandstaffandthesameinternalcontrolsareappliedtoeachcategoryofreceivables.Youdonotconsiderthatusingthesamemanagersandstaff,andthesamecontrols,isnecessarilythebestmethodofmanagingthereceivablesledger.

Twinkletoeshassufferedanincreasinglevelofirrecoverabledebtsandslowpayersinrecentyears,mostlyasaresultofsmallshoeshopsbecominginsolvent.Thecompanyhasalsolostseveraloverseasaccountsbecauseofarequirementforthemtopayinadvance.Managementwishestoexpandtheoverseasmarketandhasdecidedthatoverseascustomerswillinfuturebeallowedcreditterms.

Managementhasaskedyoutoclassifytherisksassociatedwiththereceivablesledgerinordertomanagetradereceivablesasawholemoreefficiently.Youhavebeenaskedtoclassifyaccountsashigh,mediumorlowrisk.

(i) smallretailshoeshops.Theseaccountsrepresentnearlytwothirdsoftheaccountsontheledgerbynumber,andonethirdofthereceivablesbyvalue.Someofthesecustomerspaypromptly,othersareveryslow

(ii) largeretailshoeshops(includinganumberofoverseasaccounts)thatsellawiderangeofshoes.Someoftheseaccountsarelargeandoverdue

(iii) chainsofdiscountshoeshopsthatbuytheirinventorycentrally.Theseaccountsaremostlywellestablished`highstreet'chains.Again,someoftheseaccountsarelargeandoverdueand

(iv) mailordercompanieswhosellthecompany'sshoes.Therehavebeenanumberoflargenewaccountsinthiscategory,althoughthereisnohistoryofirrecoverabledebtsinthiscategory.

chapter 2

45

Test your understanding 14 Twinkletoes (Case study)

Required:

Write an email to the finance director:

(30 minutes)

(a) Classifying the risks relating to the four categories of trade receivables as high, medium or low and explain your classification. Note:Morethanoneriskclassificationmaybeappropriatewithineachaccountcategory.

(b) Describing the internal controls that you would recommend to Twinkletoes to manage the risks associated with the receivables ledger under the headings: all customers, slow paying customers, larger accounts, and overseas customers.

6Risk reporting

RiskreportsnowformpartofUKannualreports.Itisanimportantdisclosurerequirement.(Examplesoftheseareavailableonlargercompanieswebsites.Candidatesareencouragedtoreadsome.)

Managersofabusiness,andexternalstakeholders,willrequireinformationregardingtherisksfacingthebusiness. Ariskreportingsystemwouldinclude:

Asystematicreviewoftheriskforecast(atleastannually). Areviewoftheriskstrategyandresponsestosignificantrisks. Amonitoringandfeedbacklooponactiontakenandassessmentsof

significantrisks.

Asystemindicatingmaterialchangetobusinesscircumstances,toprovideanearlywarning.

Theincorporationofauditworkaspartofthemonitoringandinformationgatheringprocess.

Risk management

46

WithinMarksandSpencer'sannualreportfor2013thereisariskreportsection.Thishasbeenduplicatedinpartbelow.

Itstatestheirapproachtoriskmanagementandkeyareasoffocus:

What is our approach to risk management?

TheBoardhasoverallaccountabilityforensuringthatriskiseffectivelymanagedacrosstheGroupand,onbehalfoftheBoard,theAuditCommitteereviewstheeffectivenessoftheGroupRiskProcess.

Risksarereviewedbyallbusinessareasonahalfyearlybasisandmeasuredagainstadefinedsetoflikelihoodandimpactcriteria.Thisiscapturedinconsistentreportingformats,enablingGroupRisktoconsolidatetheriskinformationandsummarisethekeyrisksintheformoftheGroupRiskProfile.

OurExecutiveBoarddiscussestheGroupRiskProfileaheadofitbeingsubmittedtotheGroupBoardforfinalapproval.

Toensureourriskprocessdrivesimprovementacrossthebusiness,theExecutiveBoardmonitorstheongoingstatusandprogressofactionplansagainstkeyrisksonaquarterlybasis.

RiskremainsanimportantconsiderationinallstrategicdecisionmakingatBoardlevel,includingdebateonrisktoleranceandappetite.

Key areas of focus

Duringtheyearwehavefocusedonanumberofkeyareas:

Astimeprogresses,thenatureofsomeGrouprisksisevolving.ToensurewecontinuetoaddressthemostimportantrisksfacingtheGroupatthispointintimewehaveupdatedanumberofrisktitlesanddescriptions.NewtitlesareassignedtoGMproduct(2012:Ourcustomers)andFoodsafetyandintegrity(2012:Foodsafety).NewdescriptionsareinplaceforInternationalandOurpeople.

(1) Evolvingriskdescriptions

chapter 2

47

Marks and Spencer plc Risk report extract

WecontinuetoassesswhethersufficientadditionalmitigatingactivitiesareunderwaytoreducethenetriskpositionoftheGroupskeyrisks.Byconsideringnetriskonbothaoneyearandthreeyearhorizon,weareabletoidentifywhenmitigatingactivitieswillresultinatangibleriskreduction.Wealsocontinuetoreviewtheongoingappropriatenessofactionstoensuretheyareasrelevant,timelyandmeasurableaspossible.

RisktoleranceandappetiteareimportantconsiderationsinstrategicdecisionmakingatBoardlevel.Wealsorecognisethevalueinapplyingtheconceptofrisktoleranceindiscussionsacrossalllevelsoftheorganisation.Itisespeciallybeneficialwhendeterminingthenatureofmitigatingactivitiesandtheirroleinaddressingrisklikelihoodorimpact.

Our principle risks and uncertainties

Aswithanybusiness,wefacerisksanduncertaintiesonadailybasis.Itistheeffectivemanagementofthesethatplacesusinabetterpositiontobeabletoachieveourstrategicobjectivesandtoembraceopportunitiesastheyarise.

Toachieveaholisticviewoftherisksfacingourbusiness,bothnowandinthefuture,weconsiderthosethatare:

Overleafaredetailsofourprincipalrisksandthemitigatingactivitiesinplacetoaddressthem.ItisrecognisedthattheGroupisexposedtoanumberofrisks,widerthanthoselisted.

However,aconsciousefforthasbeenmadetodisclosethoseofgreatestimportancetothebusinessatthismomentintimeandthosethathavebeenthesubjectofdebateatrecentBoardorAuditCommitteemeetings.

(Twoofthemanyprinciplerisksandmitigatingactionsaredetailedbelow.)

(2) Actionplansforkeyrisks

(3) Influenceofrisktolerance

externaltoourbusiness coretoourdaytodayoperation relatedtobusinesschangeactivityand thosethatcouldemergeinthefuture.

Risk management

48

Economic outlook

Economicconditionsworsenordonotimprove,impactingourabilitytodelivertheplan

Asconsumersdisposableincomescomeunderpressurefrompriceinflationandgovernmentausteritymeasures,tradingconditionscontinuetoremainachallengeforourbusiness.

Mitigatingactivities:

Food safety and integrity

Afoodsafetyorintegrityrelatedincidentoccursorisnoteffectivelymanaged

Asaleadingretaileroffinequalityfreshfood,itisofparamountimportancethatwemanagethesafetyandintegrityofourproductsandsupplychain,especiallyinlightofthebusinessgreateroperationalcomplexityandtheheightenedriskoffraudulentbehaviourinthesupplychain.

Mitigatingactivities:

(Theriskreportcontinuesforseveralpagescoveringmanyotherrisks.)

TheGroupRiskProfilereflectsthemostimportantrisksfacingthebusinessatthispointintimetheserisksreceivespecificattentionbytheBoardtoensurethatsufficientmitigatingactivityisinplacetoreducenetrisktoanacceptablelevel.TheGroupRiskProfilewillevolveasthesemitigatingactivitiessucceedinreducingtheresidualriskovertime,ornewrisksemerge.Assuch,wehaveremovedanumberofrisksfromourGroupRiskProfilesincetheprioryear:

Proactivemanagementofcosts Regularreviewofcustomerfeedbackandmarketplacepositioning Continuedfocusonvaluepropositioninthecontextofabalanced

productoffer,includingmarketleadinginnovation

Ongoingmonitoringofpricingandpromotionalstrategies Regularcommercialreviewofproductperformance

Dedicatedteamresponsibleforensuringthatallproductsaresafeforconsumptionthroughrigorouscontrolsandprocesses

Continuousfocusonquality Proactivehorizonscanningincludingfocusonfraudandadulteration Establishedsupplieranddepotauditingprogramme

chapter 2

49

LastyearweincludedBusinesscontinuityontheGroupRiskProfileinresponsetotheheightenedlevelofriskdrivenbytheUKssummer2012events.Withtherisknowreturningtoanormallevelithasbeenremoved,recognisingthestrengthofourcontrolsinthisarea

Financialposition,Corporatereputation,Newstoreformat,KeysupplierfailureandITsecurityhavealsobeenremovedinrecognitionoftheactionstakentoreducethenetriskposition.

Theaboverisksremainimportantandtheycontinuetobemonitoredaspartofbusinessasusualactivitieshowever,weconsiderthattheydonotrepresentkeyriskstoourbusinessatthistimeandtheyhavethereforebeenremovedfromtheGroupRiskProfile.

Risk interconnectivity

Wecontinuetorecognisethesignificantinterdependencybetweenourkeyrisks,whichisinpartaproductofourheavilyinterconnectedbusinessenvironment(bothintermsofsystemsandprocesses).ThefollowingdiagramsarebasedonourcurrentGroupRiskProfile.Botharedesignedtohighlighthowchangestooneriskcouldimpactonthoseconnectedtoit,andthereforeontheprofileasawhole.WehaveincorporatedanumberofpotentialemergingriskswhichdonotfeatureonourGroupRiskProfileatthispointintime,butcouldinfluenceourbusinessinthelongerterm,illustratinghowemergingriskisconsideredbytheBoard.

7Gross and net risk

Riskreportsshouldshow:

tofacilitateareviewoftheeffectivenessofriskresponses.

Anexampleofgrossandnetriskassessments,utilisingtheriskmap(impact/likelihoodmatrix)isshownonthefollowingpage:

thegross risk=anassessmentofriskbeforetheapplicationofanycontrols,transferormanagementresponses, and

thenet risk(orresidual risk)=anassessmentofrisk,takingintoaccountthecontrols,transferandmanagementresponsesi.eafteranycontrolshavebeenimplemented,

Risk management

50

Iftheresidualriskisconsideredtobetoogreatthenthecompanywillneedto:

Theamountofresidualriskacompanycanbearisultimatelyamanagementdecision.

notexposeitselftotherisksituationor putinplacebettercontrolsovertherisk.

Itispossibletomeasurethatresidualrisk,possiblyasaproportionofprofit/capital/turnover,inordertohelpmanagementmakethatjudgement.

Usingtheearlierexampleoftheriskregisterwecanshowgrossandnet(orresidualrisk):

(1) Lossofpersonaldatai.e.unsecureuseofmobiledevicescouldresultinpersonalidentifiableinformationbeinglost,stolenorunauthorisedaccessgained.

(2) Likelihood=3

(3) Impact=5

(4) Riskowner=MikeSmith(ITmanager)

(5) 1.1.12

(6) 2.2.14

chapter 2

51

Gross and net risk example

Ability to bear risk

Byimplementingtheencryptiontechnologytheriskhasreducedfromascoreof7toascoreof3.Thismeansthatthereisstillsomeriskbutfarlessthantherewas.Managementwillhavetoconsiderwhetheralevel3riskisacceptableorwhetherfurthercontrolsneedtobeimplementedtoachievealowerscore,butatwhatcost.

(7) Staffreceivetrainingevery2yearswhichhighlightstherisks.Alllaptopsareencrypted.Regularauditsareundertaken.AnyincidentsarereportedtotheAuditCommittee.

(8) Overallriskrating=7(Gross risk)

(9) Encryptiontechnologyisimplementedwhichmeetsindustrystandard.

(10)MikeSmith

(11)31.7.14

(12)Risklevel=3(Net or residual risk)

TGDWareassessinganewcontracttoprovidemaintenanceservicesforaprestigiousofficecomplex.Shouldthecomplexbeunabletofunctionformorethan5hoursdueanerrororomissionbyTGDWtheywillfaceafineofsufficientmagnitudetocausethecompanyseverefinancialdifficulty.Thedirectorsassessedthegrossriskashighimpactandduetothecomplexityofthesystemsmaintainedthereishighprobabilityofanerroroccurring.TheclientisunwillingtoreducethepenaltyortochangethecriteriaandTGDWsinternalcontrolsarealreadyatahighlevel.

UsingTARAwhatactionshouldTGDWtake?

A Transfer

B Avoid

C Reduce

D Accept

Risk management

52


8Evaluating risk management strategy

Oncethecompanyhasestablisheditsriskstrategyanddecidedinwhatareasitwillreduceitsrisksandthemethodsitwillusetoachievethedesiredreductions,thestrategyshouldbeevaluated.

Thepurposeoftheevaluationistwofold,asshownbelow:

Do benefits outweigh costs?

Thecostsandbenefitsofriskmeasuressuchasinternalcontrolscanbeevaluated,andacostbenefitcomparisoncarriedout.

Thebenefitsfromriskcontrolsshouldpreferablybemeasuredandquantified,althoughsomebenefits(suchasprotectingthecompanysreputation)mighthavetobeassessedqualitatively.

Theevaluationprocessshouldbebasedontheprinciplethatthebenefitsfromacontrolmeasureshouldnotexceedthebenefitsthatitprovides. Forexample,acompanycouldbeveryconcernedabouttheftof

pettycashandthereforeintroducecontrolslimitingthecashheldto25andalsorequiringdailyreconciliationsofthecashbalancebythefinancialcontroller,withobservationbyamemberoftheinternalauditdepartment.

Thiscontrolwouldprobablyreducetheft,butwouldbeveryexpensiveforthecompanytooperateandasaresultthecostswouldexceedthebenefits. Thecontrolssetupmustbeproportionatetothepotentiallossesthatcouldoccuriftheriskresultsinlosses.

chapter 2

53

Costbenefit example

Has the strategy been successful?

9Risk management roles and responsibilities

Ifthecompanybeingconsideredisdivisionaltheremaybearisk officerforeachdivisionwhowillhelptoidentifyandmanagetacticalandoperationallevelrisks.

Allemployeeshavearoleandresponsibilityforrisktoo.Youshouldbeawareofpossiblerisks(throughpoliciesissuedandtraininggiven)andyoushouldbeaudibleifyoubelieveariskneedstobemanaged(byreportingittoyourmanagerorbywhistleblowing).

Risk management

54

A failure of risk management

PerhapsthemostinterestingexampleofriskandcontrolwasthecaseofNorthernRock.InSeptember2007NorthernRockplcwasatopfiveUKmortgagelender,ontheFTSE100indexwithover100billioninassets.NorthernRockraisedover70%ofthemoneyitusedinitsgrowingmortgagelendingbusinessfrombanksandotherfinancialinstitutions.FollowingtheglobalcreditcrunchthatresultedfromthecrisisintheUSsubprime(highrisk)mortgagesector,banksstoppedlendingtoeachotherandNorthernRockcouldnotraisesufficientcashtocoveritsliabilities.

Abankrun(thefirstonaUKbankfor150years)onNorthernRockbyitscustomersledtothegovernmentprovidinglenderoflastresortfundingandguaranteesforthebanksdepositorstotallingabout20billion.Theresulthasbeena90%fallinthebanksshareprice,adeterioratingcreditratingandalossofreputation.TheCEOhasresignedandseveraldirectorshavealsolefttheboard.

NorthernRockhadaformalapproachtoriskmanagement,includingliquidity,credit,operationalandmarketrisk,fullydescribedinitsSecuritiesandExchangeCommissionfilings.NorthernRocksassetsweresoundsotherewasnosignificantcreditrisk.Marketriskwasalsowellmanagedintermsofinterestrateandforeignexchangeexposure.However,despiteformalproceduresandademonstratedcompliancewithregulations,therewasanassumptionbymanagersthataccesstofundswouldcontinueunimpeded.TheUSsubprimecrisisledtoliquidityriskmaterialising,causingtheNorthernRockproblems.Theconsequencewasalsothelossofreputationthatfollowedpressreportswhichblamedthebanksmanagementfornothavingacontingencyplantocoverthepossibilityofdisruptiontoitsfunding,anoperationalrisk.ItislikelythattheboardofNorthernRockfailedinbothmonitoringliquidityriskandinmonitoringtheeffectivenessoftheexistingcontrols.

ThelessonofNorthernRockisthatweneedtomovebeyondthetickboxapproachtocomplianceandthatgoodgovernancerequiresamoreinsightfulapproachtoriskmanagementandinternalcontrol.

chapter 2

55

Roles of the risk committee

Northern Rock

Risk manager activities

Introduction

Lmanufacturesarangeofveryhighqualitytinnedfoods.Thecompanywasestablishedeightyearsagoandithasgrownsteadilybysellingtoindependentgrocersinprosperousareas.Mostconsumersassociatetinnedfoodwithpoorqualityandareunwillingtopayhighprices.However,theconsumerswhobuyLsproductsarewillingtopayapremiumforhigherquality.

LsonlylargecustomerisH,amajorsupermarketchainthathasareputationforsellinghighqualityproduce.LbegansalestoHjustunderayearago,withHpurchasingsmallquantitiesofLsmostpopularproductinordertoassessdemand.Afterasuccessfulperiodoftestmarketing,HstartedtoplacelargerorderswithL.NowHaccountsfor20%ofLssalesbyvolume.

Organisational structure and account managers

Lhastraditionallyhadafunctionalorganisationalstructure.Thereisadirectorinchargeofeachofsales,production,financeandhumanresources.Eachdirectorhasateamofseniormanagerswhosupporttheirfunction.Thehierarchyfororganisingandsupervisingstaffisgenerallybasedonthisfunctionalstructure.TheonlyexceptiontothishasbeentheresultoftheappointmentofPeter,whoistheAccountManagerinchargeofLsdealingswithH.Hinsistedontheappointmentofadesignatedaccountmanagerasaconditionofplacingregular,largeorderswiththecompany.PeteristhedesignatedpointofcontactonallmattersbetweenLandH.

Petersjobdescriptionstatesthatheisresponsibleforalldecisions,includingpricing,relatingtoLsrelationshipwithHandthatheisexpectedtobaseallsuchdecisionsonthepromotionofLscommercialinterests.

Risk management

56

Risk in an engineering consultancy

Risk in a retail chain

Test your understanding 16 L tinned foods (Case study)

TherehavebeenanumberofcomplaintsfromLsmanagerssincePetersappointment.Theseincludeseveraloccasionswhenstaffhavereceivedcontradictoryinstructions.Forexample,PeterhasorderedtheproductiondepartmenttogiveprioritytoHsrequestsforlargedeliveries,eventhoughthathasledtoregularorderstoothercustomersbeingdelayed.PeterhasalsotoldthestaffinthecreditcontroldepartmentnottopressHforpaymenteventhoughthecompanyhadseveraloverdueinvoices.

LsSalesDirectorbelievesthatthecompanycouldsellevengreaterquantitiestoHandthatotherlargesupermarketchainswillstartplacingordersinthenearfutureonceHhasdemonstratedthatthereisademandforhighqualitytinnedfood.ShehaswarnedLsChiefExecutivethatadditionalaccountmanagerswillhavetobeemployedintheeventthatLstartstosupplyfurthersupermarketchains.

Required:

Write a report to the Board of L which:

(20 minutes)

(20 minutes)

(a) Evaluates the potential risks that might arise from Ls appointment of an account manager to deal with Hs business and

(b) Recommends, stating reasons, the changes that Ls board should introduce in order to minimise the threats arising from having an autonomous account manager.

Introduction

Disadentalpracticethatwasestablishedeightyearsago.Thepracticewasfoundedbysixdentists,eachofwhomhasanequalshare.

Thesixdentistshavedecidedthattheyshouldundertakeaformalevaluationoftherisksaffectingtheirbusiness.Tothatend,theyhaveengagedaconsultanttoactasafacilitator.

chapter 2

57

Test your understanding 17 Dental practice (Case study)

Consultancy

Thefacilitatorbeganwithabrainstormingsession.Thedentistswereprovidedwithaflipchartandtheywereaskedtolistasmanyrisksastheycouldthinkof.ThentherisksweretransferredtoariskmapbasedontheTARAframework.Asimplifiedversionoftheriskmapisshownbelow:

Allsixdentistsagreedthateachoftheserisksisworthclassifying,buttherewasconsiderabledebateastowhereeachshouldappearontheriskmap.Thefacilitatorhasusedtheopinionofthedentistwhoidentifiedtheriskasastartingpointandhasaskedforsomediscussionastohowbesttoclassifyeach.

Dental implants

Dentalimplantsarefalseteeththatarerootedinthepatientsjawusingtitaniumscrews.FittinganimplantisaverytimeconsumingandexpensiveprocedurethatcoststhepatientinexcessofGBP2,000.Thepatientsbonestructureusuallyacceptstheimplantandfuseswithittoformaverystrongbond.In35%ofcasestheimplantcausesanadversereactionandhastoberemoved.Thepracticewarnspatientsofthispossibilityanddoesnotofferanyrefundinthiseventbecausethefailureisbeyondthedentistscontrol.Somepatientswhosufferanadversereactiondoseekcompensationdespitethesewarnings,allegingnegligenceonthepartofthedentist.

Cross infection

Crossinfectioncanoccurwhenpatientspassinfectionsontothedentalstaff(andviceversa)orwhendentalinstrumentstransmitinfectionsbetweenpatients.Apartfromtheneedtoworkincloseproximitytothepatient,dentalproceduresalwaysinvolvecontactwiththepatientssalivaandcansometimesinvolvecontactwithbloodifatoothisextractedorthepatientsgumsbleed.

Impact/consequence

Probability/likelihood Low High

High Reduce

Negligenceclaimsarisingfromfaileddentalimplants

Avoid

Crossinfection

Low AcceptSpiralstaircase

Transfer/share

Unknownallergies

Risk management

58

Spiral staircase

Thedentalsurgeryislocatedonefloorupfromstreetlevel.Patientsenterviaanarrowhallwayandclimbtothereceptionusinganarrowspiralstaircase.Thebuildingcannotberemodelledtoacceptaliftoramoresuitablestaircase.

Unknown allergies

Thedentistsareoftenrequiredtoprescribeantibioticsandotherdrugsinordertotreatguminfections.Thesecancausesevereallergicreactionsthatareimpossibletoforeseeunlessthepatienthasbeenprescribedthatdruginthepastandhasnotifiedthepracticeofthisallergy.

Required:

(30 minutes)

(a) Discuss the benefits that the dental practice may obtain from the risk mapping exercise described above.

(b) Critically evaluate the placing of each of the identified risks in the risk map, stating with reasons whether or not you agree with the placement.

TheBBankisalargeinternationalbank.Itemploys6,000staffin250branchesandhasapproximately500,000borrowersandover1,500,000savers.Thebank,whichwasfoundedin1856,hasanexcellentreputationforgoodcustomerservice.Thebankssharepricehasincreased,onaverage,by12%ineachofthelast10years.

Directors remuneration

Therehasbeenmuchadversemediacoverageinmanycountries,includingBBankshomecountry,abouttheallegedexcessivebonusesreceivedbythedirectorsofbanks.Ameetingofcentralbankgovernorsfrommanynationsfailedtoreachagreementonhowtolimitthesizeofdirectorsbonuses.ThegovernorofthecentralbankinBBankshomecountryisparticularlyconcernedaboutthisissue,andconsequentlyputforwardthefollowingproposal:

chapter 2

59

Test your understanding 18 B bank (Case study)

Directorsofbankswillbeaskedtopayafeetothebankfortheprivilegeofbeingadirector.Thisfeewillbesetbytheremunerationcommitteeofeachbank.Directorswillbepaidabonusbasedsolelyonappropriateprofitandgrowthindicators.Themorethebanksucceeds,thehigherwillbethebonus.Thisproposaldirectlylinksperformanceofthebanktodirectorspay.Iseethisasamorerealisticoptionthansimplylimitingsalariesorbonusesbystatuteasproposedattherecentcentralbankgovernorsconference.

B Bank board and strategy

TheconstitutionoftheboardofBBankisinaccordancewiththeinternationallyagreedcodeofcorporategovernance.

Overallboardstrategyhasbeentosettargetsbasedonprevious(profitable)experience,withincreasedemphasisonthoseareaswherehigherpotentialprofitscanbemadesuchasmortgagelending(thisisdiscussedbelow).Thebanksexecutiveinformationsystemsareabletocomputerelativeproductprofitability,whichsupportsthisstrategy.Thisstrategygeneratedsubstantialprofitsinrecentyears.Thelastmajorstrategyreviewtookplacefouryearsago.Nonexecutivedirectorsdonotnormallyquerythedecisionsoftheexecutivedirectors.

Inrecentyears,theprofileofthemajorshareholdersofthebankhasmoved.Traditionallythemajorshareholderswerepensionfundsandotherlongerterminvestorsbutnowtheseareovershadowedbyhedgefundsseekingtoimprovetheirshorttermfinancialreturns.

Oneofthemajorsourcesofrevenueforthebankisinterestobtainedonlendingmoneyagainstsecuritiessuchashouses(termedamortgageinmanycountries)withrepaymentsbeingdueoverperiodsvaryingbetween15and25years.Partlyasaresultofintensecompetitioninthemortgagemarket,thevaluesofthemortgagesadvancedbyBBankregularlyexceedthevalueoftheproperties,forexampleBBankhasmadeadvancesofupto125%ofapropertysvalue.Internalreportstotheboardestimatethatpropertypriceswillreverserecenttrendsandwillriseby7%perannumforatleastthenext10years,withgeneralandwageinflationat2%.BBankintendstocontinuetoobtainfinancetosupportnewmortgageswithloansfromtheshorttermmoneymark

paper p3 risk management study notes -...

Documents