paper p3 risk management study notes -...
TRANSCRIPT
-
CIMAPaperP3RiskManagementStudyNotes
hwiseP3
hwiseQR Code
-
Publishedby:KaplanPublishingUK
Unit2TheBusinessCentre,MollyMillarsLane,Wokingham,BerkshireRG412QZ
Copyright2014KaplanFinancialLimited.Allrightsreserved.
Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeanselectronic,mechanical,photocopying,recordingorotherwisewithoutthepriorwrittenpermissionofthepublisher.
Acknowledgements
WearegratefultotheCIMAforpermissiontoreproducepastexaminationquestions.TheanswerstoCIMAExamshavebeenpreparedbyKaplanPublishing,exceptinthecaseoftheCIMANovember2010andsubsequentCIMAExamanswerswheretheofficialCIMAanswershavebeenreproduced.
Notice
ThetextinthismaterialandanyothersmadeavailablebyanyKaplanGroupcompanydoesnotamounttoadviceonaparticularmatterandshouldnotbetakenassuch.Norelianceshouldbeplacedonthecontentasthebasisforanyinvestmentorotherdecisionorinconnectionwithanyadvicegiventothirdparties.Pleaseconsultyourappropriateprofessionaladviserasnecessary.KaplanPublishingLimitedandallotherKaplangroupcompaniesexpresslydisclaimallliabilitytoanypersoninrespectofanylossesorotherclaims,whetherdirect,indirect,incidental,consequentialorotherwisearisinginrelationtotheuseofsuchmaterials.
Kaplanisnotresponsibleforthecontentofexternalwebsites.Theinclusionofalinktoathirdpartywebsiteinthistextshouldnotbetakenasanendorsement.
British Library Cataloguing in Publication Data
AcataloguerecordforthisbookisavailablefromtheBritishLibrary.
PrintedandboundinGreatBritain.
ii
-
Contents
Page
Chapter 1 Risk 1
Chapter 2 Riskmanagement 25
Chapter 3 Internalcontrol 95
Chapter 4 Riskandcontrolofinformationsystems 147
Chapter 5 Informationstrategy 181
Chapter 6 Managementcontrolsystems 239
Chapter 7 Fraud 283
Chapter 8 Ethics 309
Chapter 9 Corporategovernance 347
Chapter 10 Audit 397
Chapter 11 Financialrisk 457
Chapter 12 Currencyriskmanagement 487
Chapter 13 Interestrateriskmanagement 567
Chapter 14 Costofcapitalandcapitalinvestmentdecisions 609
Chapter 15 Managingconflict,implementationandpostcompletion
645
iii
-
iv
-
Introduction
v
chapterIntro
-
How to use the materials TheseofficialCIMAlearningmaterialshavebeencarefullydesignedtomakeyourlearningexperienceaseasyaspossibleandtogiveyouthebestchancesofsuccessinyourObjectiveTestExamination.
Theproductrangecontainsanumberoffeaturestohelpyouinthestudyprocess.Theyinclude:
ThisStudyTexthasbeendesignedwiththeneedsofhomestudyanddistancelearningcandidatesinmind.Suchstudentsrequireveryfullcoverageofthesyllabustopics,andalsothefacilitytoundertakeextensivequestionpractice.However,theStudyTextisalsoidealforfullytaughtcourses.
Themainbodyofthetextisdividedintoanumberofchapters,eachofwhichisorganisedonthefollowingpattern:
adetailedexplanationofallsyllabusareas extensivepracticalmaterials generousquestionpractice,togetherwithfullsolutions.
Detailed learning outcomes.Thesedescribetheknowledgeexpectedafteryourstudiesofthechapterarecomplete.Youshouldassimilatethesebeforebeginningdetailedworkonthechapter,sothatyoucanappreciatewhereyourstudiesareleading.
Stepbystep topic coverage.Thisistheheartofeachchapter,containingdetailedexplanatorytextsupportedwhereappropriatebyworkedexamplesandexercises.Youshouldworkcarefullythroughthissection,ensuringthatyouunderstandthematerialbeingexplainedandcantackletheexamplesandexercisessuccessfully.Rememberthatinmanycasesknowledgeiscumulative:ifyoufailtodigestearliermaterialthoroughly,youmaystruggletounderstandlaterchapters.
Activities.Somechaptersareillustratedbymorepracticalelements,suchascommentsandquestionsdesignedtostimulatediscussion.
Question practice.Thetestofhowwellyouhavelearnedthematerialisyourabilitytotackleexamstandardquestions.Makeaseriousattemptateachquestion,butatthisstagedonotbetooconcernedaboutattemptingthequestionsinObjectiveTestExaminationconditions.ItismoreimportanttoabsorbthematerialthoroughlythantoobservethetimelimitsthatwouldapplyintheactualObjectiveTestExamination.
vivi
-
IfyouworkconscientiouslythroughthisOfficialCIMAStudyTextaccordingtotheguidelinesaboveyouwillbegivingyourselfanexcellentchanceofsuccessinyourObjectiveTestExamination.Goodluckwithyourstudies!
Qualityandaccuracyareoftheutmostimportancetoussoifyouspotanerrorinanyofourproducts,[email protected],orfollowthelinktothefeedbackforminMyKaplan.
OurQualityCoordinatorwillworkwithourtechnicalteamtoverifytheerrorandtakeactiontoensureitiscorrectedinfutureeditions.
Solutions.Avoidthetemptationmerelytoauditthesolutionsprovided.Itisanillusiontothinkthatthisprovidesthesamebenefitsasyouwouldgainfromaseriousattemptofyourown.However,ifyouarestrugglingtogetstartedonaquestionyoushouldreadtheintroductoryguidanceprovidedatthebeginningofthesolution,whereprovided,andthenmakeyourownattemptbeforereferringbacktothefullsolution.
Icon Explanations
DefinitionThesesectionsexplainimportantareasofknowledgewhichmustbeunderstoodandreproducedinanassessmentenvironment.
Key pointIdentifiestopicswhicharekeytosuccessandareoftenexamined.
Supplementary readingThesesectionswillhelptoprovideadeeperunderstandingofcoreareas.ThesupplementaryreadingisNOToptionalreading.Itisvitaltoprovideyouwiththebreadthofknowledgeyouwillneedtoaddressthewiderangeoftopicswithinyoursyllabusthatcouldfeatureinanassessmentquestion. Reference to this text is vital when self studying.
Test your understandingFollowingkeypointsanddefinitionsareexerciseswhichgivetheopportunitytoassesstheunderstandingofthesecoreareas.
IllustrationTohelpdevelopanunderstandingofparticulartopics.TheillustrativeexamplesareusefulinpreparingfortheTestyourunderstandingexercises.
Exclamation markThissymbolsignifiesatopicwhichcanbemoredifficulttounderstand.Whenreviewingtheseareas,careshouldbetaken.
vii
mailto:[email protected]
-
Study technique
Passingexamsispartlyamatterofintellectualability,buthoweveraccomplishedyouareinthatrespectyoucanimproveyourchancessignificantlybytheuseofappropriatestudyandrevisiontechniques.InthissectionwebrieflyoutlinesometipsforeffectivestudyduringtheearlierstagesofyourapproachtotheObjectiveTestExamination.Wealsomentionsometechniquesthatyouwillfindusefulattherevisionstage.
Planning
Tobeginwith,formalplanningisessentialtogetthebestreturnfromthetimeyouspendstudying.Estimatehowmuchtimeintotalyouaregoingtoneedforeachsubjectyouarestudying.Rememberthatyouneedtoallowtimeforrevisionaswellasforinitialstudyofthematerial.Youmayfindithelpfultoread'PassFirstTime!'secondeditionbyDavidR.HarrisISBN:9781856177986.Thisbookwillhelpyoudevelopprovenstudyandexaminationtechniques.Chapterbychapteritcoversthebuildingblocksofsuccessfullearningandexaminationtechniques.ThisistheultimateguidetopassingyourCIMAexams,writtenbyaCIMAexaminerandshowsyouhowtoearnallthemarksyoudeserve,andexplainshowtoavoidthemostcommonpitfalls.
Youmayalsofind'TheEWord:Kaplan'sGuidetoPassingExams'byStuartPedleySmithISBN:9780857322050helpful.StuartPedleySmithisaseniorlectureratKaplanFinancialandaqualifiedaccountantspecialisinginfinancialmanagement.Hisnaturalcuriosityandwiderinterestshaveledhimtolookbeyondthetechnicalcontentoffinancialmanagementtotheprocessesandjourneythatwecalleducation.Hehasbecomefascinatedbythewholeprocessoflearningandtheexamskillsandtechniquesthatcontributetowardssuccessintheclassroom.Thisbookisforanyonewhohastositanexamandwantstogivethemselvesabetterchanceofpassing.Itiseasytoread,writteninacommonsensestyleandfullofanecdotes,facts,andpracticaltips.Italsocontainssynopsesofinterviewswithpeopleinvolvedinthelearningandexaminingprocess.
Withyourstudymaterialbeforeyou,decidewhichchaptersyouaregoingtostudyineachweek,andwhichweeksyouwilldevotetorevisionandfinalquestionpractice.
Prepareawrittenschedulesummarisingtheaboveandsticktoit!
Itisessentialtoknowyoursyllabus.Asyourstudiesprogressyouwillbecomemorefamiliarwithhowlongittakestocovertopicsinsufficientdepth.Yourtimetablemayneedtobeadaptedtoallocateenoughtimeforthewholesyllabus.
viii
-
StudentsareadvisedtorefertothenoticeofexaminablelegislationpublishedregularlyinCIMAsmagazine(FinancialManagement),thestudentsenewsletter(Velocity)andontheCIMAwebsite,toensuretheyareuptodate.
TheamountofspaceallocatedtoatopicintheStudyTextisnotaverygoodguideastohowlongitwilltakeyou.Thesyllabusweightingisthebetterguideastohowlongyoushouldspendonasyllabustopic.
Tips for effective studying
(1) Aimtofindaquietandundisturbedlocationforyourstudy,andplanasfaraspossibletousethesameperiodoftimeeachday.Gettingintoaroutinehelpstoavoidwastingtime.Makesurethatyouhaveallthematerialsyouneedbeforeyoubeginsoastominimiseinterruptions.
(2) Storeallyourmaterialsinoneplace,sothatyoudonotwastetimesearchingforitemseverytimeyouwanttobeginstudying.Ifyouhavetopackeverythingawayaftereachstudyperiod,keepyourstudymaterialsinabox,orevenasuitcase,whichwillnotbedisturbeduntilthenexttime.
(3) Limitdistractions.Tomakethemosteffectiveuseofyourstudyperiodsyoushouldbeabletoapplytotalconcentration,soturnoffallentertainmentequipment,setyourphonestomessagemode,andputupyourdonotdisturbsign.
(4) Yourtimetablewilltellyouwhichtopictostudy.However,beforedivinginandbecomingengrossedinthefinerpoints,makesureyouhaveanoverallpictureofalltheareasthatneedtobecoveredbytheendofthatsession.Afteranhour,allowyourselfashortbreakandmoveawayfromyourStudyText.Withexperience,youwilllearntoassessthepaceyouneedtoworkat.Eachstudysessionshouldfocusoncomponentlearningoutcomesthebasisforallquestions.
(5) Workcarefullythroughachapter,makingnotesasyougo.Whenyouhavecoveredasuitableamountofmaterial,varythepatternbyattemptingapracticequestion.Whenyouhavefinishedyourattempt,makenotesofanymistakesyoumade,oranyareasthatyoufailedtocoverorcoveredmorebriefly.Beawarethatallcomponentlearningoutcomeswillbetestedineachexamination.
(6) Makenotesasyoustudy,anddiscoverthetechniquesthatworkbestforyou.Yournotesmaybeintheformoflists,bulletpoints,diagrams,summaries,mindmaps,orthewrittenword,butrememberthatyouwillneedtoreferbacktothematalaterdate,sotheymustbeintelligible.Ifyouareonataughtcourse,makesureyouhighlightanyissuesyouwouldliketofollowupwithyourlecturer.
(7) Organiseyournotes.Makesurethatallyournotes,calculationsetc.canbeeffectivelyfiledandeasilyretrievedlater.
ix
-
Objective Test
ObjectiveTestquestionsrequireyoutochooseorprovidearesponsetoaquestionwhosecorrectanswerispredetermined.
ThemostcommontypesofObjectiveTestquestionyouwillseeare:
IneverychapterofthisStudyTextwehaveintroducedthesetypesofquestions,butobviouslywehavehadtolabelanswersA,B,Cetcratherthanusingclickboxes.Forconveniencewehaveretainedquiteafewquestionswhereaninitialscenarioleadstoanumberofsubquestions.TherewillbequestionsofthistypeintheObjectiveTestExaminationbuttheywillrarelyhavemorethanthreesubquestions.
Guidance re CIMA onscreen calculator
AspartoftheCIMAObjectiveTestsoftware,candidatesarenowprovidedwithacalculator.Thiscalculatorisonscreenandisavailableforthedurationoftheassessment.ThecalculatorisavailableineachoftheObjectiveTestExaminationsandisaccessedbyclickingthecalculatorbuttoninthetoplefthandcornerofthescreenatanytimeduringtheassessment.
Allcandidatesmustcompletea15minutetutorialbeforetheassessmentbeginsandwillhavetheopportunitytofamiliarisethemselveswiththecalculatorandpractiseusingit,althoughtheycanalsouseaphysicalcalculator.
Candidatesmaypractiseusingthecalculatorbydownloadingandinstallingthepracticeexamathttp://www.vue.com/athena/.Thecalculatorcanbeaccessedfromthefourthsamplequestion(of12).
Multiplechoice,whereyouhavetochoosethecorrectanswerfromalistoffourpossibleanswers.Thiscouldeitherbenumbersortext.
Multiplechoicewithmorechoicesandanswers,forexample,choosingtwocorrectanswersfromalistofeightpossibleanswers.Thiscouldeitherbenumbersortext.
Singlenumericentry,whereyougiveyournumericanswer,forexample,profitis$10,000.
Multipleentry,whereyougiveseveralnumericanswers. True/falsequestions,whereyoustatewhetherastatementistrueor
false.
Matchingpairsoftext,forexample,matchingatechnicaltermwiththecorrectdefinition.
Othertypescouldbematchingtextwithgraphsandlabellinggraphs/diagrams.
x
http://www.vue.com/athena/
-
PleasenotethatthepracticeexamandtutorialprovidedbyPearsonVUEathttp://www.vue.com/athena/isnotspecifictoCIMAandincludesthefullrangeofquestiontypesthePearsonVUEsoftwaresupports,someofwhichCIMAdoesnotcurrentlyuse.
Fundamentals of Objective Tests
TheObjectiveTestsare90minuteassessmentscomprising60compulsoryquestions,withoneormoreparts.Therewillbenochoiceandallquestionsshouldbeattempted.
Structure of subjects and learning outcomes
Eachsubjectwithinthesyllabusisdividedintoanumberofbroadsyllabustopics. Thetopicscontainoneormoreleadlearningoutcomes,relatedcomponentlearningoutcomesandindicativeknowledgecontent.
Alearningoutcomehastwomainpurposes:
Thelearningoutcomesarepartofahierarchyoflearningobjectives.Theverbsusedatthebeginningofeachlearningoutcomerelatetoaspecificlearningobjective,e.g.
Calculatethebreakevenpoint,profittarget,marginofsafetyandprofit/volumeratioforasingleproductorservice.
Theverbcalculateindicatesalevelthreelearningobjective.Thefollowingtableslisttheverbsthatappearinthesyllabuslearningoutcomesandexaminationquestions.
(a) Todefinetheskillorabilitythatawellpreparedcandidateshouldbeabletoexhibitintheexamination.
(b) Todemonstratetheapproachlikelytobetakeninexaminationquestions.
xi
http://www.vue.com/athena/
-
CIMA VERB HIERARCHY
CIMAplacegreatimportanceonthedefinitionofverbsinstructuringObjectiveTestExaminations.Itisthereforecrucialthatyouunderstandtheverbsinordertoappreciatethedepthandbreadthofatopicandthelevelofskillrequired.TheObjectiveTestswillfocusonlevelsone,twoandthreeoftheCIMAhierarchyofverbs.Howevertheywillalsotestlevelsfourandfive,especiallyatthemanagementandstrategiclevels.Youcanthereforeexpecttobetestedonknowledge,comprehension,application,analysisandevaluationintheseexaminations.
Level 1: KNOWLEDGE
Whatyouareexpectedtoknow.
Forexampleyoucouldbeaskedtomakealistoftheadvantagesofaparticularinformationsystembyselectingalloptionsthatapplyfromagivensetofpossibilities.Oryoucouldberequiredtodefinerelationshipmarketingbyselectingthemostappropriateoptionfromalist.
Level 2: COMPREHENSION
Whatyouareexpectedtounderstand.
ForexampleyoumaybeaskedtodistinguishbetweendifferentaspectsoftheglobalbusinessenvironmentbydraggingexternalfactorsanddroppingintoaPESTanalysis.
VERBS USED
DEFINITION
List Makealistof.
State Express,fullyorclearly,thedetailsof/factsof.
Define Givetheexactmeaningof.
VERBS USED
DEFINITION
Describe Communicatethekeyfeaturesof.
Distinguish Highlightthedifferencesbetween.
Explain Makeclearorintelligible/statethemeaningorpurposeof.
Identify Recognise,establishorselectafterconsideration.
Illustrate Useanexampletodescribeorexplainsomething.
xii
-
Level 3: APPLICATION
Howyouareexpectedtoapplyyourknowledge.
Forexampleyoumayneedtocalculatetheprojectedrevenueorcostsforagivensetofcircumstances.
Level 4: ANALYSIS
Howyouareexpectedtoanalysethedetailofwhatyouhavelearned.
Forexampleyoumayberequiredtointerpretaninventoryratiobyselectingthemostappropriatestatementforagivensetofcircumstancesanddata.
VERBS USED
DEFINITION
Apply Puttopracticaluse.
Calculate Ascertainorreckonmathematically.
Demonstrate Provewithcertaintyorexhibitbypracticalmeans.
Prepare Makeorgetreadyforuse.
Reconcile Makeorproveconsistent/compatible.
Solve Findananswerto.
Tabulate Arrangeinatable.
VERBS USED
DEFINITION
Analyse Examineindetailthestructureof.
Categorise Placeintoadefinedclassordivision.
Compare/contrast Showthesimilaritiesand/ordifferencesbetween.
Construct Builduporcompile.
Discuss Examineindetailbyargument.
Interpret Translateintointelligibleorfamiliarterms.
Prioritise Placeinorderofpriorityorsequenceforaction.
Produce Createorbringintoexistence.
xiii
-
Level 5: EVALUATION
Howyouareexpectedtouseyourlearningtoevaluate,makedecisionsorrecommendations.
Forexampleyoumaybeaskedtorecommendandselectanappropriatecourseofactionbasedonashortscenario.
VERBS USED
DEFINITION
Advise Counsel,informornotify.
Evaluate Appraiseorassessthevalueof.
Recommend Proposeacourseofaction.
xiv
-
xv
-
xvi
-
RiskChapter learning objectives
Indicative syllabus content
Lead Component
A1.Evaluatethetypesofriskfacinganorganisationandrecommendappropriateresponses.
(a) Identifythetypesofriskfacinganorganisation.
A3.Evaluatetheethicalimpactofrisk.
(a) Evaluateethical,socialandenvironmentalissuesarisingfromriskmanagement.
Upsideanddownsiderisksarisingfrominternalandexternalsourcesandfromdifferentmanagerialdecisions.
Risksarisingfrominternationaloperations,suchasculturaldifferencesanddifferencesbetweenlegalsystems.Note:Nospecificrealcountrywillbetested.
Strategicandoperationalrisks. Reputationalrisksassociatedwithsocialandenvironmental
impacts.
1
chapter
1
-
1What is risk?
Riskinbusinessisthechancethatfutureeventsorresultsmaynotbeasexpected.
Riskisoftenthoughtofaspurelybad(pureor'downside'risk),butitmustbeconsideredthatriskcanalsobegoodtheresultsmaybebetterthanexpectedaswellasworse(speculativeor'upside'risk).
Businessesmustbeabletoidentifytheprincipalsourcesofriskiftheyaretobeabletoassessandmeasuretherisksthattheorganisationfaces.
Risksfacinganorganisationarethosethataffecttheachievementofitsoverallobjectives,whichshouldbereflectedinitsstrategicaims.Riskshouldbemanagedandthereshouldbestrategiesfordealingwithrisk.
Risk
22
Risk and uncertainty
-
Why incur risk ?
Itisgenerallythecasethatfirmsmustbewillingtotakehigherrisksiftheywanttoachievehigherreturns:
Forsomerisksthereisamarketrateofreturne.g.quotedequitywhereashareholderinvestsinacompanywiththeexpectationofacertainlevelofdividendandcapitalgrowth.However,forotherriskstheremaynotbeamarketrateofreturne.g.technologyriskwhereacompanyinvestsinnewsoftwareinthehopethatitwillmaketheirinvoiceprocessingmoreefficient.Theimportantdistinctionhereisthatthemarketcompensatesfortheformertypeofrisk,butmightnotforthelatter.
Togeneratehigherreturnsabusinessmayhavetotakemoreriskinordertobecompetitive.
Conversely,notacceptingrisktendstomakeabusinesslessdynamic,andimpliesafollowtheleaderstrategy.
Incurringriskalsoimpliesthatthereturnsfromdifferentactivitieswillbehigherbenefitbeingthereturnforacceptingrisk.
Benefitscanbefinancialdecreasedcosts,orintangiblebetterqualityinformation.
Inbothcases,thesewillleadtothebusinessbeingabletogaincompetitiveadvantage.
chapter 1
3
Benefits of taking risks
-
2CIMA's risk management cycle
Riskmanagementshouldbeaproactiveprocessthatisanintegralpartofstrategicmanagement.
ThisperspectiveissummarisedinCIMAs risk management cycle,illustratedbelow:
Source:CharteredInstituteofManagementAccountants(2002),RiskManagement:AGuidetoGoodPractice,CIMA.
Theriskmanagementcycleisaveryimportanttoolforyourexam.
Risk
4
-
CIMAsRiskManagementCycleidentifiesvariousactivitiesthatshouldbeundertakenduringriskmanagement.
Whichofthefollowingoptionsshowsthestepsinthecorrectorder?
A IdentifyriskareasDevelopriskresponsestrategyAllocateresponsibilitiesEstablishriskmanagementgroup.
B EstablishriskmanagementgroupIdentifyriskareasAllocateresponsibilitiesDevelopriskresponsestrategy.
C AllocateresponsibilitiesIdentifyriskareasDevelopriskresponsestrategyEstablishriskmanagementgroup.
D EstablishriskmanagementgroupIdentifyriskareasDevelopriskresponsestrategyAllocateresponsibilities.
3Types and sources of risk for business organisations Identifying and categorising risks
Manyorganisationscategoriserisksintodifferenttypesofrisk.Theuseofriskcategoriescanhelpwiththeprocessofriskidentificationandassessment.
Thereisnosinglesystemofriskcategories.Theriskcategoriesusedbycompaniesandotherorganisationsdifferaccordingtocircumstances.Someofthemorecommonlyusedriskcategoriesaredescribedonthefollowingpage.
chapter 1
5
Test your understanding 1
-
Political, legal and regulatory
Thesearetherisksthatbusinessesfacebecauseoftheregulatoryregimethattheyoperatein.Somebusinessesmaybesubjecttoverystrictregulations,forexamplecompaniesthatcouldcausepollution,butevencompaniesthatdonotappeartobeinahighlyregulatedindustryhavesomeregulatoryrisk.Forexample,allcompaniesaresubjecttotheriskofemploymentlegislationchangingorcustomersbringinglitigation.
Thisriskcanbebrokenupintodifferenttypes:
Political risk Riskduetopoliticalinstability.Generallyconsideredtobeexternaltothebusiness.
Legal/litigation risk
Riskthatlitigationwillbebroughtagainstthebusiness.
Regulatory risk Riskofchangesinregulationaffectingthebusiness.
Compliance risk Riskofnoncompliancewiththelawresultinginfines/penalties,etc.
Risk
6
More on political, legal and regulatory risks
-
Business risk
Businessriskistheriskbusinessesfaceduetothenatureoftheiroperationsandproducts.Somebusinessesforinstancearereliantonasingleproductorsmallrangeofproducts,ortheycouldbereliantonasmallkeygroupofstaff.Theriskscanbeconsideredindifferentcategories:
Strategic risk Riskthatbusinessstrategies(e.g.acquisitions/productlaunches)willfail.
Product risk Riskoffailureofnewproductlaunches/lossofinterestinexistingproducts.
Commodity price risk Riskofariseincommodityprices(e.g.oil).
Product reputation risk
Riskofchangeinproductsreputationorimage.
Operational risk Riskthatbusinessoperationsmaybeinefficientorbusinessprocessesmayfail.
Contractual inadequacy risk
Riskthatthetermsofacontractdonotfullycoverabusinessagainstallpotentialoutcomes.
Fraud and employee malfeasance
Consideredseparatelylater.
Economic risk
Thisistheriskthatchangesintheeconomymightaffectthebusiness.Thosechangescouldbeinflation,unemploymentrates,internationaltraderelationsorfiscalpolicydecisionsbygovernment.Again,thisriskisconsideredtobeexternaltothebusiness.
Financial risk
Financialriskisamajorriskthataffectsbusinessesandthisriskisstudiedinmuchmoredepthinlaterchaptersofthistext.
Financialriskistheriskofachangeinafinancialconditionsuchasanexchangerate,interestrate,creditratingofacustomer,orpriceofagood.
chapter 1
7
The 'credit crunch'
More on business risks
-
Themaintypesoffinancialriskare:
Credit risk Riskofnonpaymentbycustomers.
Political risk Riskarisingfromactionstakenbyagovernmentthataffectfinancialaspectsofthebusiness.
Currency risk
Riskoffluctuationsintheexchangerate.
Interest rate risk
Riskthatinterestrateschange.
Gearing risk Riskinthewayabusinessisfinanced(debtvs.equity)(sometimesthisisconsideredpartofinterestraterisk).
Technology risk
Technologyriskistheriskthattechnologychangeswilloccurthateitherpresentnewopportunitiestobusinesses,oronthedownsidemaketheirexistingprocessesobsoleteorinefficient.
Environmental risk
Environmentalriskistheriskthatarisesfromchangesintheenvironmentsuchasclimatechangeornaturaldisasters. Somebusinessesmayperceivethisrisktobelow,butforothers,forexampleinsurancecompanies,itcanbemoresignificant. Insurancecompanieshavetotakeenvironmentalrisksintoaccountwhendecidingpolicypremiums,andunusualenvironmentalcircumstancescanseverelyaltertheresultsofinsurancebusinesses.
Risk
8
More on technology risk
The Japanese tsunami
More on environmental risk
More on financial risks
-
Fraud risk
Fraudrisk(atypeofoperationalbusinessrisk)isthevulnerabilityofanorganisationtofraud. Somebusinessesaremorevulnerablethanotherstofraudandasaresulthavetohavestrongercontrolsoverfraud. Fraudriskisariskthatisconsideredcontrollablebymostbusinesses.
Corporate reputation risk
Reputationriskisformanyorganisationsadownsideriskasthebetterthereputationofthebusinessthemoreriskthereisoflosingthatreputation.Agoodreputationcanbeveryquicklyerodedifcompaniessufferadversemediacommentsorareperceivedtobeuntrustworthy.
Thiscouldarisefrom:
environmentalperformance socialperformance health&safetyperformance.
DuringtheirworkonWorldcomandEnron,ArthurAnderson(charteredaccountantsandregisteredauditors)failedtoidentifyseriousirregularitiesinthesecompanies.Thisledtotheirdemise.Thiswasmainlydueto(pickONEanswer):
A Businessrisk
B Politicalrisk
C Environmentalrisk
D Reputationrisk
Employee malfeasance risk
Malfeasancemeansdoingwrongorcommittinganoffence.Organisationsmightbeexposedtorisksofactionsbyemployeesthatresultinanoffenceorcrime(otherthanfraud).This,likefraudrisk,isatypeofoperationalbusinessrisk.
chapter 1
9
Test your understanding 2
More on corporate reputation risk
More on fraud risk
-
Risks in international operations
Internationalbusinessesaresubjecttoalltherisksabovebutalsohavetoconsiderextrariskfactors,whichcouldbeduetothefollowing:
Culture AUKbusinessmayfailinaventureoverseasbecauseitdoesnotadapttotheoverseasculture. Goodknowledgeoflocalculturecan,however,givecompaniesanadvantage.
Litigation Thereisagreaterdangeroflitigationriskinoverseasoperationsastheparentcompanymanagementmaynotunderstandthelegislationwellandthereforehavemoreriskofbreachingit.
Credit Thereisoftenagreaterdifficultyincontrollingcreditriskonoverseassales. Chasingdebtsismoredifficultandexpensive.
Items in transit
Thereisagreaterriskoflossesordamageintransitifcompaniesaretransportinggoodsgreatdistances
Financial risks
Theseincludeforeignexchangerisks,andwillbeconsideredinmoredetailinalaterchapter.
AcompanyhasperformedaSWOTanalysisandhasidentifiedtwomainthreats:
newlegislationcoveringoneoftheirproductsand thebankaskingfortheirloantoberepaidimmediatelysincethe
companyfailedtopaytheirmostrecentinstalmentaftertheinterestraterose.
Risk
10
More on risks in international operations
More on employee malfeasance
Test your understanding 3
-
Whichcategoriesofriskaretheybestdescribedby?(Selectallthatapply.)
A Financialrisk
B Politicalrisk
C Reputationrisk
D Economicrisk
Whichofthefollowingwouldnormallybeclassifiedasanoperationalrisk?(Selectallthatapply.)
A Theriskthatanewproductwillfail
B Theriskofcompetitorscuttingcostsbymanufacturingoverseas
C Thelossofanexperiencedsupervisor
D Rawmaterialsbeingwastedduringtheproductionprocessduetountrainedstaff
Whichofthefollowingwouldnormallybeclassifiedasastrategicrisk?
A Humanerror
B Informationtechnologyfailure
C Fraud
D Stricterhealthandsafetylegislation
chapter 1
11
Test your understanding 4
Test your understanding 5
-
Riskidentificationandmanagementaretheresponsibilityof:(Selectallthatapply.)
A TheBoard
B Theriskmanager
C Internalaudit
D Nonexecutivedirectors
MineyplcisaglobalcompanyincorporatedinAmerica,extractingvaluablemineralsfromtheearth.Miningisariskybusinesswithadeathtollaveraging100deathsperannumintheUSalone.Mineyhasrecentlyhadacoalminecollapsekillingtwomenandtrappingfourothersforthreedays.TheaccidentmadethenationalnewseachdayandMineyplc.becameahouseholdname.Mineyisfinancedpurelybyequityandhasalargecashbalanceandnodebt.IthascometotheattentionoftheBoardthatthefuturepriceofcoalisforecasttofall,asrenewableenergysourcesbecomesmorereliable.
WhichTHREEofthefollowingriskswouldyouidentifyasmostcriticalforMineytoassess?
A Financialrisk
B Projectrisk
C Reputationrisk
D Productionrisk
E Healthandsafetyrisk
F Commoditypricerisk
Introduction
TheZXCcompanymanufacturesaircraft.ThecompanyisbasedinEuropeandcurrentlyproducesarangeoffourdifferentaircraft.ZXCsaircraftarereliablewithlowmaintenancecosts,givingZXCagoodreputation,bothtoairlineswhopurchasefromZXCandtoairlinescustomerswhoflyintheaircraft.
Risk
12
Test your understanding 6
Test your understanding 7
Test your understanding 8 ZXC (Case Study)
-
The future of ZXC
ZXCiscurrentlydevelopingthenextgenerationofpassengeraircraft,withthesellingnameoftheZXLiner.NewdevelopmentsinZXLinerincludethefollowing:
ManycomponentsuppliersarebasedinEuropealthoughZXCdoesobtainabout25%ofthesubcontractedcomponentsfromcompaniesintheUSA.ZXCalsomaintainsasignificantR&DdepartmentworkingontheZXLinerandothernewproductssuchasalternativeenvironmentallyfriendlyfuelforaircraft.
AlthoughtheZXLinerisyettoflyorbegrantedairworthinesscertificates,ZXCdoeshaveordersfor25aircraftfromtheHTScompany.However,oncurrenttestingschedulestheZXLinerwillbedeliveredlate.
Finance
ZXCcurrentlyhasabout4billionofloansfromvariousbanksandlastyearmadealossof2.3billion.
Required:
WriteareporttothedirectorsofZXCidentifyingthesourcesofriskthatcouldaffectZXC,andevaluatingtheimpactoftheriskonthecompany.
(30 minutes)
Twodecksalongtheentireaircraft(notjustpartasintheBoeing747series)enablingfasterloadingandunloadingofpassengersfrombothdecksatthesametime.However,thiswillmeanthatairportgatesmustbeimprovedtofacilitatedualloadingatconsiderableexpense.
20%decreaseinfuelrequirementsandfallsinnoiseandpollutionlevels.
Useofnewalloystodecreasemaintenancecosts,increasesafetyandspecificallytheuseofZitnim(anewlightweightconductingalloy)ratherthanstandardwiringtoenabletheflybywirefeaturesoftheaircraft.Zitnimonlyhasonesupplierworldwide.
chapter 1
13
-
Eisanelectricitycompanythathasalargenumberofcustomers.Allcustomershomeshaveelectricitymetersthathavemechanicaldialsthatturntorecordtheconsumptionofelectricity.Mosthomeshavetheirmetersindoors.CustomershavetoprovideEwithregularreadingsfromtheirmetersinordertoensurethattheyarebilledproperlyfortheirelectricityconsumption.CustomerscanlogintotheiraccountsonlinetoinputtheirreadingsortheycantelephoneEscallcentretogiveanoperatorareading.
Ehasapolicythatcustomersmustallowaninspectortoreadtheirelectricitymetersatleastonceperyear.Thisinspectionhastwopurposes.Thefirstistoensurethatthecustomerhasnotbeenconsistentlyunderstatingthefiguresinordertounderpayfortheirelectricityandthesecondistoensurethatthemeterhasnotbeentamperedwithinordertoreducethereadingsaccordingtothedials.Themetersaredesignedsothattheyaredifficulttodismantlewithoutcausingobviousdamageandtheyalsohaveasealthatismadeoutofsoftmetalthatwillbebrokenifthemeteriseveropened.
Esinspectorsgenerallyvisitallthehomeswithinaparticularareainthecourseofanevening.Mostcustomersareathomethenandsothatisanefficientwaytoconducttheannualchecks.Ifacustomerisnotathomethentheinspectorleavesacardtorequestanopportunitytoinspectthemeter.IfthecustomerdoesnotrespondtothecardwithinsevendaysEwillsenduptofourweeklyreminders.AlmostallcustomerscomplywiththeserequestsbutaverysmallminoritydonotrespondandEcanapplytothecourtsfortherighttoforceentrywhenthathappens.
Eisconsideringthereplacementofitselectricitymeterswithnew"smartmeters"whichwillbelocatedincustomershomes.Thesewillrecordconsumptionelectronicallyratherthanmechanically.Theinformationwillbestoredonthemeter.ThesamewiresthatcarryelectricitycanbeusedtotransmitdatatoandfromthemetersandEsITsystemwillsendcodedmessagestometerstorequestreadingsasandwhenrequired.Itisenvisagedthattheseelectronicreadingswillnormallybeonceeverythreemonths,butthereisverylittletopreventEfromreadingsomemetersfarmoreoften.
Eachmeterwillbefittedwithachipthatwilltransmitawarningifitistamperedwitheitherphysicallyorelectronically.Thememoryonthemetersisnotaffectedbypowercutsandthemeterscanrestartthemselveswithoutlosinganydataifapowercutoccurs.
Risk
14
Test your understanding 9 Smart meters (Case study)
-
Required:
WriteareporttotheBoardofEwhich:
(15 minutes)
(30 minutes)
(a) DiscussesthepotentialbenefitsforEthatmaycomeaboutfromtheintroductionofsmartmetersand
(b) EvaluatesFOURrisksthatmightarisefromtheintroductionofsmartmeters.Suggesthoweachriskmightbedealtwith.
Examquestionsmayaskcandidatestoaddressnovelsituationsthatareoutsidetheirexperience.Inadditiontoreadingthetext,candidatesshouldrefertothebusinesspressonaregularbasis.
chapter 1
15
-
4Chapter summary
Risk
16
-
Test your understanding answers
ThecorrectanswerisDPerCIMAsriskmanagementcycle,ariskmanagementgroupshouldbeformed,risksidentified,understandtheirscale,developastrategy,implementandallocateresponsibility,controlandreview.
ThecorrectanswerisDArthurAndersonconsequentlylosttheirreputationasbeingthenumberoneaccountancyfirmintheworldandconsequentlymanyoftheircustomers.
ThecorrectanswersareAandBNewlegislationiscoveredwithinpoliticalrisk.Therepaymentoftheloaniscoveredwithinfinancialrisk.
ThecorrectanswersareCandDAandBarestrategiclevelrisks.
ThecorrectanswerisDA,BandCareoperationalrisks.
ThecorrectanswersareA,B,CandDAllstaffinanorganisationareresponsibleforrisk.
chapter 1
17
Test your understanding 3
Test your understanding 1
Test your understanding 6
Test your understanding 5
Test your understanding 4
Test your understanding 2
-
C, E and F
A Financialrisklowriskduetolackofdebtfinance
B Projectrisklargeoneoffprojectsarenotamajoraspectofthecompany'sbusinessmodel
C Reputationriskhighduetoaccident
D Productionriskdespitetheaccidents,thereisnotahighriskofproductionshortages
E Healthandsafetyriskhighduetoaccidentandpotentialforinjuryintheindustry
F Commoditypriceriskhighduetothreatfromrenewablesources
To:ThedirectorsofZXC
From:A.N.Accountant
Date:Today
Subject:SourcesandevaluationofriskatZXC
ThisreportcoverstheidentificationofriskatZXCandevaluateseachriskinturn.Recommendationsforriskreductionarenotgivenatthistime.
Product/market risk
Thisistheriskthatcustomerswillnotbuynewproducts(orservices)providedbytheorganisation,orthatthesalesdemandforcurrentproductsandserviceswilldeclineunexpectedly.
ForZXC,thereistheriskthatdemandforthenewaircraftwillbelessthanexpected,eitherduetocustomerspurchasingtherivalairplaneorbecauseairportswillnotbeadaptedtotakethenewZXLiner.
Risk
18
Test your understanding 8 ZXC (Case Study)
Test your understanding 7
-
Commodity price risk
Businessesmightbeexposedtorisksfromunexpectedincreases(orfalls)inthepriceofakeycommodity.
PartofthecontrolsystemsoftheZXLinerrelyontheavailabilityofthenewlightweightconductingalloyZitnim.Asthereisonlyonesupplierofthisalloy,thenthereisthedangerofthemonopolistincreasingthepriceorevendenyingsupply.Increaseinpricewouldincreasetheoverallcostofthe(alreadyexpensive)ZXLiner,whiledenialofsupplywouldfurtherdelaydeliveryoftheaircraft.
Product reputation risk
Somecompaniesrelyheavilyonbrandimageandproductreputation,andanadverseeventcouldputitsreputation(andsofuturesales)atrisk.
WhilethereputationofZXCappearsgoodatpresent,reputationwillsufferiftheZXLinerisdelayedsignificantlyoritdoesnotperformwellintestflights(whichhavestilltobearranged).Airlinecustomers,andalsotheircustomers(travellers)areunlikelytofeelcomfortableflyinginanaircraftthatisinherentlyunstable.
Currency risk
Currencyrisk,orforeignexchangerisk,arisesfromthepossibilityofmovementsinforeignexchangerates,andthevalueofonecurrencyinrelationtoanother.
ZXCiscurrentlybasedinEuropealthoughitobtainsasignificantnumberofpartsfromtheUSA.Ifthe/$exchangeratebecameworse,thenthecostofimportedgoodsforZXC(andallothercompanies)wouldincrease.Atpresent,therelativelyweakUS$isinZXCsfavourandsothisriskiscurrentlynegligible.
Interest rate risk
Interestrateriskistheriskofunexpectedgainsorlossesarisingasaconsequenceofariseorfallininterestrates.Exposurestointerestrateriskarisefromborrowingandinvesting.
AsZXCdohavesignificantbankloans,thenthecompanyisveryexposedtothisrisk.
chapter 1
19
-
Gearing risk
Gearingriskfornonbankcompaniesistheriskarisingfromexposurestohighfinancialgearingandlargeamountsofborrowing.
Again,ZXChassignificantamountsofbankloans.Thisincreasestheamountofinterestthatmustberepaideachyear.
Political risk
Politicalriskdependstoalargeextentonthepoliticalstabilityinthecountriesinwhichanorganisationoperates,thepoliticalinstitutionswithinthatcountryandthegovernment'sattitudetowardsprotectionism.
AsZXCoperatesinapoliticallystablecountrythisriskisnegligible.
Legal risk or litigation risk
Theriskarisesfromthepossibilityoflegalactionbeingtakenagainstanorganisation.
AtpresentthisriskdoesnotappeartobeathreatforZXC.However,iftheZXLinerisdelayedanyfurtherthereisariskforbreachofcontractforlatedeliverytotheHTScompany.
Regulatory risk
Thisisthepossibilitythatregulationswillaffectthewayanorganisationhastooperate.
Intermsofaircraft,regulationgenerallyaffectsnoiseandpollutionlevels.AstheZXLinerisdesignedtohavelowernoiseandpollutionlevelsthanexistingaircraftthenthisriskdoesnotappeartobeathreattoZXC.
Technology risk
Technologyriskarisesfromthepossibilitythattechnologicalchangewilloccurorthatnewtechnologywillnotwork.
GiventhatZXCiseffectivelyproducinganewproduct(theZXLiner)thathasnotactuallybeentestedyet,thereissometechnologyrisk.Atworse,theZXLinermaynotflyatallornotobtainthenecessaryflyingcertificates.
Risk
20
-
Economic risk
Thisriskreferstotherisksfacingorganisationsfromchangesineconomicconditions,suchaseconomicgrowthorrecession,governmentspendingpolicyandtaxationpolicy,unemploymentlevelsandinternationaltradingconditions.
Demandforairtravelisforecasttoincreasefortheforeseeablefuture,sointhatsensethereisademandforaircraftwhichZXCwillbenefitfrom.Theriskofproductfailureismoresignificantthaneconomicrisk.
Environmental risk
Thisriskarisesfromchangestotheenvironmentoverwhichanorganisationhasnodirectcontrol,suchasglobalwarming,tothoseforwhichtheorganisationmightberesponsible,suchasoilspillagesandotherpollution.
ZXCissubjecttothisriskandthereissignificantdebateconcerningtheimpactofairtravelonglobalwarming.Attheextreme,thereisathreatthatairtravelcouldbebanned,ormadeveryexpensivebyinternationaltaxationagreements,althoughthisappearsunlikelyatpresent.
Conclusion
ZXCwillsufferfrommanyriskswhichwillimpactonthecompany.Thelikelihoodandimpactofeachvaries,byriskandovertime.ZXCshouldimplementreductionstrategieswherepossible.
chapter 1
21
-
To:TheBoardofE
From:A.N.Accountant
Date:Today
Subject:Smartmetersandrisk
Introduction
ThisreportdiscussesthebenefitsofintroducingSmartMetersatE,andthenevaluatesfourrisksarisingfromthisaction.Recommendationsarethenmadetoreducetherisksidentified.
Smartmeterswillofferthepotentialtodramaticallyreduceoperatingexpenses.Ewillnotrequiremeterinspectorstovisitcustomershomes.Therewillbefarfewertransactionsinvolvingcallcentrestaffandsonumberscanbereducedtheretoo.
Thenewmetersmayreducecustomerfraudandsoenhancerevenues.Thefactthattheyareelectronicandnotmechanicalwillmakeitfarhardertotamperwithreadings.
Ewillbeabletogatheragreatdealofinformationaboutindividualcustomers.Atpresent,Ecantellhowmuchelectricityisbeingdrawnfromthegrid,butitcannotidentifythespecificcustomerswhoareusingit.Thenewmeterswillmakeitpossibletoidentifycustomerswhosedemandchangesinresponseto,say,amajorsportingevent.ThatmaymakeiteasierforEtopredictdemandinadvanceofsucheventsandsoplanmoreeasily.
Emayalsobeabletogathervaluablemarketinginformation.Forexample,somecustomerswillhavelargerincreasesinconsumptionwhentheweatheriscold.Ecouldtargetsuchcustomerswithoffersofalternativepricingplansordiscountsonhomeinsulation.
(a) The introduction of Smart Meters
Risk
22
Test your understanding 9 Smart meters (Case study)
-
Customer fraud
IfcustomerslearnhowtointerferewiththemetersthenEmaylosesignificantamountsofrevenue.Thenewmetersmaybemoredifficulttomanipulate,buthistorysuggeststhatelectronicsafeguardscanbedefeated.Forexample,mobilephonescanbeunlockedanddvdscanbepirateddespitesafeguards.
Ecouldcomparepatternsofenergyconsumptionwithinneighbourhoodsandcouldidentifycustomerswhosereadingsseemlow.Thosecustomersmeterscouldbeinspectedforanymodification.Eshouldpubliciseanycriminalprosecutionsasadeterrenttoothercustomers.
Installation
Theinstallationofthesenewmeterswillbeasignificantundertaking.Ewillhavetoarrangeaccesstoeverycustomershomeinordertofitthenewmeters.Thelogisticsofthiswillbecomplicatedbecauseofcustomersworkpatternsandavailabilitybecauseofworkandsoon.Theoldsystemwillhavetooperateinparallelwiththenewwhilethisworkisbeingundertakenandsostaffwillbestretched.
Emayofferdiscountsorrebatestocustomerswhoofferaccessatconvenienttimes.Thediscountsshouldbeselffinancingiftheyarefundedoutofthecostsavingsofmanagingacustomersaccountoncethesmartmeterhasbeeninstalled.
IT issues
ItwillbedifficultforEtofullytestthissystembeforeinstallation.Therewillbelargenumbersofsmartmetersinthesystemandtheywillbecommunicatingoverlongdistances.Therecouldbeunforeseenproblemswithdatabeingcorruptedorlost.Ifthathappensthentheoriginalmeterswillhavebeenremovedandtherewillbenoeffectivewaytoputthesystemback.
ItwouldbeidealifEcouldselectasystemthathasalreadybeenusedsuccessfullybyanotherelectricitycompany.Itwouldbepreferabletoapplyaprovensystemeveniftherearemoreuptodateversionsofthetechnologythatmightofferenhancements.
(b) Risks
chapter 1
23
-
Financial cost
Therewillhavetobeasignificantinvestmentinthisnewsystemandtheanticipatedbenefitsmaynotberealised.TheshareholdersandotherstakeholdersmaybeconcernedthatEistakingarecklessriskbymakingasubstantialinvestmentinanewtechnology.Anadverseoutcomecouldmeanlowerprofitsorhigherpricesforconsumers.
Ecouldpossiblytransfersomeoftheriskbypayingathirdpartytodesignandimplementthenewsystem.Thecontractcouldspecifypenaltiesforanyshortcomingsintheoperationofthenewsystem.
Conclusions
EwouldappeartobenefitfromtheintroductionofSmartMeters.However,severalrisksmayarisewiththeirintroduction.Theseriskscanbereduced,inpart,bythemeasuressuggestedinthisreport.
Risk
24
-
RiskmanagementChapter learning objectives
Lead Component
A1.Evaluatethetypesofriskfacinganorganisationandrecommendappropriateresponses.
(b) Evaluatetheorganisation'sabilitytobearidentifiedrisks.
(c) Recommendresponsestoidentifiedrisks.
A2.Evaluateseniormanagement'sresponsibilityfortheimplementationofriskmanagementstrategiesandinternalcontrols.
(a) Recommendtechniquesthatwillenabletheboardtodischargeitsresponsibilitieswithrespecttomanagingrisks
(b) Advisetheboardonitsresponsibiltiesforreportingriskstoshareholdersandotherstakeholders.
D1.Evaluatefinancialrisksfacinganorganisation.
(a) Evaluatefinancialrisksfacinganorganisation.
D2.Evaluatealternativeriskmanagementtools.
(a) Adviseontheeffectsofeconomicfactorsthataffectfuturecashflowsfrominternationaloperations.
25
chapter
2
-
Indicative syllabus content
Quantificationofriskexposures(impactifanadverseeventoccurs)andtheirexpectedvalues,takingaccountoflikelihood.
Riskmaprespresentationofriskexposuresasabasisofreportingandanalysingrisks.
Enterpriseriskmanagementanditscomponents. RiskmitigationincludingTARAtransfer,avoid,reduce,accept. Grossandnetrisks. Assurancemappingandsimilartechniquesfordescribingrisks
andtheirassociatedresponses.
Riskregister. Riskreportsandstakeholderresponses. Quantificationofriskexposures,theirsensitivitiestochangesin
externalconditionsandtheirexpectedvalues.
Valueatrisk.
Risk management
2626
-
1Risk management
Risk managementisdefinedas:
theprocessofunderstandingandmanagingtherisksthattheorganisationisinevitablysubjecttoinattemptingtoachieveitscorporateobjectives
CIMAOfficialTerminology
Thetraditionalviewofriskmanagementhasbeenoneofprotectingtheorganisationfromlossthroughconformanceproceduresandhedgingtechniquesthisisaboutavoidingthedownsiderisk.
Thenewapproachtoriskmanagementisabouttakingadvantageoftheopportunitiestoincreaseoverallreturnswithinabusinessbenefitingfromtheupsiderisk.
Thefollowingdiagramshowshowriskmanagementcanreconcilethetwoperspectivesofconformanceandperformance(asdiscussedpreviouslyinchapter1).
chapter 2
27
-
Source:IFAC(1999)EnhancingShareholderWealthByBetterManagingRisk
IFAChighlightedtwoaspectsofriskmanagementwhichlinkriskaversionandriskseekingactivities.Theyare:
A Complianceandstrategy
B Conformanceandperformance
C Complianceandconformance
D Performanceandstrategy
Risk management
28
Enterprise Risk Management (ERM)
Risk management and shareholder value
Test your understanding 1
-
TheCommitteeofSponsoringOrganisations(COSO)outlinedsixkeyprinciplesofEnterpriseRiskManagement(ERM).Identifywhichofthefollowingis/areincluded.(SelectALLcorrectanswers).
A Considerationofriskmanagementinthecontextofbusinessstrategy
B Thecreationofariskawareculture
C Considerationofanarrowrangeofrisks,mainlyfinancial
D RiskmanagementistheresponsibilityoftheRiskCommittee
E Acomprehensiveandholisticapproachtoriskmanagement
The exam
Theframeworksanddiagramsinthischapterareausefulstartingpointforanexamquestion,butallentitieshavetodealwithrisksinanappropriatemannerandsoguidancecannotbedefinitive.
2Risk management strategy Formulation of a risk strategy
Aframeworkforboardconsiderationofriskisshownbelow:
Formanybusinessesthespecificformulationofariskstrategyhasbeenarecentdevelopment.
Inthepastaformalstrategyformanagingriskswouldnotbemadebutratheritwouldbelefttoindividualmanagerstomakeassessmentsoftherisksthebusinessfacedandexercisejudgementonwhatwasareasonablelevelofrisk.
Thishasnowchanged:failuretoproperlyidentifyandcontrolriskshasbeenidentifiedasamajorcauseofbusinessfailure(takeBaringsBankasanexample).
chapter 2
29
Test your understanding 2
Formulating a risk management strategy
-
Risk appetitecanbedefinedastheamountofriskanorganisationiswillingtoacceptinpursuitofvalue. Thismaybeexplicitinstrategies,policiesandprocedures,oritmaybeimplicit. Itisdeterminedby: risk capacity theamountofriskthattheorganisationcanbear,
and
risk attitudetheoverallapproachtorisk,intermsoftheboardbeingriskaverseorriskseeking.
Thewaythattheorganisationdocumentsanddeterminesthespecificpartsofitsriskstrategywillhavetolinktothebusinessstrategyandobjectives.
Overalltheriskmanagementstrategyisconcernedwithtryingtoachievetherequiredbusinessobjectiveswiththelowestpossiblechanceoffailure. Thetougherthebusinessobjectives,however,themoreriskswillhavetobetakentoachievethem.
Residual riskistheriskabusinessfacesafteritscontrolshavebeenconsidered(seelaterinthischapterformoredetails).
Theamountofriskanorganisationiswillingtoacceptinthepursuitofvalueisknownastheir:
A Riskmap
B Riskappetite
C Riskculture
D Riskthermostat
Risk management
30
Test your understanding 3
More on risk appetite
-
Features of a risk management strategy
InaCIMAandIFAC(InternationalFederationofAccountants)jointreportin2004 EnterpriseGovernancethefollowingkeyfeaturesofariskmanagementstrategywereidentified:
Statementoftheorganisationsattitudetoriskthebalancebetweenriskandtheneedtoachieveobjectives.
Theriskappetiteoftheorganisation. Theobjectivesoftheriskmanagementstrategy. Cultureoftheorganisationinrelationtorisk(andthebehaviourthe
organisationexpectsfromindividualswithregardtorisktaking).
Responsibilitiesofmanagersfortheapplicationofriskmanagementstrategy.
Referenceshouldbemadetotheriskmanagementsystemsthecompanyuses(i.e.itsinternalcontrolsystems).
Performancecriteriashouldbedefinedsothattheeffectivenessofriskmanagementcanbeevaluated.
3Identifying, measuring and assessing risks
Chapter2examinedthedifferenttypesofrisksfacedbyanorganisation.Itiskey,however,thatbusinessescanidentifytheriskstheyfaceandevaluatetheeffectoftherisksonthebusiness.Someriskswillberelativelyeasilybornebybusinesses,butotherswillbemoredifficultandmoreseriousintheirimplications.
Risk identification
Theriskidentificationprocesswilloftenbecontrolledbyarisk committeeorriskmanagementspecialists(seelaterinthischapter).
Therisksidentifiedintheprocessshouldberecordedinarisk register,whichissimplyalistoftherisksthathavebeenidentified,andthemeasures(ifany)thathavebeentakentocontroleachofthem.
Thereareavarietyofmethodsthatcanbeusedbybusinessestoidentifytherisksthattheyface:
chapter 2
31
An alternative risk management process
-
Theriskregisterisaveryimportantandpracticalriskmanagementtoolthatallcompaniesshouldhavethesedays.Ittakesseveraldays,ifnotweeks,toproduce,andneedstobereviewedandupdatedregularlymainlyannually(inconjunctionwithcorporategovernanceguidelines).
Theriskregisterisoftenlaidoutintheformofatabulardocumentwithvariousheadings:
(1) Therisk title statingwhattheriskmightbe.
(2) Thelikelihoodoftheriskpossiblymeasurednumericallyifascalehasbeensete.g.1isunlikely,5ishighlylikely.
(3) Theimpactoftheriskshoulditarise.Againthismightbegradedfrom,say,1(lowimpact)to5(highimpact).
(4) Therisk ownersnamewillbegivenusuallyamanagerordirector.
(5) Thedatetheriskwasidentifiedwillbedetailed.
(6) Thedatetheriskwaslastconsideredwillbegiven.
(7) Mitigation actionsshouldbelistedi.e.whatthecompanyhasdonesofartoreducetherisk.Thismightincludetraining,insurance,furthercontrolsaddedtothesystem,etc.
Risk management
32
The risk register
-
Forexample,usingthestepsdetailedabove,onerowofatabulatedriskregistermightshow:
(8) Anoverall risk ratingmightbegivene.g.110,sothatmanagementcanimmediatelyseewhichrisksaretheonestheyshouldbeconcentratingon.
(9) Further actionstobetakeninthefuturewillbelisted(ifany).
(10)The'action lead'namewillbedetailedi.e.whoisresponsibleformakingsurethatthesefutureactionsareimplemented.
(11)Adue datewillbestatedbywhentheactionhastobeimplemented.
(12)Arisk level targetmightbegiveni.e.ascorelowerthanthatgiveninstep8above.Thismightmeanthatbyimplementingacontrol,theriskratingisexpectedtolowerfrom,say,8to,say2(thetargetrisklevel).
(1) Lossofpersonaldatai.e.unsecureuseofmobiledevicescouldresultinpersonalidentifiableinformationbeinglost,stolenorunauthorisedaccessgained.
(2) Likelihood=3
(3) Impact=5
(4) Riskowner=MikeSmith(ITmanager)
(5) 1.1.12
(6) 2.2.14
(7) Staffreceivetrainingevery2yearswhichhighlightstherisks.Alllaptopsareencrypted.Regularauditsareundertaken.AnyincidentsarereportedtotheAuditCommittee.
(8) Overallriskrating=7
(9) Encryptiontechnologytobeimplementedwhichmeetsindustrystandard.
(10)MikeSmith
(11)31.7.14
(12)Riskleveltarget=3
chapter 2
33
-
Riskregisterswouldnormallydetailwhichofthefollowing:(Selectallthatapply.)
A Risklevelbeforecontrolsareimplemented
B Risklevelaftercontrolsareimplemented
C Responsibilityformanagingrisks
D Thetotalcostofacontrolbeingimplemented
Quantification of risk exposures
Quantificationofriskisimportantinunderstanding theextentandsignificanceoftheexposure.Thiscanbedonebymeasuringtheimpactoftheriskfactor(suchasexchangerates)onthetotalvalueofthecompany,oronanyindividualitemsuchascashfloworcosts.
Somequantitativetechniquesinclude:
Risksthatareidentifiedshouldbemeasuredandassessed.Theextenttowhichthiscanbedonedependsontheinformationavailabletotheriskmanager.
Insomecompanies,particularlyinthebankingandinsuranceindustries,manyriskscanbemeasuredstatistically,onthebasisofhistoricalinformation.
Inmanyothersituations,themeasurementandassessmentofriskdependsonmanagementjudgement.
expectedvaluesandstandarddeviation volatility valueatrisk(VaR) regressionanalysis simulationanalysis
Risk management
34
More on risk identification
Test your understanding 4
-
Expected values and standard deviation
Expectedvalue=probX
whereprob=probability,X=outcome
Someriskscanbemeasuredbytheuseofexpectedvalues.
Thestandarddeviationisameasureofthedispersionofthepossiblevaluesofagivenfactor,suchascashflow,fromtheexpectedvalueormean. Thusthestandarddeviationprovidesameasureofvolatilitythegreaterthestandarddeviation,thegreatertheriskinvolved.
Volatility
Anotherwayofassessingriskmightbelookingatpotentialvolatility.Forexample,acompanymightcalculateanexpectedvaluebasedonarangeofprobabilitiesbutalsoassessthepotentialvariationfromthatexpectedoutcome(rangeorstandarddeviation).
Thefollowingaretheforecastpurchasesofrawmaterialsinafuturemonth:
Calculatetheupsideanddownsidevolatilityfromexpectedpurchases.
200,000 30%probability250,000 50%probability300,000 20%probability
Value at risk
VaRisbasedontheassumptionthatinvestorscaremainlyabouttheprobabilityofalargeloss.TheVaRofaportfolioisthemaximumlossonaportfoliooccurringwithinagivenperiodoftimewithagivenprobability(usuallysmall).
CalculatingVaRinvolvesusingthreecomponents:atimeperiod,aconfidencelevelandalossamountorpercentageloss.
chapter 2
35
Expected value of risk
Test your understanding 5 Volatility (Integration)
-
Statisticalmethodsareusedtocalculateastandarddeviationforthepossiblevariationsinthevalueofthetotalportfolioofassetsoveraspecificperiodoftime.
Makinganassumptionthatpossiblevariationsintotalmarketvalueoftheportfolioarenormallydistributed,itisthenpossibletopredictatagivenlevelofprobabilitythemaximumlossthatthebankmightsufferonitsportfoliointhetimeperiod.
Abankcantrytocontroltheriskinitsassetportfoliobysettingtargetmaximumlimitsforvalueatriskoverdifferenttimeperiods(oneday,oneweek,onemonth,threemonths,andsoon).
VaRmaybecalculatedasstandarddeviationZscore(wheretheZscorecanbefoundfromthenormaldistributiontables).
SupposeaUKcompanyexpectstoreceive$14millionfromaUScustomer.ThevalueinpoundstotheUKcompanywilldependontheexchangeratebetweenthedollarandpoundsresultingingainsorlossesastheexchangeratechanges.Assumethattheexchangeratetodayis$1.75/andthatthedailyvolatilityofthepound/dollarexchangerateis0.5%.
Calculatethe
Thevalueofthe$14milliontodayis8million($14million$1.75/)withadailystandarddeviationof40,000(0.5%8million).
(a) 1day95%VaR
(b) 1day99%VaR.
(a) Thestandardnormalvalue(Z)associatedwiththeonetail95%confidencelevelis1.645(seeNormalDistributiontables).Hence,the1day95%VaRis1.64540,000=65,800.Thismeansthatweare95%confidentthatthemaximumdailylosswillnotexceed65,800.Alternatively,wecouldalsosaythatthereisa5%(1outof20)chancethatthelosswouldexceed65,800.
(b) Thestandardnormalvalue(Z)associatedwiththeonetail99%confidencelevelis2.33(seeNormalDistributiontables).Hence,the1day99%VaRis2.3340,000= 93,200.Thus,thereisa1%(1outof100)chancethatthelosswouldexceed93,200.
Risk management
36
Example of VaR
-
Giventhe1dayVaR,wecaneasilycalculatetheVaRforlongerholdingperiodsas:
ndayVar=1dayVarnThus,wecancalculatethe5day95%VaRas:
5day95%VaR=1day95%VaR5=65,800x 2.236=147,133Thereisa5%chancethatthecompanysforeignexchangelosswouldexceed147,133overthenext5days.
Similarly,the30day99%VaRwouldbe:
1day99%VaR30=93,2005.477=510,477
Noticethatforagivenconfidencelevel,theVaRincreaseswiththeholdingperiod.Thus,thelongertheholdingperiod,thegreatertheVaR.
Abankhasestimatedthattheexpectedvalueofitsportfoliointwoweekstimewillbe$50million,withastandarddeviationof$4.85million.
Required:
Calculateandcommentuponthevalueatriskoftheportfolio,assuminga95%confidencelevel.
Regression analysis
Thiscanbeusedtomeasureacompanysexposuretovariousriskfactorsatthesametime. Thisisdonebyregressingchangesinthecompanyscashflowsagainsttheriskfactors(changesininterestrates,exchangerates,pricesofkeycommoditiessuchasoil).Theregressioncoefficientswillindicatethesensitivitiesofthecompanyscashflowtotheseriskfactors.
Thedrawbackwiththistechniqueisthattheanalysisisbasedonhistoricalfactorswhichmaynolongerbepredictorsofthecompanyinthefuture.
chapter 2
37
Test your understanding 6 Value at risk (Integration)
More on value at risk (VaR)
-
Simulation analysis
Thisisusedtoevaluatethesensitivityofthevalueofthecompany,oritscashflows,toavarietyofriskfactors. Theseriskfactorswillbegivenvarioussimulatedvaluesbasedonprobabilitydistributions,andtheprocedureisrepeatedanumberoftimestoobtaintherangeofresultsthatcanbeachieved.
Themeanandstandarddeviationarethencalculatedfromtheseresultstogiveanexpectedvalueandmeasureoftherisk.
Thistechniquecanbecomplexandtimeconsumingtocarryout,andislimitedbytheassumptionsoftheprobabilitydistributions.
Othermethodsofmeasuringorassessingtheseverityofanidentifiedriskinclude:
Drawbacks of the quantification of risk
Onceariskhasbeenquantified,thereisaproblemwhetheranyonereallyknowswhatitmeans.Unlessyouareatraineeorqualifiedaccountant(orsimilar)thisisunlikely,hencerisksareoftenleftunquantified.
Risk or assurance mapping
Acommonqualitativewayofassessingthesignificanceofriskistoproducearisk maporsometimescalledan'assurance map'.
scenarioplanningforecastingvariousoutcomesofanevent decisiontreesuseofprobabilitytoestimateanoutcome sensitivityanalysisusedtoask'whatif?'questionstotestthe
robustnessofaplan.Alteringonevariableatatimeidentifiestheimpactofthatvariable.
TheBoard,theRiskCommittee,theAuditCommitteeandseniormanagementfromvariousdepartmentswillallbeinvolvedinthepreparationofthemap.
Themapidentifieswhetherariskwillhaveasignificantimpactontheorganisationandlinksthatintothelikelihoodoftheriskoccurring.
Theapproachcanprovideaframeworkforprioritisingrisksinthebusiness.
Riskswithasignificantimpactandahighlikelihoodofoccurrenceneedmoreurgentattentionthanriskswithalowimpactandlowlikelihoodofoccurrence.
Awellstructuredriskmapwillhighlightwheretherearegapsinassurancesoversignificantriskareas.
Risk management
38
-
Also,duplicatedorpotentiallyburdensomeassuranceprocessesmaybeidentified.
Riskscanbeplottedonadiagram,asshownbelow.
Suggestariskthatcouldbeincludedineachquadrantforarestaurant.
Thelossoflowerlevelstaffwouldbestfitwhichcategoryofariskmap?
A Lowlikelihoodlowconsequence
B Highlikelihoodlowconsequence
C Lowlikelihoodhighconsequence
D Highlikelihoodhighconsequence
chapter 2
39
More on risk mapping
Test your understanding 7 Restaurant (Integration)
Test your understanding 8
-
Theaxesofariskmapinclude:(Selectallthatmayapply.)
A Likelihood
B Volatility
C Consequences
D Certainty
4Risk response strategy
Sofarwehaveconsideredthetypesofriskacompanycouldbeexposedtoandthewayitmaychoosetoassess,measureandbearthoserisks.Thenextareaistolookattheformulationofastrategytorespondtothoserisks,thegeneralmethodsthatcanbeusedtotreatrisksandtheimplementationofsuchstrategy.
Themanagementofrisksinvolvestryingtoensurethat:
Theestimateofthepotentiallossforeachriskshouldbecomparedwiththeacceptablerisklimitforthecompany.Iftheriskisgreaterthantheacceptablelimit,thenextstageinriskmanagementistoconsiderhowtheriskshouldbemanagedorcontrolled,tobringitdowninsize.
Exposuretosevererisksisminimised. Unnecessaryrisksareavoided. Appropriatemeasuresofcontrolaretaken. Thebalancebetweenriskandreturnisappropriate.
Risk treatment (management) methods
Assumingthatthebusinessdoeswanttomanageitsrisksinsomewayanumberofmethodscanbeused.Thesemethodswilllimittherisks,andtheoverallriskmanagementstrategymaydefinehowtheriskswillbemanagedandthewaythesemethodswillinteract.
Avoid risk
Acompanymaydecidethatsomeactivitiesaresoriskythattheyshouldbeavoided.
Thiswillalwaysworkbutisimpossibletoapplytoallrisksincommercialorganisationsasriskshavetobetakentomakeprofits.
Risk management
40
Test your understanding 9
-
Transfer risk
Pool risks
Diversification
Insomecircumstances,riskcanbetransferredwhollyorinparttoathirdparty.
Acommonexampleofthisisinsurance.Itdoesreduce/eliminaterisksbutpremiumshavetobepaid.
Risksfrommanydifferenttransactionscanbepooledtogether:eachindividualtransaction/itemhasitspotentialupsideanditsdownside.Theriskstendtocanceleachotherout,andarelowerforthepoolasawholethanforeachitemindividually.
Forexample,itiscommoninlargegroupstructuresforfinancialrisktobemanagedcentrally.
Diversificationisasimilarconcepttopoolingbutusuallyrelatestodifferentindustriesorcountries.
Theideaisthattheriskinoneareacanbereducedbyinvestinginanotherareawheretherisksaredifferentorideallyopposite.
Acorrelationcoefficientwithavaluecloseto1isessentialifriskistobenullified.
Riskreductioncanbeachievedusingwhichofthefollowingtheories?
A Managementtheory
B Systemstheory
C Portfoliotheory
D Contingencytheory
Evaluatewhetheritisalwaysagoodbusinessstrategyforalistedcompanytodiversifytoreducerisk.
chapter 2
41
Test your understanding 11 Diversification (Integration)
Test your understanding 10
Managing risk by diversification
-
Risk reduction
Hedging risks
Risk sharing
Evenifacompanycannottotallyeliminateitsrisks,itmayreducethemtoamoreacceptablelevelbyaformofinternalcontrol.
Theinternalcontrolwouldreduceeitherthelikelihoodofanadverseoutcomeoccurringorthesizeofapotentialloss.
Thecostsofthecontrolmeasuresshouldjustifythebenefitsfromthereducedrisk.
Morewillbeseenoninternalcontrolsinchapter5.
Hedgingwillbeconsideredindetailwhenfinancialriskisexaminedinlaterchapters.
Theconceptofhedgingisreducingrisksbyenteringintotransactionswithoppositeriskprofilestodeliberatelyreducetheoverallrisksinabusinessoperationortransaction.
Acompanycouldreduceriskinanewbusinessoperationbysharingtheriskwithanotherparty.
Thiscanbeamotivationforenteringintoajointventure.
Risk mapping and risk responses
Riskmapscanprovideausefulframeworktodetermineanappropriateriskresponse:
Risk management
42
Risk management using TARA
-
Thedeathof,orseriousinjuryto,amemberofstaffatworkwouldbestfitwhichcategoryonariskmap?
A Lowlikelihoodlowconsequence
B Highlikelihoodlowconsequence
C Lowlikelihoodhighconsequence
D Highlikelihoodhighconsequence
Ariskidentifiedashavingalowfrequencyandahighseverityshouldbemanagedby:
A Avoiding
B Accepting
C Transferring
D Reducing
chapter 2
43
Test your understanding 13
Test your understanding 12
-
5The risk cube
Anotherwayofconsideringriskanditsmanagementistousetheriskcube.
Riskequalsthevolumeofthecube.
Riskisseenassomecombinationofathreat,exploitingsomevulnerability,thatcouldcauseharmtoanasset.
Residualriskisthecombinedfunctionof:
Managingtheriskcanbeundertakenbyreducingthethreat,reducingthevulnerabilityand/orreducingtheassetvalue.
Forexample,imagineacompanysellsmachinepartsoncredittoindustrialcustomers.
Thethreatmightbethatthecustomerdoesn'tpayfortheirmachineparts.
Thevulnerabilitymightbethatthesellingcompanyhasalowcashbalanceandthereforecoulddowiththefundstopayitsownsuppliers.
Theassetisthereceivableduein.
Thethreatreducingsafeguardsmightincludeperformingacreditcheckonallcustomers.
athreatlesstheeffectofthreatreducingsafeguards avulnerabilitylesstheeffectofvulnerabilityreducingsafeguardsand anassetlesstheeffectofassetvaluereducingsafeguards.
Risk management
44
-
Thevulnerabilityreducingsafeguardsmightincludeholdingaminimumcashbalanceatalltimestoensuresufficientcashisavailabletopaysuppliers.
Theassetreducingsafeguardsmightincludesettingalimitoneachreceivablebalance,sothatonceitisreachednofurthergoodswouldbesuppliedtoacustomeruntilpaymentwasmade.
Youarethemanagementaccountantofalargeprivatecompany,Twinkletoes.Twinkletoesmanufacturesahighvolumeofreasonablypricedshoesforelderlypeople.Thecompanyhasatradereceivablesledgerthatismaterialtothefinancialstatementscontainingfourdifferentcategoriesofaccount.Thecategoriesofaccount,andtherisksassociatedwiththem,areasfollows:
Receivableslistedunder(ii)to(iv)areroughlyevenlysplitbybothvalueandnumber.Allreceivablesaredealtwithbythesamemanagersandstaffandthesameinternalcontrolsareappliedtoeachcategoryofreceivables.Youdonotconsiderthatusingthesamemanagersandstaff,andthesamecontrols,isnecessarilythebestmethodofmanagingthereceivablesledger.
Twinkletoeshassufferedanincreasinglevelofirrecoverabledebtsandslowpayersinrecentyears,mostlyasaresultofsmallshoeshopsbecominginsolvent.Thecompanyhasalsolostseveraloverseasaccountsbecauseofarequirementforthemtopayinadvance.Managementwishestoexpandtheoverseasmarketandhasdecidedthatoverseascustomerswillinfuturebeallowedcreditterms.
Managementhasaskedyoutoclassifytherisksassociatedwiththereceivablesledgerinordertomanagetradereceivablesasawholemoreefficiently.Youhavebeenaskedtoclassifyaccountsashigh,mediumorlowrisk.
(i) smallretailshoeshops.Theseaccountsrepresentnearlytwothirdsoftheaccountsontheledgerbynumber,andonethirdofthereceivablesbyvalue.Someofthesecustomerspaypromptly,othersareveryslow
(ii) largeretailshoeshops(includinganumberofoverseasaccounts)thatsellawiderangeofshoes.Someoftheseaccountsarelargeandoverdue
(iii) chainsofdiscountshoeshopsthatbuytheirinventorycentrally.Theseaccountsaremostlywellestablished`highstreet'chains.Again,someoftheseaccountsarelargeandoverdueand
(iv) mailordercompanieswhosellthecompany'sshoes.Therehavebeenanumberoflargenewaccountsinthiscategory,althoughthereisnohistoryofirrecoverabledebtsinthiscategory.
chapter 2
45
Test your understanding 14 Twinkletoes (Case study)
-
Required:
Write an email to the finance director:
(30 minutes)
(a) Classifying the risks relating to the four categories of trade receivables as high, medium or low and explain your classification. Note:Morethanoneriskclassificationmaybeappropriatewithineachaccountcategory.
(b) Describing the internal controls that you would recommend to Twinkletoes to manage the risks associated with the receivables ledger under the headings: all customers, slow paying customers, larger accounts, and overseas customers.
6Risk reporting
RiskreportsnowformpartofUKannualreports.Itisanimportantdisclosurerequirement.(Examplesoftheseareavailableonlargercompanieswebsites.Candidatesareencouragedtoreadsome.)
Managersofabusiness,andexternalstakeholders,willrequireinformationregardingtherisksfacingthebusiness. Ariskreportingsystemwouldinclude:
Asystematicreviewoftheriskforecast(atleastannually). Areviewoftheriskstrategyandresponsestosignificantrisks. Amonitoringandfeedbacklooponactiontakenandassessmentsof
significantrisks.
Asystemindicatingmaterialchangetobusinesscircumstances,toprovideanearlywarning.
Theincorporationofauditworkaspartofthemonitoringandinformationgatheringprocess.
Risk management
46
-
WithinMarksandSpencer'sannualreportfor2013thereisariskreportsection.Thishasbeenduplicatedinpartbelow.
Itstatestheirapproachtoriskmanagementandkeyareasoffocus:
What is our approach to risk management?
TheBoardhasoverallaccountabilityforensuringthatriskiseffectivelymanagedacrosstheGroupand,onbehalfoftheBoard,theAuditCommitteereviewstheeffectivenessoftheGroupRiskProcess.
Risksarereviewedbyallbusinessareasonahalfyearlybasisandmeasuredagainstadefinedsetoflikelihoodandimpactcriteria.Thisiscapturedinconsistentreportingformats,enablingGroupRisktoconsolidatetheriskinformationandsummarisethekeyrisksintheformoftheGroupRiskProfile.
OurExecutiveBoarddiscussestheGroupRiskProfileaheadofitbeingsubmittedtotheGroupBoardforfinalapproval.
Toensureourriskprocessdrivesimprovementacrossthebusiness,theExecutiveBoardmonitorstheongoingstatusandprogressofactionplansagainstkeyrisksonaquarterlybasis.
RiskremainsanimportantconsiderationinallstrategicdecisionmakingatBoardlevel,includingdebateonrisktoleranceandappetite.
Key areas of focus
Duringtheyearwehavefocusedonanumberofkeyareas:
Astimeprogresses,thenatureofsomeGrouprisksisevolving.ToensurewecontinuetoaddressthemostimportantrisksfacingtheGroupatthispointintimewehaveupdatedanumberofrisktitlesanddescriptions.NewtitlesareassignedtoGMproduct(2012:Ourcustomers)andFoodsafetyandintegrity(2012:Foodsafety).NewdescriptionsareinplaceforInternationalandOurpeople.
(1) Evolvingriskdescriptions
chapter 2
47
Marks and Spencer plc Risk report extract
-
WecontinuetoassesswhethersufficientadditionalmitigatingactivitiesareunderwaytoreducethenetriskpositionoftheGroupskeyrisks.Byconsideringnetriskonbothaoneyearandthreeyearhorizon,weareabletoidentifywhenmitigatingactivitieswillresultinatangibleriskreduction.Wealsocontinuetoreviewtheongoingappropriatenessofactionstoensuretheyareasrelevant,timelyandmeasurableaspossible.
RisktoleranceandappetiteareimportantconsiderationsinstrategicdecisionmakingatBoardlevel.Wealsorecognisethevalueinapplyingtheconceptofrisktoleranceindiscussionsacrossalllevelsoftheorganisation.Itisespeciallybeneficialwhendeterminingthenatureofmitigatingactivitiesandtheirroleinaddressingrisklikelihoodorimpact.
Our principle risks and uncertainties
Aswithanybusiness,wefacerisksanduncertaintiesonadailybasis.Itistheeffectivemanagementofthesethatplacesusinabetterpositiontobeabletoachieveourstrategicobjectivesandtoembraceopportunitiesastheyarise.
Toachieveaholisticviewoftherisksfacingourbusiness,bothnowandinthefuture,weconsiderthosethatare:
Overleafaredetailsofourprincipalrisksandthemitigatingactivitiesinplacetoaddressthem.ItisrecognisedthattheGroupisexposedtoanumberofrisks,widerthanthoselisted.
However,aconsciousefforthasbeenmadetodisclosethoseofgreatestimportancetothebusinessatthismomentintimeandthosethathavebeenthesubjectofdebateatrecentBoardorAuditCommitteemeetings.
(Twoofthemanyprinciplerisksandmitigatingactionsaredetailedbelow.)
(2) Actionplansforkeyrisks
(3) Influenceofrisktolerance
externaltoourbusiness coretoourdaytodayoperation relatedtobusinesschangeactivityand thosethatcouldemergeinthefuture.
Risk management
48
-
Economic outlook
Economicconditionsworsenordonotimprove,impactingourabilitytodelivertheplan
Asconsumersdisposableincomescomeunderpressurefrompriceinflationandgovernmentausteritymeasures,tradingconditionscontinuetoremainachallengeforourbusiness.
Mitigatingactivities:
Food safety and integrity
Afoodsafetyorintegrityrelatedincidentoccursorisnoteffectivelymanaged
Asaleadingretaileroffinequalityfreshfood,itisofparamountimportancethatwemanagethesafetyandintegrityofourproductsandsupplychain,especiallyinlightofthebusinessgreateroperationalcomplexityandtheheightenedriskoffraudulentbehaviourinthesupplychain.
Mitigatingactivities:
(Theriskreportcontinuesforseveralpagescoveringmanyotherrisks.)
TheGroupRiskProfilereflectsthemostimportantrisksfacingthebusinessatthispointintimetheserisksreceivespecificattentionbytheBoardtoensurethatsufficientmitigatingactivityisinplacetoreducenetrisktoanacceptablelevel.TheGroupRiskProfilewillevolveasthesemitigatingactivitiessucceedinreducingtheresidualriskovertime,ornewrisksemerge.Assuch,wehaveremovedanumberofrisksfromourGroupRiskProfilesincetheprioryear:
Proactivemanagementofcosts Regularreviewofcustomerfeedbackandmarketplacepositioning Continuedfocusonvaluepropositioninthecontextofabalanced
productoffer,includingmarketleadinginnovation
Ongoingmonitoringofpricingandpromotionalstrategies Regularcommercialreviewofproductperformance
Dedicatedteamresponsibleforensuringthatallproductsaresafeforconsumptionthroughrigorouscontrolsandprocesses
Continuousfocusonquality Proactivehorizonscanningincludingfocusonfraudandadulteration Establishedsupplieranddepotauditingprogramme
chapter 2
49
-
LastyearweincludedBusinesscontinuityontheGroupRiskProfileinresponsetotheheightenedlevelofriskdrivenbytheUKssummer2012events.Withtherisknowreturningtoanormallevelithasbeenremoved,recognisingthestrengthofourcontrolsinthisarea
Financialposition,Corporatereputation,Newstoreformat,KeysupplierfailureandITsecurityhavealsobeenremovedinrecognitionoftheactionstakentoreducethenetriskposition.
Theaboverisksremainimportantandtheycontinuetobemonitoredaspartofbusinessasusualactivitieshowever,weconsiderthattheydonotrepresentkeyriskstoourbusinessatthistimeandtheyhavethereforebeenremovedfromtheGroupRiskProfile.
Risk interconnectivity
Wecontinuetorecognisethesignificantinterdependencybetweenourkeyrisks,whichisinpartaproductofourheavilyinterconnectedbusinessenvironment(bothintermsofsystemsandprocesses).ThefollowingdiagramsarebasedonourcurrentGroupRiskProfile.Botharedesignedtohighlighthowchangestooneriskcouldimpactonthoseconnectedtoit,andthereforeontheprofileasawhole.WehaveincorporatedanumberofpotentialemergingriskswhichdonotfeatureonourGroupRiskProfileatthispointintime,butcouldinfluenceourbusinessinthelongerterm,illustratinghowemergingriskisconsideredbytheBoard.
7Gross and net risk
Riskreportsshouldshow:
tofacilitateareviewoftheeffectivenessofriskresponses.
Anexampleofgrossandnetriskassessments,utilisingtheriskmap(impact/likelihoodmatrix)isshownonthefollowingpage:
thegross risk=anassessmentofriskbeforetheapplicationofanycontrols,transferormanagementresponses, and
thenet risk(orresidual risk)=anassessmentofrisk,takingintoaccountthecontrols,transferandmanagementresponsesi.eafteranycontrolshavebeenimplemented,
Risk management
50
-
Iftheresidualriskisconsideredtobetoogreatthenthecompanywillneedto:
Theamountofresidualriskacompanycanbearisultimatelyamanagementdecision.
notexposeitselftotherisksituationor putinplacebettercontrolsovertherisk.
Itispossibletomeasurethatresidualrisk,possiblyasaproportionofprofit/capital/turnover,inordertohelpmanagementmakethatjudgement.
Usingtheearlierexampleoftheriskregisterwecanshowgrossandnet(orresidualrisk):
(1) Lossofpersonaldatai.e.unsecureuseofmobiledevicescouldresultinpersonalidentifiableinformationbeinglost,stolenorunauthorisedaccessgained.
(2) Likelihood=3
(3) Impact=5
(4) Riskowner=MikeSmith(ITmanager)
(5) 1.1.12
(6) 2.2.14
chapter 2
51
Gross and net risk example
Ability to bear risk
-
Byimplementingtheencryptiontechnologytheriskhasreducedfromascoreof7toascoreof3.Thismeansthatthereisstillsomeriskbutfarlessthantherewas.Managementwillhavetoconsiderwhetheralevel3riskisacceptableorwhetherfurthercontrolsneedtobeimplementedtoachievealowerscore,butatwhatcost.
(7) Staffreceivetrainingevery2yearswhichhighlightstherisks.Alllaptopsareencrypted.Regularauditsareundertaken.AnyincidentsarereportedtotheAuditCommittee.
(8) Overallriskrating=7(Gross risk)
(9) Encryptiontechnologyisimplementedwhichmeetsindustrystandard.
(10)MikeSmith
(11)31.7.14
(12)Risklevel=3(Net or residual risk)
TGDWareassessinganewcontracttoprovidemaintenanceservicesforaprestigiousofficecomplex.Shouldthecomplexbeunabletofunctionformorethan5hoursdueanerrororomissionbyTGDWtheywillfaceafineofsufficientmagnitudetocausethecompanyseverefinancialdifficulty.Thedirectorsassessedthegrossriskashighimpactandduetothecomplexityofthesystemsmaintainedthereishighprobabilityofanerroroccurring.TheclientisunwillingtoreducethepenaltyortochangethecriteriaandTGDWsinternalcontrolsarealreadyatahighlevel.
UsingTARAwhatactionshouldTGDWtake?
A Transfer
B Avoid
C Reduce
D Accept
Risk management
52
Test your understanding 15
-
8Evaluating risk management strategy
Oncethecompanyhasestablisheditsriskstrategyanddecidedinwhatareasitwillreduceitsrisksandthemethodsitwillusetoachievethedesiredreductions,thestrategyshouldbeevaluated.
Thepurposeoftheevaluationistwofold,asshownbelow:
Do benefits outweigh costs?
Thecostsandbenefitsofriskmeasuressuchasinternalcontrolscanbeevaluated,andacostbenefitcomparisoncarriedout.
Thebenefitsfromriskcontrolsshouldpreferablybemeasuredandquantified,althoughsomebenefits(suchasprotectingthecompanysreputation)mighthavetobeassessedqualitatively.
Theevaluationprocessshouldbebasedontheprinciplethatthebenefitsfromacontrolmeasureshouldnotexceedthebenefitsthatitprovides. Forexample,acompanycouldbeveryconcernedabouttheftof
pettycashandthereforeintroducecontrolslimitingthecashheldto25andalsorequiringdailyreconciliationsofthecashbalancebythefinancialcontroller,withobservationbyamemberoftheinternalauditdepartment.
Thiscontrolwouldprobablyreducetheft,butwouldbeveryexpensiveforthecompanytooperateandasaresultthecostswouldexceedthebenefits. Thecontrolssetupmustbeproportionatetothepotentiallossesthatcouldoccuriftheriskresultsinlosses.
chapter 2
53
Costbenefit example
Has the strategy been successful?
-
9Risk management roles and responsibilities
Ifthecompanybeingconsideredisdivisionaltheremaybearisk officerforeachdivisionwhowillhelptoidentifyandmanagetacticalandoperationallevelrisks.
Allemployeeshavearoleandresponsibilityforrisktoo.Youshouldbeawareofpossiblerisks(throughpoliciesissuedandtraininggiven)andyoushouldbeaudibleifyoubelieveariskneedstobemanaged(byreportingittoyourmanagerorbywhistleblowing).
Risk management
54
-
A failure of risk management
PerhapsthemostinterestingexampleofriskandcontrolwasthecaseofNorthernRock.InSeptember2007NorthernRockplcwasatopfiveUKmortgagelender,ontheFTSE100indexwithover100billioninassets.NorthernRockraisedover70%ofthemoneyitusedinitsgrowingmortgagelendingbusinessfrombanksandotherfinancialinstitutions.FollowingtheglobalcreditcrunchthatresultedfromthecrisisintheUSsubprime(highrisk)mortgagesector,banksstoppedlendingtoeachotherandNorthernRockcouldnotraisesufficientcashtocoveritsliabilities.
Abankrun(thefirstonaUKbankfor150years)onNorthernRockbyitscustomersledtothegovernmentprovidinglenderoflastresortfundingandguaranteesforthebanksdepositorstotallingabout20billion.Theresulthasbeena90%fallinthebanksshareprice,adeterioratingcreditratingandalossofreputation.TheCEOhasresignedandseveraldirectorshavealsolefttheboard.
NorthernRockhadaformalapproachtoriskmanagement,includingliquidity,credit,operationalandmarketrisk,fullydescribedinitsSecuritiesandExchangeCommissionfilings.NorthernRocksassetsweresoundsotherewasnosignificantcreditrisk.Marketriskwasalsowellmanagedintermsofinterestrateandforeignexchangeexposure.However,despiteformalproceduresandademonstratedcompliancewithregulations,therewasanassumptionbymanagersthataccesstofundswouldcontinueunimpeded.TheUSsubprimecrisisledtoliquidityriskmaterialising,causingtheNorthernRockproblems.Theconsequencewasalsothelossofreputationthatfollowedpressreportswhichblamedthebanksmanagementfornothavingacontingencyplantocoverthepossibilityofdisruptiontoitsfunding,anoperationalrisk.ItislikelythattheboardofNorthernRockfailedinbothmonitoringliquidityriskandinmonitoringtheeffectivenessoftheexistingcontrols.
ThelessonofNorthernRockisthatweneedtomovebeyondthetickboxapproachtocomplianceandthatgoodgovernancerequiresamoreinsightfulapproachtoriskmanagementandinternalcontrol.
chapter 2
55
Roles of the risk committee
Northern Rock
Risk manager activities
-
Introduction
Lmanufacturesarangeofveryhighqualitytinnedfoods.Thecompanywasestablishedeightyearsagoandithasgrownsteadilybysellingtoindependentgrocersinprosperousareas.Mostconsumersassociatetinnedfoodwithpoorqualityandareunwillingtopayhighprices.However,theconsumerswhobuyLsproductsarewillingtopayapremiumforhigherquality.
LsonlylargecustomerisH,amajorsupermarketchainthathasareputationforsellinghighqualityproduce.LbegansalestoHjustunderayearago,withHpurchasingsmallquantitiesofLsmostpopularproductinordertoassessdemand.Afterasuccessfulperiodoftestmarketing,HstartedtoplacelargerorderswithL.NowHaccountsfor20%ofLssalesbyvolume.
Organisational structure and account managers
Lhastraditionallyhadafunctionalorganisationalstructure.Thereisadirectorinchargeofeachofsales,production,financeandhumanresources.Eachdirectorhasateamofseniormanagerswhosupporttheirfunction.Thehierarchyfororganisingandsupervisingstaffisgenerallybasedonthisfunctionalstructure.TheonlyexceptiontothishasbeentheresultoftheappointmentofPeter,whoistheAccountManagerinchargeofLsdealingswithH.Hinsistedontheappointmentofadesignatedaccountmanagerasaconditionofplacingregular,largeorderswiththecompany.PeteristhedesignatedpointofcontactonallmattersbetweenLandH.
Petersjobdescriptionstatesthatheisresponsibleforalldecisions,includingpricing,relatingtoLsrelationshipwithHandthatheisexpectedtobaseallsuchdecisionsonthepromotionofLscommercialinterests.
Risk management
56
Risk in an engineering consultancy
Risk in a retail chain
Test your understanding 16 L tinned foods (Case study)
-
TherehavebeenanumberofcomplaintsfromLsmanagerssincePetersappointment.Theseincludeseveraloccasionswhenstaffhavereceivedcontradictoryinstructions.Forexample,PeterhasorderedtheproductiondepartmenttogiveprioritytoHsrequestsforlargedeliveries,eventhoughthathasledtoregularorderstoothercustomersbeingdelayed.PeterhasalsotoldthestaffinthecreditcontroldepartmentnottopressHforpaymenteventhoughthecompanyhadseveraloverdueinvoices.
LsSalesDirectorbelievesthatthecompanycouldsellevengreaterquantitiestoHandthatotherlargesupermarketchainswillstartplacingordersinthenearfutureonceHhasdemonstratedthatthereisademandforhighqualitytinnedfood.ShehaswarnedLsChiefExecutivethatadditionalaccountmanagerswillhavetobeemployedintheeventthatLstartstosupplyfurthersupermarketchains.
Required:
Write a report to the Board of L which:
(20 minutes)
(20 minutes)
(a) Evaluates the potential risks that might arise from Ls appointment of an account manager to deal with Hs business and
(b) Recommends, stating reasons, the changes that Ls board should introduce in order to minimise the threats arising from having an autonomous account manager.
Introduction
Disadentalpracticethatwasestablishedeightyearsago.Thepracticewasfoundedbysixdentists,eachofwhomhasanequalshare.
Thesixdentistshavedecidedthattheyshouldundertakeaformalevaluationoftherisksaffectingtheirbusiness.Tothatend,theyhaveengagedaconsultanttoactasafacilitator.
chapter 2
57
Test your understanding 17 Dental practice (Case study)
-
Consultancy
Thefacilitatorbeganwithabrainstormingsession.Thedentistswereprovidedwithaflipchartandtheywereaskedtolistasmanyrisksastheycouldthinkof.ThentherisksweretransferredtoariskmapbasedontheTARAframework.Asimplifiedversionoftheriskmapisshownbelow:
Allsixdentistsagreedthateachoftheserisksisworthclassifying,buttherewasconsiderabledebateastowhereeachshouldappearontheriskmap.Thefacilitatorhasusedtheopinionofthedentistwhoidentifiedtheriskasastartingpointandhasaskedforsomediscussionastohowbesttoclassifyeach.
Dental implants
Dentalimplantsarefalseteeththatarerootedinthepatientsjawusingtitaniumscrews.FittinganimplantisaverytimeconsumingandexpensiveprocedurethatcoststhepatientinexcessofGBP2,000.Thepatientsbonestructureusuallyacceptstheimplantandfuseswithittoformaverystrongbond.In35%ofcasestheimplantcausesanadversereactionandhastoberemoved.Thepracticewarnspatientsofthispossibilityanddoesnotofferanyrefundinthiseventbecausethefailureisbeyondthedentistscontrol.Somepatientswhosufferanadversereactiondoseekcompensationdespitethesewarnings,allegingnegligenceonthepartofthedentist.
Cross infection
Crossinfectioncanoccurwhenpatientspassinfectionsontothedentalstaff(andviceversa)orwhendentalinstrumentstransmitinfectionsbetweenpatients.Apartfromtheneedtoworkincloseproximitytothepatient,dentalproceduresalwaysinvolvecontactwiththepatientssalivaandcansometimesinvolvecontactwithbloodifatoothisextractedorthepatientsgumsbleed.
Impact/consequence
Probability/likelihood Low High
High Reduce
Negligenceclaimsarisingfromfaileddentalimplants
Avoid
Crossinfection
Low AcceptSpiralstaircase
Transfer/share
Unknownallergies
Risk management
58
-
Spiral staircase
Thedentalsurgeryislocatedonefloorupfromstreetlevel.Patientsenterviaanarrowhallwayandclimbtothereceptionusinganarrowspiralstaircase.Thebuildingcannotberemodelledtoacceptaliftoramoresuitablestaircase.
Unknown allergies
Thedentistsareoftenrequiredtoprescribeantibioticsandotherdrugsinordertotreatguminfections.Thesecancausesevereallergicreactionsthatareimpossibletoforeseeunlessthepatienthasbeenprescribedthatdruginthepastandhasnotifiedthepracticeofthisallergy.
Required:
(30 minutes)
(a) Discuss the benefits that the dental practice may obtain from the risk mapping exercise described above.
(b) Critically evaluate the placing of each of the identified risks in the risk map, stating with reasons whether or not you agree with the placement.
TheBBankisalargeinternationalbank.Itemploys6,000staffin250branchesandhasapproximately500,000borrowersandover1,500,000savers.Thebank,whichwasfoundedin1856,hasanexcellentreputationforgoodcustomerservice.Thebankssharepricehasincreased,onaverage,by12%ineachofthelast10years.
Directors remuneration
Therehasbeenmuchadversemediacoverageinmanycountries,includingBBankshomecountry,abouttheallegedexcessivebonusesreceivedbythedirectorsofbanks.Ameetingofcentralbankgovernorsfrommanynationsfailedtoreachagreementonhowtolimitthesizeofdirectorsbonuses.ThegovernorofthecentralbankinBBankshomecountryisparticularlyconcernedaboutthisissue,andconsequentlyputforwardthefollowingproposal:
chapter 2
59
Test your understanding 18 B bank (Case study)
-
Directorsofbankswillbeaskedtopayafeetothebankfortheprivilegeofbeingadirector.Thisfeewillbesetbytheremunerationcommitteeofeachbank.Directorswillbepaidabonusbasedsolelyonappropriateprofitandgrowthindicators.Themorethebanksucceeds,thehigherwillbethebonus.Thisproposaldirectlylinksperformanceofthebanktodirectorspay.Iseethisasamorerealisticoptionthansimplylimitingsalariesorbonusesbystatuteasproposedattherecentcentralbankgovernorsconference.
B Bank board and strategy
TheconstitutionoftheboardofBBankisinaccordancewiththeinternationallyagreedcodeofcorporategovernance.
Overallboardstrategyhasbeentosettargetsbasedonprevious(profitable)experience,withincreasedemphasisonthoseareaswherehigherpotentialprofitscanbemadesuchasmortgagelending(thisisdiscussedbelow).Thebanksexecutiveinformationsystemsareabletocomputerelativeproductprofitability,whichsupportsthisstrategy.Thisstrategygeneratedsubstantialprofitsinrecentyears.Thelastmajorstrategyreviewtookplacefouryearsago.Nonexecutivedirectorsdonotnormallyquerythedecisionsoftheexecutivedirectors.
Inrecentyears,theprofileofthemajorshareholdersofthebankhasmoved.Traditionallythemajorshareholderswerepensionfundsandotherlongerterminvestorsbutnowtheseareovershadowedbyhedgefundsseekingtoimprovetheirshorttermfinancialreturns.
Oneofthemajorsourcesofrevenueforthebankisinterestobtainedonlendingmoneyagainstsecuritiessuchashouses(termedamortgageinmanycountries)withrepaymentsbeingdueoverperiodsvaryingbetween15and25years.Partlyasaresultofintensecompetitioninthemortgagemarket,thevaluesofthemortgagesadvancedbyBBankregularlyexceedthevalueoftheproperties,forexampleBBankhasmadeadvancesofupto125%ofapropertysvalue.Internalreportstotheboardestimatethatpropertypriceswillreverserecenttrendsandwillriseby7%perannumforatleastthenext10years,withgeneralandwageinflationat2%.BBankintendstocontinuetoobtainfinancetosupportnewmortgageswithloansfromtheshorttermmoneymark