C1- Risk and the risk management process

Risk in the context of corporate governance

Management responsibilities in risk management
Risk Management Process
Changing risk assessments
Risk Appetite

Risk in the context of corporate governance

Risk
This is present when future events occur with measurable probability

Risk and Corporate Governance

One link between risk and corporate governance is the shareholders' concerns
about the relationship between the level of risks and the returns achieved.
Another is the link between directors' remuneration and risks taken.
If remuneration does not link directly with risk levels, but does link with turnover
and profits achieved, directors could decide that the company should bear risk
levels that are higher than shareholders deem desirable.
It has therefore been necessary to find other ways of ensuring that directors pay
sufficient attention to risk management and do not take excessive risks.
Corporate governance guidelines require directors to:

Establish appropriate control mechanisms for dealing with the risks the
organisation faces
Monitor risks themselves by regular review and a wider annual review
Disclose their risk management processes in the accounts

Management responsibilities in risk management

The Risk Manager is responsible to Senior Management for the following
functions:
1. To identify and quantify the organisations exposures to accidental loss.
2. To adopt proper financial protection measures through risk transfer (to
outside parties), risk avoidance, and risk retention programs.

3. To develop and update a complete system for recording, monitoring, and

communicating the organisations Risk Management program components
4. To develop and implement loss prevention/loss retention programs.
5. To establish Risk Management policies and procedures

Risk and the risk management process

5 step process:
1. Identify Risk
Make list of potential risks continually.
Identify risks facing the company - through consultation with stakeholders
2. Decide on acceptable risk
Decide on acceptable risk - and the loss of return/ extra costs associated
with reduced risks
3. Analyse Risk
Prioritise according to threat/likelihood.
Assess the likelihood of the risk occurring - management attention obviously
on the higher probability risks
4. Plan for Risk
Look at how impact of these risks can be minimised - through consultation
with affected parties.
Avoid or make contingency plans (TARA)
5. Monitor Risk
Assess risks continually.
Understand the costs involved in the internal controls set up to manage
these risks - and weighed against the benefits

Why do all this?

To ensure best use is made of opportunities

Risks are opportunities to be siezed
Can help enhance shareholder value

Changing risk assessments

The belief that risks do not change very much is only true in static environments.
In reality, the changeability of risks depends upon the organisations place on a
continuum between highly dynamic and completely static.
Risk assessment is a dynamic management activity because of changes in the
organisational environment and because of changes in the activities and operations
of the organisation which interact with that environment.

Examples:
1. A new product launch
The new product will obviously introduce a new risk that was not present
prior to the new product.
It may be a potential liability from the use of the product or a potential
loss from the materials used in its production.
2. A change in legislation
Changes in the environment might include changes in any of the PEST
(political, economic, social, technological) or any industry level change
such as a change in the competitive behaviour of suppliers, buyers or
competitors.
In either case, new risks can be introduced, existing ones can become
more likely or have a higher impact, or the opposite (they may disappear
or become less important).
The best way of initiating a change management risk assessment is by dividing all
the things that come under the scope of the change management program into
three groups:
1) Items that remain the same after the change
Examples of this category include patents, building and machinery, key personnel,
and
other capital assets.
Such items normally do not pose any risks during the change management
process.
2) Items poised to change
This includes assets that have no value to the companys core business.
This includes outdated equipment, space that is standing idle, underused positions
in the company, redundant processes, and even redundant staff.

Replacing or eliminating such items either reduce expenses or enhances revenue

flow.
Risk assessment for this second list need to focus on:
ensuring such items are really not needed for the companys core processes
3) Items that could go either way
The major scope of risk assessment lies in this group of items, to determine
whether possible changes in such items pose a risk to the organisation.
The best approach towards risk-assessment for items in this third list is through
effecting a trade-off.
For instance, curtailing the assembly line might curtail expenses and lead to better
operating efficiency, but it might come as loss of morale to staff and loss of
prestige owing to running a reduced set up.
Risk assessment entails comparing the benefits of efficiency with the losses owing
to loss of morale and prestige.
Risk Appetite
Risk appetite describes the willingness of an entity to become exposed to an
unrealised loss (risk).
It is usually understood to mean the position taken with regard to two
notional preferences:
1. Risk aversion
2. Risk seeking.
Both preferences are associated with different levels of returns:
those that are risk-seeking favour higher risks and higher returns with the
converse being true for the risk averse.
Risk-averse entities will tend to be cautious about accepting risk, preferring to
avoid risk, to share it or to reduce it.
In exchange, they are willing to accept a lower level of return.
Those with an appetite for risk will tend to accept and seek out risk, recognising
risk to be associated with higher net returns.