Chapter 01

Risk and its Management 236628068.
doc
Topic List
RISK
TYPES OF INDIRECT LOSSES
TYPES OF RISKS FACING BUSINESSES AND INDIVIDUALS
MAJOR TYPES OF BUSINESS RISKS
MAJOR TYPES OF PERSONAL RISKS
RISK MANAGEMENT
BUSINESS RISK MANAGEMENT ORGANIZATION
OBJECTIVES OF RISK MANAGEMENT
UNDERSTANDING THE COST OF RISK
COMPONENTS OF THE COST OF RISK
COST TRADEOFFS
FIRM VALUE MAXIMIZATION AND THE COST OF RISK
AN INTEGRATED RISK FRAMEORK
DEALING ITH RISKS ! A MANAGEMENT ACCOUNTING PERSPECTIVE
ENTERPRISE IDE RISK MANAGEMENT "ERM#
ADVANTAGES OF ENTERPRISE IDE RISK MANAGEMENT "ERM#
PROCESSES FOR ASSESSING RISK
Risk Management and Audit 1
RISK AND ITS
MANAGEMENT
C H A P T E R
$
Risk and its Management 236628068.doc
RISK
Di%%&'&(t M&)(i(*s o% Ris+
The term risk has a variety of meanings in business and everyday life, At its -ost
*&(&'). .&/&.0 'is+ is 1s&2 to 2&sc'i3& )(4 sit1)tio( 56&'& t6&'& is 1(c&'t)i(t4
)3o1t 56)t o1tco-& 5i.. occ1', Life is obviously very risky. Even the short-term future
is often highly uncertain. In probability and statistics, financial management and
investment management, risk is often used in a more specific sense to i(2ic)t& possi3.&
/)'i)3i.it4 i( o1tco-&s )'o1(2 so-& &7p&ct&2 /).1&,
It is sufficient for one to think of the expected value as the outcome that ould occur on
average if a person or business ere repeatedly exposed to the same type of risk. If one
has not yet encountered these concepts in statistics or finance classes, the folloing
example from the sports orld might help. Let us say, a test cricketer has an average of
about-!" runs in his test career. #e shos little sign of sloing don. It is therefore
reasonable that the expected value of his total runs in any given match is about $" runs.
%isk of variability around the expected value is clearly present, he might score $" runs or
higher in a particular match, or he might score as fe as 1" runs.
In other situations, the term risk may refer to the expected losses associated ith a
situation. In insurance markets, for example, it is common to refer to high-risk
policyholders. The meaning of risk in this context is that expected value of losses to be
paid by the insurer &the expected loss' is high. (s another example, )apan often is
described as having a high risk of earth*uake. +hile this statement might encompass the
notion of variability around the expected value, it usually simply means that )apan,s
expected loss from earth*uake is high relative to other countries.
%isk is sometimes used in a specific sense to describe variability around the expected
value and other times to describe the expected losses. Each of these meanings is
employed. It is customary to do so in certain types of risk management and in the
insurance business. The particular meaning usually ill be obvious from the context.
O(& sit1)tio( is 'is+i&' t6)t )(ot6&' i% it 6)s *'&)t&'
&i' Expected loss and
&ii' -ncertainty &variability around the expected loss'
Ris+ Is Cost.4
%egardless of the specific meaning of risk being used, *'&)t&' 'is+ 1s1)..4 i-p.i&s
*'&)t&' cost, To illustrate the cost of risk e use a simple example. .uppose that to
identical homes are in different but e*ually attractive locations. The structures have the
same value, say %s. 1" million, and initially there is no risk of damage to either house.
Then scientists announce that a meteor might hit the earth in the coming eek and that
one house is in the potential impact area. +e ould assume that everyone agrees that
the probability of one house being hit by the lightening is ".1 and that the probability of
the other house being hit is /ero. (lso assume that the house ould be completely
destroyed if it ere hit &all %s. 1" million ould be lost'. Then the expected property loss
at one house is greater by an amount e*ual to ".1 times %s. 1" million or %s. 1." million.
0 Risk Management and Audit
If the oner ere to sell the house, immediately folloing the release of nes about the
lightening, potential buyers ould naturally pay less than %s. 1" million for the house.
%ational people ould pay at least %s. 1." million less, because that is the expected loss
from the lightening. T61s0 *'&)t&' 'is+!!!i( t6& s&(s& 6i*6&' &7p&ct&2 .oss&s!!!is
cost.4 to t6& o'i*i(). 6o-&o5(&'. The value of the house ould drop by at least the
expected loss.
I( )22itio( to *'&)t&' &7p&ct&2 .oss&s0 o(& 6o-&o5(&' 6)s *'&)t&' 1(c&'t)i(t4 i(
t6& s&(s& t6)t pot&(ti). o1tco-&s 6)/& *'&)t&' /)'i)tio(, (t the end of the eek, one
house ill be orth %s. 1" million ith certainty, but the other house could be orth /ero
or %s. 1" million. This greater uncertainty about the value of the houses also is likely to
impose costs on the oner. 1ecause of the greater uncertainty, potential buyers might
re*uire a price decrease in excess of the expected loss &%s. 1." million'. Let us say the
additional price drop is %s. ".! million. T61s0 *'&)t&' 'is+!!!i( t6& s&(s& o% *'&)t&'
1(c&'t)i(t4!!!is ).so cost.4 to t6& o'i*i(). 6o-&o5(&',
To summari/e, this example illustrates that both meanings of risk depicted above are
costly. In this example, the value of the house declined by the expected loss &the first
meaning of risk' plus an additional amount due to increased uncertainty &the second
meaning of risk'. Ris+ -)()*&-&(t is co(c&'(&2 5it6 2&c'&)si(* t6& cost o% 'is+,
Di'&ct /&'s1s I(2i'&ct E7p&ct&2 Loss&s
+hen considering the potential losses from a risky situation, one must consider indirect
losses that arise in addition to direct losses. In the previous example, if the meteor
destroyed the house, the direct loss ould be %s. 1" million. Indirect losses arise as a
conse*uence of direct losses. If the house as destroyed, the oner ould likely have
additional expenses, such as hotel and restaurant cost2 the additional expenses ould be
indirect losses. (s another example, hen a person,s car is damaged, the time spend
getting it repaired is an indirect loss.
3or businesses, indirect losses are extremely important. Indeed, the possibility of indirect
losses is one of the main reasons that businesses try to reduce risk. The ma4or types of
the indirect losses that can arise from the risks faced by businesses are5
TYPES OF INDIRECT LOSSES
&i' Loss of normal profit &net cash flo'
&ii' Extra operating expenses
&iii' #igher cost of funds and foregone investment
&iv' 1ankruptcy costs &legal fees'
3or example, damage to productive assets can produce an indirect loss by reducing or
eliminating the normal profit &net cash flo' that the asset ould have generated if the
damage had not occurred. Large direct losses also can lead to indirect losses if they
threaten the viability of the business and thereby reduce the illingness of customers and
suppliers to deal ith the business or change the terms &prices' at hich they transact.
7oreover, if sales or production is reduced in response to direct losses, certain types of
normal operating expenses &knon as continuing expenses' may not decline in
proportion to the reduction in revenues, thus increasing indirect losses. If a long
interruption in production ould cause many customers to sitch suppliers, or if a firm
has binding contractual commitments to supply products, it also may be desirable for the
firm to increase operating costs above normal levels folloing direct losses. 3or example,
some businesses may find it desirable to maintain production by leasing replacement
e*uipment at a higher cost so as to avoid loss of sales. The increased operating cost
ould create an indirect loss. .imilarly, a business that decides to recall defective
products that have produced liability claims ill incur product recall expenses and
perhaps increase advertising costs to reduce damage to the firm,s reputation.
TYPES OF RISKS FACING BUSINESSES AND INDIVIDUALS
"A# B1si(&ss Ris+
1roadly defined, business risk management is concerned ith possible reductions
in business value from any source.
1usiness value to shareholders, as reflected in the value of the firm,s ordinary
shares, depends fundamentally on the expected si/e, timing and risk &variability'
associated ith the firm,s future net cash flos &cash inflos less cash outflos'.
-nexpected changes in expected future net cash flos are a ma4or source of
fluctuations in business value. In particular, unexpected reductions in cash inflos
or increases in cash outflos can significantly reduce business value. The ma4or
business risks that give rise to variation in cash flos and business value are price
risk, credit risk, and pure risk.
MAJOR TYPES OF BUSINESS RISKS
1. 8rice risk
0. 9redit risk
6. 8ure risk
$ PRICE RISK
%efers to uncertainty over the magnitude of cash flos, due to possible
changes in output and input prices.
(nalysis of price risk associated ith the sale and production of existing and
future products and services plays a central role in strategic management.
Thus, most strategic risks and operational risks can be vieed as particular
examples of price risk.
TYPES OF PRICE RISK
$,$ OUTPUT PRICE RISK
%efers to the risk of changes in the prices that a firm can demand for
its goods and services. Three specific types of price output risk are
commodity price risk, exchange rate risk, and interest rate risk.
: Risk Management and Audit
")# Co--o2it4 P'ic& Ris+
(rises from fluctuations in the prices of commodities, such as
coal, copper, oil, gas and electricity that are inputs for some
firms and outputs for others.
"3# E7c6)(*& R)t& Ris+
;iven the globalisation of economic activity, output and input
prices for many firms also are affected by fluctuations in foreign
exchange rates.
"c# I(t&'&st R)t& Ris+
<utput and input prices also can fluctuate due to changes in
interest rates. 3or example, increases in interest rates may
alter a firm,s revenues by affecting both the terms of credit
alloed and the speed ith hich customers pay for products
purchased on credit. 9hanges in interest rates also affect the
firm,s cost of borroing funds to finance its operations. 7ore
generally, changes in interest rates affect value through their
effect on the present value of the firm,s net cash flos, as
reflected in the values of the firm,s assets and liabilities.
$,8 INPUT PRICE RISK
%efers to the risk of changes in the prices that a firm must pay for
labour, materials, and other inputs to its production process.
8, CREDIT RISK
The risk that a firm,s customers and the parties to hich it has lent money
ill delay or fail to make promised payments is knon as credit risk. 7ost
firms face some credit risk for account receivables. The exposure of credit
risk is particularly large for financial institution, such as commercial banks,
that routinely make loans that are sub4ect to risk of default by the borroer.
+hen firms borro money, they in turn expose lenders to credit risk &i.e., the
risk that the firm ill default on its promised payments'. (s a conse*uence,
borroing exposes the firm,s oners to the risk that the firm ill be unable to
pay its debts and therefore it ill be forced into bankruptcy, and the firm
generally ill have to pay more to borro money as credit risk increases.
9, PURE RISK
The risk management function in medium to large companies &and the term
risk management' has traditionally focused on the management of hat is
knon as pure risk.
Risk Management and Audit !
T6& -):o' t4p&s o% p1'& 'is+ that effect business include5
$, D)-)*& o% Ass&ts
The risk of reduction in value of business assets due to physical damage,
theft, and expropriation &i.e. sei/ure of assets by foreign governments'.
8, L&*). Li)3i.it4
The risk of legal liability for damages for harm to customers, suppliers,
shareholders and other parties.
9, o'+&' I(:1'4
The risk associated ith paying benefits to in4ured orkers, compensation
las and the risk of legal liability for in4uries or other harms to employees
that are not governed by orkers, compensation las.
;, E-p.o4&& B&(&%it
The risk of death, illness, and disability of employees & and sometimes
family members' for hich businesses have agreed to payments under
employee benefit plans, including obligations to employees under pension
and other retirement savings plans.
"B# PERSONAL RISK
The risks faced by individuals and families are personal risks and can be classified
in a variety of ays. 8ersonal risk is classified into six categories5 Earning risks,
medical expense risk, liability risk, physical asset risk, financial asset risk and
longevity risk.
3amily,s health care costs are also uncertain and liability suits, in particular, can
cause large unexpected expenses. <ften individuals obtain advices about personal
risk management from professionals, such as insurance agents, accountants,
layers, and financial planners.
MAJOR TYPES OF PERSONAL RISKS
$, E)'(i(*s
1.1 =isability
1.0 (ging
1.6 -nemployment
1.: =eath
Earnings risk refers to the potential fluctuation in the families, earnings,
hich can occur as a result of decline in the value of income earners,
productivity due to death, disability, aging, or a change in technology.
8, M&2ic). E7p&(s&s
> Risk Management and Audit
9, Li)3i.it4
6.1 (uto
6.0 #ome
Liability suits for non-payment of motor vehicle ?house lease payment.
;, P64sic). Ass&ts
:.1 (uto
:.0 #ome
:.6 )eellery
:.: Electronics etc.
( family also faces the risks of a loss in the value of the physical assets that
it ons. (utomobiles, homes, 4eellery and computers can be lost, stolen, or
damaged.
<, Fi()(ci). Ass&ts
!.1 .hares?.tocks
!.0 Investments?1onds
3inancial assets, values also are sub4ect to fluctuation due to changes in
inflation and changes in the real values of shares and investments.
=, Lo(*&/it4
3inally, longevity risk refers to the possibility that retired people ill outlive
their financial resources.
Co-p)'iso( o% P1'& Ris+ )(2 Its M)()*&-&(t 5it6 Ot6&' t4p&s o% Ris+s
%isk management focuses on pure risk and its management, including the use of
insurance as a tool to reduce risk and financial losses for business and individuals.
The frameork that e present for managing risk, hoever, is very general. It can
be applied ith little or no modification to other types of risks. In addition, a
detailed discussion of insurance markets and comparison of insurance contracts to
the tools used to reduce other types of business risks ill help to understand the
rich variety of risk reduction methods available in modern risk management.
Co--o( "31t (ot (&c&ss)'i.4 2isti(cti/&# %&)t1'&s o% p1'& 'is+ i(c.12& t6&
%o..o5i(*>
1. Losses from destruction of property, legal liability, an employee in4uries or
illness often have the potential to be very large relative to a business,s
resources. +hile business value can be increased if losses from pure risk
turn out to be loer than expected, the maximum possible gain in these
cases is usually relatively small. In contracts, the potential reduction in
business value from losses greater than the expected value can be very
large and even threaten the firm,s viability.
Risk Management and Audit $
P1'& 'is+ so-&ti-&s is 2&%i(&2 )s 'is+ 56&'& t6& ')(2o- o1tco-& c)(
o(.4 '&s1.t i( .oss "p'o21c& c)s6 o1t%.o5#? t6)t is0 (o o1tco-&
i(/o./i(* ) *)i( "c)s6 i(%.o5# is possi3.&, 1ut this is also true for other
uncertain cash outflos faced by firms &e.g. the cost of ra materials'. This
definition also ignores the fact that businesses or individuals gain financially
henever losses from pure risk are less than expected. The gain is no
different in substance from the gain that ould occur if the price of ra
materials dropped so that the firm could buy them more cheaply.
0. The underlying causes of losses associated ith pure risk, such as the
destruction of a plant by the explosion of a steam boiler or product liability
suits from consumers in4ured by a particular product, are often largely
specific to a particular firm and depend on the firm,s action. (s a result, the
underlying causes of these losses are often sub4ect to a significant degree of
control by businesses2 that is, firms can reduce the fre*uency and severity
of losses through actions that alter the underlying causes &i.e. by taking
steps to reduce the probability of fire or lasuit'. In comparison, hile firms
can take a variety of steps to reduce their exposure of vulnerability to price
risk, the underlying causes of some important types of price changes are
largely beyond the control of individual firms &e.g. economic factors that
cause changes in foreign exchange rates, market ide changes in interest
rates, or aggregate consumer demand'.
6. 1usinesses commonly reduce uncertainty and finance losses associated
ith pure risk by purchasing contracts from insurance companies that
speciali/e in evaluating and bearing pure risk, the prevalence of insurance
in part reflects the firm-specific nature of losses caused by pure risk. The
fact that events that cause large losses to a given firm commonly have little
effect on losses experienced by other firms facilitates risk reduction by
diversification, hich is accomplished ith insurance contracts. Insurance
contracts generally are not used to reduce uncertainty and finance losses
associated ith price risk &and many types of credit risk'. 8rice risks that can
simultaneously produce gains for many firms and losses for many others are
commonly reduced ith financial derivatives, such as forard and futures
contracts, option contracts, and saps. +ith these contracts, much of the
risk of loss is often shifted to parties that have an opposite exposure to the
particular risk.
:. Losses from pure risk usually are not associated ith offsetting gains from
other parties. In contract, losses to businesses that arise from other types of
risks often are associated ith gains to other parties. 3or example, an
increase in input prices harms the purchaser of the input but benefits the
seller. Likeise, a decline in the rupee,s value against foreign currencies
can harm domestic importers but benefits domestic exporters and foreign
importers of 8akistani goods. it6 '&sp&ct to c'&2it 'is+0 o(& p)'t4@s .oss
).so is o%t&( )ssoci)t&2 5it6 t6& ot6&' p)'t4@s *)i( i( t6& s&(s& t6)t
t6& p)'t4 t6)t 2&%)1.ts o( its o3.i*)tio( 2o&s (ot -)+& p)4-&(t, O(&
@ Risk Management and Audit
i-p.ic)tio( o% t6is 2i%%&'&(c& 3&t5&&( p1'& 'is+ )(2 p'ic& 'is+ is t6)t
.oss&s %'o- p1'& 'is+ '&21c& tot). 5&).t6. In addition , and as it is hinted
above , the fact that price changes often produce losses for some firms and
gains for others, in many cases allos these firms to reduce risk by taking
opposite positions in derivative contracts.
+hile many of the details concerning pure risk and its management differ from
other types of risk, it is nonetheless important to understand that pure risk and its
management are conceptually similar, if not identical, to other types of risks and
their management. To make this concrete, consider the case of a manufacturer
that uses oil in the production of consumer products. .uch a firm faces the risk of
large losses from product liability lasuits if its production harms consumers, but it
also faces the risk of potentially large losses from oil price increases. The business
can manage the expected cost of production liability settlements or 4udgments by
making the product,s design safer or by providing safety instructions and arnings.
+hile the business might not be able to do anything to reduce the likelihood or si/e
of increases in oil prices, it might be able to reduce its exposure to losses from oil
price increases by adopting a flexible technology that allos lo cost conversion to
other sources of energy. The business might purchase product liability insurance
to reduce its liability risk2 it might hedge its risk of loss from oil price increases
using oil futures contracts.
+hile the concepts and broad risk management strategies are the same for pure
risk and other types of business risk, t6& sp&ci%ic c6)')ct&'istics o% p1'& 'is+
)(2 t6& si*(i%ic)(t '&.i)(c& o( i(s1')(c& co(t')cts )s ) -&t6o2 o% -)()*i(*
t6&s& 'is+s0 *&(&')..4 .&)2 to t6&i' -)()*&-&(t 34 p&'so((&. 5it6
sp&ci).iA&2 &7p&'tis&, 7a4or areas of expertise needed for pure risk management
include risk analysis, safety management, insurance contracts, and other methods
of reducing pure risk, as ell as broad financial and managerial skills. The
insurance business, ith its principal function of reducing pure risk for business
and individuals, employs million of people and is one of the largest industries,
particularly, in the developed countries. In addition, pure risk management and
insurance have a ma4or effect on many other sectors of the economy, such as the
legal sector, medical care, real estate lending, and consumer credit.
Increases in business risks of all types and dramatic groth in the use of financial
derivatives for hedging price risks in recent years have stimulated substantial
groth in scope and efforts devoted to overall management. It has become
increasingly important for managers that focus on pure risk to understand the
management of other types of business risks. .imilarly, managers of other types of
risks need to understand ho pure risk affects specific areas of activity and the
business as a hole.
RISK MANAGEMENT
T6& Ris+ M)()*&-&(t P'oc&ss
%egardless of the type of risks being considered, t6& 'is+ -)()*&-&(t p'oc&ss
i(/o./&s s&/&'). +&4 st&ps>
Risk Management and Audit A
1. Identify all significant risks.
0. Evaluate the potential fre*uency and severity of losses. If possible, this
includes an estimation of the maximum loss that can only reasonably be
expected to occur in a given period ith a relatively high level of confidence.
6. This value is knon in pure risk management as Bt6& -)7i-1- p'o3)3.&
.oss@ )(2 i( financial risk management as /).1& )t 'is+,@
:. Implement the risk management methods chosen.
!. 7onitor the performance and suitability of the risk management methods
and strategies on an ongoing basis.
The same general frameork applies to business and individual risk management.
It is useful to further ac*uaint ith basic aspects of risk management by
summari/ing the ma4or methods used to manage risk.
Ris+ M)()*&-&(t M&t6o2s
These methods, hich are not mutually exclusive, can be broadly classified as5
&1' Loss control2
&0' Loss financing2 and
&6' Internal risk reduction.
Loss control and internal risk reduction commonly involve decisions to invest &or
forgo investing' resources to reduce expected losses. They are conceptually
e*uivalent to other investment decisions, such as a firm,s decision to buy a ne
plant or an individual,s decision to buy a computer. Loss financing decisions refer
to decisions about ho to pay for losses if they do occur.
$,$ Loss Co(t'o.
1. %educed level of risky activity.
0. Increased precautions.
(ctions that reduce the expected cost of losses by reducing the fre*uency of
losses and?or the severity &si/e' of losses that occur are knon as .oss co(t'o.,
Loss control also is sometimes knon as risk control. -se of the term loss control
as opposed to risk control helps avoid confusion beteen activities that reduce the
expected cost of losses and activities that reduce risk &variability', such as internal
risk reduction. Terminology aside, the most important thing to understand is ho
these activities ork and can be used to increase business value. Actio(s t6)t
p'i-)'i.4 )%%&ct t6& %'&C1&(c4 o% .oss&s )'& co--o(.4 c)..&2 B.oss
p'&/&(tio( -&t6o2s,@ Actio(s t6)t p'i-)'i.4 i(%.1&(c& t6& s&/&'it4 o% .oss&s
t6)t 2o occ1' )'& o%t&( c)..&2 B.oss '&21ctio( -&t6o2s@. (n example of loss
prevention ould be routine inspection of aircraft for mechanical problems. These
inspections help reduce the fre*uency of crashes2 they have little impact on the
magnitude of losses for crashes that occur. (n example of loss reduction is the
installation of heat-or-smoke-activated sprinkler systems that are designed to
minimi/e fire damage in the event of a fire.
1" Risk Management and Audit
T6&4 )'& t5o *&(&'). )pp'o)c6&s to .oss co(t'o.>
&1' %educing the level of risky activity2 and
&0' Increasing precautions against loss for activities that are undertaken.
Fi'st0 &7pos1'& to .oss c)( 3& '&21c&2 34 '&21ci(* t6& .&/&. o% 'is+4
)cti/iti&s. 3or example, by cutting back production of risky products or shifting
attention to less risky product lines. Limiting the level of risky activity primarily
affects the fre*uency of losses. The main cost of this strategy is that it forgoes any
benefits of the risky activity that ould have been achieved apart from the risk
involved. In the limit, exposure to losses can be completely eliminated by
'&21ci(* t6& .&/&. o% )cti/it4 to A&'o0 t6)t is0 34 (ot &(*)*i(* i( t6& )cti/it4 )t
).., T6is st')t&*4 is c)..&2 B'is+ )/oi2)(c&,@
(s a specific example of limiting the level of risky activity, consider a trucking firm
that hauls toxic chemicals that might harm the people or the environment in the
case of an accident and thereby produce claims for damages. This firm could
reduce the fre*uency of liability claims by cutting back on the number of shipments
that it hauls. (lternatively, it ould avoid the risk completely by not hauling toxic
chemicals and instead hauling non-toxic substances &such as clothing or
cholesterol free cheese'. (n example from personal risk management ould be a
person ho flies less fre*uently to reduce the probability of dying in a plane crash.
This risk could be completely avoided by never flying. <f course, alternative
transportation method might be much riskier &e.g., driving don ;.T %oad from
Lahore to %aalpindi the day before Eid-ul-3itr &along ith many long hauls of
buses and trucks, including those petrol toxic chemicals'.
T6& s&co(2 -):o' )pp'o)c6 to .oss co(t'o. is to i(c'&)s& t6& )-o1(t o%
p'&c)1tio(s ".&/&. o% c)'&# %o' ) *i/&( .&/&. o% 'is+4 )cti/it4, The goal here is to
make the activity safer and thus reduce the fre*uency and ?or severity of losses.
Thorough testing for safety and installation of safety e*uipment are examples of
increased precautions. The trucking firm in the example above could give its
drivers extensive training in safety, limit the number of hours driven by a driver in a
day, and reinforce containers to reduce the likelihood of leakage. Increased
precautions usually involve direct expenditures or other costs &e.g., the increased
time and attention re*uired to drive an automobile more safely'.
7any types of loss control influence both the fre*uency and severity of losses and
cannot readily be classified as either loss prevention or loss reduction. 3or
example, thorough safety testing of consumer products ill likely reduce the
number of in4uries, but it also could affect the severity of in4uries. .imilarly,
e*uipping automobiles ith airbags in most cases should reduce the severity of
in4uries, but airbags also might influence the fre*uency of in4uries. +hether in4uries
increase or decrease depends on hether the number of in4uries that are
completely prevented from accidents that occur, exceeds the number of in4uries
that might be caused by the airbag inflating at the rong time and too forcefully. (s
ell as any increase in accidents and in4uries that occur if, protection by airbags
causes some drivers to drive less safely.
Loss Fi()(ci(*
7ethods used to obtain funds to pay for or offset losses that occur are knon as
.oss %i()(ci(* &sometimes-called 'is+ %i()(ci(*'. T6&'& )'& %o1' 3'o)2
-&t6o2s o% %i()(ci(* .oss&s>
&1' %etention2
&0' Insurance2
&6' #edging2 and
&:' <ther contractual risk transfers.
These approaches are not mutually exclusive2 that is, they often are used in
combination.
+ith '&t&(tio(0 a business or individual retains the obligation to pay for part or all
of the losses. 3or example, a trucking company might decide to retain the risk that
cash flos ill drop due to oil price increases. +hen coupled ith a formal plan to
fund losses for medium-to-large businesses, retention often is called Ds&.%!
i(s1')(c&E.
3irms can pay retained losses using either internal or external funds. Internal funds
include cash flos from ongoing activities and investments in li*uid assets that are
dedicated to financing losses. External sources of funds include borroing and
issuing ne shares and stocks, but involve retention even though they employ
external sources of funds. 3or example, the firm must pay back any funds
borroed to finance losses. +hen ne shares and stocks are issued, the firm
must share future profits ith ne shareholders.
The second ma4or method of financing losses is the purchase of an Di(s1')(c&
co(t')ctE. ( typical insurance contract re*uires the insurer to provide funds to pay
for specified losses &thus financing these losses' in exchange for receiving a
premium from the purchaser at the inception of the contract. Insurance contract
reduce risk for the buyer by transferring some of the risk of loss to the insurer.
Insurers in turn reduce risk through diversification. 3or example, they sell large
numbers of contracts that provide coverage for a variety of different losses.
The third broad method of loss financing is 6&2*i(*, (s noted above, financial
derivatives, such as forards, futures, options, and saps, are used extensively to
manage various types of risks, most notably price risk. These contracts can be
used to hedge risk2 that is, they may be used to offset losses that can occur from
changes in interest rates, commodity prices, foreign exchange rates, and the like.
.ome derivatives have begun to be used in management of pure risk, and it is
possible that their use in pure risk management ill expand in the future.
Individuals and small businesses do relatively little hedging ith derivatives. ( very
simple example of hedging illustrates as follos5
3irms that use oil in the production process are sub4ect to loss from unexpected
increases in oil prices2 oil producers are sub4ect to loss from unexpected
decreases in oil prices. 1oth types of firms can hedge their risk by entering into a
forard contract that re*uire the oil producers to provide the oil user ith specified
amount of oil on a specified future delivery date at predetermined price &knon as
the forard price', regardless of the market price of oil on that date. 1ecause the
forard price is agreed upon hen the contract is ritten, the oil user and the oil
producer both reduce their price risk.
The fourth ma4or method of loss financing is to use one or more of a variety of
ot6&' co(t')ct1). 'is+ t')(s%&'s that allo businesses to transfer risks to another
party. Like insurance contracts and derivatives, the use of these contracts is
pervasive in risk management. 3or example, businesses that engage independent
contractors to perform some task routinely enter into contracts, commonly knon
as D6o.2 6)'-.&ss )(2 i(2&-(it4 )*'&&-&(tsE that re*uire the contractor to
protect the business from losing money from lasuits that might arise if persons
are in4ured by the contractor.
I(t&'(). Ris+ R&21ctio(
In addition to loss financing methods that allo businesses and individuals to
reduce risk by transferring it to another entity, businesses can reduce risk
internally. There are to ma4or forms of internal risk reduction5
&1' =iversification2 and
&0' Investment in information.
Di/&'si%ic)tio(
%egarding the first of these, firms can reduce risk internally by diversifying their
activities &i.e. not putting all of their eggs in one basket'. Individuals also routinely
diversify risk by investing their savings in many different shares and stocks. The
ability of shareholder to reduce risk through portfolio diversification is an important
factor affecting insurance and hedging decisions of firms.
I(/&st-&(t i( I(%o'-)tio(
The second ma4or method of reducing risk internally is to invest in information to
obtain superior forecast of expected losses. Investing in information can produce
more accurate estimates or forecast of future cash flos, thus reducing variability
of cash flos around the predicted value. Examples abound, including estimates of
the fre*uency and severity of losses from pure risk, marketing research on the
potential demand for different products to reduce output price risk, and forecasting
future commodity prices or interest rates. <ne ay that insurance companies
reduce risk is by speciali/ing in the analysis of data to obtain accurate forecasts of
losses. 7edium-to-large businesses often find it advantageous to reduce pure risk
in this manner as ell. ;iven the large demand for accurate forecasts of key
variables that affect business value and determine the price of contracts that can
be used to reduce risk &such as insurance and derivatives', many firms speciali/e
in providing information and forecasts to other firms and parties.
BUSINESS RISK MANAGEMENT ORGANIZATION
+here does the risk management function fit ithin the overall organi/ational
structure of businessesB In general, the vies of senior management concerning
the need for, scope, and importance of risk management and possible
administrative efficiencies determine ho the risk management function is
structured and the exact responsibilities of units devoted to risk management.
Most .)'*& co-p)(i&s 6)/& ) sp&ci%ic 2&p)'t-&(t '&spo(si3.& %o' -)()*i(*
p1'& 'is+ t6)t is 6&)2&2 34 t6& 'is+ -)()*&' &or director of risk management'.
#oever, *i/&( t6)t .oss&s c)( )'is& %'o- (1-&'o1s so1'c&s0 t6& o/&').. 'is+
-)()*&-&(t p'oc&ss i2&)..4 '&%.&cts ) coo'2i()t&2 &%%o't 3&t5&&( ).. o% t6&
co-p)(4@s -):o' 2&p)'t-&(ts )(2 31si(&ss 1(its0 including production,
marketing, finance, and human resources.
=epending on a company,s si/e, a typical risk management department includes
various staff speciali/ing in areas such as property-liability insurance, orkers,
compensation, safety and environmental ha/ards, claims management, and, in
many cases, employee benefits. ;iven the complexity of modern risk
management, most firms ith significant exposure to price risk related to the cost
of ra materials, interest rate changes, or change in foreign exchange rates have
separate departments or staff members that deal ith these risks. +hether there
ill be more movement in the future toard combining the management of these
risks ith pure risk management ithin a unified risk management department is
uncertain.
I( -ost %i'-s0 t6& 'is+ -)()*&-&(t %1(ctio( is s13o'2i()t& to )(2 t61s
'&po'ts to t6& %i()(c& 2&p)'t-&(t, This is because of the close relationships
beteen protecting assets from loss, financing losses, and the finance function.
#oever, some firms ith substantial liability exposures have the risk
management department report to the legal department. ( smaller proportion of
firms have the risk management unit report to the human resources department.
3irms also vary in the extent to hich the risk management function is centrali/ed,
as opposed to having responsibility spread among the operating units.
C&(t').iA)tio( -)4 )c6i&/& possi3.& &co(o-i&s o% sc).& i( )'')(*i(* .oss
%i()(ci(*, 7oreover, many risk management decisions are strategic in nature,
and centrali/ation facilitates effective interaction beteen the risk manager and
senior management.
( possi3.& .i-it)tio( of a centrali/ed risk management function is t6)t it c)(
'&21c& co(c&'( %o' 'is+ -)()*&-&(t )-o(* t6& -)()*&'s )(2 &-p.o4&&s o%
) %i'-@s /)'io1s op&')ti(* 1(its, #oever, allocating the cost of risk or losses to
particular units often can improve incentives for unit managers to control costs
even if the overall risk management function is centrali/ed. <n the other hand,
there are )2/)(t)*&s to 2&c&(t').iAi(* certain risk management activities, such
)s 'o1ti(& s)%&t4 )(2 &(/i'o(-&(t). iss1&s, In these cases, operating
managers are close to the risk and can deal effectively and directly ith many
issues.
1: Risk Management and Audit
OBJECTIVES OF RISK MANAGEMENT
T6& N&&2 %o' ) Ris+ M)()*&-&(t O3:&cti/&
%isk refers to either variability around the expected value or, in other contexts, the expected
value of losses. #olding all else e*ual, both types of risk-variability and expected lossesCare
costly &i.e. they generally reduce the value of engaging in various activities'. (t a broad level,
risk management seeks to mitigate this reduction in value and thus increase elfare. T5o
si-p.& &7)-p.&s to i..1st')t& 6o5 'is+ -)()*&-&(t c)( i(c'&)s& /).1&>
&1' The risk of production liability claims against a pharmaceutical company2 and
&0' The risk to individuals associated ith automobile accidents.
9onsider first a pharmaceutical company that is developing a ne prescription drug for the
treatment of rheumatoid arthritis, a crippling disease of the 4oints. The risk of adverse health
reactions to the drug and thus legal liability claims by in4ured users could be substantial. The
possibility of in4uries, hich cause the firm &and?or its liability insurer' to defend lasuits and
pay damages, ill increase the business,s expected costs. Loss control, such as expenditures
on product development and safety testing that reduce expected legal defence costs and
expected damage payments, also ill be costly.
If the firm purchases liability insurance to finance part of the potential losses, the premium
paid ill include a DloadingE to cover the insurer,s administrative costs and provide a
reasonable expected return on the insurer,s capital. The possibility of uninsured damage
claims &self-insured losses or losses in excess of liability insurance coverage limits' ill create
uncertainty about the amount of costs that ill be incurred in any given period.
7ost and perhaps all of these factors can increase the price that the firm ill need to charge
for the drug, thus reducing demand. 3or a given price, the risk of in4ury also might discourage
some doctors from prescribing the drug. The risk of in4ury also might cause the firm and
medical profession to distribute the drug only to the most severe cases of the disease, or the
firm might even decide not to introduce the drug. (s a result, from the company,s perspective,
the risk of consumer in4ury could have a significant effect on the value of introducing the drug.
Fo consider the risk that you ill be involved in an auto accident, hich could cause
physical harm to you and your vehicle, as ell as exposing you to the risk of lasuit for
harming someone else. The possibility of being involved in an accident reduces the value of
driving. <ther things being e*ual, people obviously ould prefer to have a loer likelihood of
accident. 1ut other things are not e*ual. .afety e*uipment included in vehicles usually
increases their price. (ttempting to reduce the likelihood of in4ury by driving less also can be
costly. Gou either must stay home or take alternative transportation that may not be as
attractive as driving &apart from the risk of accident'. =riving more safely usually means taking
more time to get places, or it re*uires great concentration, hich means you cannot think as
much about other things hile you are behind the heel.
In addition to the component needed to pay losses, auto and health insurance premiums must
again include a loading for the insurer,s administrative costs and provide a reasonable
expected return on the insurer,s capital. Even ith insurance, you face some uncertainty
about the cost of losses that are less than your deductible &or for liability losses greater than
policy limits'. Gou also are exposed to uninsured indirect losses that arise from accidents,
such as the time lost in getting your car repaired and submitting a claim to your insurer.
Risk Management and Audit 1!
Gou should be convinced by no that risk is costly and so is the management of risk. +e
therefore need some guiding principles to determine ho much and hat types of risk
management should be pursued. That is, e need to identify the underlying ob4ective of
risk management.
T6& *1i2i(* p'i(cip.& o' %1(2)-&(t). o3:&cti/& o% 'is+ -)()*&-&(t is to -i(i-iA&
t6& cost o% 'is+, +hen e consider business risk management decisions, the ob4ectives
are to minimi/e the firm,s cost of risk. +hen e consider individual risk management, the
ob4ective is to minimi/e the individual,s cost of risk. (nd, if e consider public policy risk
management decisions, the ob4ective is to minimi/e society,s cost of risk.
(fter explaining the cost of risk concept in more detail in the next section, e sho ho
minimi/ing a firm,s cost of risk is the same as maximi/ing the firm,s value. Then e
introduce the concept of risk aversion and explain ho individual,s cost of risk depends
on their degree of D'is+ )/&'sio(E. 3inally, e sho ho actions that minimi/e society,s
cost of risk may differ from actions that minimi/e the cost of risk for an individual or
business.
UNDERSTANDING THE COST OF RISK
7ost risk management decisions must be made before losses are knon. The magnitude
of actual losses during a given time period can be determined after the fact &i.e. after the
number and severity of accidents are knon'. 1efore losses occur, the cost of direct and
indirect losses reflects the predicted or expected value of losses during an upcoming time
period. Thus, the cost of losses can be determined ex post &after the fact' and estimated
ex ante &before the fact'. Most 'is+ -)()*&-&(t 2&cisio(s -1st 3& 3)s&2 o( &7 )(t&
&sti-)t&s o% t6& cost o% .oss&s )(2 t61s t6& cost o% 'is+,
COMPONENTS OF THE COST OF RISK
%egardless of the type of risk being considered, the cost o% 'is+ 6)s %i/& -)i(
co-po(&(ts, 3or concreteness, e discuss these components from a business
perspective for the case of pure risk. -sing the ex ante perspective, the cost of pure risk
includes5
$, E7p&ct&2 Loss&s
&a' =irect losses
&b' Indirect losses
8, Cost o% Loss Co(t'o.
&a' Increased precautions
&b' %educed activity
9, Cost o% Loss Fi()(ci(*
&a' %etention and self-insurance
&b' Insurance
&c' #edging
&d' <ther risk transfers
1> Risk Management and Audit
;, Cost o% I(t&'(). Ris+ R&21ctio(
&a' =iversification.
&b' Investment in information.
<, Cost o% R&si21). U(c&'t)i(t4
&a' Effects on shareholders.
&b' Effects on other stakeholders.
E7p&ct&2 Cost o% Loss&s
The &7p&ct&2 cost o% .oss&s i(c.12&s t6& &7p&ct&2 cost o% 3ot6 2i'&ct )(2 i(2i'&ct
.oss&s, 7a4or types of direct losses include the cost of repairing or replacing damaged
assets, the cost of paying orkers, compensation claims to in4ured orkers, and the cost
of defending against and settling liability claims. Indirect losses include reductions in net
profits that occur as a conse*uence of direct losses, such as the loss of normal profits
and continuing an extra expense hen production is curtailed or stopped due to direct
damage to physical assets. In the case of large losses, indirect losses can include loss of
profits from forgone investment and in the event of bankruptcy, legal expenses and other
costs associated ith reorgani/ing or li*uidating a business.
In the case of the pharmaceutical company discussed earlier, the expected cost of direct
losses ould include the expected cost of liability settlements and defence. T6&
&7p&ct&2 cost o% i(2i'&ct .oss&s 5o1.2 i(c.12& it&-s s1c6 )s>
&1' The expected cost of lost profit if sales had to be reduced due to adverse liability
experience2
&0' The expected cost of product recall expenses2 and
&6' The expected loss in profit on any investments that ould not be undertaken if
large liability losses ere to deplete the firm,s internal funds available for
investment and increase the cost of borroing or raising ne e*uity.
Cost o% Loss Co(t'o.
The cost o% .oss co(t'o. reflects the cost of increased precautions and limits on risky
activity designed to reduce the fre*uency and severity of accidents. 3or example, the
cost of loss control for the pharmaceutical company ould include the cost of testing the
product for safety prior to its introduction and any lost profit limiting distribution of the
product in order to reduce exposure of lasuits.
Cost o% Loss Fi()(ci(*
The cost of loss financing includes5
&i' The cost of self-insurance2
&ii' The loading in insurance premiums2 and
&iii' The transaction costs in arranging, negotiating, and enforcing hedging
arrangements and other contractual risk transfers.
Risk Management and Audit 1$
The cost of self-insurance includes the cost of maintaining reserve funds to pay losses.
This cost in turn includes taxes on income from investing these funds, as ell as the
possible opportunity cost that can occur if maintaining reserve funds reduces the ability of
a business to undertake profitable investment opportunity.
Fote that hen losses are insured, the cost of loss financing through insurance only
reflects the loading in the policy,s premium for the insurer,s administrative expenses and
re*uired expected profit. The amount of premium re*uired for the expected value of
insured losses is included in the firm,s expected cost of losses.
Cost o% I(t&'(). Ris+ M)()*&-&(t M&t6o2s
Insurance, hedging, other contractual risk transfers and certain types of loss control
reduce the uncertainty associated ith losses5 that is, these risk management methods
can make the cost of losses more predictable. +e have earlier learned that uncertainty
also can be reduced through diversification and investing in information to obtain better
forecast of losses.
T6& cost o% i(t&'(). 'is+ '&21ctio( i(c.12&s>
&i' Transaction costs associated ith achieving diversification2
&ii' The cost associated ith managing a diversified set of activities2 and
&iii' The cost of obtaining and analysing data and other types of information to obtain
more accurate cost forecasts.
In some cases, this may involve paying another firm for this information2 for example, the
pharmaceutical company may pay a risk management consultant to estimate the firm,s
expected liability costs.
Cost o% R&si21). U(c&'t)i(t4
-ncertainty about the magnitude of losses ill seldom be completely eliminated through
loss control, insurance, hedging, other contractual risk transfers, and internal risk
reduction. T6& cost o% 1(c&'t)i(t4 t6)t '&-)i(s "t6)t is D.&%t o/&'E# once the firm has
selected and implemented loss control, loss financing, and internal risk reduction is called
the cost o% '&si21). 1(c&'t)i(t4, This cost arises because uncertainty generally is
costly to risk-averse individuals and investors. 3or example, residual uncertainty can
affect the amount of compensation that investors re*uire to hold a firm,s shares and
stocks.
R&si21). 1(c&'t)i(t4 ).so c)( '&21c& /).1& t6'o1*6 its )%%&cts o( &7p&ct&2 (&t
c)s6 %.o5s. 3or example, residual uncertainty might reduce the price that customers are
illing to pay for the firm,s products or cause managers or employees to re*uire higher
ages &e.g. the top managers of the pharmaceutical company could re*uire higher pay to
compensate them for uncertainty associated ith product liability claims'. Fote that these
managers also may re*uire higher pay because of the expected cost of indirect losses to
them from, for example, lost pay and costs of seeking ne employment if large losses
cause them to lose their 4obs. The cost of residual uncertainty in this case reflects the
increase in pay above the amount needed to compensate managers for the expected
cost of these indirect losses. That is, the cost of residual uncertainty arises because of
the uncertainty about hether these costs ill be incurred.
1@ Risk Management and Audit
COST TRADEOFFS
( number of tradeoffs exist among the components of the cost of risks. T6& t6'&& -ost
i-po't)(t cost t')2&o%%s )'& t6os& 3&t5&&(>
1. The expected cost of direct?indirect losses and loss control cost.
0. The cost of loss financing?internal risks reduction and the expected cost of indirect
losses2 and
6. The cost of loss financing?internal risk reduction and the cost of residual
uncertainty.
( trade off normally exists beteen expected losses &both direct and indirect' and loss
control costs. I(c'&)s& i( .oss co(t'o. s6o1.2 '&21c& &7p&ct&2 .oss&s, In the case of
the pharmaceutical company, for example, expenditure on developing a safer drug ill
reduce the expected cost of liability suits. Ignoring for simplicity the possible effects of
loss control on other components of the cost of risk &such as the cost of residual
uncertainty'2 minimi/ing the cost of risk re*uires the firm to invest in loss control until the
marginal benefitCin the form of loer expected costs resulting from direct and indirect
lossesCe*ual the marginal cost of loss control.
T6& )-o1(t o% .oss co(t'o. t6)t -i(i-iA&s t6& cost o% 'is+ *&(&')..4 5i.. (ot i(/o./&
&.i-i()ti(* 'is+ o% .oss &for a couple of days folloing A-11-0""1, the entire -. airline
industry as shutdon to reduce the probability of a crash to /ero. (fter a fe days of no
air travel, hoever, the cost eliminating the risk of loss as deemed too high and
commercial flights resumed'.
It ill not produce a orld in hich building never burns, orkers are never hurt, and
products never harm customers because reducing the probability of loss to zero
ould be too costly. 1eyond some points, the cost of additional loss control exceeds
the reduction in the expected cost of losses &that is, marginal cost exceeds the marginal
benefits' so that additional loss control ill increase the cost of risk. Eliminating the risk of
loss ill not minimi/e the cost of risk for either businesses or society.
Even if it ere technologically feasible to eliminate the risk of harm, people ould not
ant to live in such a orld. It simply ould be too expensive. To use an absurd example0
to prove this point, in4uries from automobiles accidents might be virtually eliminated if
automobiles ere simply tanks ithout eapons. 1ut very fe people could afford to
drive a tank, and those ho could ould rather risk in4ury and get to their destination
more *uickly ith a pickup or luxury sports sedan. 1ecause loss control is costly, a point
is reached here people prefer some risk of harm to paying more for goods and service
or incurring other costs to reduce risk.
The second ma4or tradeoff among the components of the cost of risk is the tradeoff
beteen the cost of loss financing?internal risk reduction and the expected cost of indirect
losses. (s more money is spent on loss financing?internal risk reduction, variability in the
firm,s cash flos declines. Loer variability reduces the probability of costly bankruptcy
and the probability that the firm ill go for profitable investments as a result of large
uninsured losses. (s a result, the expected cost of these indirect losses declines. This
Risk Management and Audit 1A
tradeoff beteen the costs of loss financing?internal risk reduction and the expected cost
of indirect losses is of central importance in understanding hen firms ith diversified
shareholders ill purchase insurance or hedge.
The third ma4or tradeoff is that hich often occurs beteen the costs of loss financing?
internal risk reduction and the cost of residual uncertainty. 3or example, if the firm incurs
a higher loss financing costs by purchasing insurance, residual uncertainty declines.
;reater and more costly internal risk reduction also reduces residual uncertainty.
Cost o% Ot6&' T4p&s o% Ris+s
+e illustrated the cost of risk concept using a business perspective and analy/ing pure
risk. #oever, the cost of risk is a general concept. +ith some modification, our
discussion of the cost of pure risk is applicable to other types of risk. To illustrate, e ill
briefly discuss the risk of input price changes, using the specific example of a
manufacturer that uses oil in its production process. In this case, the price charged for the
firm,s products generally ill not immediately ad4ust to reflect changes in the price of oil
so that the firm,s profits ill be affected by oil price changes. <il price increases ill
cause the firm,s profits &or net cash flos' to decline in the short run, and oil price
decreases ill lead to a short-run increase in profits.
3or an ex ante perspective, the expected cost of oil is analogous to the expected cost of
direct losses from pure risk, such as those associated ith product liability claims against
the pharmaceutical company. Ex post, the actual cost of oil price changes can differ from
hat as expected, 4ust as the actual costs from product liability claims can differ from
those expected. If costs are greater than expected, then the profit ill be loer than
expected in both cases. #oever, because oil is an integral input to the production
process for hich ongoing expenditures are routinely expected, the expected cost of oil
normally ould not be considered as part of the cost of risk. &.imilarly, hile ages paid
to employees can differ from hat is expected, the expected cost of ages normally
ould not be considered as part of the cost of risk.'
Large increases in the price of oil could cause indirect costs, if for example, production is
reduced, alternative sources of energy need to be arranged, or profitable investment is
curtailed. The possibility of indirect cost increases the expected cost of using oil in the
production process. Expenditures on loss control, such as redesigning the production
process to allo for the substitution of other sources of energy, ould decrease the
expected cost of oil use and indirect losses.
+ith regard to loss financing, the manufacturer might choose to reduce its exposure to
the risk of oil price changes ith future contracts. The appropriate use of futures ill
produce a profit if oil prices increase, thus offsetting all or part of the loss to the firm. &If oil
prices drop, all or part of the gain that the firm otherise ould experience ill be offset
by a loss on its futures contracts'. #oever, the use of futures contracts involves
transaction costs that are analogous to the loading in insurance premiums. The firm also
might engage in internal risk reduction by diversifying its activities to reduce the senility of
its profits to oil price changes or by investing in information to obtain better forecast of oil
prices.
FIRM VALUE MAXIMIZATION AND THE COST OF RISK
D&t&'-i()(ts o% V).1&
( business,s value to shareholders depends fundamentally on the expected magnitude,
timing, and risk &variability' associated ith future net cash flos &cash inflos minus
cash outflos' that ill be available to provide shareholders ith a return on their
investment.
1usiness value and the effects of risk on value reflects an ex ante perspective2 Halue
depends on expected future net cash flos and risk associated ith these cash flos.
9ash inflos primarily result from sales of goods and services. 9ash outflos primarily
arise from the production of goods and services &e.g. ages and salaries, the cost of ra
materials, interest on borroed funds and liability losses'. Increases in the expected si/e
of net cash flos increase business value2 decreases in expected net cash flos reduce
value. T6& ti-i(* o% c)s6 %.o5s )%%&cts /).1& 3&c)1s& ) '1p&& '&c&i/&2 to2)4 is
5o't6 -o'& t6)( ) '1p&& '&c&i/&2 i( t6& %1t1'&,
1ecause most investors are risk averse, the risk of cash flos reduces the price that they
are illing to pay for the firm,s shares?stocks and thus its value &provided that this risk
cannot be eliminated by investors holding a diversified portfolio of investments'. 3or a
given level of expected net cash flos, this reduction in the firm,s shares?stocks price due
to risk, increases the expected return from buying the shares?stocks. In other ords, the
variation in net cash flos causes investors to pay less for the rights to future cash flos,
hich increases the expected return on the amount that they invest, thus, a %1(2)-&(t).
p'i(cip.& o% 31si(&ss /).1)tio( is t6)t 'is+ '&21c&s /).1& )(2 i(c'&)s&s t6&
&7p&ct&2 '&t1'( '&C1i'&2 34 i(/&sto's, The actual return to investors in any given
period ill depend on reali/ation of net cash flos during the period and ne information
about the expected future net cash flos and risk.
B1si(&ss Ris+ M)()*&-&(t
(uditors have been trained in the past to Dgain and confirm an understanding of the
system of internal controlE on the path to evaluating the efficiency and effectiveness of
management,s control. Internal control is management,s response to business risk.
The ne definition of internal auditing asks internal auditors to shift their perspective to
the underlying business risks. This shift DupstreamE to business risk appears daunting to
some, but it need not be so. Thinking about business risk re*uires many of the same
analytical tools found in every internal auditors training, plus a fe concepts.
U(2&'st)(2i(* 31si(&ss 'is+ '&C1i'&s t6'&& c'it&'i)>
&a' ( thorough understanding of the business process2
&b' (n active imagination and tools to generate ideas about possible effects of risks2
and
&c' ( frameork or risk model and a common language to discuss risk.
( thorough understanding of the business process implies a collaborative approach to
understanding risk management. The internal auditor, because the auditor is outside of
the process, can never be as the management team, probably lack the perspective an
internal auditor can bring having examined a number of similar process. The
understanding of the business process brings together to experts ho combined have
the most knoledge about risk.
To tap this reservoir of knoledge of risk often re*uires a stimulus and one or more
creative tools. 1rain storming sessions and self assessment orkshops provide a means
to tap the imagination. In addition, there are templates and checklist tools that may act as
stimulators to get people thinking about risk.
These first to criteria, business knoledge and the means to tap the imagination, could
create chaos ithout some means of organi/ing and communicating that knoledge.
Internal auditors and management need to agree on a risk frameork or risk model and
common language of risk.
( risk model is a logical algorithm or formula that can model the total business risk in
each of the organi/ation,s business processes and pro4ects. ( number of internal auditors
use a risk model to help them plan their annual audit activities. .trategic planners, and to
a lesser extent pro4ect planners, also use formulas and tables to estimate the risk in
various pro4ects. In both cases, these risk models are narroly focused and not generally
shared outside of the ork group here they are applied. <ften risk models describe risk
using a special language that is difficult to grasp outside of the specific ork group, A
'is+ %')-&5o'+ is ) /is1). )(2 .o*ic). /i&5 o% t6& 31si(&ss 'is+s co--o(.4 %)c&2
34 t6& o'*)(iA)tio(, ( frameork is usually generali/ed and more easily understood by
many in the organi/ation instead of 4ust a fe.
AN INTEGRATED RISK FRAMEORK
.everal authoritative bodies have no offered their vies on risk management. The
(ustralian?Fe Iealand )oint .tandards 9ommittee (.?FI. :6>" %isk 7anagement
as the first to codify standards of risk management in 1AA>. The 9anadian .tandards
1oard folloed in 1AA@, and several other countries are considering similar standards.
These and other recent attempts have helped to develop a better sense about risk
management, but none of them offer the kind of integrated frameork needed to
understand risk.
7ost people have an intuitive understanding of risk based on their common sense and
experience. 8erhaps it is this common sense approach that lulls us into false comfort.
O3/io1s 'is+s )'& (o '&). t6'&)t0 *i/&( ) '&)so()3.4 ).&'t -)()*&-&(t, Ho5&/&'0 it
is 1(i(t&(2&2 co(s&C1&(c&s t6)t c6)..&(*& o1' co--o( s&(s& )(2 &7p&'i&(c&, (n
integrated frameork of risk ensures that the blended knoledge and experience from
our collaborative efforts can be organi/ed and communicated to top management in a
language that all understand. .uch a frameork needs to be both complete and flexible
so it adapts to all types of organi/ations.
A P'opos&2 F')-&5o'+
3rameork often begins ith a definition, and the definition of business risk e use is5
( co(c&pt 1s&2 34 )12ito's )(2 -)()*&'s to &7p'&ss co(c&'( )3o1t t6& p'o3)3.&
-)t&'i). &%%&cts o% )( 1(c&'t)i( &(/i'o(-&(t o( 31si(&ss *o).s,
The definition recogni/es that risk is only a conceptual device. The concept of risk helps
us to deal ith the real conse*uences arising from our inability to predict the future ith
certainty. The concept also recogni/es that the purpose of the organi/ation is to achieve
some goal. 7anagers put assets at risk to achieve ob4ectives, hether the organi/ation is
for profit, not for profit or government. The task of management is to achieve these
ob4ectives in an uncertain environment2 thus, management becomes synonymous ith
risk management.
T6& %')-&5o'+ (&&2s to )22'&ss ).. o% t6& )ss&ts )t 'is+ i( t6& o'*)(iA)tio(, These
are &ith examples'5
&i' Fi()(ci).> cash, credit and negotiable instruments.
&ii' P64sic).> land, buildings and e*uipment.
&iii' H1-)(> knoledge, skills and commitment of people.
&iv' I(t)(*i3.&> reputation, brand and information.
3inally, frameork needs to include the element of time. The conse*uences of some risk
events vary ith their duration. .ome processes are sensitive to delay. .ubtle risks, such
as obsolescence and opportunity costs, also should be included in the frameork.
The frameork is composed of three ma4or domains of business risk and a number of
risk groups ithin each domain. .ome risk groups are shared beteen domains. T6&
t6'&& 2o-)i(s o% 31si(&ss 'is+ )'& 2&%i(&2 )s>
$, O5(&'s6ip Ris+s
The risks associated ith ac*uiring, maintaining and disposing of assets &all
except humans assets'.
8, P'oc&ss Ris+s
The risks associated ith putting assets to ork to achieve ob4ectives.
9, B&6)/io1'). Ris+s
The risks associated ith both ac*uiring, maintaining and disposing of human
assets.
Each risk group is a collection of specific business risk, some of hich are
common to all organi/ations, and some are industry specific. Examples of common
specific risks in a group are the risks associated ith dysfunctional orkplaces.
Industry-common risks include harassment, theft, sabotage, in4ury, employee
lasuits, violence, and other similar risks. Industry - specific risks associated ith
External Threats ould be different for banking, public sector agencies,
manufacturing, etc. depending upon the nature of their market, the extent of
government regulation, their customer?constituent segment, the nature of their
technology and its rate of change, and similar external threats.
E.&-&(ts o% F')-&5o'+
$, O5(&'s6ip 'is+ i(c.12&s t6& %o..o5i(*>
"i# E7t&'(). T6'&)ts> forces outside of the control of the organi/ation that can
affect the organi/ation,s business processes and goals. Examples include
customer?constituent demands, labour?financial?product markets, suppliers
&including unions', competitors, government regulations, economic?political
forces, technology, and physical?environmental forces.
"ii# C1sto2i). Ris+s> the risks associated ith oning and safeguarding assets.
.ince human assets have different characteristics, that class is covered
under 1ehavioural %isks. Examples of custodial risks include obsolescence,
damage in handling or storing the assets, and theft from storage.
"iii# H)A)'2s "s6)'&2 5it6 P'oc&ss Ris+#> The risks to assets associated ith
loss or impairment through fire and natural or man - made disasters and
accidental loss.
"i/# Oppo't1(it4 Cost> &shared ith 1ehavioural %isks' the cost of making less
than optimum decisions about assets ac*uisition and disposition. Examples
include purchasing the rong assets, paying too much, selling the asset too
soon or too late, selling the asset too cheaply and disposing of the rong
assets.
8, P'oc&ss 'is+s i(c.12& t6& %o..o5i(*>
"i# H)A)'2s
The risks to process associated ith the loss or impairment through fire and
natural or man-made disasters and accidental loss.
"ii# E''o'sFO-issio(sFD&.)4s
The risks to processes arising from random differences in human or
machine activity in the process. 8oor 4udgment in plans or operations,
inappropriate or outdated control mechanisms and machine malfunction are
examples of these risks.
"iii# F')12s
The risks to processes arising from intentional misrepresentation of
suppliers, employees and customers. Examples of these risks include theft,
bid rigging, bribery, kick-back schemes and customer abuse.
"i/# P'o21cti/it4 .oss> "S6)'&2 5it6 B&6)/io1'). Ris+s#
The risks to the process arising from poor design of the process arising from
its control system. Examples include scheduling conflicts, inappropriate ork
rule, missing controls, lack of monitoring control system, under-utili/ing
assets in the process and goal conflicts.
9, B&6)/io1'). 'is+s i(c.12& t6& %o..o5i(*>
0: Risk Management and Audit
"i# P'o21cti/it4 Loss> "s6)'&2 5it6 P'oc&ss Ris+s#
The risks arising from poor management practices or poor orker
commitment. -nder-utili/ing human assets, poor leadership, favouritism,
lack of ork structure and discipline, inconsistent management decisions,
and personal?ork goal conflicts are examples of these risks.
"ii# D4s%1(ctio(). o'+p.)c&s
The risks to employees from a dysfunctional ork environment and the risk
to the organi/ation from employees orking in such an environment.
Examples of these risks are gender?racial harassment, excessive pressure
to meet ob4ectives, employee theft and sabotage, ork place in4uries,
employee lasuits, and orkplace violence.
"iii# Oppo't1(it4 Cost
The cost of making less than optimum decisions about human assets
&people, knoledge and skills' ac*uisition and disposition. #iring the rong
people or skills, a poor compensation system and letting the rong people
or skill leave the organi/ation &through *uitting, firing or outsourcing' are
examples of such risks.
MANAGING RISKS
9ommon risk management techni*ues include5
A/oi2
%edesign the process to avoid particular risks ith the plan of reducing overall risk.
Di/&'si%4
.pread the risk among numerous assets or processes to reduce the overall risk of loss or
impairment.
Co(t'o.
=esign activities to prevent, detect or contain adverse events or to promote positive
outcomes.
S6)'&
=istribute a portion of the risk through a contract ith another party, such as insurance.
T')(s%&'
=istribute all of risk through a contract ith another party, such as outsourcing.
Acc&pt
(llo minor risks to exist to avoid spending more on managing the risk then the potential
harm.
(ll risk management techni*ues are found in all domains2 hoever, there are some
primary risk management strategies. 7any onership risks are insurable risks, and the
primary risk management strategy is risk transfer or risk sharing through insurance.
Risk Management and Audit 0!
8rocess risks are primary managed through an active system of internal control in the
processes, including active management oversight. 1ehavioural risks are perhaps the
most varied and most difficult. 8rimarily risk management techni*ues for behavioural
risks are avoidance &redesign the orkplace to reduce the level of risk' and risk transfer
&orkers compensation and liability insurance'. 7anagement is about managing business
risks. (n integrated risk management approach using a number of techni*ues is
necessary to cover the full range of risks in the frameork.
( frameork of business risk can provide a common ground for managers, auditors and
other stakeholders to establish effective and efficient risk management for their
organi/ation. The frameork is useful also as a template or tool to stimulate the
imagination about ho the organi/ation achieves its goals in an uncertain environment.
+ith a common language, imagination and a thorough knoledge of the business
process, the organi/ation is more likely to achieve its business goals.
DEALING ITH RISKS ! A MANAGEMENT ACCOUNTING PERSPECTIVE
In recent times, ith the advent of globalisation ? liberali/ation many changes have taken
place in the business dynamics, in the process of value creation and in the ay economic
enterprises are managed. This paradigm shift has made many of the traditional
management, and accounting theories and practices obsolete. 3or example, advent of
knoledge-based industries has made traditional 1alance .heets and (ccounting
.tatements look meaningless. +hat is the value of an infotech companyB The market
value of it may be several times of its intrinsic value, as indicated in the 1alance .heetJ
.o runs the anomaly for (ccountants K particularly, 7anagement (ccountants.
T6& C'1ci). Ris+ F)cto'
The economic changes today are so rapid, that one may get very little time to change to
a ne outlook, ne process and ne management practices. <ne of the most
distinguished features of this change is the change of risk profile of business mainly, as
an outcome of global competition. In such a complex business environment,
management accountants have a great role to play, as their domain is 4ust not limited to
financial transactions, and annual financial history of an enterprise, captured through the
binary mode of double accounting mechanism. Their role cuts across different functions,
different activities and combines both financial and non-financial parameters for a holistic
vie of the operations and performances, results achieved and achievable, as ell as the
strategies evolved and need to be evolved for the enterprises.
In the context of strategic consideration of any enterprise, hat is therefore c'itic). to2)4 %o'
) -)()*&-&(t )cco1(t)(t is to 6&.p i2&(ti%4 )(2 &/).1)t& 'is+s0 -)+& 'is+!)2:1st&2
/).1)tio(s0 )ss&ss &co(o-ics o% 'is+ t)+i(* ).t&'()ti/&s0 )(2 )cco'2i(*.4 6&.p to .oc)t&
opti-1- st')t&*4 )(2 %o'&c)st '&s1.ts i( )( o/&').. 'is+!'&t1'( sc&()'io, 3or example, in
a film-making venture maximum risk is located in the star actors and performers. .o human
risk coverage is most crucial in this venture, ithout its ade*uate assessment and coverage,
any management strategy ould be inade*uate. .o is the case of football companies in the
Latin (merica that solely depend on star footballers of the orld.
I2&(ti%4i(*0 -)()*i(* )(2 -o(ito'i(* 31si(&ss 'is+s0 *'&)t.4 2&p&(2 o( t6& C1).it4 o%
-)()*&'i). 2&cisio(!-)+i(* )s ) co(s&C1&(c& o% i(t&'p'&t)tio(0 )(2 )().4sis o%
c'&2i3.& i(%o'-)tio( *&(&')t&2 34 t6& -)()*&-&(t )cco1(ti(* s4st&- o% t6& %i'-,
0> Risk Management and Audit
9redibility as ell as high *uality of management accounting information, is the basic and
essential re*uirement for efficient and effective managerial decision-making process. The
complexity of business operations makes the managerial decision-making process very
complicated one that place greater emphasis on identification and *uantification of risk. (nd in
such a system, the management accountant finds himself in a very critical position of having
to develop an appropriate risk assessment system, techni*ues of addressing the above
complex re*uirement of the business, that also help locate the best management process and
management strategy. <f course, he has in his arsenal, all modern tools and techni*ues,
computeri/ed algorithms and models to face this challenge. <ne fre*uently used techni*ue
may involve application of ;ame Theory, enumerating different rival outcomes?strategies in a
competitive scenario ith probabilities assigned to each outcome-strategy, from here
optimum strategy can be evolved and its risk-ad4usted results forecast. (nd there are many
more of such techni*ues.
Ro.& o% M)()*&-&(t Acco1(t)(ts ! Y&st&'2)4 )(2 To2)4
In the past management accountant,s role as mainly limited to manufacturing industries,
focusing on measurement of performance-productivity and profitability, operational
analysis, mainly based on costs and resource consumption combined ith technological
parameters and also, evaluation of alternative pro4ects considering the time value of
money. 7ore or less, it as an exact science ith little or no place for risks and
uncertainties. 1ut the advent of global competition has made a radical change in the
overall scenario. Fothing is no protected or secure. Even excellence in operational
management cannot save an enterprise, not to speak of its groth, unless the strategic
direction is appropriate and synchroni/e ith time-assessing its economic implications
and financial impacts emerging as ma4or task. Co(s&C1&(t.40 i( t6& -)()*&-&(t
)cco1(t)(t@s )cti/it4 po't%o.io0 t6&'& is ) 2isti(ct s6i%t %'o- Bop&')tio().@ to
Bst')t&*ic@0 %'o- B312*&t -)+i(*@ to B%o'&c)sti(*,. In this scenario, management
accountants have to consider the role of risk management, understand the steps and
methodologies involved in the identification, assessment and mitigation of risks. <f
course, this is not the task of management accountant alone. It depends on teamork
ith risk managers in individual functional areas contributing their share. 1ut the
management accountant must be a very important member in the team, for translating
the risk perceptions and risk-information in terms of their economic implications and
financial impact.
<ne important decision area is the capital re*uirement and layout for risk management.
(bsorbing, hedging or transferring risk re*uires capital that could have been, otherise,
invested in other productive and profitable ventures. Ho5 -1c6 c)pit). s6o1.2 3&
'&C1i'&2F)..oc)t&2 %o' )3so'3i(* t6& 'is+ o% .oss is ) c'1ci). %)cto' t6)t t6&
-)()*&-&(t )cco1(t)(t s6o1.2 3& co(c&'(&2 5it6, That is ho the concept of
Enterprise +ide %isk 7anagement &E%7' is gaining ground.
Risk Management and Audit 0$
ENTERPRISE IDE RISK MANAGEMENT "ERM#
The main difference beteen E%7 and the traditional ay of managing risk, is that E%7
calls for high-level oversight of an organi/ation,s overall risk portfolio, rather than
individual risk managers in different units?functions overseeing specific risks. E%7 entails
centrali/ed management ith an enterprise ide E%7 committee in hich management
accountant holds a very important position.
.everal auditors are no claiming that they should run E%7 and many organi/ations are
alloing them. 1ut others believe that E%7 is a crucial management function that helps
the organi/ation run better, more effectively and efficiently in the given or evolving risk
scenario.
ADVANTAGES OF ENTERPRISE IDE RISK MANAGEMENT "ERM#
The folloing are typical advantages of E%75
&i' E%7 helps determine the right amount of capital needed to be directed toards
risks by gathering from different risk managers?functions and managers across the
organi/ation, identification of specific risks and their financial impact as ell as
effectiveness of risk mitigation options.
&ii' 9onsidering risk, solely on individual pro4ect basis, can limit an entity,s ability to
appreciate the impact of the pro4ect-associated risks on the entire organi/ation.
-nder E%7 a management accountant can help remove this deficiency.
&iii' In E%7 a management accountant can critically evaluate ma4or risks on a matrix,
so that companies can align their business process, to ensure incorporation of
appropriate risk-data on a database for regular monitoring of E%7 9ommittee.
This ensures easy detection of risks beyond the company,s tolerance level.
&iv' To comply ith corporate governance re*uirements all over the orld &as an
aftermath of .orbane <xley (ct', continuous monitoring and measurement to
operational processes that give rise to financial statements is re*uired. (
management accountant plays a key role in assessing and mitigating risks
underlying such processes.
I2&(ti%ic)tio( o% Ris+s
%isks are about events that, hen triggered, ill cause problems?losses. #ence, risk
identification can start ith the source of problems, or ith the problem itself.
"i# So1'c& )().4sis! %isk sources may be internal or external to the system that is
the target of risk management. Examples of risk sources are5 stakeholders of a
pro4ect, employees of a company or the eather over an airport.
"ii# P'o3.&- )().4sis! %isks are related to fear. 3or example5 the fear of losing
money, the fear of abuse of privacy information or the fear of accidents and
casualties. The fear may exist ith various entities, most important ith
shareholders, customers and legislative bodies such as the government.
0@ Risk Management and Audit
The chosen method of identifying risks may depend on culture, industry practice and
compliance. The identification methods are formed by templates or the development of
templates for identifying source, problem or event.
Co--o( 'is+ i2&(ti%ic)tio( -&t6o2s )'&>
"i# O3:&cti/&s!3)s&2 Ris+ I2&(ti%ic)tio( <rgani/ations and pro4ect teams have
ob4ectives. (ny event that may endanger achieving an ob4ective, partly or
completely is identified as risk.
"ii# Sc&()'io!3)s&2 Ris+ I2&(ti%ic)tio( =ifferent scenarios are created. The
scenarios may be the alternative ays to achieve an ob4ective, or an analysis of
the interactions of forces in, for example, a market or battle. (ny event that triggers
an undesired scenario alternative is identified as risk.
"iii# T)7o(o-4!3)s&2 Ris+ I2&(ti%ic)tio( The taxonomy-based risk identification is a
break-don of possible risk sources. 1ased on the taxonomy and knoledge of
best practices, a *uestionnaire is compiled. The ansers to the *uestions reveal
risks.
"i/# Co--o(!'is+ C6&c+i(* In several industries lists ith knon risks are available.
Each risk in the list can be checked for application to a particular situation.
Ass&ss-&(t o% Ris+s
<nce risks have been identified, they must then be assessed as to5
&i' their potential severity of loss2 and
&ii' the probability of occurrence.
Their *uantities can be either simple, to measure a lost building or impossible to kno in
the case of the probability of a devastating tsunami occurring. Therefore, in the
assessment process, it is critical to make the best educated guesses possible, in order to
properly prioritise the implementation of the risk management plan.
Pot&(ti). Ris+ T'&)t-&(ts
<nce risks have been identified and assessed, all techni*ues to manage the risk fall into
one or more of these four ma4or categories5
&i' (voidance
&ii' %eduction
&iii' (cceptance ? %etention
&iv' Transfer
"i# Ris+ A/oi2)(c&
Includes not performing an activity that could carry risk. (n example5 not buying a
business in order to not take on the liability that comes ith it. (nother ould be
not flying in order to, not take the risk that the airplane may crash. (voidance may
seem the anser to all risks, but avoiding risks also means losing out on the
potential gain, that accepting &retaining' the risks have alloed. Fot entering a
business to avoid the risk of loss, also avoids the possibility of earning the profits.
Risk Management and Audit 0A
"ii# Ris+ R&21ctio(
Involves methods that reduce the severity of the loss. 3or instance, stand alone
computers for processing data may reduce the loss due to virus attack in a
netork. 1ut the resultant ork-difficulties are more and may lead to increase
costs. -se of computer netork ith expensive anti-virus packages may be an
improvement, considering cost-benefits thereof.
"iii# Ris+ Acc&pt)(c& F R&t&(tio(
Involves accepting the loss hen it occurs. %isk retention is a viable strategy for
small risks, here the cost of insuring against the risk ould be greater over time
than the total losses sustained. (ll risks that are not avoided or transferred, are
retained by default. This includes risks that are so large or catastrophic, that they
either cannot be insured against or the premiums ould be infeasible.
Fatural disaster like earth*uake is an example. (lso any amounts of potential loss
&risk' over the amount insured is retained risk. This may also be acceptable, if the
chance of a very large loss is small, or if the cost to insure for greater coverage
amounts, is so great it ould hinder the goals of the organi/ation too much.
"i/# Ris+ T')(s%&'
7eans causing another party to accept the risk, typically by hedging. Insurance is
one type of risk transfer that uses contracts. <ther times it may involve contract
language that transfer a risk to another party ithout the payment of any premium.
Liability among construction or other contractors is very often transferred this ay.
<n the other hand, by using derivatives, firms can also manage financial risks.
.ome ays of managing risk fall into multiple categories. %isk retention pools are
technically retaining the risk for the group, involves transfer among individual
members of the group. This is different from traditional insurance, in that no
premium is exchanged beteen members of the group up front, but instead, losses
are assessed to all members of the group.
P.)((i(* )(2 I-p.&-&(t)tio(
=ecide on the combination of methods to be used for each risk. 3ollo all of the planned
methods for mitigating the effect of the risks. 8urchase insurance policies for the risks
that have been decided to be transferred to an insurer, avoid all risks that can be avoided
ithout sacrificing the entity,s goals, reduce others, and retain the rest.
Initial risk management plans ill never be perfect. 8ractice, experience, and actual loss
results, ill necessitate changes in the plan and contribute information to allo possible
different decisions to be made in dealing ith the risks being faced.
P'o:&ct M)()*&-&(t
#ere a risk is more narroly defined as a possible event or circumstance that can have
negative influences on a pro4ect. Its influence can be on the schedule, the resources, the
scope and?or the *uality.
In pro4ect management parlance, hen a risk escalates, it becomes a liability. ( liability is
a negative event or circumstances that are hindering the pro4ect.
PROCESSES FOR ASSESSING RISK
.ome of the processes for assessing risk, includes the folloing &the parentheses
contains some of the 4argon used to refer to them'.
&i' 9hoosing uni*ue identifiers for referring to the same risk in company or pro4ect
documents "i2&(ti%ic)tio(#,
&ii' =escribing the risk and ho it could become a liability "2&sc'iptio(#,
&iii' (ssessing the conse*uences of that "&%%&ct#,
&iv' 9onsidering hat precautions could be taken to prevent it "p'&c)1tio(#,
&v' =raing up contingency plans or procedures for handling it "co(ti(*&(c4#,
&vi' 9ategori/ing the risk as ne, ongoing or closed "'is+ st)t1s#,
&vii' Estimating the probability of the risk becoming a liability "Ris+ &sc).)tio(
p'o3)3i.it40 P#,
&viii' Estimating the conse*uences in terms of time for the pro4ect "Sc6&21.& i-p)ct0 S#,
&ix' 3rom the information above and the average cost per employee over time, or,
Cost Acc'1). R)tio "C# a pro4ect manager can estimate5
&a' the cost associated ith the risk if it arises5 9L.
&b' the probable increase in time associated ith a risk &schedule variance due
to risk, %s here %sM8L.'5
- sorting on this value puts the highest risk to the schedule first. This is
intended to cause the greatest risk to the pro4ect to be attempted first
so that risk is minimi/ed as *uickly as possible.
- this is slightly misleading as schedule variances ith a large 8 and
small . and vice-versa are not e*uivalent.
&c' the probable increase in cost associated ith a risk &cost variance due to
risk, %c here %c M 8L9 M 8L9(%L.M8L.L9(%'
- sorting on this value, puts the highest risk to the budget first.
- see concerns about schedule variance, as this is a function of it, as
illustrated in the e*uation above.
Ris+ M)()*&-&(t Acti/iti&s )s App.i&2 to P'o:&ct M)()*&-&(t
It i(c.12&s t6& %o..o5i(* )cti/iti&s>
&i' 8lanning ho risk management ill be held in the particular pro4ect. 8lan should
include risk management tasks, responsibilities, activities and budget.
&ii' (ssigning risk officer Ka team member other than a pro4ect manager, ho is
responsible for foreseeing potential pro4ect problems. Typical characteristic of risk
officer is a healthy scepticism.
&iii' 7aintaining live pro4ect risk database. Each risk should have the folloing
attributes5 opening date, title, short description, probability and importance.
<ptionally risk can have assigned person responsible for its resolution and date, till
then risk still can be resolved.
&iv' 9reating anonymous risk reporting channel. Each team member should have
possibility to report risk that he foresees in the pro4ect.
&v' 8reparing mitigation plans for risks that are chosen to be mitigated. The purpose of
the mitigation plan is to describe ho this particular risk ill be handled-hat,
hen, by hom and ho ill be done to avoid it or minimi/e conse*uences, if it
becomes a liability.
&vi' .ummari/ing planned and faced risks, effectiveness of mitigation activities and
effort spend for the risk management.

Chapter 01

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Chapter 01

Hochgeladen von

Copyright:

Verfügbare Formate

Risk and its Management 236628068.

Das könnte Ihnen auch gefallen