Chapter I

THE RESEARCH PROBLEM

Introduction

In today’s world, no nation exists in economic isolation. All aspects of a nation’s

economy- its industries, service sectors, levels of income and employment, living
standard are linked to the economies of its trading partners. This linkage takes the form of
international movements of goods and services, labor, business enterprise, investment
funds, and technology. Indeed, national economic policies cannot be formulated without
evaluating their probable impacts on the economies of other countries.( Carbaugh 2005)

Thus globalization took place that it is but necessary for a nation to develop relationships
with other countries in order to survive the international competition. All institutions
have to make global competitiveness a strategic goal. No institution, whether a business,
a university or a hospital can hope to survive, let alone to succeed, unless it measures up
to the standards set by the leaders in its field, anyplace in the world.(Drucker 1999)

In the arena of international business where every nation as well as every competing
companies must understand what strategies to employ to get ahead of the business. Every
organization operates on a theory of the business that is, a set of assumptions as to what
its business is, what its objectives are, how it defines results, which its customers are,
what the customer’s value and pay for. Strategy converts this theory of the business into
performance. Its purpose is to enable an organization to achieve its desired results in an
unpredictable environment. For strategy allows an organization to be purposefully
opportunistic. Strategy is also the test of the theory of the business. Failure of the strategy
to produce the expected results is usually the first serious indication that the theory of the
business needs to be thought through again. And unexpected successes are often also the
first indications that the theory of the business needs to be rethought. Indeed, what is an
“opportunity” can only be decided if there is a strategy. Otherwise, there is no way to tell
what genuinely advances the organization toward its desired results, and what is
diversion and splintering of resources.(Drucker, 1999)

Organizations had long practiced various parts of what has come to be called
enterprise risk management. Identifying and prioritizing risks had long been a standard
management activity. What has changed beginning very near of the last century, was
treating variety of risks in a holistic manner.

The emergence of risks though we faced them in our everyday life, was amplified by
some other threats like the terrorist attacks, global warming, and environmental disaster
among other man-made risks. Individually we treated risk differently. We even had
appetite for risk. Nevertheless in an organization management treated risks as having a
negative impact or a positive one. And because organization is made up of different
individual, different approaches are employed to tackle risks. Management controls
which were always in effect in every operation of the business become sophisticated that
gave way into system of policies. Thus the birth of risk management which could be best
described in term of Enterprise Risk Management where it aligned business strategies and
embedded risk management culture into the business. It involved not only managers but
the whole organization and saw risk as opportunities as much as hazards. In that way
managing risk could be interpreted positively in generating shareholder’s value and
meeting company’s objectives. And risk evolved that it had to be recognized and
standardized. Thus risk management become part of the corporate governance. ( Collier,
2009)

Modern risk management had four perspectives. The first was the hazard risk
management that included a five-process to assess hazard risks. It had set up both
preventive and crisis risk management. Second was the internal control which assures
that policies are followed. Internal controls are highly visible with the companies which
are engaged in business which are high regulated by the government. The third was the
internal audit which assured that internal controls are working. It examined operating
activities, consistency of procedures and compliance with directives. And the fourth one
is the regulatory compliance. This was about conformity with official requirements
imposed by statutes, public agencies, or the courts. ( Hamton, 2009)

According to Cooper, Grey, Raymond and Walker (2005), “the implementation of sound
risk management practices enables senior managers to allocate resources more effectively
to manage risks.” By having a sound risk management practices, it puts the organization
to have effective control measures. Consequently according to Cooper et.al. “Executives
of these organizations are now requiring the risk management be implemented in an
effective manner, to meet the management requirements of the organization.”

And in the words of Wilkinson ( 2005):

In reality, any choice between strategies or courses of action will involve

some difference in risk. The significance of this is that many firms or managers

are risk-averse. Managers may fear for their job security if they take excessive

risks that do not pay off, preferring to maintain the status quo.

According to Hampton ( 2009) strategic risk is the positive or negative impact of risk on
an organization in the following conditions. It includes risk identification and problem
solving. Thus strategic risk management encompasses all activities intended to identify
risks, solve problems, adapt to change, and successfully execute plans.

With this information about risk management and the current economic situation
of the country when we are vulnerable to economic crisis, enterprise risk management is
at its full potential to safeguard companies from negative effects of these crises.
 Batangas is a first class province of the Philippines located on the southwestern
part of Luzon in the CALABARZON region. Its capital is Batangas City and it is
bordered by the provinces of Cavite and Laguna to the north and Quezon to the east.
Across the Verde Island Passages to the south is the island of Mindoro and to the west
lies the South China Sea.

Batangas City is the largest and capital city of the Province of Batangas, Philippines.
Known as the “Industrial Port City of CALABARZON”, Batangas City is currently
classified as one of the fastest urbanizing cities of the Philippines. According to the latest
census, the city has an approximate population of 295 231 people in 50 223 households.

Batangas City with its prolific growth and a base for some large industry, it is important
that its industrial plants be safe from adverse effects not only of economic hazards but of
other threats that they are facing today.

This study is a first step in understanding risk management of the selected industrial
plants in Batangas City that eventually will shed insightful information which are
beneficial to all concerned.

Conceptual Framework

This study is posited on the idea that risk has positive or negative impact in an
organization. It involves the identification of risk and problem solving. Risk
identification has it upside opportunity which is to achieve the company’s goal and the
downside is the possibility of loss. Once the risk is identified, defining problem correctly
allows the pursuit of effective strategy. Failure to recognize the real problem can do
significant damage. (Hampton,2009)

This study is also anchored on the modern concept of Enterprise Risk

Management ( ERM ) set forth by Chartered Enterprise Risk Analyst ( CERA) which
defined ERM as the process of coordinated risk management that places a greater
emphasis on cooperation among departments to manage the organization’s full range of
risks as a whole. ERM offers a framework for effectively managing uncertainty,
responding to risk and harnessing opportunities as they arise. Unlike previous risk
management practices, the concept of ERM embodies the notion that risk analysis cuts
across the entire organization. The goal of ERM is to better understand the shock
resistance of the enterprise to its key risks and to better manage enterprise risk exposure
to the level desired by senior management.

The above concepts served as the basis of the conceptual framework shown in
Figrue 1 which demonstrates the direction of the research process. The IPO ( input-
process- output) Model was used. The inputs focused on the available variables of the
companies which includes the profile of the companies and their existing enterprise risk
management practices as the encountered problems in implementing ERM strategies. The
process includes the planning of the researcher through bibliographical research, survey
questionnaires, interviews, validation of data gathered. And the output of the process
comprised of proposals and suggestions that will address the current problems in
implementing ERM strategies.

Input

• profiles of the respondents

• existing ERM strategies

• encountered problems in implementing ERM strategies

Figure 1. Enterprise Risk Management Strategies of Selected Industrial Plants

Process

• planning and through bibliographical research

• survey questionnaires
• interviews

• validation of data

Output

• proposals and suggestions to address the current problems

• recommendations for further research about ERM

Statement of the Problem

This study delved into the enterprise risk management strategies of selected
industrial plants in Batangas City.

More specifically, the following sub-problems were addressed:

1. What is the profile of the subject companies in terms of :

1.1 nature of business;

1.2 length of operation;

1.3 number of workers;

1.4 operation practices;

1.5 management practices?

1. What are the perceptions of manager and employees on the extent of enterprise
risk management strategies of selected industrial plants in terms of:

2.1 business or operational risk;

2.2 financial risk;

2.3 hazard risk;

2.4 strategic risk?

1. Are there significant differences in the perceptions of the respondents of selected

industrial plants to the enterprise risk management strategies of their respective
companies?
2. What problems are encountered by selected industrial plants in implementing
enterprise risk management strategies?
3. What are the possible solutions that can be proposed to forestall the occurrence of
problems in implementing those enterprise risk management strategies to the
selected industrial plants in Batangas City?

Scope, Delimitation and Limitation of the Study

The main aim of the study is to investigate the adherence of selected industrial
plants in Batangas City in terms of Enterprise Risk Management. The study explored on
the strategies employed by the selected companies in implementing enterprise risk
management. For the purpose of analysis, this study considered the perceptions of
managers and employees as they viewed the problems of enterprise risk management
strategies being implemented in their respective company.

As part of determining the enterprise risk management strategies, the study

focused on the four classifications of risks; business or operational risk, financial risk,
hazard risk and strategic risk.

To gain deeper insights and obtained varied responses on the perception of

respondents of industrial plants to the imperatives of risk management strategies , a
hypothesis was tested to determine differences in perceptions of the respondents which
include participants comprised of managers and employees . Moreover, implications were
drawn which would serve as relevant contribution of this study not only for the plants
themselves but also for the business administrators, researchers and other entities who
might benefit from this study.

The study was limited to selected four large industrial plants based in Batangas
City; Kepco Ilijan Corporation, J.G. Summit Corporation, Pilipinas Shell Petroleum
Corporation, First Gas Power Corporation and San Miguel Corporation. Further
limitation was the involvement of only two sectors such as managers and employees.

Significance of the Study

This study is perceived to provide significant insights to the following parties:

To the owners of industrial plants, through this study a deeper understanding is

acquired about the current strategies they are implementing that deals with enterprise risk
management.

The study is also significant to the managers, employees and customers of the
subject companies to reorient them in their implementation of current enterprise risk
management strategies in their company.

Moreover, the results may also serve as constant reminder to industrial plant’s
officials that risks and threats are constant in every business organization and by
strengthening the enterprise risk management strategies of the company will surely
reduce the impact of those risks negatively.

The result of the study may serve as documented articulation of the commitment
of the industrial plants to uphold their enterprise risk management strategies despite the
changing times. As such, they can review their strategies to meet the demand of evolving
business that they are into.

This study may also serve as model to other business entities which may wish to
conduct other in-depth studies on their own enterprise risk management strategies. The
results of this study may serve as instrument for policy framing towards better internal
control that will result to avoidance of the risk that the company is facing.

This study is highly important to the researcher not only because of the additional
knowledge gained during the research process but because of the risk strategies that are
learned that can be applied in personal life as well as in his own area of specialization.

Lastly, future researchers will find this study a great help not only because of the
valuable literature it offers but also of the findings and conclusions that will serve as
basis for comparison against future investigations.

Definitions of Terms
 The following terms were contextually and operationally defined for better
understanding of the concept used in the study:

Risk management. It refers to the culture, processes and structures that are directed
towards the effective management of potential opportunities and adverse effects.

Enterprise risk management. The term refers to the process of identifying major risks that
confront an organization, forecasting the significance of those risks in business processes,
addressing the risks in a systematic and coordinated plan, implementing the plan and
holding key individuals responsible for managing critical risk within the scope of their
responsibilities. ( Hampton 2009).

Corporate governance. The term refers to the system which companies are directed and
controlled. Boards of directors are responsible to their shareholders and have a
stewardship functions for the governance of the company. ( Collier, 2009).

Risk analysis. The terms refers to the systematic use of available information to
determine how often specified events may occur and the magnitude of their
consequences. It may use any of a wide variety of mathematical and other models and
techniques.( Cooper, Grey, Raymond, Walker, 2005).

Financial risk. As used in the study, it refers to the financial gain or loss the
company can get in venturing risk in the new projects or endeavor.

Operational Risks – the risk of direct or indirect loss resulting from inadequate or failed
internal processes, people and systems or from external events.

Strategic Risks – potential damage to reputation, competition, demographic trends,

technological innovation, capital availability and regulatory trends.

Risk Appetite – the level of aggregate risk that an organization can undertake and
successfully manage over an extended period of time. According to Basel, risk appetite is
the broad-based amount of risk an organization or other entity is willing to accept in
pursuit of its mission or vision. Enterprise risk management enables an organization to
determine what level of the risk it chooses to accept as it seeks to build shareholder value.

Internal control. In this study it refers to the policies of an organization which

tends to guard shareholder’s investment and the company’s asset.

Risk analysis is the systematic use of available information to determine how often
specified events may occur and the magnitude of their consequences. It may use any of a
wide variety of mathematical and other models and techniques.

Risk evaluation determines whether the risk is tolerable or not and identifies the risks that
should be accorded the highest priority in developing responses for risk treatment.
Risk treatment establishes and implements management responses for dealing with risks,
in ways appropriate to the significance of the risk and the importance of the project.

Chapter 2

REVIEW OF LITERATURE

This section presents the relevant literature from both foreign and local sources and
findings of research studies, which will shed light and provide direction to the present
study. The discussion is aimed at determining the existing literature that could explain the
variables included in the study. Local and mostly foreign materials have been reviewed in
order to come up at a more comprehensive discussion. The knowledge that maybe
obtained from the undertaking is expected to provide the researcher a broader perspective
in enterprise risk management as it affects the organizational performance.

Related Literature

We are all faced with a multitude of risks on a day-to-day basis, even if it is just
crossing

the road, driving our car, concern about school or university grades for ourselves or a
member of our family, whether we will get the job we want or the salary increase or
promotion we expect.

We are more aware of risks when we take out insurance policies on our lives, our homes
or cars. We also face risk in our workplaces as occupational health and safety regulations
are properly concerned with what we do and how we do it, so that we can return home
safely at the end of each day.

But most of the risks that we might more readily recognize are those that come via
television, radio, and newspapers. It seems that there is always some real or imagined risk
that the world faces. I grew up during the cold war and my first exposure to risk was the
Cuban missile crisis in the 1960s and the threat of mutually assured destruction (MAD) in
the event of nuclear war between the United States and the then Soviet Union. This is no
longer a risk we face but instead September 11, 2001 and the bombings in Madrid,
London and other places have increased the risk of terrorism.

There are also risks that result from natural disasters over which we have no control:
earthquakes, fires, floods, hurricanes. Over the last few years these events seem to have
increased in frequency and severity as events such as the 2004 Indian Ocean earthquake
and tsunami, Hurricane Katrina in New Orleans in 2005, and the flooding in China in
2008. Whether these are merely cyclic events or the results of global warming may not be
known for decades.

Like global warming, environmental risks are often attributed to accident or negligence at
the organizational level. These man-made disasters include Bhopal, Chernobyl, Three
Mile Island, Challenger, Piper Alpha, and Exxon Valdez. Other man-made events are
purely financial in nature, like Nick Leeson and Barings Bank, Enron and WorldCom.
Other crises emerge and decline. From the less likely such as asteroid collisions to the
risk of widespread computer failures at the turn of the millennium (the Y2K bug failed to
materialize) and our undiminished reliance on oil despite the steadily increasing price.

These are all risks, natural and man-made, affecting us all in different ways, some large
and some small, some with high impacts, others with little effect, and some are risks that
never eventuate but which we still guard against. Risk in plain usage is something going
wrong. The Risk Management Standard (Institute of Risk Management, 2002) defined
risk as the combination of the probability of an event and its consequences, with risk
management being concerned with both positive and negative aspects of risk. Risk is
gradually losing the stigma of only being concerned with the negative or downside. We
now recognize the risk of us not meeting our goals, a risk of missing an opportunity, a
risk of not recognizing that something good is happening. This is the positive, upside of
risk, evident in the widely used ‘risk/return’ tradeoff. If there is no risk, there is often
little return, and there is often a higher return when the risk is higher. Financial examples
are the easiest to recognize. We invest our savings and our pension funds in bank
deposits, property and the stock market. We know that bank deposits are basically risk-
free but we also know that they have relatively low interest rates. Shares achieve much
higher returns but they are subject to substantial fluctuations in the stock market. Property
rises in value over the long term even though the rental return may not be as good as
shares, but as those caught by negative gearing (when the value of a home falls below the
mortgage value) know, even property can be a risky investment in the short term. The
international fallout from the crisis in the US subprime market attests to that.

A family example is more subtle but no less important. As children grow, we give them
more freedom, to stop over at a friend’s home, to go to the movies or shopping in town
without parents. These are risky endeavors because, although children are taught safe
practices, they are out of their parent’s control. Things can go wrong. Things do go
wrong. There is a real risk in giving children freedom, but the return is that children grow
into confident and independent adults. To totally protect a child and not allow them any
freedom may avoid many external risks. But it will also likely result in a child growing
without confidence or independence, a different kind of risk altogether.

Each of us has an appetite for risk. Some have a huge appetite, climbing mountains, deep
sea diving, or motorcycle racing. Others may be much happier in the garden or walking
along the beach. Whether and how we perceive risk, our appetite for risk, and how we
cope with risk is an individual matter. At the level of the organization where many people
work together, there will be many different perceptions of risk, different appetites for risk
(some risk taking, others risk avoiding) and many views as to the most appropriate
response to risk (should it be ignored? avoided? insured?) (Collier, 2009)

In 1988, companies and managers began to discuss enterprise risk. A decision in one area
can have major impact, for better or worse, on overall results, a possibility long
recognized by economists, analysts, and managers. Stated differently, an optimal risk
mitigation decision for a business unit may be suboptimal for the entity itself. After 1988,
organizations began to take a holistic view of risk. This was a new development in
companies and in the MBA programs that fed them future managers and leaders. Prior to
1988, corporations often dealt with risk through a tactical analysis: We plan to move
forward. We have some alternatives. Which one will be the best? When risk was
introduced into the equation, the organization had to stretch a bit. What can derail our
plans? Do we have weaknesses in our corporate culture that might imperil financial
forecasts? Decision making changes when we introduce threats—financial and otherwise
—that can endanger our plans.( Hampton, 2009)

The concept of a holistic approach of risk management traces its roots to the early 1970s
when Gustav Hamilton of Sweden’s Statsforetag proposed the “risk management circle”
to describe the interaction of all elements in the risk management process (assessment,
control, financing and communication).

• In the 20th century, risk managers were primarily responsible for managing “pure” risks
through the purchase of insurance, though the concept of risk management soon became
associated with financial risk management with the use of derivative financial products.

• There are several checkpoints that have driven the need for enterprise risk management.
This includes an increase in:

• Greater transparency

• Financial disclosures with more strict reporting and control requirements

• Security and technology issues

• Business continuity and disaster preparedness in a post-9/11 world

• Focus from rating agencies

• Regulatory compliance

• Globalization in a continuously competitive environment ( Chartered Enterprise Risk

Analyst, 2010)

Economics, following Knight (1921), distinguishes between risk and uncertainty. Risk

refers to outcomes where the range of potential future outcomes is known from past
experience. Future values and objective probabilities can therefore be attached to all
possible outcomes. The values of possible alternative outcomes are known and so too are
the likelihoods of the given outcomes occurring: for example, the failure of machinery
and the keeping of spares can be based on past experience.
Uncertainty refers to outcomes where estimates have been made but no probabilities can
be attached to the expected outcomes; this is because there is no experience to guide
decision makers about possible outcomes. Therefore, no objective probabilities can be
assigned to outcomes, though subjective likelihood or confidence levels can be ascribed
on statistically unverifiable grounds. The sources of expected probabilities are the
decision maker’s guesses and hunches about future patterns of events (e.g., future
movements in interest rates).

Situations also arise which might be described as pure uncertainty, where there is no
information available about the future states of the world to help a decision maker.
Consequently, the decision maker is in a position of complete ignorance. Introducing a
completely innovative product has to be based on positive expectations of how the
product might or might not sell: for example, the introduction of the home computer was
successful, though many firms tried but failed to sell machines and make a profit.
Similarly, the next major innovations in terms of new products or new technology which
might adversely affect the sales or costs of existing products may, at present, be
completely unknown. (Jones, 2009)

We don’t live in the world for which conventional risk-management textbooks prepare
us. No forecasting model predicted the impact of the current economic crisis, and its
consequences continue to take establishment economists and business academics by
surprise. Moreover, as we all know, the crisis has been compounded by the banks’ so-
called risk-management models, which increased their exposure to risk instead of limiting
it and rendered the global economic system more fragile than ever. Low-probability,
high-impact events that are almost impossible to forecast –we call them Black Swan
events – are increasingly dominating the environment. Because of the internet and
globalization, the world has become a complex system, made up of a tangled web of
relationships and other interdependent factors. Complexity not only increases the
incidence of Black Swan events but also makes forecasting even ordinary events
impossible. All we can predict is that companies that ignore Black Swan events will go
under. Instead of trying to anticipate low-probability, high-impact events, we should
reduce our vulnerability to them. Risk management, we believe, should be about
lessening the impact of what we don’t understand – not a futile attempt to develop
sophisticated techniques and stories that perpetuate our illusions of being able to
understand and predict the social and economic environment. To change the way we
think about risk, we must avoid making these mistakes.

We think we can manage risk by predicting extreme events. This is the worst
error we make, for a couple of reasons. One, we have an abysmal record of predicting
Black Swan events. Two, by focusing our attention on a few extreme scenarios, we
neglect other possibilities. In the process, we become more vulnerable. It’s more effective
to focus on the consequences –

that is, to evaluate the possible impact of extreme events. Realizing this, energy
companies have finally shifted from predicting when accidents in nuclear plants might
happen to preparing for the eventualities. In the same way, try to gauge how your
company will be affected, compared with competitors, by dramatic changes in the
environment. Will a small but unexpected fall in demand or supply affect your company
a great deal? If so, it won’t be able to withstand sharp drops in orders, sudden rises in
inventory, and so on. In our private lives, we sometimes act in ways that allow us to
absorb the impact of Black Swan events. We don’t try to calculate the odds that events
will occur; we only worry about whether we can handle the consequences if they do. In
addition, we readily buy insurance for health care, cars, houses, and so on. Does anyone
buy a house and then check the cost of insuring it? You make your decision after taking
into account the insurance costs. Yet in business we treat insurance as though it’s an
option. It isn’t; companies must be prepared to tackle consequences and buy insurance to
hedge their risks.

We are convinced that studying the past will help us manage risk. Risk managers
mistakenly use hindsight as foresight. Alas, our research shows that past events don’t
bear any relation to future shocks. World War I, the attacks of September 11, 2001 –
major events like those didn’t have predecessors. The same is true of price changes. Until
the late 1980s, the worst decline in stock prices in a single day had been around 10%. Yet
prices tumbled by 23% on October 19, 1987. Why then would anyone have expected a
meltdown after that to be only as little as 23%? History fools many. You often hear risk
managers – particularly those employed in the financial services industry – use the
excuse “This is unprecedented.” They assume that if they try hard enough, they can find
precedents for anything and predict everything. But Black Swan events don’t have
precedents. In addition, today’s world doesn’t resemble the past; both interdependencies
and nonlinearities have increased. Some policies have no effect for much of the time and
then cause a large reaction. People don’t take into account the types of randomness

inherent in many economic variables. There are two kinds, with socioeconomic
randomness being less structured and tractable than the randomness you encounter in
statistics textbooks and casinos. It causes winner-take-all effects that have severe
consequences. Less than 0.25% of all the companies listed in the world represent around
half the market capitalization, less than 0.2% of books account for approximately half
their sales, less than 0.1% of drugs generate a little more than half the pharmaceutical
industry’s sales – and less than 0.1% of risky events will cause at least half your losses.
Because of socioeconomic randomness, there’s no such thing as a “typical” failure or a
“typical” success. There are typical heights and weights, but there’s no such thing as a
typical victory or catastrophe. We have to predict both an event and its magnitude, which
is tough because impacts aren’t typical in complex systems. For instance, when we
studied

the pharmaceuticals industry, we found that most sales forecasts don’t correlate with new
drug sales. Even when companies had predicted success, they underestimated drugs’
sales by 22 times! Predicting major changes is almost impossible.

We assume that risk can be measured by standard deviation. Standard deviation –

used extensively in finance as a measure of investment risk – shouldn’t be used in risk
management. The standard deviation corresponds to the square root of average squared
variations – not average variations. The use of squares and square roots makes the
measure complicated. It only means that, in a world of tame randomness, around two-
thirds of changes should fall within certain

limits (the –1 and +1 standard deviations) and those variations in excess of seven
standard deviations are practically impossible. However, this is inapplicable in real life,
where movements can exceed 10, 20, or sometimes even 30 standard deviations. Risk
managers should avoid using methods and measures connected to standard deviation,
such as regression models, R-squares, and betas.

Remember that the biggest risk lies within us: We overestimate our abilities and
underestimate what can go wrong. The ancients considered hubris the greatest defect, and
the gods punished it mercilessly. Look at the number of heroes who faced fatal
retribution for their hubris: Achilles and Agamemnon died as a price of their arrogance;
Xerxes failed because of his conceit when he attacked Greece; and many generals
throughout history have died for not recognizing their limits. Any corporation that
doesn’t recognize its Achilles’ heel is fated to die because of it. (Harvard Business
Review, October 2009).

Over the past three decades all kinds of tools and techniques for risk management
have emerged. They have revolutionized financial services and energy, creating gigantic
markets for the transfer of specific kinds of risk and generating billions of dollars in
profit. They have freed up huge amounts of equity capital, enabling those industries to
grow much faster than other sectors; by some estimates, the contribution of the finance
sector alone to U.S. GDP has doubled in the past 30 years, from around 4% to 8%—at a
time when the economy overall grew from roughly $1.6 trillion to more than $14 trillion.
Of course, risk-management tools carry dangers, as the crises in both finance and energy
demonstrate. But it would be a big mistake for mainstream corporate executives to
conclude that trying to manage risk is too dangerous. Staying on the sidelines may have
shielded some companies from crisis, but it has also prevented them from growing as
quickly as they might have. And continuing to avoid the game, now that we’re coming to
understand the limitations of risk-management markets and instruments, will only
compound the mistake. The time has come to take stock of what we know and to learn
how and when these incredibly powerful instruments should be used in “ordinary”
corporations. ( Harvard Business Review, September 2008)

There is controversy over exactly what should be labeled a black swan and when
the description no longer fits. We will not resolve the issue. We can, however, point out
an event that everyone agrees is a black swan. It occurs in the United States on the last
Thursday in November. For a turkey, which has been pampered and fed generously for
all its life, Thanksgiving is a black swan.

Aside from whether we agree on the timing of black swans, it may be argued that
we are not engaging in risk management if we use tools or measurements that exclude the
possibility of a black swan. How do we handle them? The answer depends on whether the
event really comes without warning. Sometimes, as with 9/11, the event happens before it
is on anyone’s radar screen. We must adjust to its occurrence because we were unable or
refused to predict it in advance. Other times, as with the 2008 financial crisis, we see the
clouds forming on the horizon. We may not be able to predict the magnitude of the final
disaster, but we can use warning signs to prepare to deal with it. We can, if we have the
will, try to predict the damage in advance and take steps to mitigate the consequences.
The role of ERM in dealing with black swans is to try to identify exposures whenever
possible and to include the exposure in risk management discussions. This is a critical
rationale for a central risk function. (Hampton 2009)

Risk identification aims to determine an organization’s exposure to uncertainty,

which

requires knowledge of the organization’s objectives, its product/services, markets and the
legal, political, economic, social and technological environment in which it operates.
Risk identification needs to be methodical to ensure that all significant activities within
the organization have been identified and all risks flowing from those activities defined.
Risk identification involves perceiving hazards, identifying failures and recognizing
adverse consequences as well as recognizing opportunities in the organizational
environment, which it may want to take advantage of. The organization may adopt either
a top down (management knows best) or a bottom up (operatives know best) approach to
identifying risk, or a combination of these methods. The intention is to identify as many
risks as possible, so the widest possible sources (in terms of persons, past experiences and
methods) can be used.

Examples of methods of identifying risk are:

■ questionnaires/surveys;

■ interviews and focus groups;

brainstorming;

■ workshops;

■ stakeholder consultations;

■ industry benchmarking;

■ checklists;

■ scenario analysis;

■ incident investigation;

■ auditing and inspection; and

■ business process analysis.

Risk evaluation is used to make decisions about the significance of risks to the
organization. When risk analysis (identification, description and estimation) has been
completed, the risks faced by the organization need to be compared against its risk
appetite and the array of opportunities and exposures faced by the organization. Risk
evaluation is then concerned with making decisions about the significance of risks to the
organization and whether those risks should be accepted or whether there should be an
appropriate treatment or mitigation.

Risk treatment is the process of selecting and implementing measures to modify the risk.
This may include risk control/mitigation, risk avoidance, risk transfer, risk financing (e.g.
hedging, insurance), etc. Risk treatment, also called risk response, involves decisions as
to whether particular risks should be avoided, reduced, transferred or accepted.

Risk response may be:

■ Avoidance: action is taken to exit the activities giving rise to risk, such as a product line
or a geographical market, or a whole business unit. These are high-risk events. Reduction:
action is taken to mitigate (i.e. reduce) the risk likelihood or impact, or both, generally
via internal controls. These risks occur more frequently but have less impact.

■ Sharing: Action is taken to transfer a portion of the risk through, for example,
insurance, pooling risks, hedging or outsourcing. These are significant risks, although
they occur rarely.

■ Acceptance: no action is taken to affect likelihood or impact. These have low impact
even when they do occur, which may be frequent.

Each response needs to be considered in terms of its effect on reducing the likelihood
and/or impact of the risk. Risk response also needs to consider the costs and benefits of
alternative risk responses.

The risk map or likelihood/consequences matrix enables an organization to prioritize

risks (from high through medium to low) and to determine an appropriate risk response
(or risk treatment) depending on the likelihood and impact of the risk. of the risk map.

Risk response involves:

■ Setting a policy defining the organization’s attitude to a particular risk within its risk
appetite and the objectives of the risk response;

■ Assigning individual accountability for the management of the risk, with the nominated
person having the expertise and authority to effectively manage the risk;

The management processes currently used to manage the risk;

■ Recommended business processes to reduce the residual risk (after the application

of controls, see below) to an acceptable level;

■ Key performance measures to enable management to assess and monitor risk;

■ Independent expertise to assess the adequacy of the risk response;

■ Contingency plans to manage or mitigate a major loss following the occurrence

of an event. ( Collier, 2009)

Related Studies

In the study conducted by Bing Du ( 2009) it showed the human capital

dimensions in risk management in selected medium-sized firms in An Yang City, China.
The study delved on the determination of risk in the investment in human capital which
can be measure by the Return On Investment (ROI). The researcher recommends that
measures to contravene the adverse effects of not knowing the implications, upon the
respondent’s lives of changes in the percentage points of the ROI, be disseminated to
them. Death or disability of key people, job-related injuries or disease, fraud, criminal
acts and employees dishonestly should be minimized as to their occurrence through
management interventions that might mitigate their adverse effects, as indicated by their
negative effect on the percentage point annual change in ROI.

On the other hand, employee benefits and augmentation of internationally-based

personnel should be encouraged so as to positively contribute to increases in the
percentage point annual changes in ROI.

Manifested in the study of Salonga (1991), it showed the risk management in

cargo surveying. The research found out that cargo surveyors are protected because they
are covered by accident insurance. They are also provided by safety clothes. It was also
found out that cargo surveying companies included risk handling in planning and
budgeting. However the companies don’t have disaster teams but they avail insurance in
fire, theft while few avail insurance on product liability, floods and earthquake. Few
seminars were also conducted regarding safety and fire drills.

In the study of Remedios (2001), the research focused on the vulnerability and
resource capability of selected communities in Mindanao for risk and disaster
management. According to the study, floods, droughts, erosion, epidemics and armed
conflict or civil war are the major hazards that affected the two communities. Of these
hazards, flood is considered the worst risk in terms of its effects on the lives and
livelihoods of the people. It was also found out that the sites are vulnerable to various
hazards and risks due to the following aspects; physical/material vulnerabilities,
social/organizational vulnerabilities and attitudinal/motivational vulnerabilities. And
lastly the community disaster response capability of the site is fair based on the required
disaster response measures. The community performed poorly in undertaking disaster
preparedness activities and minimal performance in emergency and post-disaster
activities.

In the study of Umali ( 2008) the study tackled the risk assessment of energy
transactions in wholesale electricity spot market of a generating company with bilateral
contracts. The research developed a methodology to quantify the financial risk for a
GENCO with several generating units in a competitive electricity market using Value-at-
Risk ( VaR). The risk calculation method was tested for two systems; the California
Power Market and Philippine WESM. The study shows that adding more units does not
necessarily lower the risk for a particular PSALM trading team. VaR enables the
participant to lessen the variability of its revenue and profit distributions by bidding on
the forecasted price as market volatility increases. This is crucial strategy in a highly
volatile market such as the Philippine WESM whose price at its current state is difficult
to forecast.

In another study by Hillson (2003), it focused on the risk management’s best

practice and future development. The study outlines current best risk management
practice, then presents three areas in which project risk management might develop in the
short to medium term, integration of risk management with over-all project application,
and inclusion of behavioral aspects in the risk process.

And in the study of Ramos-Dipasupil (2009) which showed the proposed total
quality management strategies towards enhancing productivity of small and medium
sized manufacturing companies. The study recommends that the subject companies
should pursue their own efforts towards improving the quality of their systems and
processes to attain maximum customer satisfaction. And the proposed strategies to
improve productivity of SME be enforced in view of the latest insights gained in the
study which includes improving employee involvement, education and training as well as
in rewards and recognition. It also suggested for a further study in an effort to illustrate
the total picture of how companies implement TQM in the Philippine setting.

Synthesis

Reviewed literature consisted of the available literature which mainly dealt with
the historical background of risk management. It also outlined the evolution of enterprise
risk management and how it evolved into its modern day perspective. It offered some
insights on how different processes of risk management gave some hints on the
systematic approach to tackle risks in a company where different components were
considered. The literature also stressed the holistic approach to ERM in which the
modern risk management now is anchored. The systematic identification and treatment of
risk with all the concerted effort of almost all the units of a company is the center of the
modern perspective in managing risk this day.
 The given literature shed lights on the current study since they are aligned with
each other in the search for the present situation of ERM in a given company and the
strategies as well as the problems encountered in implementing those strategies. The
current study is aiming at a specific group of industrial plants and how they are coping
with their current enterprise risk management as well as the problems encountered and
along the process suggesting new strategies to combat those problems.

However the literature presented differs from the current study in such a way that
the current undertaking is trying to extract specific ERM problems and strategies in a
setting of industrial plants in Batangas City. The literature mainly tackled on the general
issues facing ERM while the present study is targeting the real present situations in the
subject companies.

The studies reviewed presented a variety of discussions about risk management.

The study of Bing Du focused on the human capital dimension in risk management, while
the work of Salonga focused on the risk management in cargo surveying. The study of
Remedios dealt mainly on the risk and disaster management in some area in Mindanao.
On the one hand the work of Umali was about the risk assessment which concerned the
energy transactions. It was a different study which focused on the mathematical models
that can be used in reducing risk in the said market by an energy generating company.
The study of Hillson however tackled the present and the future of risk management. And
lastly in the study of Ramos-Dipasupil it showed TQM strategies and its effects to the
productivity of SME.

Above mentioned studies though discussed a wide array of risk in different

perspective gave much needed insights on how the extent of ERM is affecting a company
in some possible ways. In that realization the current study is challenging the present
setting and how ERM is really working in the subjects companies. The studies gave some
needed boost to push through with the current study and how ERM will behave in the
chosen setting of industrial plants which are perceived to be highly risk industries.

Chapter 3

RESEARCH METHODOLOGY

This chapter presents the over-all plan, methods of research and procedures
employed in the study. It includes the research design, the population and sampling
technique, research instruments to be used, data gathering procedures and the statistical
treatment of data.

Research Design

The research utilized the descriptive research method as it is aimed to describe the
enterprise risk management of the subject companies and the strategies that they
employed to fully implement its ERM programs. This descriptive research covers the
interaction between factors explaining the existing conditions and explored as the basis
for drawing conclusions and recommendations.

Subject of the Study

This study utilized two groups of respondents composed of managers and selected
employees of the five subject companies. The respondents were randomly selected to
represent majority of the respondent groups.

Data Gathering Instruments

In the conduct of the study, the following instruments were utilized to collect the
needed data and information

• Questionnaires
• Interviews
• Documentary Analysis
• Observations

Validation of Instruments

The first draft of the questionnaires was shown to the adviser for comments.
Suggestions on the format and content were incorporated on the second draft. The second
draft was shown to experts in the field of research and business management for
validation.

Data Gathering Procedures

A permission to interview and administer the questionnaires was secured from the
company. The researcher personally administered the questionnaires with the help of
relatives and friends working on the subject companies.

Likewise, books, journals, publications were scanned and reviewed for relevant
information that supported the findings of this study.

Statistical Treatment of Data

The statistical tools applied after the data had been collected were percentage,
weighted mean, standard deviation.

http://marloperez.wordpress.com/?s=record+system