CIMA P3 2019 Notes PDF

20
19
O
Ex
OpenTuition am
s
Free resources for accountancy students
P3 Risk
Strategic
Level
Management
Please spread the word about

OpenTuition.com, so that all CIMA
students can benefit.
Visit opentuition.com for the latest updates -

watch the free lectures that accompany these
notes and get free tutor support.
OpenTuition Lecture Notes can be downloaded FREE from http://opentuition.com

Copyright belongs to OpenTuition.com - please do not support piracy by downloading from other websites.
The best things
in life are free
IMPORTANT!!! PLEASE READ CAREFULLY
To benefit from these notes you must watch the free lectures on the
OpenTuition website in which we explain and expand on the topics covered
In addition question practice is vital!!
You must obtain a current edition of a Revision / Exam Kit - the CIMA
approved publisher is Kaplan. It contains a great number of exam standard
questions (and answers) to practice on.
You should also use the free “Online Multiple Choice Tests” which you can find
on the OpenTuition website:
http://opentuition.com/cima/
2019 Examinations Watch free CIMA P3 lectures 1
P3 Risk Management
1. The types of risk facing an organisation! 3
2. Responses to risk! 9
3. Enterprise risk management! 17
4. Some quantitative techniques! 25
5. Business unit/divisional performance measurement and transfer pricing! 37
6. Corporate governance! 47
7. Professional Ethics! 53
8. Information technology! 57
9. Financial risk: business risk and gearing risk! 71
10. Foreign currency risk and its management! 83
11. Hedging techniques for interest rate risk! 97
12. Performance management! 109
13. Auditing and fraud! 119
Only on OpenTuition you can find: Free CIMA notes • Free CIMA lectures • Free CIMA tests • Free tutor support • StudyBuddies • CIMA forums
Free Free
CIMA CIMA
Notes Lectures
Ask
CIMA Free
Tutor CIMA Tests
Find
CIMA OpenTuition.com
StudyBuddy
Chapter 1
THE TYPES OF RISK FACING AN
ORGANISATION
1. What is risk?
‘Risk is a condition in which there exists a quantifiable dispersion in the possible outcomes
from any activity. It can be classified in a number of ways.’
CIMA Official Terminology, 2005
The key word in this definition is ‘quantifiable’. Both the probabilities that a particular outcome
occurs and its impact must be known. If the probabilities of different outcomes occurring are not
known then we are working under conditions of uncertainty, not risk.
Note that the strict definition of risk allows for good outcomes as well as bad
For example, insurance companies mostly deal with risk. For example, they maintain detailed
statistics of the following:
๏ The chance of a 20 year-old driver having an accident;

๏ The chance of a house burning down
๏ The chance of a burglary
๏ The chance that someone who is 70 dying within the next 10 years
Risk is often expressed in terms of a combination of the consequences of an event (including

changes in circumstances) and the associated likelihood (3.6.1.1) of occurrence.
If probabilities, or the chance of an event occurring are not known (uncertainty) then organisations
and individuals are working much more in the dark.
2. Types of risk
Risk can be categorised using the following terms:
๏ Pure risk: this is where there is the chance of loss but no chance of a gain. It is also known as
‘downside risk’. Often when risk is mentioned, this is the type of risk they mean, but
remember that, strictly ‘risk’ is the spread of all results, good and bad. Examples of pure risk
include: fire destroying a factory, an IT system being hacked, an employee being injured at
work and fraudulent transactions by an employee.
๏ Speculative risk: this is where there can be both good and bad outcomes. It might
occasionally be called ‘two-way risk’. Examples include developing a new product, entering
a new market, buying a more advanced machine and developing a new web-site. Each of
these good go well or badly.
๏ Upside risk: the possibility of making a gain.
3. Conformance and performance

Risks are an inevitable wen running a business or other organisation. If a business were unable to
take any risks it would not buy inventory (in case it wouldn’t sell), it would not extend credit (in case
of bad debts), and it would not employ anyone in case they were no good. The same applied in
not-for-profit organisations such as a hospital (where surgeons would not operate in case the
patient dies) or schools (where sports would be banned in case a pupil were injured).
Favourable outcomes for the organisation and its stakeholders are not available unless risks are
undertaken. The key is the balance between the risk and the organisation’s performance.
Performance:
Conformance:
takes advantages
controls the
of opportunities to
downside risk
increase returns
IFAC: seek to balance conformance and performance. Compliance is necessary to avoid failure, but
it does not produce success.
Higher risks are needed if you are to produce higher returns. Compliance with rules, regulations
and controls does not of itself make an organisation successful. However, poor conformance with
controls and risk management strategies can certainly lead to organisational failure.
A simple matrix can be used to illustrate the point:
Risk
Low High
Low
Routine Avoid
Return/
Competitive
advantage
Identify and develop Cautiously examine
High
Examples could be:
๏ Routine: extending moderate credit to a new customer. The maximum write-off of a debt
would be small and the customer will provide some income.
๏ Avoid: entering a joint venture with a company that has a poor reputation. Returns might be
small compared with the risk of the company’s goodwill being tarnished.
๏ Identify and develop: support of a well-known charity or sporting event to improve the
company’s reputation. This could create a very large increase in competitive advantage and
the risk would be low provided the third party were carefully chosen
๏ Examine cautiously: opening operations in a new country. There are considerable risks that
the expansion might fail, but is it is successful the rewards could be huge.
4. Categorisation of risks
There are many ways in which risks can be categorised. In many ways this isn’t important for its
own sake but the categories can act a checklists when trying to identify and anticipate risks.
One categorisation is strategic, operational, reporting and compliance risks:
๏ Strategic risks: these arise from long term effects such as those relating to the
nature and type of business, changes in competitive and legal
environments, poor long-term decisions being made. For
example, a supermarket which did not respond to the growing
popularity of on-line shopping would have opened itself to a
long-term decline in profits.
๏ Operational risks: short-term, day-to-day problems. For example, a machine
breaking down, a key employee leaving, a fire breaking out in the
warehouse or a fraud occurring.
๏ Reporting risks: risks arising because internal and external reporting are not
reliable. For example, management accounts containing errors
can lead to incorrect analysis and decisions.
๏ Compliance risks: the risks arising form not complying with rules and regulations.
Penalties, loss or reputation and removal of operating licenses
can all result.
Some major risks are set out below, just to give you an idea of the wide variety of risks that
organisations might have to deal with. Each type of risk has one example given:
๏ Environmental: the release of dangerous chemicals into the local river.

๏ Economic: interest rates being increased so that consumer demand is suppressed.
๏ Competitor: a competitor launches a fantastic product.
๏ Product: you launch a poor product
๏ Commodity: the supply and price of raw materials change adversely.
๏ Political, cultural and legal: your product, for example cigarettes, becoming illegal or
unpopular
๏ Financial (currency, interest rate, market risk, reporting): you are exporting and the buyer’s
currency weakens before you are paid.
๏ Investment: a subsidiary is bought but it turns out that it isn’t as good as you thought it
would be.
๏ IT: hacking and release of customer details
๏ Knowledge management: techniques and know-how aren’t captured and recorded so that
when employees move-on they leave little behind.
๏ Property: Fire, flood
๏ Health and safety risks: injury to employees and fines by regulators.
๏ Trading risks: irrecoverable debts.
๏ Resource risks: increasing difficulty recruiting the right people
๏ Organisational risks: the organisation is too moribund and too slow to respond to
developments in the market.
๏ Inadequate system risks: management information inaccurate and out-of-date.
๏ Fraud risks: theft of cash or inventory.
๏ Probity risks (unethical behaviour): an employee acts unethically and the company’s
reputation is damaged.
๏ Reputational risks: products get a name for being unreliable so the company’s reputation is
damaged.
5. How much risk should an organisation take on?

‘Risk appetite’ is the term given to describe the amount of risk an organisation is willing to accept
in pursuit of value.
Risk appetite is determined by two factors:
๏ Stakeholder’s attitude to risk

๏ Risk capacity, which is the amount of risk that the organisation can bear.
Taking a personal example:
Some people are risk seekers and like to gamble; others are risk averse. So, if betting on a horse
race, the risk seekers might be attracted to gamble on the high odds 100 to 1 horse. The risk averse
person would tend not to consider that sort of gamble. They have different attitudes to risk.
However, let’s say both people has $100,000 in the bank and were being asked to bet $100. Even
the risk averse person might be tempted to go for 100 to 1 odds. In this situation they have high
risk capacity because losing $100 is of little consequence. But what if each person had only $100 in
the bank? There’s a fair chance that neither would bet $100 because the consequences of losing
are so serious: they have very low risk capacity.
So, overall their appetite for risk (ie their appetite for the gamble) depends on their own attitudes
plus the risk capacity.
6. Potential advantages of risk management

๏ More predictable cash flows
๏ Well-run systems (eg greater efficiency because routine maintenance is used to prevent the
risk of machine breakdown).
๏ Limitation of the impact of disaster (eg, stand-by arrangements are in place to take over IT)
๏ Greater confidence amongst investors, employees, customers, suppliers and partners.
๏ Better matching to risk appetite of shareholders.
Remember organisations should obtain an acceptable balance between risk and return.
Chapter 2
RESPONSES TO RISK
1. A framework for risk management – the CIMA risk

management cycle
Establish risk
management group
and set goals
Identify risk areas
Review and refine Understand and assess

process and repeat scale of risk
Information for
decision making
Implement and Develop risk response

monitor controls strategy
Implement strategy
and allocate
responsibilities
The framework is logical and easy to understand.
๏ Establish a risk management group and set goals
Ultimately risk management is the responsibility of the board (or, more broadly, those
charged with governance). However, like many functions in organisations the board is likely
to delegate responsibility to a sub-group of suitable specialists. The board should set goals
which reflect the risk appetite of the organisation. For example, if the organisation is an
airline, the board would set goals of Zero accidents but it might be prepared to tolerate a
degree of risk of bad publicity from over-booking flights.
๏ Identify risk areas
It is important not to be complacent about risks. Some will be obvious and well-known but
others might be undiscovered until something goes wrong. We will see later in this Chapter
methods that might help to discover potential risks.
๏ Understand and assess the scale of the risk
Not all risks are equal. Some risks that are discovered might be judged a being of little
consequence; others could be of major significance. Techniques will be covered later.
๏ Develop a risk response strategy
Having identified and assessed the risks decisions have to be made about what to do about
them. The TARA approach will be explained later.
๏ Implement strategy and allocate responsibilities
Simply identifying risks and working out suitable responses will not reduce risk: proper
actions have to be specified must to be consistently carried out. For example, ensuring that
the safety of machines is monitored or that customer credit limits are regularly reviewed.
Individuals have to be put in charge of risk management strategies and procedures and must
be held accountable for failures.
๏ Implement and monitor controls
Controls must then be implemented. For example, setting out dates by which risks have to be
addressed, ensuring that inspections are done at regular intervals or by sending staff on
training courses. It is very important to document risk reduction strategies and how those
strategies are realised.
๏ Review and refine the process and repeat
Of course, the solutions implemented to deal with identified risks are unlikely to work
perfectly the first time. They will often need to be improved. But it is also very important to
realise that nothing stand still: risks will be evolving all the time and the organisation must
keep them under constant review to ensure that all are properly addressed.
2. Identifying risk areas

The trick is to use every method at your disposal to identify risks. Throw the net as widely as you
can at this stage. Later, risks might be dismissed as being of little importance, but it is important
that as many as possible potential risks are initially considered.
Methods include:
๏ Physical inspection and observation (for example, that safety equipment is still used on
machinery).
๏ Inspect documents (for example, the accident log book).
๏ Internal audit. Internal auditors are employees of the company (usually) who examine and
report on the organisation systems of internal control. Not only do they report on financial
controls but they can also be required to examine systems such as quality control accident
reporting and so on.
๏ Outside consultants brought in to audit procedures (for example, security consultants to
advise on IT security).
๏ Observation of competitors’ procedures (question why they carry out operations in a
particular way).
๏ Enquiries (for example, ask employees, customers and suppliers about problems).
๏ Brainstorming (wide-ranging discussions to anticipate potential problems).
๏ Checklists (for example, use a checklist to evaluate how a job went and consider action where
there had been problems).
๏ Benchmarking (falling short of targets can imply that things are going wrong).
๏ External events (for example, be alert for economic events that could affect the organisation).
๏ Internal events (for example, high staff turnover can indicate problems with employments
conditions).
๏ Leading event indicators (for example, if a customer takes longer and longer to pay each
month then there would appear to be a risk of non-payment).
๏ Escalation triggers (for example, if you are late filing a tax return twice, then the third default
could be very serious).
๏ Event interdependencies (for example, a major customer going into liquidation could cause
excess inventory problems).
3. Understand and assess the scale of the risk

The scale of the risk depends on:
(1) The likelihood that the event will occur; and
(2) The impact of the event.
Of course, these will be estimates, particularly the probability of an event occurring. However,
precise figures are not needed, just an idea of whether they are ‘high’ or ‘low’. Nevertheless you will
see some mathematical techniques that can be used to quantify events.
A very standard tool to assess the scale of the risk is a risk map (or assurance map):
Severity/impact
Low High
Low
Complete breakdown of IT
Loss of a mobile phone
system
Frequency/
probability
Flight disruption because

Routine staff turnover
of bad weather
High
Note that there is nothing absolute about the categorisation of these risks. For example, the chance
of flight disruption has been assessed as high, but that depends on the airports used. Similarly, the
loss of a mobile has been categorised as being of low impact – but this wouldn’t be correct if that
mobile was the only place where important contact data is held.
The severity of the risk can be estimated by methods such as:
๏ Calculation of average/expected loss, largest predictable loss

๏ Exposure of physical assets: total loss, repair, decrease in value
๏ Exposure of financial assets
๏ Exposure of human assets (injury, death, staff leaving)
Obviously, great attention should be given to risks in the bottom right hand quadrant (high/high)
whereas those risks in the top left quadrant are less important.
4. Risk response
The risk responses can be remembered by the TARA approach:
Transfer Methods of transferring risk include insurance, sub-contracting operations or

joint ventures (partial transferring). Insurance is, for example, used to protect
against risk in motoring accidents. Individuals do not have bad accidents
often, but if they do the consequences can be very severe.
Avoid The risk has been assessed as being so serious that all possibility of the event
occurring should be avoided.
Reduce Take steps to mitigate the risk. For example, instead of installing a new
computer system in every branch over one weekend, run a pilot operation
then gradually extend.
Accept Don’t do anything about the risk. It’s just part of everyday business
(You might occasionally see these approaches referred to as the 4Ts: Transfer, terminate, treat,
tolerate).
The four responses can be mapped onto the risk map diagram a follows:
Severity/impact
Low High
Low
Complete breakdown of IT
Loss of a mobile phone
system
ACCEPT
Frequency/ TRANSFER
probability
Flight disruption because of
Routine staff turnover
bad weather
REDUCE
ABANDON
High
So, phones are lost (or stolen) from time to time and most people live with that risk (though
insurance is always a possibility and might be taken out foe very expensive hones).
The complete breakdown of an IT system could be dealt with by outsourcing the system so the
supplier shoulders the risk.
Routine staff turnover has costs associated with it (recruitment and training) so better employment
policies might be worthwhile to reduce the cost and disruption.
Flights to an airport with very bad weather or safety records might simply be abandoned because
they cause more trouble than they are worth.
5. Gross and net risks

It is important to know these terms:
Gross risk = the risk before any mitigation (reduction) procedures. Gross risk is sometimes referred
to as inherent risk.
Net risk = the residual risk after reduction and mitigation.
The gross risk is initially dependent on:
๏ The asset: what you are trying to protect. For example, property, cash, people, reputation
and so on.
๏ The threat: what you are trying to protect against. For example, destruction of property, theft
of cash, injury to people, damage to reputation.
๏ The vulnerability: weaknesses or gaps that can be exploited. For example, no fire alarms,
cash not banked, no hand rails on stairs, poor PR.
The gross risk can be reduced to a lower net risk, or residual risk by reducing any of these variables
through the application of counter-values or counter-measures.
Management must then decide whether the residual risk is within the organisation’s risk
appetite.
Examples:
Asset: the inventory in warehouse; threat: fire; vulnerability: full of inflammable material
Counter values could be:
Asset: reduce the amount of inventory
Threat: impose no-smoking rules (if not already present),
Vulnerability: install smoke detectors and a fire suppression system that is suitable for the type of
inventory stored.
Asset: valuable sales manager; threat: moves to a competitor; vulnerability: enticing offers from
competitors.
Counter values could be:
Asset: divide sales over two managers (each person is half as valuable).
Threat: impose contracts that require 3 – 6 months’ notice to make moving more difficult
Vulnerability: offer good pay, conditions and prospects.
6. The risk register

Identified risks, their probability of occurrence, impact and responses to them should be entered
into a risk register. Typical contents of a risk register are:
๏ Description of the risk

๏ Date identified
๏ Its estimated likelihood of occurrence before mitigation
๏ Its likely impact before mitigation
๏ Pre-mitigation rating
๏ The risk owner (who is responsible for dealing with the risk
๏ Detailed response strategy to the risk (TARA)
๏ Its estimated likelihood of occurrence after mitigation
๏ Its likely impact before mitigation after mitigation
๏ Post mitigation rating
๏ Date by when response should be implemented
๏ Date response implemented
๏ Signed off by risk owner
The board and risk management committee should take an active interest in the risk register to
ensure that identified risks have been satisfactorily dealt with.
Chapter 3
ENTERPRISE RISK MANAGEMENT
1. Introduction
Enterprise Risk Management (ERM) can be defined as the:

‘ ... process effected by an entity’s board of directors, management and other personnel,
applied in strategy setting and across the enterprise, designed to identify potential events
that may affect the entity, and manage risk to be within its risk appetite, to provide
reasonable assurance regarding the achievement of entity objectives.’
Enterprise Risk Management – Integrated Framework,

the Committee of Sponsoring Organisations, COSO, 2004
The CIMA Official Terminology uses the COSO (Committee of Sponsoring Organisations) definition.
Think of ERM as a development and formalisation of the approaches already described.
2. The COSO framework for ERM

The following diagram sets out the COSO framework for ERM:
Across the top of the cube are all the categories of risk that an enterprise can suffer from: strategic,
operations, reporting and compliance. These have already been discussed.
Down the side, going “into” the paper the enterprise is considered at various levels of operation:
the whole entity (think of group level); divisional level (Eg European, USA and Asian divisions); then
business units (such as cars and commercial vehicles); finally subsidiaries (for example, different
marques of car).
Some risks will be felt at entity level – for example, the Volkswagen exhaust emission scandal. Other
risks will be more limited - for example, one make and model of vehicle that has to be recalled for
repair, or a subsidiary dealing with consumer finance for new vehicles not complying with lending
regulations.
Risk consolidation is the process of aggregating divisional/subsidiary risks at the corporate level.
Some risks can be handled together and be subject to a common approach, or they might even
substantially cancel.
For example, many organisations will organise insurance at the group level to cover injury to
employees anywhere in the group. This approach will usually be cheaper than insuring small
groups of employees separately.
Similarly, if one subsidiary is exporting and receiving US$, whilst another is importing and spends
US$, the net exposure to US$ currency movement might be very low and can be ignored at the
group level.
Down the front of the cube are the elements of a risk management approach:
๏ Internal environment
This can be regarded as the outlook and culture of the organisation, including its enthusiasm
for risk management and its risk appetite.
For example, some organisations are a bit happy-go-lucky when it comes to risk management
whereas others are extremely strict and want things to be done by the book.
๏ Objective setting
Objectives must exist before management can identify potential events affecting their
achievement. Enterprise risk management ensures that management has in place a process
to set objectives and that the chosen objectives support and align with the entity’s mission
and are consistent with its risk appetite.
For example, the objectives of a military operation might be to capture a town and to do that,
certain risks will be experienced and have to be assessed and evaluated.
The objectives of a research and development department in a business will establish the
risks that it suffers (such as a development failing to work).
The objectives of a marketing department will, again be quite different, and will be judged
against their risks such as the failure of a marketing campaign (or too much uptake on special
offers!)
๏ Event identification
As discussed earlier, there are internal and external events (both positive and negative) which
affect the achievement of an entity’s objectives and must be identified.
๏ Risk assessment
As already discussed, risks are analysed to consider their likelihood and impact as a basis for
determining how they should be managed.
๏ Risk response
Management selects risk response(s) to transfer, avoid, reduce or accept risk (TARA).
The aim is to align risks with the entity’s risk tolerance and risk appetite. Risk tolerance is the
acceptable variation in outcome compared to an original objective. In setting risk tolerance,
management considers the relative importance of the related objective. So, if an objective is
particularly important, risk tolerances might be higher to recognise that achieving something
really worthwhile is worth accepting more risk.
๏ Control activities
Policies, procedures and control methods help to ensure risk responses are properly carried
out. Examples of control activities include authorisation of transactions, reconciliations,
segregation of duties (splitting a transaction so that several people are involved), physical
controls (such as locking away valuable inventory), the comparison of actual results to
budgets. IT controls can also be very important.
๏ Information and communication
Information that monitors or identifies risks must be identified, recorded and communicated
quickly enough and in a way that lets people carry out their responsibilities by making
decisions. For example, if a product’s sales are lower than expected, this information must be
available quickly enough to change prices, alter the advertising campaign – or to withdraw
the product.
๏ Monitoring
The entire ERM process must be monitored and modifications made as necessary, to improve
current methodologies and to adapt to emerging risks, so that the system stays relevant.
3. Risk reports
UK quoted companies are now required to include risk reports as part of their annual reports. This
informs shareholders and others about the organisations’ main risks and what the company is
doing about them.
Here is an extract from Unilever’s 2015 report and financial statements:
https://www.unilever.com/Images/governance_and_financial_report_ar15_tcm244-477381_en.pdf
4. Principal Risk Factors

Our business is subject to risks and uncertainties. On the following pages we have identified the
risks that we regard as the most relevant to our business. These are the risks that we see as most
material to Unilever’s business and performance at this time.
There may be other risks that could emerge in the future. We have also commented below on
certain mitigating actions that we believe help us to manage these risks. However, we may not be
successful in deploying some or all of these mitigating actions.
If the circumstances in these risks occur or are not successfully mitigated, our cash flow, operating
results, financial position, business and reputation could be materially adversely affected. In
addition, risks and uncertainties could cause actual results to vary from those described, which may
include forward-looking statements, or could affect our ability to meet our targets or be
detrimental to our profitability or reputation.
DESCRIPTION OF THE RISK WHAT WE ARE DOING TO MANAGE THE RISK

BRAND PREFERENCE We continuously monitor external market
trends and collate consumer, customer and
As a branded goods business, Unilever’s shopper insight in order to develop category
success depends on the value and relevance and brand strategies.
of our brands and products to consumers
around the world and on our ability to Our strategy focuses on investing in markets
innovate and remain competitive. and segments which we identify as attractive
because we have already built, or are confident
Consumer tastes, preferences and behaviours that we can build, competitive advantage.
are constantly changing and Unilever’s ability
to anticipate and respond to these changes Our Research and Development function
and to continue to differentiate our brands and actively searches for ways in which to translate
products is vital to our business. the trends in consumer preference and taste
into new technologies for incorporation into
We are dependent on creating innovative future products.
products that continue to meet the needs of
our consumers. If we are unable to innovate Our innovation management process deploys
effectively, Unilever’s sales or margins could be tools, technologies and resources to convert
materially adversely affected. category strategies into projects and category
plans, develop products and relevant brand
communication and successfully roll out new
products to our consumers.
SUPPLY CHAIN We have contingency plans designed to enable

us to secure alternative key material supplies at
Our business depends on purchasing short notice, to transfer or share production
materials, efficient manufacturing and the between manufacturing sites and to use
timely distribution of products to our substitute materials in our product
customers. formulations and recipes.
Our supply chain network is exposed These contingency plans also extend to an
to potentially adverse events such as physical ability to intervene directly to support a key
disruptions, environmental and industrial supplier should it for any reason find itself in
accidents or bankruptcy of a key supplier which difficulty or be at risk of negatively affecting a
could impact our ability to deliver orders to our Unilever product.
customers.
We have policies and procedures designed to
The cost of our products can be significantly ensure the health and safety of our employees
affected by the cost of the underlying and the products in our facilities, and to deal
commodities and materials from which they with major incidents including business
are made. Fluctuations in these costs cannot continuity and disaster recovery.
always be passed on to the consumer through
pricing. Commodity price risk is actively managed
through forward buying of traded commodities
and other hedging mechanisms. Trends are
monitored and modelled regularly and
integrated into our forecasting process.
SAFE AND HIGH QUALITY PRODUCTS Our product quality processes and controls are
comprehensive, from product design to
The quality and safety of our products are of customer shelf. They are verified annually, and
paramount importance for our brands and regularly monitored through performance
our reputation. indicators that drive continuous improvement
activities. Our key suppliers are externally
The risk that raw materials are accidentally or certified and the quality of material received is
maliciously contaminated throughout the regularly monitored to ensure that it meets the
supply chain or that other product defects rigorous quality standards that our products
occur due to human error, equipment failure or require.
other factors cannot be excluded.
In the event of an incident relating to the safety
of our consumers or the quality of our
products, incident management teams are
activated in the affected markets under the
direction of our product quality, science, and
communication experts, to ensure timely and
effective market place action.
5. Environmental, social, and ethical issues of risk

management
Organisations have an effect on their environment and the human stakeholder with whom they
interact. These effects can often produce ethical dilemmas that organisations have to deal with.
Examples of environmental issues
๏ BP and the Deepwater Horizon oil spill in the Gulf of Mexico

๏ VW and car emission misreporting
๏ Release of dangerous chemicals into water supplies
Everyone is wise with hindsight and no-one in the organisations concerned would have wanted
these events to happen (though someone in VW was responsible for incorrect reporting).
However, as always, there is a balance to be struck between risk and performance. Quite obviously
there would be no oil spills if no company drilled for oil. BP had safety procedures in place but
either they were inadequate or BP suffered exceptional bad luck. Not only did the company have to
pay huge fines and compensation (about $60Bn) but it suffered severe reputational damage.
Unilever’s risk report also contains a section on sustainability:
SUSTAINABILITY The Unilever Sustainable Living Plan sets clear

long-term commitments to improve health and
The success of our business depends on well-being, reduce environmental impact and
finding sustainable solutions to support enhance livelihoods. Underpinning these are
long-term growth. targets in areas such as hygiene, nutrition,
sustainable sourcing, fairness in the workplace,
Unilever’s vision to accelerate growth in the opportunities for women and inclusive
business while reducing our environmental business as well as greenhouse gas emissions,
footprint and increasing our positive social water and waste. These targets and more
impact will require more sustainable ways of sustainable ways of operating are being
doing business. This means reducing our integrated into Unilever’s day-to-day business.
environmental footprint while increasing the
positive social benefits of Unilever’s activities. Progress towards the Unilever Sustainable
We are dependent on the efforts of partners Living Plan is monitored by the Unilever
and various certification bodies to achieve our Leadership Executive and the Boards. The
sustainability goals. There can be no assurance Unilever Sustainable Living Plan Council,
that sustainable business solutions will be comprising six external specialists in
developed and failure to do so could limit sustainability, guides and critiques the
Unilever’s growth and profit potential and development of our strategy.
damage our corporate reputation
Examples of social issues
๏ Use of Facebook, Twitter to ‘troll’ and bully.

๏ Capture of ‘big data’ to analyse consumer habits
๏ Discrimination or lack of diversity in the workplace
Companies suffer reputation risk if their products or information gathering cause damage. The
unauthorised release of data can cause financial damage to customers.
Poor recruitment policies leave companies open to accusations of discrimination and this can cause
both reputational damage and can lead to legal claims.
Poor diversity policies can cause poor business results as products, services and employees no
longer match up to what customers expect.
Ethical issues
For example, a pharmaceutical company is developing a new drug. Some of the ethical issues
arising from this are:
Safeguarding the volunteers on whom the drug is tested
How much testing should be done before the drug is marketed? The more testing the greater the
delay in releasing a drug very effective in treating a disease but, balancing that, more testing means
less chance of undiscovered side effects.
What price should the drug be sold at? A high price might please shareholders and could enable
more money to be spent on research and development of more drugs. However, a high price
would mean that some patients and health services could not afford the drug. Should different
prices be charged for the same drug in different countries depending on the country’s wealth?
Poor ethical choices present risks, particularly reputational and compliance.
Chapter 4
SOME QUANTITATIVE TECHNIQUES
1. Introduction
This chapter looks at some techniques which can be used to assess the probability or effect of a risk
event.
Methods covered are:
๏ Expected values
๏ Value at risk
๏ Sensitivity analysis
๏ Risk adjusted discount rates
๏ Certainty equivalents
๏ Linear regression
๏ Simulation modelling
2. Expected values
Here is a simple expected values example. The expected value outcome is the sum of individual
outcome weighted by the probability of each occurring. So here there are two states of the world
(such as the economy doing well or poorly) and two once-off projects the company could invest in.
State of the P Project A Project B P x income of P x income of

world income ($) income ($) Project A Project B
I 0.6 2,000 4,000 1,200 2,400
II 0.4 10,000 6,500 4,000 2,600
Expected
5,200 5,000
values
The conventional advice as to which project to invest in would be to invest in Project A as it has the
higher expected value. However, you need to be careful about a number of factors:
(1) How have the probabilities been assessed? This must be very difficult in practice. Think about
how inaccurate opinion polls are at predicting election results.
(2) For a once-off projected the expected value is often (as here) not expected. The expected
incomes are $2,000 or $10,000 for Project A and $4,000 or $6,500 for Project B
(3) Expected values conceal risk. Say that each project cost $3,800. There is no prospect (as far as
is estimated) of Project B making a loss whereas Project A has a better than evens chance of
earning only $2,000 so that it would then make a loss of $1,800 – which could be fatal for the
company.
Because risk is concealed in expected values it is perhaps not the best tool to use for project
appraisal
3. Sensitivity to probability assumptions

Just consider Project A above. Although the expected value is positive, it could result in the project
making a loss if the probabilities had been incorrectly calculated. We can work out how the
probabilities would need to change for the project to break even.
Instead of using the probability estimates of 0.6 and 0.4, let them be p and 1 – p (note that they
must add back to 1 to ensure all outcomes have been included). Project A can now be represented
as:
State of the P Project A P x income of Project A

world income ($)
I p 2,000 2,000p
II 1-p 10,000 10,000 – 10,000p
Expected
10,000 – 8,000p
value
If the project is to break=-even, the expected value of the outcome will equal to its cost of $3,800.
So, 3,800 = 10,000 -8,000p
8,000p = 10,000 – 3,800 = 6,200
P = 0.775
So if the probability of state of the world I occurring rose from 0.6 to 0.775, Project A would break
even in present value terms. If the probability rose further, Project As expected value would be less
than the cost of the project.
4. Value at risk – introduction

In your exam it is assumed that results from an investment or the value of a share portfolio has a
mean (average) value but that results vary around that mean following a normal distribution curve.
This will allow estimates to be made of the likelihood of possible outcomes.
Normal curves have the following general shape:
Small standard deviation, 𝛼
Large standard deviation, 𝛼
Mean, µ
If the possible results are closely clustered around the mean the standard deviation of the
distribution is small; if the results are very spread out, the standard deviation of the distribution is
large.
So if the mean daily value of a share is $30 and the standard deviation of its value is $1 the share is
rarely valued very far from $30. If, however, the standard deviation were $10, then the share’s value
would be very volatile, often worth more than, say, $40 and less than say $20.
Because all normal curves are of the same basic shape, they can be described using a set of tables,
as set out below.
The area under the curve holds all possible results and the table gives the proportion of those
results between the mean and Z standard deviations above (or below) the mean
Note, Z is the distance above or below the mean expressed as a number of standard deviations, so
for a value x, Z is:
x–μ
Z=
σ
So, if the mean height of a population was 178 cm with a standard deviation of 4cm, we can work
out what proportion of the population is 178 – 181 cm tall.
181 – 178
Z= = 0.75
4
Look up the table value for Z = 0.75 by going down the left hand column until you get to 0.7, then
across until you get to 0.05 and the table figure is 0.2734. That means 27.34% of the population is in
the height range 178 – 181 cm tall. Because the curve is symmetrical, the same proportion of
people would be 175 – 178 cm tall.
x–μ
Z=
σ
μ x
Z 0.00 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 0.09
0.0 0.0000 0.0040 0.0080 0.0120 0.0160 0.0199 0.0239 0.0279 0.0319 0.0359
0.1 0.0398 0.0438 0.0478 0.0517 0.0557 0.0596 0.0636 0.0675 0.0714 0.0753
0.2 0.0793 0.0832 0.0871 0.0910 0.0948 0.0987 0.1026 0.1064 0.1103 0.1141
0.3 0.1179 0.1217 0.1255 0.1293 0.1331 0.1368 0.1406 0.1443 0.1480 0.1517
0.4 0.1554 0.1591 0.1628 0.1664 0.1700 0.1736 0.1772 0.1808 0.1844 0.1879
0.5 0.1915 0.1950 0.1985 0.2019 0.2054 0.2088 0.2123 0.2157 0.2190 0.2224
0.6 0.2257 0.2291 0.2324 0.2357 0.2389 0.2422 0.2454 0.2486 0.2517 0.2549
0.7 0.2580 0.2611 0.2642 0.2673 0.2704 0.2734 0.2764 0.2794 0.2823 0.2852
0.8 0.2881 0.2910 0.2939 0.2967 0.2995 0.3023 0.3051 0.3078 0.3106 0.3133
0.9 0.3159 0.3186 0.3212 0.3238 0.3264 0.3289 0.3315 0.3340 0.3365 0.3389
1.0 0.3413 0.3438 0.3461 0.3485 0.3508 0.3531 0.3554 0.3577 0.3599 0.3621
1.1 0.3643 0.3665 0.3686 0.3708 0.3729 0.3749 0.3770 0.3790 0.3810 0.3830
1.2 0.3849 0.3869 0.3888 0.3907 0.3925 0.3944 0.3962 0.3980 0.3997 0.4015
1.3 0.4032 0.4049 0.4066 0.4082 0.4099 0.4115 0.4131 0.4147 0.4162 0.4177
1.4 0.4192 0.4207 0.4222 0.4236 0.4251 0.4265 0.4279 0.4292 0.4306 0.4319
1.5 0.4332 0.4345 0.4357 0.4370 0.4382 0.4394 0.4406 0.4418 0.4429 0.4441
1.6 0.4452 0.4463 0.4474 0.4484 0.4495 0.4505 0.4515 0.4525 0.4535 0.4545
1.7 0.4554 0.4564 0.4573 0.4582 0.4591 0.4599 0.4608 0.4616 0.4625 0.4633
1.8 0.4641 0.4649 0.4656 0.4664 0.4671 0.4678 0.4686 0.4693 0.4699 0.4706
1.9 0.4713 0.4719 0.4726 0.4732 0.4738 0.4744 0.4750 0.4756 0.4761 0.4767
2.0 0.4772 0.4778 0.4783 0.4788 0.4793 0.4798 0.4803 0.4808 0.4812 0.4817
2.1 0.4821 0.4826 0.4830 0.4834 0.4838 0.4842 0.4846 0.4850 0.4854 0.4857
2.2 0.4861 0.4864 0.4868 0.4871 0.4875 0.4878 0.4881 0.4884 0.4887 0.4890
2.3 0.4893 0.4896 0.4898 0.4901 0.4904 0.4906 0.4909 0.4911 0.4913 0.4916
2.4 0.4918 0.4920 0.4922 0.4925 0.4927 0.4929 0.4931 0.4932 0.4934 0.4936
2.5 0.4938 0.4940 0.4941 0.4943 0.4945 0.4946 0.4948 0.4949 0.4951 0.4952
2.6 0.4953 0.4955 0.4956 0.4957 0.4959 0.4960 0.4961 0.4962 0.4963 0.4964
2.7 0.4965 0.4966 0.4967 0.4968 0.4969 0.4970 0.4971 0.4972 0.4973 0.4974
2.8 0.4974 0.4975 0.4976 0.4977 0.4977 0.4978 0.4979 0.4979 0.4980 0.4981
2.9 0.4981 0.4982 0.4982 0.4983 0.4984 0.4984 0.4985 0.4985 0.4986 0.4986
3.0 0.4987 0.4987 0.4987 0.4988 0.4988 0.4989 0.4989 0.4989 0.4990 0.4990
The use of the tables can be turned round to answer a question such as in what height range are
the 20% of who are people just taller than the mean. This means that the shaded area in the
diagram shown as part of the table has to be 0.2 as that represents the 20% of people just taller
than the mean.
To solve this go to the ‘body’ of the table and look for 0.2. You will see that this is somewhere
between Z = 0.52 and 0.53 (areas = 0.1985 and 0.2019). In fact, 20% seems almost mid-way, so Z
would be estimated at 0.525.
Using the formula at the top of the table:
x – 178
Z= 0.525 = = 0.75
4
So,
x – 178 = 4 x 0.525 = 2.1.
Therefore the 20% of people just taller than the mean of 178 cm will be in the height range 178 –
180.1 cm.
5. Value at risk – share values

What talking about value at risk, the commonest criterion is to work out the amount you could lose
over a period so that there is only a 5% chance of losing more. This can be represented as follows
on the curve:
45% 50%
5%
Mean, µ
We are looking for where the cut-off is to leave only the 5% lowest values.
Let’s say that a shareholding has a mean value of $80,000 and the daily has a standard deviation of
$5,000. The shareholding could easily have a value of $81,000, $78,000 and so on but you would
have had some bad luck if tomorrow’s value were only $60,000. However, that low value would be
possible.
So, below what value would only 5% or results lie?
5% splits the left hand side of the curve into 5%/45%, or 0.05/0.45. The normal curve tables give the
area under the curve from the mean down or the mean up so would indicate the Z value for an area
of 0.45.
Looking at the body of the tables for an area of 0.45, you will see that Z = 1.645 (mid-way between
1.64 and 1.65).
80,000 – x (Z is the distance below the mean as a number of standard

Z = 1.645 =
5,000 deviations)
5,000 x 1.645 = 80,000 – x
x = 80,000 – 5,000 x 1.645 = $71,775.
So, there is only a 5% chance that after one day the shares will be worth less than $71,775. There is
a 95% chance that the shares will be worth more than that.
Another way of expressing that is to say that we are 95% confident that the shares will not be
worth less than $71,775.
The value at risk (VAR) at the 95% confidence level is the maximum you stand to lose with a 95%
confidence, so that figure is:
80,000 – 71,775 = $8,225
Alternatively, the value at risk is simply 1.645 x $5,000 = $8,225
If you were asked to calculate the VAR to the 99% confidence level, then you are splitting the curve
into 0.01, 0.49, 0.50 areas
49% 50%
1%
Mean, µ
The 49% (or 0.49) area needs to be found in the body of the tables (remember tables only give the
area from the mean up or down) and the Z value for 0.49 is about 2.33.
80,000 – x (Z is the distance below the mean as a number of standard

Z = 2.33 =
5,000 deviations)
5,000 x 2.33 = 80,000 – x
x = 80,000 – 5,000 x 2.33 = 68,350
So, there is only a 1% chance of the shares being worth less than $68,350.
The value at risk to the 99% confidence level is 80,000 – 68,350 = $11,650
This means that there is only a 1% chance of the shares losing more than $11,650 in the course of a
day.
6. Value at risk for several periods

The example above dealt with variations in share value over the course of a day and the standard
deviation of $5,000 was for one day. But, what if we wanted to work out similar statistics for, say, a
period of 10 consecutive days?
What we need now is a standard deviation for share value for 10 days.
The rule is (really you just have to learn this) is:
σperiod = σday √n
where n is the number of days in the period.
So, is the standard deviation of share value for 1 day is $5,000, for 10 days it would be:
$5,000 x √10 = 5,000 x 3.1623 = 15,881.
So the value at risk to the 95% confidence level over 10 days would be:
1.645 x $15,881 = $26,124
Obviously, the value at risk over ten days must be greater than over just one day as there could be a
sequence of 10 days of ‘bad luck’.
7. Sensitivity analysis
Sensitivity analysis examines how a decision might change if one variable at a time is changed. It
is usually measured with respect to where a project or opportunity hits break-even point.
You might first have coma across the principle in contribution analysis:
Unit cost card $ $

Selling price 120
Material 30
Labour 22
Variable overhead 28
Fixed overhead 15
95
Profit 25
Based on budgeted output of 10,000
units
Budgeted fixed costs = $15 x 10,000 = $150,000
Contribution per unit = 120 – 30 – 22 – 18 = $50
Break even point = $150,000/$50 = 3,000 units.
So, the actual output could fall from its budgeted level of 10,000 units to 3,000 before a loss starts
to be made. The margin of safety (or sensitivity to volume) is 7,000 units or 70%.
Sensitivity is often used to assess net present value calculations. Look at this example:
Example
Here is a project appraised at a discount rate of 10%. Sales volume is estimated at 1,000 units per
year.
Time $ 10% discount factor DCF $
0 Cost (130,000) 1 (130,000)
1–4 Sales 1,000@$100 = $100,000 3.17 317,000
1 -4 Marginal costs 1,000@$60 = ($60,000) 3.17 (190,200)
4 Scrap 25,000 0.683 17,075
NPV 13,875
The NPV is positive so the conventional advice would be to accept the project. However, the
sensitivity of this recommendation to the various assumptions should be examined. This is done by
seeing how far an assumption can change before the NPV = 0. Each assumption has to be assessed
separately.
Required
Examine the sensitivity of the solution to:
(a) Initial cost
(b) Selling price
(c) Sales volume
(d) Scrap value
(e) Discount rate
Solution
(a) If the NPV is to be zero, the cost must rise by $13,875 to extinguish the NPV.
Sensitivity = 13,875/130,000 = 10.7%
(b) Selling price affects the revenue figure. If its PV of $317,000 falls 13,875 then NPV = 0.
Sensitivity = 13,875/317,000 = 4.4%
(c) Sales volume affects both revenue and marginal costs: 317,000 – 190,200 = 126,800
Sensitivity = 13,875/126,800 = 10.9%
(d) The PV of the scrap value must fall by $13,875 to produce a zero NPV.
Sensitivity = 13,875/17,075 = 82%
(e) To work out the sensitivity to the discount rate, the IRR has to be calculated. So, NPV at 20%:
Time $20% discount factor DCF $

0 Cost (130,000) 1 (130,000)
1–4 Sales 1,000@$100 = $100,000 2.59 259,000
1 -4 Marginal costs 1,000@$60 = ($60,000) 2.59 (155,400)
4 Scrap 25,000 0.482 12,050
NPV (14,350
By interpolation
IRR = 10 + (20 – 10) x13,875/(13,875 + 14,350) = 14.9, or around 15%
So, the NPV is very sensitive to the selling price, which only needs to fall by about 4.4% before the
project just breaks even. Not only is 4.4% small, but the selling price is probably difficult to
estimate.
The cost could rise by about 10%. Not a large over-run, but at least cost is easier to predict and
control than future flows.
Scrap value could fall by 82% - a large fall, but it will usually be difficult to predict the scrap amount.
The discount rate can rise from 10% to 15% (50%) and that would probably be judged unlikely.
Note
๏ Sensitivity analysis allow only one variable to be changed at a time. In fact some changes
might well be linked.
๏ It also say nothing about how likely a variable is to change. We have said that the project is
very sensitive to selling price (4.4%), but if the selling prices had been already agreed for a
four year contract, that 4.4% drop is unlikely to happen.
8. Risk adjusted discount rates

If a project’s cash flows are perceived as being particularly either because they are simply difficult
to predict or the project is inherently risky then a higher discount rate can be applied. This will
more severely discount the more distant cash flows – which is just what you want because those
are the flows that are least certain.
This subject is covered in more detail in a later chapter.
9. Certainty equivalents
Another way to account for future inflows being uncertain is to reduce them to their certainty
equivalent, which can be defined as:
“the guaranteed amount of money that an individual would view as equally desirable as a risky
asset.”
So, the flows being received at each of times 1, 2, 3 might be reduced to 90%, 75% and 60% of their
‘face values’ to account for further off flows being less certain.
There is no set way to reduce future flows. For example, for a particular project the reductions
might be to 80%, 70% and 50%
The resulting cash flows would then be discounted the risk free discount rate. Do not reduce the
flows to their certainty equivalence AND use a risk adjusted discount rate as that would be double
counting.
10. Linear regression

Linear regression is a method of fitting the best possible straight line through a set of points.
In business, typically the line would connect points showing:
๏ Cost and volume

๏ Selling price and sales volume
๏ Hours worked and units produced
The predictions that might be made can be used by organisations to plan better and this will
reduce risk. For example, if a company is think of reducing its selling price, it needs to have an idea
of the volume of goods that will sell otherwise it risks not being able to meet demand and of
alienating customers.
Linear regression will give constants which fit a line of the type:
y = ax + b
where:
y is the dependent variable (cost, hours, volume sold)
x is the independent variable (units made, selling price).
The constant ‘a’, for example, could be the additional cost for each additional unit made; ‘b’ would
be the cost even if no units were made (the fixed cost).
However, be warned: linear regression will give the best line it can through any set of points.
For example, if you numbered the days in the year 1 – 365 and you noted the day each person was
born and the amount of money they had in their bank account, linear regression would suggest the
best relationship it could between these variables. Obviously there would not actually be a good
relationship.
To test the relationship you must calculate the coefficient of correlation (r), or the coefficient of
determination (r2). r can vary between:
r = +1, meaning perfect positive correlation where all points lie on the line and as one variable
increases, so does the other.
r = -1, meaning perfect negative correlation where all points lie on the line and as one variable
increases, the other decreases.
r = 0 means no correlation.
If r = 0.7, r2 = 0.49 or about 50%. This means that 50% of the change in one variable is explained by
the change in the other.
You should be aware of the following before you rely on any prediction based on linear
regression:
๏ If r2 is low, then one variable is not well-associated with the other, so any predictions are liable
to be poor.
๏ The more points (readings) the better: simply more evidence for the association.
๏ Extrapolation (predicting outside the range examined) is dangerous as we have no direct
evidence of what happens in other regions. For example, costs might suddenly increase.
๏ Other known influences (such as inflation) should be removed before the analysis.
๏ Even good correlation does no prove cause and effect: both variables might have moved
together under the influence of another variable.
11. Simulation modelling

Simulation attempts to model the possible results from a project by using ranges of values and
random numbers to generate typical series of events. It is best carried out using a computer.
For example:
A company is considering a 6 year project, in volatile economic conditions. It is thought that

growth or decline in the market from one year to the next will depend on the growth or decline
that happened in the previous year:
If the market grows 10% in one year, there is a 75% chance that it will grow 10% the following year
and a 25% chance that it will decline 10%. Similarly, decline of 10% in one year gives a 75% chance
of 10% decline the next and a 25% chance of 10% growth.
To set up the simulation ranges of numbers are assigned to mimic the probabilities:
๏ If there is growth one year then for the next year: 00 – 75 = further growth; 76 – 99 = decline
๏ If there is a decline one year then for the next year: 00 – 75 = further decline; 76 – 99 growth.
Let’s start with sales of 1000 units and assume that the previous year showed growth. Random
numbers are then generated. For example: 63, 41, 5, 67, 98, 37, 74, 3, 12, 34 , 95… and so on
Random number 63 41 85 67 98 37 74 83 12 95
Growth/decline +/- 10% G G D D G G G D D G

Sales 1100 1210 1089 980 1078 1186 1305 1175 1057 1163
This allows typical trading patterns to be examined and would allow the company to see what
might happen if it had several years of decline in a row.
Chapter 5
BUSINESS UNIT/DIVISIONAL
PERFORMANCE MEASUREMENT AND
TRANSFER PRICING
1. The meaning of divisionalisation

Divisionalisation is where a business is split and managers of business units are given a degree of
autonomy over decision-making i.e. they are given the authority to make decision without
reference to senior management. In effect, they are allowed to run their part of the business almost
as though it were their own company.
Divisionalisation can be on the basis of:
๏ Geography (eg North American and European divisions)

๏ Products (commercial vehicles and motor cars)
๏ Customers (business to business and business to consumer)
๏ Activities (component manufacturing and assembly and sales)
Inevitably when a business is split into a number of business units, managers want to measure and
compare the performance of each division. If goods pass from one division to another, transfer
prices must be set.
2. Advantages of divisionalisation:
๏ Specialism in product/country/customer.
๏ Greater motivation for managers.
๏ Allows divisions to be profit centres (motivating and promotes efficiency).
๏ Allows performances between divisions to be compared.
๏ Clearer objectives for managers (concentrate on one area of the business only).
๏ Usually accompanied by decentralisation, so potentially better decisions.
3. Problems and risks with divisionalisation:

๏ Coordination difficulties. The divisions might act in ways that hurt the group. This is known as
dysfunctional decision-making. For example, one division could stop making a component
that is vital to another division’s operations.
๏ Requires transfer prices to be established. Wring transfer prices can cause dysfunctional
decisions.
๏ Difficulties in ‘fair’ comparison of divisions. Once again, transfer prices could distort
performance appraisal.
๏ Potential duplication of some services.
4. Divisional performance measurement

4.1. Return on Investment (ROI)
ROI is defined as: Controllable division profit as a percentage of divisional investment
It is equivalent to Return on Capital Employed and this is one of the reasons that it is very popular
in practice as a divisional performance measure.Exam
Example 1
Vallpineda plc has several divisions.The Isabel division is currently making a profit of $82,000 p.a. on
investment of $500,000. Vallpineda has a target return of 15%
The manager of Isabel is considering a new investment which will require additional investment of
$100,000 and will generate additional profit of $16,000 each year
(a) Calculate whether or not the new investment is attractive to the company as a whole.
(b) Calculate the ROI of the division, with and without the new investment and hence
determine whether or not the manager would decide to accept the new investment.
Solution
The investment earns a rate of $16,000/$100,000 = 16%. As this is greater than the group’s target
rate of return (15%), the group would want Isabel to take on the new investment.
Isabel currently earns an ROI or 82/500 = 16.4%. As this is above the group’s required return of 15%,
the manager of Isabel would feel safe.
If Isabel took on the new investment, the new ROI would be (82 + 16)/(500,000 + 100,000) = 16.3%.
Although this ROI is still above the required return of 15%, it is lower than it would have been had
the investment been turned down ie Isabel’s ROI has fallen from 16.4% to 16.3%. There is therefore
no incentive for the manager of Isabel to take on the new investment. Why would you if the
performance measure on which you are judged falls from 16.4% to 16.3%?
This is an example of dysfunctional decision making and this can occur with investment decisions
based on ROI. The group would like the investment to be taken on, but the divisional manager
would reject it.
4.2. Residual Income (RI)
Instead of using a percentage measure, as with ROI, the Residual Income approach assesses the
managers on absolute profit. However, in order to take account of the capital investment, ‘notional
(imputed or ‘pretend’) interest is deducted from the Income Statement figure profit figure. The
notional interest is charged at the cost of capital. The balance remaining is known as residual
income.
Example 2
Figures as above for Vallpineda and Isabel but assume that the manager is assessed on the
division’s Residual Income and that maximisation of residual income drives decisions.
Solution
Currently Isabel’s residual income is: $82,000 – 0.15 x $500,000 = $7,000
With the new project: $82,000 + $16,000 – 0.15 $(500,000 + 100,000) = $8,000
Therefore, taking on the new project will increase the residual income of Isabel and this should
make Isabel’s manager accept the project. That decision is congruent with what the group would
want to happen.
4.3. ROI vs RI
Note that both RI and ROI will favour divisions with older assets because those divisions will:
๏ Probably have bought the assets more cheaply than new divisions which buy at inflated
prices.
๏ The assets are more heavily depreciated so that the capital employed figures is less in the
division with older assets – and this affects both the denominator in ROI and the notional
interest charge in RI
Both methods can also suffer from distortions because of assets leased on operating leases and
also if head office accounts for some ‘divisional’ assets (for example HO holding all receivables).
In practice, ROI is more popular than RI, although that RI is technically superior as it encourages
managers to make the correct investment decisions.
Pros and cons of ROI:
๏ It seems familiar – most managers will know about return on capital calculations.
๏ Easy: compare ROI with a company target.
๏ Encourages maximisation of ROI which might be how congruent with shareholders judge the
company.
๏ Good for comparing divisions of different sizes
BUT
๏ Decisions will not necessarily maximise shareholder wealth.
Pros and cons of RI:
๏ RI maximisation tends to be congruent with decisions that maximise shareholder wealth

๏ Different notional interest rates can be set for investment of different risk.
BUT
๏ A less familiar calculation and concept

๏ Not good at comparing divisions of different sizes. (Larger RIs might simply mean bigger
division).
5. Economic Value Added

Economic value added (EVA) is a performance metric that is very similar in approach to Residual
Income, and is defined as being:
EVA = Net operating profit after tax – WACC x book value of capital employed
EVA is a trade-marked technique, developed by consultants called Stern Stewart and Co.
The principle behind it is that a business is only really creating value if its profit is in excess of the
required minimum rate of return that shareholders and debt holders could get by investing in
other securities of comparable risk.
The capital employed is the opening capital employed, adjusted for the items set out below.
However, EVA makes certain adjustments because certain types of expenditure which appear in the
statements of profit and loss under ISAs and IFRSs are NOT regarded as expenses when using EVA
and cash accounting is regarded as more reliable than accruals accounting).
The major adjustments are:
Add back to profits:
๏ Expenditure on building for the future (e.g. research expenditure, marketing expenditure and
staff training):
๏ Non-cash expenses
๏ Provisions
๏ Goodwill written off
๏ Depreciation: add back book depreciation and deduct economic depreciation. If economic
depreciation is not given, assume it is the same as book depreciation and that there is no net
adjustment.
๏ Interest on debt capital: Add back to net profit after adjusting for any tax relief. (Treat the
debt as part of capital employed)
Adjustment to statement of financial position
๏ Non capitalised leases

๏ Research etc now capitalised
๏ Goodwill written off
๏ Provisions.
6. Potential problems with EVA

๏ It is difficult to use EVA to compare firms or divisions because it is an absolute measure and
takes no account of the relative size of the business.
๏ Because EVA is a year-to-year measure, it could be improved in the short term but to the
detriment of the business in the long term.
๏ Economic depreciation is difficult to calculate and conflicts with generally accepted
accounting principles.
๏ Other factors that could be important but are not included in the accounts are ignored.
๏ EVA is a short-term measure whereas performance measures should focus on the longer-
term forecasts. Ideally economic income would be used (by discounting estimated future
cash flows) but even ignoring the complexity of this, the person responsible for estimating it
would very often be the person being measured, which could lead to bias.
7. Transfer pricing – Introduction

The ideal transfer price should be:
๏ Perceived as fair to both divisions and therefore good for performance measurement and
management.
๏ Provide profits for both divisions because profits are motivating.
๏ Promote goal congruence so that divisions volunteer to do what is good for the group.
๏ Promote autonomy ie minimise head office interference.
The reason for having a transfer price is to be able to make each division profit accountable. If, in
the previous example, there was no transfer price and goods were transferred ‘free of charge’
between the division, then the overall profit for the company would be unchanged. However,
Division A would only be reporting costs, and Division B would be reporting an enormous profit.
The problem would be compounded if Division A was selling the same product externally as well as
transferring to Division B.
8. Cost-plus transfer pricing

A very common way in practice of determining a transfer price is for the company to have a policy
that all goods are transferred at the cost to the supplying division plus a fixed percentage. This is
easy to calculate though gives no incentive for the transferring division to save costs. Cost plus
means more profit as costs rise!
9. Cost-plus transfer pricing

This method has the great advantage of being perceived as fair by both divisions. It the divisions
were on their own and having to buy or sell from outside suppliers/customers then the market
price would be what they have to charge or pay.
However, it can only work if there is a market for the intermediate product. Adjustments should
also be made if it costs less to transfer internally than externally, for example, packaging might be
simpler on internal transfers.
The market price approach can also lead to dysfunctional decisions. Consider the following, where
Division A makes components and transfers them to Division B for the external market price of the
components, $120. Division B sells them to the public for $250.
$ Division A Division B
Transfer-in costs - 120
Own costs 80 100
Total costs 80 220
Profit 40 30
Transfer price/sale price 120 250
Now assume that the company can make more units than are demanded at the selling price of
$250, and a potential customer approaches Division B, the end-selling division, saying that they will
by all surplus capacity for $200/unit.
Division B will turn down that offer because it perceives marginal cost per unit = $220 but it would
only earn marginal revenue of $200.
However, from the group’s viewpoint, marginal cost to the group = $180 (80 + 100) so the offer
would be worthwhile as it makes a positive contribution.
So, even though the transfer price has been set objectively at the market value of the items
transferred it can lead to dysfunctional decisions.
10. Other practical approaches of transfer pricing

๏ Marginal cost: condemns selling divisions to making losses because fixed costs are not
covered. However, promotes goal congruent decisions
๏ Marginal cost plus lump sum: during the year marginal costs are used (goal congruence). At
the end of the period an additional lump sum is transferred between transferee and
transferor to account for profits.
๏ Dual prices: transferee transfers at a markup (so makes a profit); transferee buys in at marginal
cost (so can make correct decisions for goal congruence)
11. “Sensible” transfer pricing to achieve goal congruence.

You might be asked to suggest sensible transfer prices. (As we will illustrate, you will normally be
asked to state a range rather than one specific price.)
There are ‘rule’ that can be applied. However, it is dangerous to simply learn a rule without fully
understanding the logic. We will therefore build up the rules using a series of small examples, and
then state the rules at the end.
Example 1
Division A has costs of $20 p.u., and transfer goods to Division B which has additional costs of $8
p.u. . Division B sells externally at $30 p.u.
Determine a sensible range for the transfer price to achieve goal congruence.
Solution
Transfer-in costs - ?
Own costs 20 8
Total costs 20 ?
Profit ? ?
Transfer price/sale price ? 30
The group can make: 30 – 20 – 8 = 2 per unit, so the group will want the Divisions to trade.
If they are going to trade, both must want to, so:
Division A must be offered a transfer out price of no less than $20, otherwise it would be making a
negative contribution. Division A determines the minimum transfer price.
Division B, after its own costs, is left with net marginal revenue of $22 (ie 30 – 8).
If the price it had to pay to Division A were greater than $22 it would not trade. Division B
determines the Maximum transfer price.
Therefore a viable range of transfer prices if $20 - $22. Anything outside that range would mean
that on or other of the divisions would not trade.
Example 2
Division A has costs of $15 p.u., and transfers goods to Division B which has additional costs of $10
p.u.. Division B sells externally at $35 p.u.
A can sell part-finished units externally for $20 p.u.. There is limited demand externally from A, and
A has unlimited production capacity.
Solution
Transfer-in costs - ?
Own costs 15 10
Total costs 15 ?
Profit ? ?
And/or Division A can sell outside at $20
The Group wants goods to pass from Division A to Division B because that way the groups will
make $35 - $15 - $10 = $10/unit.
Division A will be happy to sell outside at a price of $20/unit because that earns it $5/unit.
However, because Division A’s production capacity is unlimited and the outside market for Division
A’s product is limited, Division B and the Group can do everything they want: Division A can sell as
much as the outside market demands and can also sell to Division B.
The only thing to worry about is ensuring that Division A and Division B will trade with each other.
So Division A must be offered at least $15, and Division B must have to pay no more than $25 (ie
$35 - $10).
Therefore, the range of transfer prices is $15 to $25.
Example 3
As above, but there is now unlimited external demand from the external market for the
intermediate product that Division A makes A, but Division A has limited production capacity.
Solution
Division A has limited production capacity so cannot supply the outside market fully and also
transfer to division B.
The Group wants to ensure that goods are transferred to Division B and sold on because that route
generates a contribution per unit of $35 - $10 - $15 = $10. However, if Division A had decided to
transfer goods to the external market for $20, the Group would earn only $20 - $15 = $5.
So, to make Division A decide to transfer to Division B, the transfer price offered must be at least
$20, ie at least as good as what it could earn externally.
The viable range of transfer prices is therefore $20 to $25
[Note the minimum transfer price can also be described as the marginal cost to Division A of
production plus the opportunity cost of transferring internally rather than externally:
$15 + ($20 - $15) = $20 [as before]
Example 4
Division A has costs of $8 p.u., and transfers goods to Division B which has additional costs of $4
p.u..Division B sells externally at $20 p.u.
Determine a sensible range for the transfer price to achieve goal congruence, if Division B
can buy part-finished goods externally for:
(i) $14 p.u.
(ii) $18 p.u.
Solution
Transfer-in costs - ? And/or Division B can buy from
outside at (i) 14 or $(ii) $18
Own costs 8 4
Total costs 8 ?
Profit ? ?
The group will prefer Division B to buy form Division A as $8 (in-house costs) < $14 (buy-in costs).
So the transfer price must be in the range $8 (to make Division A make and sell) to $14 (to make
Division B buy from Division A rather than outside.
Division B would not dream of buying for outside at $18 as that is greater than its net marginal
revenue of $16 (ie 20 – 4). SO the viable range of transfer prices is simply $8 - $16.
12. International considerations

When transfers occur between different countries, then there are additional factors to take into
account. These include the following:
๏ Taxation in the different countries

๏ Import tariffs
๏ Exchange controls
๏ Anti-dumping legislation
๏ Competitive pressures
๏ Repatriation of funds
In practice, most countries tax laws will include rules about transfer pricing.
Usually they encourage a transfer price at market value to ensure that both countries receive a fair
share of the profits. However, it is not always easy to establish what is a fair market value.
A transfer price at full cost is usually acceptable to tax authorities, but transfer prices at variable
cost are unlikely to be acceptable.
Chapter 6
CORPORATE GOVERNANCE
1. Why corporate governance is needed

Corporate governance is a system by which companies are directed and controlled.
The problem is that although the shareholders own companies, the day-to-day management and
direction of companies is given to the Board of Directors. In large companies, many shareholders
are relatively passive and the Board of Directors are given more or less free rein to make whatever
decisions they wish.
Auditing was instituted so at least once a year, when the accounts were presented to the members
of the company, the auditors would examine the accounts and give some expression of opinion to
the members of the company as to whether the accounts were true and fair. Without that
assurance the members of the company really would have a little idea as to whether or not the
accounts were worth relying on. The auditors therefore examine the financial statements and this
adds credibility to those statements, the shareholders have a much better idea of the performance
of the directors and the company.
Appoint independent
Auditor
Adds
Measure credibility
performance
Financial Statements
Prepare FS
Appoint
Shareholders Directors
Own Manage
Company
Note that shareholders appoint the independent auditors, they also appoint the directors. The
problem is however that once directors were appointed, shareholders often didn’t take much
further interests in what the directors were doing. Scandals such as Enron, Worldcom in the early
2000’s and perhaps banking problems in 2008 showed that this hands-off approach was entirely
inadequate and additional safeguards have been instituted to try to ensure that directors act in the
best interests of the members of the company.
2. Principles of corporate governance

The Organization of Economic Cooperation Development (OECD) has put forward some principles
of corporate governance.
๏ Corporate governance frameworks should protect shareholders rights, ensuring fair

treatment of all shareholders, particularly minority and foreign shareholders. For example all
shareholders should have access to the same information.
๏ The corporate governance framework should also recognise the rights of all stakeholders, not
just shareholders, and should encourage active cooperation between the entities and
stakeholders in creating wealth, jobs and sustainability of financially sound entities.
๏ There should be disclosure and transparency.
๏ The corporate governance framework should ensure that timely accurate information is
made available in all material matters.
๏ Responsibility of the board is also covered, and the corporate the corporate governance
framework should ensure the strategic guidance of the entity, effective monitoring of
management by the board and the board’s accountability to the entity and their
shareholders. In particular the board should set its own objectives, monitor its own
performance and have its own performance assessed.
3. The UK Corporate Governance Code

The OECD principles are put into effect in a variety of ways in different countries. The UK Corporate
Governance Code can be referred to as an example of best practice.
The code states that the purpose of corporate governance is to facilitate effective entrepreneurial
and prudent management that can deliver long-term success of the company. It then goes on to
list the main principles of the code:
Main principles
๏ Leadership
๏ Effectiveness
๏ Accountability
๏ Remuneration
๏ Relations with shareholders
Comply or explain
The code has no force in law and is enforced on listed companies through the Stock Exchange.
Listed companies are expected ‘‘comply or explain’’ and this approach is the trademark of
corporate governance in the UK. Listed companies have to state that they have complied with the
code or else explain to shareholders why they haven’t. This allows some flexibility and non-
compliance might be acceptable in some circumstances.
Leadership
๏ Every company should be headed by an effective board which is collectively responsible for
the long-term success of the company.
๏ There should be a clear division … between the running of the board and the executive
responsibility for the running of the company’s business. No one individual should have
unfettered powers of decision. This means that the roles of CEO and Chairman should not be
performed by one person as that concentrates too much power in that person.
๏ The chairman is responsible for leadership of the board
๏ Non-executive directors (NEDs) must be appointed to the board and they should
constructively challenge and help develop proposals on strategy. NEDs sit in at board
meeting and have full voting rights, but do not have day-to day executive or managerial
responsibility. Their function is to monitor, advise and warn the executive directors.
Effectiveness
๏ The board should have an appropriate balance of skills, experience, independence and
knowledge. In large companies NEDS should be at least 50% of the board; in small companies
there should be at least 2 NEDS.
๏ New directors should be appointed by a Nomination Committee to ensure a formal, rigorous
and transparent procedure for their appointment. The Nomination Committee consists of
NEDs. This provision is to prevent directors appointing their friends and colleagues to the
board and ensures that the best people for the job are considered and appointed.
๏ All directors should be able to allocate sufficient time to company business
๏ There should be induction on joining the board and a programme to update and refresh
directors’ skills and knowledge.
๏ The board should be supplied in a timely manner with necessary information
๏ The board should undertake a formal and rigorous annual evaluation of its own performance
and that of its committees and individual directors.
๏ All directors should be submitted for re-election at regular intervals
๏ The board should present a balanced and u
Accountability
๏ The board should present a balanced and understandable assessment of the company’s
position and prospects.
๏ The board is responsible for determining the … significant risks …and should maintain sound
risk management and internal control systems.
๏ The board should establish formal and transparent arrangements for applying the corporate
reporting, risk management and internal control principles, and for maintaining an
appropriate relationship with the company’s auditor. This means that an Audit Committee
(NEDs again) should be established to liaise with both internal and external auditors. Before
audit committees, the finance director liaised with auditors, but this was not satisfactory
because the finance director was often the person responsible for accounting problems.
Therefore auditors were often reporting problems to the person who caused them. The
directors are responsible for establishing an internal control system and must review the
need for internal audit.
Remuneration
๏ Levels of remuneration should be sufficient to attract, retain and motivate directors of

sufficient quality… but avoid paying more than is necessary.
๏ A significant proportion of executive directors’ remuneration should be structured so as to
link rewards to corporate and individual performance. In other words, profit related pay is
encouraged. Directors should not receive high pay irrespective of company performance.
๏ There should be a formal and transparent procedure for developing policy on executive
remuneration and for fixing the remuneration packages of individual directors. No director
should be involved in deciding his or her own remuneration. This means that a Remuneration
Committee (NEDs) should be formed to fix directors’ remuneration.
Note the point that a significant proportion of executive directors’ remuneration should be related
to the profit or other success of the company. A long term relationship is really what’s wanted so
that directors cannot manipulate profits in the short term to manufacture bonuses for themselves.
Share option schemes can be very effective methods of remuneration. For example, if the current
share price is $8, offer share options at $15, available after four years (the vesting period). If, after
four years, the share price has risen above $15, directors will exercise their options to buy at $15 as
this will produce a profit for them. If the share price were only $12, the options would not be
exercised. Therefore, the scheme encourages directors to act in a way that increases the long-term
share price of the company – precisely what the shareholders would want then to do.
Relations with shareholders
One of the problems with achieving good corporate was encouraging shareholders to take an
active interest in the company. Too often they did not fully participate at AGMs and would wave
through motions. This passive attitude might well have been encouraged by directors to move
power towards them and away from members.
The code therefore specifies:
๏ There should be a dialogue with shareholders based on the mutual understanding of

objectives. The board as a whole has responsibility for ensuring that a satisfactory dialogue
with shareholders takes place.
๏ The board should use the AGM to communicate with investors and to encourage their
participation.
4. The role of the audit committee

The audit committee is now very important part of corporate governance.
Review of internal audit
Financial Statements Review of internal control
Special investigations
Liaison with external auditors:
• Scope of external audit
• Forum to link directors/auditors
• Deal with auditors’ reservations
• Obtain information for auditors.
The committee should be dominated by non-executive directors. The functions are as follows:
๏ They will review the work of internal audit. Companies don’t have to be an internal audit
department, but corporate governance rules now stated management should keep the need
for internal audit on the review.
๏ The audit committee will review the system of internal control. Corporate governance now
imposes on management the requirement that they implement a system of internal control.
๏ From time to time the audit committee may launch special investigations. For example, if a
fraud had been discovered within the organization the audit committee may ask for a report
on how it happened and how to prevent it in the future.
๏ Liaison with external auditors. It used to be that external auditors would communicate almost
exclusively with the finance director, but of course the finance director may not be sufficiently
independent of the finance function and the system of internal control. Now, the audit
committee will set the scope for the external audit. They act as a forum to link directors and
auditors. Auditors will typically write to the audit committee about any problems they may be
having on the audit or obtaining all the information they require. If the auditors are worried in
someway about the financial statements they will raise those concerns with the audit
committee.
๏ If the auditors can’t find information in any other way and feel perhaps they are being
obstructed, they can go to the audit committee and explain the problem and the audit
committee can try to investigate on their behalf.
๏ Liaise on the process of appointing auditors and setting their fees. (Note that the external
auditors are appointed by members in general meeting, but the audit committee is likely to
make recommendations.)
Chapter 7
PROFESSIONAL ETHICS
1. Introduction
The CIMA Code of Ethics for Professional Accountants is based on The CIMA Code of Ethics is based
on the IFAC Handbook of the Code of Ethics for Professional Accountants, of the International
Ethics Standards Board of Accountants (IESBA).
If a member cannot resolve an ethical issue by following this Code by consulting the ethics
information on CIMA’s website or by seeking guidance from CIMA’s ethics helpline, he or she
should seek legal advice as to both his or her legal rights and any obligations he or she may have.
The Code of Ethics sets out certain fundamental principles about how its members should behave.
It also recognises how its members could be subject to certain threats which would compromise
their behaviour and suggests ways in which members can safeguard themselves against the
operation of those threats.
The guide applies to all members of CIMA working in industry, commerce and public practice. It
also applies to all CIMA students. Note that its operation is not restricted to auditors and covers
CIMA members working in industry and commerce.
The ethical framework recognises that there are:
๏ Ethical principles to be followed

๏ These are subject to risks
๏ Accountants should use safeguards to avoid or to respond to risks.
2. Fundamental principles
The fundamental principles are as follows:
๏ First, integrity. This means that members should be honest, straightforward. If they see
something is amiss, they should say so; they shouldn’t try to conceal it; they shouldn’t ‘turn a
blind eye’; they shouldn’t try to be ambiguous, they should state things plainly.
๏ Secondly, objectivity, members should be influenced by the facts and the facts only. They
must avoid bias, conflict of interest and undue influence.
๏ Third, members should exercise professional competence and due care. They must keep
themselves up-to-date with legislation and recent developments. They shouldn’t take on
work which they are not qualified for or for which they have no skills. They must be diligent,
they must be careful.
๏ Fourth, confidentiality. Members, particularly perhaps those who are auditors, have
accessed information which is highly confidential and which is indeed price sensitive. That
information must be held confidentially. Members should not disclose confidential
information unless they have a legal or professional duty to do so. An example of a legal duty
to disclose information can arise if a member thinks that a client or the person they are
working for is involved in money laundering. Many countries have very strong regulations
nowadays that money laundering suspects should be reported to the authorities.
๏ Finally, members should show professional behaviour. They should comply with the law
and they should avoid any actions which discredit the profession. So, for example, when they
are trying to advertise their services they shouldn’t say that other members are bad or poor.
They should confine themselves to promoting what they are good at; they shouldn’t rubbish
other professionals.
3. Threats to professional ethics

Threats to professional ethics arise from
๏ Self-interest
๏ Self review
๏ Advocacy
๏ Familiarity
๏ Intimidation.
Note also management threats where the auditor performs managerial functions for the client. Not
listed by the IESBA, but covered under several of the above, such as self-interest and familiarity.
Where such threats exist, the CIMA member must put in place safeguards that eliminate them or
reduce them to clearly insignificant levels. Safeguards apply at three levels: safeguards in the work
environment, safeguards that increase the risk of detection, and specific safeguards to deal with
particular cases. If he is unable to implement fully adequate safeguards, then the member must not
carry out the work.
Some of the following threats are likely to apply predominately to members in public practice, but
many apply to all types of employment
3.1. Self-interest threats

Self-interest threats are the following:
๏ Financial: For example, if an auditor own shares in the client or employer. The member could
be accused of wanting the company profits to look good, so that the share price rises thereby
enriching the member.
๏ Close business relationships are also threats. For example, if a partner retired from an audit
partnership and then immediately went to work for a client, they could be accused for having
lined themselves up for a job and to do that they perhaps did not do their audit rigorously. A
period of at least two years should pass before an ex-partner takes up an appointment with a
client. Having a partner on the client board is also unacceptable.
๏ Close family and personal relationships between the CIMA member and owners or directors
of the company they are working with create the possibility of suggestions that the member’s
work has been neither objective nor independent, and that the accountant did not show the
proper degree of integrity.
๏ Loans and guarantees to the CIMA member should be looked at carefully. If the other party is
a bank and it makes a loan on a normal business terms, for example a mortgage, this would
normally be regarded as acceptable. Certainly no loans or financial relationships should exist
between a client and the member if it is not normal business for the client to make loans.
๏ Overdue fees, for example, for consultancy work, put the CIMA member some risk as there is
a possibility that client will never pay those fees. This could lead to accusations any work
performed (such as preparing a cash-flow forecast) will try to ensure that the company
survives so that the fee will be paid. If there are overdue fees the member should not make
the situation worse and should not incur any more chargeable time until those fees have
been settled.
๏ Contingent fees are obviously dangerous. A contingent fee, for example, would be where the
CIMA member is paid is paid a small fee if a report being prepared is unfavourable, but a large
fee if it is favourable.
๏ High percentage fees. If the auditor earns a high percentage of total income from one audit
client, then the auditor will rely too much on that client and can’t afford to lose them. This can
give the client too much leverage over the auditor. Generally any singly ordinary audit client
should not contribute more than 15% of recurring fee income to the auditor. The 15% is
reduced to 10% for public interest companies such as quoted companies.
๏ Low-balling refers to the practice of quoting a very low audit fee to a client and then hope
that profits would be made another work awarded by the client. This means really that the
audit does not pay for itself so how, therefore, could a proper audit be done? Winning an
audit is a competitive business and the audit fee is an important factor to clients. However, an
auditor could find it difficult to claim that a proper audit has been carried out if a loss was
made on the audit. Fees should be profitable for the auditor.
๏ Recruiting staff on behalf of a client should not be done. The danger here is that if members
of staff are recruited by the auditor, particularly financial staff, then subsequently the auditor
might be reluctant to criticise the performance of those staff members as the advice they
gave on recruitment looks bad. Similar considerations should be taken into account when the
auditor performs any management function for the client.
3.2. Self review threats
Self review threats arise when an auditor does work for a client and that work may then be subject
to checking during the subsequent audit. For example, if the auditor prepares the financial
statements, and then has to audit them, or the auditor performs internal audit services and then
has to check that the system of internal control is operating properly. Auditors could obviously be
reluctant to criticise the work which their own firms have earlier undertaken, and this could
interfere with independence and objectivity. Generally auditors must be very careful when
undertaking such work. Certainly it is common for auditors to do other work, what is important that
the work is done by an entirely different team from the audit firm.
Really, checking your own work is a waste of time.
3.3. Advocacy threats
Arise if promoting a position or opinion to the point that subsequent objectivity is compromised.
An example would be where you represent a company at a meeting with a bank to raise a loan.
3.4. Familiarity threats
Familiarity threats arise because of the close relationship between members and a client or
employer so that independence is compromised. The close relationship can arise by friendship,
family or through business connections. There is no general definition of what’s meant by close
relationships, but if you were a consultant and your brother was the Finance Director of a client
firm then there probably is a close relationship! If however the finance director was a remote cousin
of yours, there might not be a close relationship. Note that there does not have to be any family or
legal relationship: friendship can threaten independence and integrity.
3.5. Intimidation threats
The final groups of threats are intimidation threats. These can deter CIMA members from acting
properly. Examples could be threatened litigation, blackmail, bad staff assessments, no promotion,
or there might even be physical intimidation, though it is to be hoped that that is rare. Blackmail
could be more subtly applied and might relate back for example to a period where the CIMA
member was not acting in accordance with the required ethical standards.
Chapter 8
INFORMATION TECHNOLOGY
1. Types of processing systems

1.1. Levels of management and their information needs
Information processing systems have to support staff at all levels, but there are quite different
information needs at different levels:
Corporate /
Strategic Level
Business / Management
Control
Operational Control
Corporate/strategic level needs information which tends to be:
๏ Forward-looking (at this high level of management, people should be planning for the future)
and historical.
๏ Often has to deal with estimates
๏ Often not to the last degree of accuracy – perhaps dealing with the nearest $1m.
๏ Outward-looking (how are competitors, countries economies and technologies developing?)
๏ Supports unstructured decision-making ie where there is no definitive way at arriving at the
right answer. For example, should we open an operation in Brazil?
๏ Non-routine/ad hoc
Operation control level deals with information which tends to be:
๏ Historical
๏ Routine
๏ Internal
๏ Very accurate
๏ Supports structured decisions such as don’t accept an order if over a customer’s credit limit)
In the middle, information for business and management control
๏ Moderately forward looking (for example, will the division reach this year’s budget?)
๏ Semi-structured decisions (such as should we manufacture more stock?)
๏ Reasonably accurate.
The types of processing system available include:
๏ Transaction processing systems (TPS)
The first business computer applications were for recording transactions such as wages and
salaries processing, the production of sales invoices and receivables ledger accounting. These
systems are known as ‘transaction processing systems’ and they automate existing
operations allowing greater accuracy, more speed and cheaper processing.
๏ Management information systems (MIS)
Once transactions are recorded in a computer it is easy to analyse those transactions to

produce information that could be useful for management and IT operations then became
known as ‘management information systems’. For example, once the sales ledger is
computerised it is easy to produce aged receivables listings.
The systems could also be programmed to make simple decisions such comparing inventory
levels to production plans to enable automatic stock ordering or approving new orders by
comparing credit limits to customer balance and new order value. The simple decisions are
known as ‘programmable’ or ‘structured’ decisions, meaning that there is a well-defined way
of getting to the correct answer. MIS primarily allows companies to keep their costs down,
helping them to move towards cost leadership, through a combination of automation and
rationalisation.
๏ Decision support systems (DSS)
Not all decisions are structured. For example, there is no definitively correct way to draft next
year’s budget or to decide on the selling price of a new product. DSS help managers to make
decisions.
A good example is seen in the use of spreadsheets where financial models created on
spreadsheets allow managers to try out “what if?” experiments where they try out different
combinations of assumptions and try to home in on a credible answer.
More sophisticated DSS systems can combine, for example, computer aided design and
computer aided manufacturing systems to enable new products to be brought to market
more quickly. Data warehousing (recording historical transaction data) and data mining
(trawling through that data to learn more about customers’ preferences and buying patterns).
Both of these techniques can help with differentiation and focus strategies.
๏ Executive information systems (EIS)
These are aimed at senior managers and they have a particular emphasis on giving access to
external information that is needed for operational and strategic planning (eg through the
internet and access to external databases). Executive information systems also emphasise
flexibility so that executives can see company data in a wide variety of ways and they can ‘drill
down’ top greater detail when needed.
๏ Databases
Databases are by far the preferred way to hold data. Databases allow a wide range of users
and applications to use the data flexibly and to update it. Each user can be given a unique,
personalised and relevant view of the data which they can easily search and manipulate.
Centralising data into databases means that data is held once only so is easier to update and
everyone sees a consistent version.
Access to databases needs to be carefully controlled and backups are immensely important. If
the database is damages, all an organisation’s data could be lost.
๏ Expert systems
These were an attempt to capture an expert’s skills so that expert decisions could be made
automatically. They are used where there are complex programmed (structured) decisions to
be made such as working out pension entitlements and options.
The increasing reliance on computers by all levels within a company requires careful design
of the information technology (IT) infrastructure. IT usually refers to the hardware: computers,
connections, disk storage.
2. Physical arrangements
2.1. Networks
Only the very smallest of businesses will have stand-alone computers ie computers not connected
to other computers. Even in small businesses employees need to share data and very soon after
personal computers were invented networks of computers were introduced.
There are two main types:
๏ Local area network (LAN): Here the network extends over only a relatively small area, such
as an office, a university campus or a hospital. The small area means that these networks use
specially installed wiring to connect the machines.
๏ Wide area networks (WAN): Here the network can extend between several cities and
countries. Each office would have its LAN, but that connects to LANs in other offices and
countries using commercial, public communications systems. At one time this would have
been done by the organisation leasing telephone lines for their private use to transmit data
from office to office. However, this is expensive and inflexible and the common system now
used is known as a virtual private network (VPN)
2.2. Virtual private networks
VPN’s allow data to be transmitted securely over the internet between any two locations.
Information will pass over many different circuits and connections but the system gives the
impression that you are operating over a dedicated, private communications link: hence the name:
virtual private network. For example, an employee working from home or a hotel can access the
company system as though being in the office. Because data is being transmitted over public
systems it is particularly vulnerable to interception and it is very important that adequate security
measures are in place to safeguard the data.
There are three essential steps in the security measures:
(1) Access control and authentication – this ensures that unauthorized users do not access the
system. Typically this will be accomplished through a log-in procedure.
(2) Confidentiality – this ensures that data cannot be intercepted and read by a third party whilst
being transmitted. This is achieved using encryption.
(3) Data integrity – this ensures that the data has not been altered or distorted whilst in transit.
To ensure this, the message could have special check digits added to ensure that the data
complies with a mathematical rule.
2.3. Centralised and decentralised (distributed) architectures
Consider an office local area network. There are three main ways in which the data and processing
can be arranged: centralised, decentralised (distributed) and hybrid.
Centralised systems.
In these systems there is a powerful central computer which holds the data and which carries out
the processing.
The main advantages of such systems are:
๏ Security: all data can be stored in a secure data centre so that, for example, access to the data
and back-up routines are easier to control.
๏ One copy of the data: all users see the same version of the data.
๏ Lower capital and operational costs: minimal hardware is needed at each sites. There is also
less administrative overhead.
๏ The central computer can be very powerful: this will suit in processing-intensive applications.
๏ They allow a centralised approach to management. For example, a chain of shops needs to
keep track of inventory in each shop and to transfer it as needed. There is little point in a shop
that is running low ordering more if another branch has a surplus.
The main disadvantages of such systems are:
๏ Highly dependent on links to the centralised processing facility. If that machine fails or
communication is disrupted then all users are affected.
๏ Processing speed: will decrease as more users log-on
๏ Lack of flexibility: local offices are dependent on suitable software and data being loaded
centrally.
Decentralised (distributed) systems.
In these systems, each user has local processing power and will hold data locally.
The main advantages of such systems are:
๏ Resilience: if one machine breaks down, others are unaffected.

๏ Easy expansion: simply add another computer.
๏ Flexibility: local users can decide which programs and software should be installed to meet
local needs.
๏ They are more useful where each location can operate reasonably separately from others.
The main disadvantages are:
๏ More difficult to control: data storage and processing are in many locations and correct
access, processing and back-up of data are more difficult to enforce.
๏ Multiple versions of data: user might have their own version of data that should be uniform.
๏ Potentially higher costs: each local computer has to have sufficient processing power and
each location might require an IT expert.
2.4. Cloud computing.
This is relatively new approach but one that is growing in popularity. There is only one copy of the
software on the server within a web-based interface. Users log into the web system and their
processing is then carried out on the server or a ‘cloud’ of servers. It appears to each user that they
have a local version of the software, but what they are really seeing is the program operating in the
server. As more processing is needed more cloud resources can be used and this gives users great
flexibility.
Client machines can be ‘thin-clients’ (ie not powerful) as they do not have to store much data and
software nor do they have to carry out much processing. Hardware, software and maintenance
costs are greatly reduced, though the system is vulnerable to service disruption.
It can be particularly useful where a company’s processing needs are very volatile. For example, a
design or engineering company might need very high computing power only when rendering (ie
producing detailed graphics) work. Much of the time processing needs are small. Therefore, instead
of having a large computer of its own, the design company’s work is hosted by a cloud-based
computer (whose use is shared). That computer will be powerful enough to deal with intensive
processing as needed. Also, designers can work at home, for example, on laptops. The relatively
low powered laptop provides the interface but the bulk of the processing is done elsewhere.
Obviously there are risks arising from:
๏ Loss of communications with the cloud machine

๏ Communications that are too slow
๏ Confidential data is being held on a third party machine and being transmitted over public
communications systems.
3. Controls in IT systems
3.1. Risks
IT poses particular risks to organisations’ internal control and information systems and
organisations must try to safeguard their data and IT systems otherwise problems can lead to their
operations being severely disrupted and subsequently to lost sales, increased costs, incorrect
decisions and reputational damage. Some security breaches might leave an organisation open to
prosecution.
Risks include:
๏ Reliance on systems or programs that are inaccurately processing data, processing inaccurate
data so that they report inaccurate, misleading results.
๏ Unauthorised access to data leading to destruction of data, improper changes to data, or
inaccurate recording of transactions.
๏ Particular risks may arise where multiple users access a common database on which everyone
in the organisation relies. The data could be incorrectly amended and all users will be
affected.
๏ The possibility of IT personnel gaining access privileges beyond those necessary to perform
their assigned duties.
๏ Human error.
๏ Physical damage, such as fire or water damage.
๏ Industrial espionage
๏ Fraud
๏ Unauthorised changes to data in master files. For example, changing a selling prices or credit
limit.
๏ Unauthorised changes to systems or programs so that they no longer operate correctly and
reliably.
๏ Failure to make necessary changes to systems or programs to keep them up-to-date and in
line with legal and business requirements.
๏ Potential loss of data or inability to access data as required. This could prevent, for example,
the processing of internet sales.
3.2. General controls

Controls in computer systems can be categorised as general controls and application controls.
General controls: these are policies and procedures that relate to the computer environment and
which are therefore relevant to all applications. They support the effective functioning of
application controls by helping to ensure the continued proper operation of information systems.
General IT controls that maintain the integrity of information and security of data commonly
include controls over the following:
๏ Data centre and network operations. A data centre is a central repository of data and it is
important that controls there include back-up procedures, anti-virus software and firewalls to
prevent hackers gaining access. Organisations should also have disaster recovery plans in
place to minimise damage caused by events such as floods, fire and terrorist activities.
๏ System software acquisition, change and maintenance. System software refers to operating
systems, such as Windows or Apple’s OS. These systems often undergo updates as problems
and vulnerabilities are identified and it is important for updates to be implemented promptly.
๏ Application system acquisition, development, and maintenance. Applications systems are
programs that carry out specific operations needed by the company – such as calculating
wages and invoices and forecasting inventory usage. Just as much damage can be done by
the incorrect operation of software as by inputting incorrect data. For example, think of the
damage that could be done if sales analyses were incorrectly calculated and presented.
Management could be led to withdraw products that are, in fact, very popular. All software
amendments must be carefully specified and tested before implementation.
๏ Access security. Physical access to file servers should be carefully controlled. This is where the
company keeps it data and it is essential that this is safeguarded: data will usually endow
companies with competitive advantage. Access to processing should also be restricted,
typically through using log-on procedures and passwords.
3.3. Application controls:
Application controls are manual or automated procedures that typically operate at a business
process level, such as the processing of sales orders, wages and payments to suppliers.
These controls help ensure that transactions are authorised, and are completely and accurately
recorded, processed and reported. Examples include:
๏ Edit checks of input data. For example, range tests can be applied to reject data outside an
allowed range; format checks ensure that data is input in the correct format (credit card
numbers should be 12 digits long; dependency checks where one piece of data implies
something about another (you have probably had a travel booking rejected because you
inadvertently had a return date earlier than the outward date); check digits, where a number,
such as an account number, is specially constructed to comply with mathematical rules.
๏ Numerical sequence checks to ensure that all accountable documents have been processed.
๏ Drop down menus which constrain choices and ensure only allowable entries can be made.
๏ Batch total checks.
On-line, real time systems can pose particular risks because any number of employees could be
authorised to process certain transactions. Anonymity raises the prospect of both carelessness and
fraud so it is important to be able to trace all transactions to their originator. This can be done by
tagging each transactions with the identity of the person responsible.
Cyber-espionage is also a growing threat. Governments, competitors and criminals attempt to steal
intellectual property or information about customers and contracts. Quite obviously the theft of
valuable know-how will undermine a company’s competitive advantage and it is essential that for
organisations to defend themselves as far as possible against these threats.
4. Big data
There are many definition the term ‘big data’ but most suggest something like the following:
“Extremely large collections of data (data sets) that may be analysed to reveal patterns, trends, and
associations, especially relating to human behaviour and interactions.”
In addition, many definitions also state that the data sets are so large that conventional methods of
storing and processing the data will not work.
In 2001 Doug Laney, an analyst with Gartner (a large US IT consultancy company) stated that big
data has the following characteristics, known as the 3Vs:
๏ Volume
๏ Variety
๏ Velocity
These characteristics, and sometimes additional ones, have been generally adopted as essential
qualities of big data.
Variety:
disparate non-uniform data of different
sizes, sources, shape, arriving irregularly,
some from internal sources and some from
external sources, some structured, but
much of it is unstructured
Characteristics
of big data
(Laney)
Velocity: Volume:
data arrives continually and a very large amount of data. More
often has to be processed very than can be easily handled by a
quickly to yield useful results single computer, spreadsheet or
conventional database system
The commonest fourth ‘V’ that is sometimes added is veracity: Is the data true? Can its accuracy be
relied upon?
4.1. Volume
The volume of big data held by large companies such as Walmart (supermarkets), Apple and eBay is
measured in multiple petabytes. What’s a petabyte? It’s 1015 bytes (characters) of information. A
typical disc on a personal computer (PC) holds 109 bytes (a gigabyte), so the big data depositories
of these companies hold at least the data that could typically be held on 1 million PCs, perhaps
even 10 to 20 million PCs.
These numbers probably mean little even when converted into equivalent PCs. It is more
instructive to list some of the types of data that large companies will typically store.
๏ Retailers:
‣ Via loyalty cards being swiped at checkouts: details of all purchases you make, when,
where, how you pay, use of coupons.
‣ Via websites: every product you have every looked at, every page you have visited,
every product you have ever bought. (To paraphrase a Sting song “Every click you make
I’ll be watching you”.)
๏ Social media (such as Facebook and Twitter)
Friends and contacts, postings made, your location when postings are made, photographs
(that can be scanned for identification), any other data you might choose to reveal to the
universe.
๏ Mobile phone companies
Numbers you ring, texts you send (which can be automatically scanned for key words), every
location your phone has ever been whilst switched on (to an accuracy of a few metres), your
browsing habits. Voice mails.
๏ Internet providers and browser providers
Every site and every page you visit. Information about all downloads and all emails (again
these are routinely scanned to provide insights into your interests). Search terms you enter.
๏ Banking systems
Every receipt, payment, credit card payment information (amount, date, retailer, location),
location of ATM machines used.
4.2. Variety
Some of the variety of information can be seen from the examples listed above. In particular, the
following types of information are held:
Browsing activities: sites, pages visited, membership of sites, downloads, searches
Financial transactions
๏ Interests
๏ Buying habits
๏ Reaction to ads on the internet or to advertising emails
๏ Geographical information
๏ Information about social and business contacts
๏ Text
๏ Numerical information
๏ Graphical information (such as photographs)
๏ Oral information (such as voice mails)
๏ Technical information, such as jet engine vibration and temperature analysis
This data can be both structured and unstructured:
Structured data: this data is stored within defined fields (numerical, text, date etc) often with
defined lengths, within a defined record, in a file of similar records. Structured data requires a
model of the types and format of business data that will be recorded and how the data will be
stored, processed and accessed. This is called a data model. Designing the model defines and limits
the data that can be collected and stored, and the processing that can be performed on it.
An example of structured data is found in banking systems, which record the receipts and
payments from your current account: date, amount, receipt/payment, short explanations such as
payee or source of the money.
Structured data is easily accessible by well-established database structured query languages.
Unstructured data: refers to information that does not have a pre-defined data-model. It comes in
all shapes and sizes and this variety and irregularities make it difficult to store it in a way that will
allow it to be analysed, searched or otherwise used. An often quoted statistic is that 80% of
business data is unstructured, residing it in word processor documents, spreadsheets, PowerPoint
files, audio, video, social media interactions and map data.
4.3. Velocity
Information must be provided quickly enough to be of use in decision making. For example, in the
above store scenario, there would be little use in obtaining the price-comparison information and
texting customers once they had left the store. If facial recognition is going to be used by shops
and hotels, it has to be more-or less instant so that guests can be welcomed by name.
You will understand that the volume and variety conspire against the third, velocity. Methods have
to be found to process huge quantities of non-uniform, awkward data in real-time.
4.4. Software for big data
The processing of big data is generally known as big data analytics and includes:
๏ Data mining: analysing data to identify patterns and establish relationships

such as associations (where several events are connected),
sequences (where one event leads to another) and correlations.
๏ Predictive analytics: a type of data mining which aims to predict future events. For
example, the chance of someone being persuaded to upgrade a
flight.
๏ Text analytics: scanning text such as emails and word processing documents to
extract useful information. It could simply be looking for key-
words that indicate an interest in a product or place.
๏ Voice analytics: as above with audio.
๏ Statistical analytics: used to identify trends, correlations and changes in behaviour.
The analytical findings can lead to:
๏ Better marketing
๏ Better customer service and relationship management
๏ Increased customer loyalty
๏ Increased competitive strength
๏ Increased operational efficiency
๏ The discovery of new sources of revenue.
4.5. Dangers of big data
Despite the examples of the use of big data in commerce, particularly for marketing and customer
relationship management, there are some potential dangers and drawbacks.
๏ Cost: It is expensive to establish the hardware and analytical software

needed, though these costs are continually falling.
๏ Regulation: Some countries and cultures worry about the amount of
information that is being collected and have passed laws
governing its collection, storage and use. Breaking a law can
have serious reputational and punitive consequences.
๏ Loss and theft of data: Apart from the consequences arising from regulatory breaches
as mentioned above, companies might find themselves open to
civil legal action if data were stolen and individuals suffered as a
consequence.
๏ Incorrect data (veracity): If the data held is incorrect or out of date incorrect conclusions
are likely. Even if the data is correct, some correlations might be
spurious leading to false positive results.
๏ Employee monitoring: Data collection methods allow employees to be monitored in
detail every second of the day. Some companies place sensors in
name badges so that employee movements and interactions at
work can be monitored. The badged monitor to whom each
employee talks and in what tone of voice. Stress levels can be
measured from voice analysis also. Obviously, this information
could be used to reduce stress levels and to facilitate better
interactions but you will easily see how it could easily be used to
put employees under severe pressure.
5. Data Protection Act implements Directive 95/46/EC

One of the important European laws concerns data protection. The Data Protection Act in the UK
relates to personal data. We are not talking here about data relating to companies: we are talking
about data relating to people.
The act sets out certain principles:
๏ Data shall be processed fairly and lawfully.

๏ It can only be obtained for one or more specified and lawful purposes.
๏ It mustn’t be excessive to what’s required.
๏ It must be accurate and kept up-to-date.
๏ It mustn’t be kept for longer than necessary.
๏ Personal data shall be processed only in accordance with the rights of data subjects. The data
subject is a person about whom the data is held and that person has certain rights. For
example they have a right to see the data and they have a right to insist that it’s corrected.
The people holding the data have to register with a government body and there they have to
say what data is held, why it is held and to whom it might be supplied.
๏ Appropriate measures shall be taken against unauthorised and unlawful processing and also
care has to be taken over the accidental loss or damage to personal data.
๏ Finally, personal data must not be transferred to a country or territory outside the European
Economic Area unless there is similar legislation giving similar protection in that area.
6. Disaster planning
Many organisations are so reliant on the continued availability of IT that to be without it for even a
short time can be very damaging. Of course more serious incidents could make an IT system
unavailable for long times can be disastrous.
June 2015, Computer Weekly

Royal Bank of Scotland (RBS) customers suffered at the hands of another IT problem as
hundreds of thousands of payments failed to reach their accounts. About 600,000 payments
including tax credits and disability living allowance did not arrive when expected.
RBS has been subject to costly IT problems in recent years. In 2012 customers were locked out
of their accounts for days, as a result of a glitch in the CA-7 batch process scheduler, which
froze 12 million accounts. Customers were left unable to access funds for a week or more as
RBS, NatWest and Ulster Bank manually updated account balances.
RBS was fined ₤56m by the Financial Conduct Authority (FCA) and the Prudential Regulation
Authority (PRA) as a result.
Companies should have disaster plans that will first offer some protection against problems but
which will then allow the company’s IT system to be up and running (at least the most vital
elements of the system) a soon as possible.
Typical contents of a disaster plan are:
๏ Minimise physical risks; take regular backups of data

๏ Contingency planning: standby procedures, recovery procedures, personnel management:
‣ Define responsibilities of staff members. Remember, normal working will have been
disrupted.
‣ Risk assessment – where is most attention needed? Where are we most vulnerable?
‣ Prioritise – which elements of the system are the most vital to get back?
‣ Back-ups and stand-by arrangements – if the computer is damaged, a standby machine
(hardware duplication) will be able to pick up the processing. It should be located at a
remote site.
‣ Communication with staff and customers. A disaster can undermine confidence so
good PR is essential.
๏ Business continuity planning. How will the business be carried on until normal service is
resumed?
Chapter 9
FINANCIAL RISK: BUSINESS RISK AND
GEARING RISK
1. Financial risk introduction

Equity shareholders suffer risk from two sources:
๏ Business risk arising from the type of business their company is in. For example a supermarket
company is likely to enjoy much more stable earnings that a house-building company.
Everyone needs to eat, even in poor economic times, but house purchases will be postponed
unless people are reasonably optimistic.
๏ Gearing risk. This risk arises because a company has borrowed. The interest on the
borrowings has to be paid and this increases the volatility of the earnings available for
shareholders. This is explained in more detail below.
When deciding what return is needed from a company, shareholders have to take both types of risk
into account. They will always demand higher returns as risk (from whatever source) increases.
2. Illustration of gearing risk

Here are two companies, U Co which is ungeared (ie, no borrowing) and G Co which is geared. They
have exactly the same assets and carry on the same activities, so their earnings before interest are
the same:
$000 U Co G Co
Earnings 1,000 1,000
Interest – (400)
1,000 600
Tax @25% (250) (150)
Available for dividends 750 450
Now, we will see what happens if earning go up 50% or down 50%
Starting position Increase 50% Decrease 50%

$000 U Co G Co U Co G Co U Co G Co
Earnings 1,000 1,000 1,500 1,500 500 500
Interest - (400) - (400) - (400)
1,000 600 1,500 1,100 500 100
Tax @25% (250) (150) (375) (275) (125) (25)
Available for dividends 750 450 1,125 825 375 75
+50%
-50%
+ 83% -83%
In the ungeared company, U Co, as earnings rise or fall be 50% so do the amounts available for
dividends.
In the geared company, however, as earnings rise or fall 50% the amounts available for dividends
vary by 83%.
Therefore, income volatility (or risk) is magnified in the geared company. That’s why the term
‘gearing’ is used. On a bicycle, if you are in a high gear one turn of the pedals has a large effect on
the wheels.
In the USA, the term ‘leverage is used instead of gearing, and when using a lever, moving one end a
small amount will move the other end a lot.
3. How to account for business risk

In this paper you account for business risk and link it to equity shareholders’ returns by using the
capital asset pricing model (CAPM). This model states that:
Required return (cost of equity) = Risk free return + β (Return from the market – risk free rate)
or Ke = Rf + β(Rm – Rf)
The risk free rate is typically what you could get putting your money on deposit in the bank. If an
investment is not risk free then the required return must be higher than that rate.
β is a measure of the systematic risk of the investment. This is explained further below. The higher β
is the higher the required return.
Rm is the return you can get from the market as a whole. The β(Rm – Rf) represents a premium that is
required over the risk free rate to compensate investors for the additional risk.
Rm – Rf is sometimes known as the market risk premium.
4. Systematic and unsystematic risk

Unsystematic risk is risk that arises form random events affecting one share only. For example,
one pharmaceutical launches a blockbuster drug and that share only will enjoy improved returns.
Systematic risk is risk that rises from large events, national and international, that affects all shares,
though to differing degrees. For example, the banking crisis of 2008 affected all investments.
Unsystematic risk is handled by diversifying it away. This means that by the time you hold about 30
different investments the random good news in one share is probably cancelled out by the random
bad news in another share you hold. For example, the goods news helping your shares in the
pharmaceutical company is likely to be offset by bad news in your shares in, say, an airline.
CAPM deals only with systematic risk and this means that any investor who is going to use this
approach must be well-diversified.
The β value is a measure of systematic risk, and can be interpreted as:
β = 1 the investment has the same systematic risk as the market.
β > 1 the investment is more volatile than the market; it has more systematic risk. The required
return will be greater than the return form the market.
Β < 1 the investment is more stable than the market; it has less systematic risk. The required return
will be lower than the return form the market.
Example 1
Risk free rate = 5%; market return = 14%
What returns should be required from investments whose beta values are
(i) 1
(ii) 2
(iii) 0.5
Solution:
Ke = Rf + β(Rm – Rf)
(i) Ke = 5 + 1(14 – 5) = 14% (The return required from an investment with the same risk as the
market is simply the market return)
(ii) Ke = 5 + 2(14 – 5) = 23% (The return required from an investment with twice the risk as the
market. A higher return than that given by the market is required)
(iii) Ke = 5 + 0.5(14 – 5) = 9.5% (The return required from an investment with half the risk as
the market. A lower return than that given by the market is required).
5. Taking gearing into account

If there is risk caused by gearing as well as risk caused by the type of business that is being
undertaken the required return of the equity shareholders will be greater. This can be accounted
for by using a higher β to work out the cost of equity.
Before going on, we must get some terminology straight:
๏ In an ungeared company the β is known as the ‘asset β’ because the risk arises purely from
the business assets and business activities. It can be useful to refer to this as the ‘ungeared β’.
๏ In a geared company the β is known as the ‘equity β’ because the risk arises from both
business and gearing and that determines what the equity shareholder require. It can be
useful to refer to this as the ‘geared β’.
The asset β (ungeared) and equity β (geared) are linked by the following formula:
veβe
βa =
(ve + vd (1− T ))
Where:
βa = the asset (ungeared β)
βe = the equity (geared β)
Ve = the market value of equity
Vd = the market value of debt
T = tax rate
Notice that the formula must mean that βa is less than βe reflecting the fact that the systematic risk
must be lower in an ungeared company than in the equivalent geared company.
Example 2
An ungeared company has a β of 0.8.
What is the equity-holders’ required rate of return in an equivalent company that was
financed by $4m equity and $3m debt where the tax rate is 30%?
The risk free rate is 4% and the return from the market is 15%.
Solution:
First, work out the appropriate β value for the geared company:
veβe
βa =
(ve + vd (1− T ))
4βe
0.8 = = 0.6557 × β e
( 4 + 3(1− 0.3))
β e = 0.8 / 0.6557 = 1.22
[Check: the equity (geared β should be higher than the ungeared β]

Ke = Rf + β(Rm – Rf)
Ke = 4 + 1.22(15 – 4) = 17.42%
[Note the required return in the ungeared company would be: 4 + 0.8(15 – 4) = 12.8%].
6. Risk adjusted discount rates

If a company is going to use its existing cost of capital as a discount rate when appraising a new
project then two conditions must be met:
(1) The nature of the project must be the same as existing activities. If the new project is in
different business area then the cost of capital relevant to that project will be different
(different business = different risk = different cost of capital).
(2) The gearing of the company must not change (different gearing = different risk = different
cost of capital).
CAPM can let us deal with the first problem because CAPM allows a specific discount rate to be
calculated that is appropriate for the type of risk associated with the new project. This is known as
the risk adjusted discount rate.
Example 3
An all equity company has a cost of equity of 18%. The risk free rate is 4%.
The company is in the food production industry and it has a β of 0.8, but the new project is very
different to existing activities: goods haulage. A listed goods haulage company has a β of 1.2.
What discount rate should be used to appraise the new haulage project?
Solution:
From the company’s current statistics:
Cost of equity = Risk free rate + β (return from the market - risk free rate)
18% = 4% + 0.8 (return from the market – risk free rate)
So,
Return from the market - risk free rate = (18% - 4%)/0.8 = 17.5.
The discount rate appropriate to a haulage project or haulage business that is all equity financed is
therefore:
Required return = 4 + 1.2 x 17.5 = 25%
Check: the new project has a high β, so the required rate of return must also be higher.
7. Project financed by a mix of debt and equity: adjusted

present values.
Financing the project by a mix of debt and equity will potentially alter the gearing and this will alter
the appropriate cost of capital and therefore the net present value of the project.
Loan finance offers companies a uniquely low source of finance. It is low because:
(1) It is less risky to supply loan capital than equity. Loans are often secured on valuable assets;
companies know that they must pay interest on time if they are avoid defaulting, whereas
dividends are discretionary; if the company is wound up, creditors rank before equity
shareholders.
(2) Loan interest gets tax relief but dividends do not.
Point (2) is very important. Tax relief is equivalent to a borrower paying the interest then
having the government contribute to the cost of capital. Tax relief is just as valuable as a
grant coming from the government and the benefit of this must be taken into account when
appraising a project: the technique used to do this is known as the adjusted present value.
The technique is used when:
๏ Funding includes a subsidised loan (including when tax relief is given on interest payments)
๏ Debt capacity has increased
๏ Comparison of different capital structure
Steps
๏ Evaluate project as though all equity financed

๏ Adjust for the beneficial effect of the finance used: the finance costs are discounted at the
pre-tax cost of the finance. This will mean that the present value of the tax shield is
calculated at the pre-tax cost of debt.
Example 4
Time 0 Invest 100M
Times 1 – 5 Earn 60M pa pre-tax
Tax = 30%, paid at the end of each year. Cost of equity (ungeared) = 20%
Pre-tax cost of debt = 5%
Calculate the gain to the shareholders if the project is financed:
(a) Entirely by equity
(b) 70% equity and 30% irredeemable debt
(c) 70% equity and 30% from debt redeemable in 5 years’ time.
Solutions:
Financed entirely by equity
NPV = -100 + 60 x 0.7 x 2.991 (5 yr, 20% cumulative factor) = 25.622m
Financed entirely 70% equity and 30% irredeemable debt
Adjusted present value = Base case NPV (all equity) + PV of the tax shield.
The present value of the tax shield is: Interest x tax rate x cumulative discount factor at 5%. The
cumulative discount factor at 5% for a perpetuity is 1/0.05 ie 1/r, where r is the discount rate as a
decimal.
APV = 25.622m + $30m x 5% x 0.3/0.05 = 25.622 + 9 = 34.622m
Financed by 70% equity and 30% from debt redeemable in 5 years’ time
Now tax is saved for only 5 years. The 5 year 5% cumulative discount factor is 4.329, so:
APV = 25.622m + $30 x 5% x 0.3 x 4.329 = 25.622 + 1.948 = $27.57m
The company also benefits if its debt capacity is increased because of the project and its financing.
Debt capacity is the ability of the company to raise loans.
Example 5
An all equity project lasts for 6 years and increases debt capacity by $4M pa at the risk free rate of
5%. Tax at 30% is paid 1 year in arrears.
What is the value of the increase in debt capacity?
Solution:
The project and the debt capacity increase last for time 1 – 6, but the potential benefit comes
through the tax relief on the increase in the debt capacity and that will be for times 2 – 7.
The PV of the increase in debt capacity is:
$4m x 5% x 0.3 x (5.786 – 0.9520) = $0.29m
5%, yrs 1 – 7 , 5%, yr 1
Sometimes the loan might be subsidised in other ways, not just tax relief and the benefit of this
cheap access to finance should also be taken into account.
Example 6
A project costing $12M project lasts for 5 years and will financed by debt.
The company normally borrows at 8%, but a development loan from the government will cost 6%.
Risk free rate of interest = 3%. Tax is payable 1 year in arrears at 30%.
Solution:
Tax shield on interest paid $12 x 0.06 x 0.3 = 0.216
Saving on interest $12 x 0.02 = 0.240
Less: PV of tax relief lost $12 x 0.02 x 0.3 =(0.072)
0.384
Advantage arising from the subsidised finance is therefore: $0.384 x [5.417 – 0.971] = 1.707
Note the third line of the column of figures relating to the PV of tax relief lost. It might look as
though the government has saved the company 2% by giving a subsidised loan, but if the interest
is reduced by 2%, so is the tax relief.
Finally, we consider issue costs. For example, a company might need $2m to finance a project but
this is after issue cots. The loan needed would therefore have to be for $2m plus issue costs.
Issue costs can be expected to enjoy tax relief.
Example 7
$6m is needed to spend on the project and must be available after issue costs of 2% are deducted.
Issue costs are payable immediately.
Assume the loan is at 6%, tax is 25% payable at the end of each year and the loan is in perpetuity.
Solution:
$6m is after issue costs of 2% so must represent 98% of the amount raised.
Therefore, amount raised is $6m/0.98 = $6.12m
PV of tax shield on interest = $6.12m x 6% x 0.25/0.06 = $1.53
However, to obtain this benefit, issue costs are paid at time 0 and tax relief on those costs is
enjoyed one year later
Issue costs less tax relief = $0.12m – 0.12 x 0.25 x 0.943 = 0.092
Therefore, the net benefit is $1.438m
8. Real options
A real option is the right, but not the obligation, to undertake certain business decision, such as
๏ postponing/deferring
๏ abandoning,
๏ expanding/follow-on
a capital project.
Real options provide additional flexibility to the investor. This must always be worthwhile to
investors and so should add value to any project for which they are available. Therefore:
Real options PV = Traditional NPV + real option value.
Chapter 10
FOREIGN CURRENCY RISK AND ITS
MANAGEMENT
1. Introduction
Increasingly, many businesses have dealings in foreign currencies and, unless exchange rates are
fixed with respect to one another, this introduces risk.
Exchange rates move up and down for all sorts of reasons, such as:
๏ Political uncertainty
๏ Economic prospects of the country
๏ Demand for the currency
Many of these factors are unpredictable, but there are three calculations that can be performed to
predict certain exchange rates and also to predict a country’s exchange rate.
2. Interest rate parity

The different interest rates in countries can be used to predict the forward exchange rate. The
forward exchange rate is the rate you would be quoted now for changing currency at a specific
date in the future.
For example, say that the UK £ interest rate is 4% and the US $ rate is 6% and that the current
exchange rate (the spot rate) is US$ 1.4 = £1.00
An investor might therefore see a way to make money by borrowing, say £1,000 at 4% in the UK,
changing this into $1,400 and investing at 6% in the US. There seems to be a 2% margin in doing
this.
However, the investor would not be sure of making money unless he or she knew how many £ they
would get back at the end of the period. If the US$ at weakened to say £1 = $2, the investor might
lose a lot of money. To prevent that, the investor could agree now a rate (a forward rate) at which
to change back the US $ at the end of the period.
The forward rate must be a rate that means the investor would break-even (otherwise there would
be the odd situation where people could make money, risk free, by simply borrowing and
investing).
So, looking at a period of a year:
Borrow £1,000 add 1 year’s interest @ 4% Amount owing becomes £1,040
Convert into US$ at 1.40$/£
Invest $1,400 add 1 year’s interest @ 6% Amount available becomes $1,484
Interest rate parity theory says that the 1 year forward exchange rate is therefore 1,484/1,040 =
1.427 $/£
After, say two more years, interest would have accrued for three years and the forward exchange
rate would be given by:
1,400 x (1.06)3/1,000 x(1.04)3 = 1.4823 $/£.
3. Purchasing power parity

In theory, this predict future spot rates.
The approach says that money obtains its value with reference to what it can buy. Therefore an
exchange rate links what an item costs in two different currencies.
So if an item cost £1,000 in the UK and $1,500 in the US, then £1,000 must have the same value as
$1,500 and the exchange rate is therefore $1.5/£.
After a year, the purchase prices will have risen in each country by their inflation rates. Say that in
the UK inflation is 2% and in the US it is 3.5%. Then in a year, the product will cost:
(1) In the UK: 1,000 x 1.02 = £1,020
(2) In the US: 1,500 x 1.035 = $1,552.50
These amounts must be worth the same because they buy the same item. Therefore the exchange
rate in 1 year is predicted to be:
1,552.5/1,020 = 1.522.
In four years the exchange rate would be predicted to be:
1,500 x (1.035)4 /1,000 x (1.02)4 = 1.59 $/£
4. International Fisher effect

This theory says that the real rate of interest is the same in every country and the interest rates
quoted on bank accounts (the nominal or money rate) is a combination of this rate (the real rate)
and the inflation rate.
1 + Nominal Rate = (1 + Real Rate) x (1 + Inflation Rate)
Say a country had in inflation rate of 2.5% and a nominal interest rate of 5%. If another country had
an inflation rate of 6%, then we can predict its nominal rate of interest as follows:
1 + 0.05 = (1 + Real Rate) x (1 + 0.025)
1 + Real Rate = 1.05/1.025 = 1.02439
The nominal rate in the other country is therefore given by:
1 + Nominal Rate = (1.02439) x (1 + 0.06) = 1.08585
The nominal rate is therefore 8.585%
Remember, the nominal rate is higher when inflation is higher because money on deposit has to
increase by inflation just to stand still with respect to inflation, then investors expect a real rate of
interest on top ie they expect to be able to buy more even after inflation.
5. Cross rates
Cross rates allow you to work out the exchange rate between to currencies when their rate with
respect to a third currency are known
For example, on 3 May 2016, published exchange rates were:
US$/£ = 1.45
€/£ = 1.26
We can therefore work out €/US$ as follows:
Look at what you want ie €/US$
€/US$ = €/£ x £/US$
£/US$ = 1/(US$/£)
So, €/US$ = 1.26 x 1/1.45 = 0.87
The published rate was indeed 0.87
6. Types of currency risk

There are three types of currency risk:
6.1. Economic risk.
The source of economic risk is the change in the competitive strength of imports and exports. For
example, if a company is exporting (let’s say from the UK to a Eurozone country) and the euro
weakens from say €/£ 1.1 to €/£ 1.3 (getting more euros per pound sterling implies that the euro is
less valuable, so weaker) any exports from the UK will be more expensive when priced in euros. So
goods where the UK price is £100 will cost €130 instead of €130, making those goods less
competitive in the European market.
Similarly, goods imported from Europe will be cheaper in sterling than they had been, so those
goods will have become more competitive in the UK market. Note that a company can therefore
experience economic risk even if it has no overt dealings with overseas countries. If competing
imports can become cheaper you are suffering risk arising from currency rate movements.
Doing something to mitigate economic risk can be difficult – especially for small companies with
limited overseas dealings. In general, the following approaches might provide some help:
๏ Try to export or import from more than one currency zone and hope that they don’t all move
together, or at least to the same extent. For example, over the three months 14 January 2010
to 14 June 2010 the €/US$ exchange rate moved from about €/$ 0.6867 to €/$ 0.8164. This
means that € had weakened relative to the US $ (or US $ strengthening relative to the € by
19%). This would make it less competitive for US manufactures to export to a Eurozone
country. In the same period the £/$ exchange rate moved from 0.6263 £/$ to 0.6783 £/$, a
strengthening of the $ relative to £ of only about 8%. Trade from the US to the UK would not
have been so badly affected.
๏ Make your goods in the country you are selling them in. Although raw materials might still be
imported and affected by exchange rates, other expenses such as wages are in the local
currency and not subject to exchange rate movements.
6.2. Translation risk.

This affects companies with foreign subsidiaries. If the subsidiary is in a country whose currency
weakens, the subsidiary’s assets will be less valuable in the consolidated accounts. Usually, this
effect is of little real importance to the holding company because it does not affect its day-to day
cash flows. However, it would be important if the holding company wanted to sell the subsidiary
and remit the proceeds. It also becomes important if the subsidiary pays dividends. However, the
term ’translation risk’ is usually reserved for consolidation effects.
It can be partially overcome by funding the foreign subsidiary using a foreign loan. For example,
take a US subsidiary that has been set up by its holding company providing equity finance. Its
statement of financial position would look something like:
$ million
Non-current assets 1.5
Current assets 0.5
2.0
Equity 2.0
If the $ weakens then all of the $2 million total assets become less valuable.
However if the subsidiary were set up using 50% equity and 50% dollar borrowings, its balance
sheet would look like:
$ million
Non-current assets 1.5
Current assets 0.5
2.0
$ Loan 1.0
Equity 1.0
2.0
The holding company’s investment is only $1 million and the company’s net assets in US$ are only
$1 million. If the $ weakens the only the net $1 million becomes less valuable.
6.3. Transaction risk.

This arises when a company is importing or exporting. If the exchange rate moves between
agreeing the contract in a foreign currency and paying or receiving the cash, the amount of home
currency paid or received will alter, making those future cash flows uncertain.
For example, in June a UK company agrees to sell an export to Australia for 100,000 Australian $,
payable in three months. The exchange rate at the date of the contract is
AUD/£ 1.80 meaning that there are 1.80 AUD for every £.
Confusingly, this could also be written as
1£/AUD 1.80, where the key is noticing that it is ‘1£’, meaning 1£ - 1.8AUD.
So the company is expecting to receive 100,000/1.8 = £55,556. If, however, the Australian $
weakened over the three months to become worth only 1£/AUD 2.00, then the amount that would
be received would be worth only £50,000. Of course, if the Australian $ strengthened over the three
months more than £55,556 would be received.
It is important to note in the following discussions that transaction risk management is not
concerned with achieving the most favourable cash flow: it is aimed at achieving a definite cash
flow as only then can proper planning be undertaken.
7. Dealing with transaction risks

Assuming that the business does not want to tolerate exchange rate risks (and that could be a
reasonable choice for small transactions), transaction risk can be treated in the following ways:
(1) Invoice. Arrange for the contract and the invoice to be in your own currency. This will shift all
exchange risk from you onto the other party. Of course, who bears the risk will be a matter of
negotiation, along with price and other payment terms. If you are very keen to get a sale to a
foreign customer you might have to invoice in their currency.
(2) Netting. If you owe your Japanese supplier 1 million ¥, and another Japanese company owes
your Japanese subsidiary 1.1 million ¥, then by netting off group currency flows your net
exposure is only for 0.1 million ¥. This will really only work effectively when there are many
sales and purchases in the foreign currency. It would not be feasible if the transactions were
separated by many months. Bilateral netting is where two companies in the same group
cooperate as explained above; multilateral netting is where many companies in the group
liaise with the group’s treasury department to achieve netting where possible.
(3) Matching. If you have a sales transaction with one foreign customer then, a purchase
transaction with another (but both parties operating with the same foreign currency) then
this can be efficiently dealt with by opening a foreign currency bank account. For example:
1 November: should receive $2 million from US customer
15 November: must pay $1.9 million to US supplier.
Deposit the $2 million in a US $ bank account and simply pay the supplier from that. That
leaves only US $0.1 million of exposure to currency fluctuations.
Usually for matching to work well, either specific matches are spotted (as above) or there
have to be many import and export transactions to give opportunities for matching.
Matching would not be feasible if you received $2 million in November, but didn’t have to
pay $1.9 million until the following May. There aren’t many businesses that can simply keep
money in a foreign currency bank account for months on end.
(4) Leading and lagging. Let’s imagine you are planning to go to Spain and you believe that the
euro will strengthen against your own currency. It might be wise for you to change your
spending money into euros now. That would be ‘leading’ because you are changing your
money in advance of when you really need to. Of course, the euro might weaken and then
you’ll want to kick yourself, but remember: managing transaction risk is not about maximising
your income or minimising your expenditure, it is about knowing for certain what the
transaction will cost in your own currency.
Let’s say, however, you believe that the euro is going to weaken. Then you would not change
your money until the last possible moment. That would be ‘lagging’, delaying the transaction.
Note however that this does not reduce your risk. The euro could suddenly strengthen and
your holiday would turn out to be unexpectedly expensive. Lagging does not reduce risk
because you still do not know your costs. Lagging is simply taking a gamble that your hunch
about the weakening euro is correct.
(5) Forward exchange contracts. A forward exchange contract is a binding agreement to sell
(deliver) or buy an agreed amount of currency at a specified time in the future at an agreed
exchange rate (the forward rate).
In practice there are various ways in which the relationship between a current exchange rate
(spot rate) and the forward rate can be described. Sometimes it is given as an adjustment to
be made to the spot rate or the forward rates might be quoted directly. However, for each of
spot and forward there is always a pair of rates given. For example:
Spot €/£ 1.2025 ± 0.03 ie 1.2028 and 1.2022
3 month forward rate €/£ 1.2020 ± 0.06 ie 1.2026 and 1.2014
One of each pair is used if you are going to change sterling to euros. So £100 sterling would
be changed now for either €120.28 or €120.22. Guess which rate the bank will give you! You
will always be given the exchange rate which leaves you less well off, so here you will be
given a rate of 1.2022, if changing £ to euros now, or 1.2014 if using a forward contract. Once
you have decided which direction one of the rates is for, the other rate is used when
converting the other way. So:
€ to £ £ to €
Spot €/£ 1.2028 – 1.2022
3 month forward rate €/£ 1.2026 – 1.2014
So, let’s assume you are a manufacturer in Italy, exporting to the UK. You have agreed that the
sale is worth £500,000, to be received in three months and wish to hedge (reduce your risk)
against currency movements.
In three months you will want to change £ to € and you can enter a binding agreement with a
bank that in three months you will deliver £500,000 and that the bank will give you £500,000
x 1.2014 = €600,700 in return. That rate and the number of euros you receive is now
guaranteed irrespective of what the spot rate is at the time. Of course if the £ had
strengthened against the € (say to €/£ = 1.5) you might feel aggrieved as you could have then
received €750,000, but income maximisation is not the point of hedging: its point is to
provide certainty and you can now put €600,700 into your cash flow forecast with confidence.
However, there remains here one lingering risk: what happens if the sale falls through after
arranging the forward contract. We are not necessarily talking about a bad debt here as you
might not have sent the goods, but you have still entered a binding contract to deliver
£500,000 to your bank in three months’ time. The bank will expect you to fulfil that
commitment, and so what you might have to do is go to the bank, exchange enough € for
£500,000, then immediately use that to meet your forward contract, receiving €600,700 back.
This process is known as ‘closing out’, and you could win or lose on it depending on the spot
rate at the time.
There is one other way that forward rates might be given and this is as an adjustment to the
spot rates.
For example:
Spot rate €/£ 1.2501 – 1.2631
3 month forward margin 0.3c – 0.4c pm
Here ‘pm’ appears after the margin. This means SUBTRACT the margin. Note that the margin
is in cents.
If ‘dis’ had been after the margin, this means a discount and this would be ADDED to the spot
rate.
Note premium and discount appear to have the reverse meanings to normal. ADD a
DISCOUNT, SUBTRACT a PREMIUM.
So in this example, the three month forward rate would be:
Spot rate €/£ 1.2501 – 1.2631
3 month forward margin 0.0030 0.0040 pm
1.2471 1.2591
Forward contracts are known as ‘over the counter’ arrangements. You have to meet with
your bank and set up the contract on an individual basis/
(6) Money market hedging. Let’s say that you were a UK manufacturer exporting to the US so
that in three months you are due to receive $2 million. You would suffer no currency risk if
that $2 million could be used then to settle a $2 million liability; that would be matching the
currency inflow and outflow. However, you don’t have a $2 million liability to settle then – so
create one that can soak up the US $. You can create a $ liability by borrowing $ now and
then repaying that in three months with the $ receipt. So the plan is:
(7)
Interest on the $
loan will accrue for
three months
Borrow $ now $2 million liability
Convert at
spot rate
£ Available now $2 million from customer
To work out how many $ need to be borrowed now, you need to know $ interest rates. For
example, the US$ 3 month interest rate might be quoted as:
0.54% – 0.66%
It is important to understand that, although this might be described as a ‘3 month rate’ it is

always quoted as an annualised rate. One rate is what you would earn interest at on a deposit,
and the other the rate you would pay on a loan. Again, no prizes for guessing which is which:
you will always be charged more than you earn. On the dollar loan we will be charged 0.66%
pa for three months and the loan has to grow to become $2 million in that time. So, If X is
borrowed now and three months’ of interest is added:
X(1 + 0.66%/4) = 2,000,000
X = $1,996,705
This can be changed now from $ to £ at the current spot rate, say $/£ 1.4701, to give
£1,358,210.
This amount of sterling is certain: we have it now and it does not matter what happens to the
exchange rate in the future. Ticking away in the background is the US$ loan which will
amount to $2 million in three months and which can then be repaid by the $2 million we
hope to receive from our customer. That is the hedging process finished because exchange
rate risk has been eliminated
Why might this somewhat complicated process be used instead of a simple forward contract?
Well, one advantage is that we have our money now rather than having to wait three months
for it. If we have the money now we can use it now – or at least place it in a sterling deposit
account for three months. This raises an important issue when we come to compare amounts
received under forward contracts and money market hedges. If these amounts are received at
different times they cannot be directly compared, because receiving money earlier is better
than receiving it later. To compare amounts under both methods we should see what the
amount received now would become if deposited for three months. So, if the sterling 3
month deposit rate were 1.2%, then placing £1,358,210 on deposit for three months would
result in:
£1,358,210 (1 + 1.2%/4) = £1,362,285
It is this amount that should be compared to any proceeds under a forward contract.
The example above dealt with hedging the receipt of an amount of foreign currency in the
future. If foreign currency has to be paid in the future, then what the company can do is
change money into sufficient foreign currency now and place it on deposit so that it will grow
to be the required amount by the right time. Because the money is changed now at the spot
rate, the transaction is immune from future changes in the exchange rate.
Money market hedging is also an over-the counter operation.
8. Further methods of exchange risk hedging

There are two other methods of exchange risk hedging which you are required to know. They
involve the use of derivatives: financial instruments whose value derives from the value of
something else – like an exchange rate.
8.1. Currency futures.

Simply think of futures contracts as items you can buy and sell on the futures market and whose
price will closely follow the exchange rate.
๏ Currency futures are standardised contracts for the sale or purchase at a set future date of a
set quantity of currency.
๏ Contracts have a market price and they can be bought and sold on the futures market. The
market prices follows the exchange rate approximately.
๏ Losses or profits can be made on futures trading
To hedge: do the same to the futures now [Buy/sell] as you would do to the currency in the future
Let’s say that a US exporter is expecting to receive €5 million in three months and that the current
exchange rate is $/€1.24. Assume that that is also the price of $/€ futures. The US exporter will fear
that the exchange rate will weaken over the three months, say to $/€1.10 (that is fewer dollars for a
euro). If that happened then the market price of the future would decline too, to around 1.1. The
exporter could arrange to make a compensating profit on buying and selling futures: sell now at
1.24 and buy later at 1.10. Therefore any loss made on the main the currency transaction is offset by
the profit made on the futures contract.
This approach allows hedging to be carried out using a market mechanism rather than entering
into individual tailored contracts that the forward contracts and money market hedges required.
However, this mechanism does not offer anything fundamentally new.
Here are some more examples:
Example 1
Weetwood Co is in the US and needs £5m on 30 September Spot today (1/8) is: $/£ 1.5134 – 1.5352.
September $/£ futures are available. The price today is 1.5423. The spot and the futures prices both
increase by 0.04 as at 30/9.
Remember, do to futures now (buy/sell) that you will do to the currency later.
$M
If exchanged at spot rate £5m would cost £5m x 1.5352 7.676
If exchanged at rate at 30/9, $5m would cost £5m x 1.5752 (ie 1.5352 +0.4) 7.876
Loss on underlying transaction (0.200)
Profit on futures contract (buy now at 1.5423, sell on 30/9 at 1.5823) $5m x
0.200
(1.5823 – 1.5423)
Net gain/loss NIL
Note: if the exchange rate had moved the other way, the profit on the exchange rate would be
offset by a loss on the futures contract.
Example 2
Weetwood Co is in the US and will receive £10m on 30/9. Spot today (1/8) is: $/£ 1.5134 – 1.5352.
September $/£ futures are available. The price today is 1.5423. The spot and the futures prices both
increase by 0.04 as at 30/9.
Remember, do to futures now (buy/sell) that you will do to the currency later.
$M
If exchanged at spot rate £10m would cost £10m x 1.5134 15,134
If exchanged at rate at 30/9, £10 would give £10m x 1.5534 (ie 1.5134 + 0.04) 15,534
Gain on underlying transaction 0.200
Loss on futures contract (sell now at 1.5423, buy on 30/9 at 1.5823) $5m x
0.200
(1.5823 – 1.5423)
Net gain/loss NIL
Practical points relating to futures
๏ All futures are priced in US $, eg US $/£ or US $/€

๏ Contracts are standard sizes: £ = £62,500; € = 125,000; Japanese Yen = 12.5m
๏ All contracts of standard maturity
๏ A tick is the smallest movement of a contract price and is 0.0001 of the contract
๏ Value of tick = 0.0001 x contract size (€ contract, tick = $12.50 NB priced in $).
๏ Choose nearest whole number of contracts.
๏ Choose first expiry contract date after the transaction
๏ To enter the contract, have to pay a margin up-front (like a deposit).
Example 3
1/6: UK company agrees to sell goods to the US for $500,000, to be settled 30/11
1/6: spot rate $/£ = 1.5732 – 1.5745.
Sterling futures: contract size £62,500;
Tick size = $6.25. Prices are as shown in the table:
Settlement date Price S/£

Jun 1.5480
Sept 1.5245
Dec 1.5136
Assume spot rate on 30/11 is 1. 71 – 1. 75 and the futures price then is 1.6997.
Show how the transaction could be hedged by setting up a futures contract.
Solution:
We lose if 1.5745 rises as $500,000 will yield fewer £.
Therefore, to compensate, buy futures now, sell later. (Note: always consider from a US viewpoint
as these are $ futures. We need to buy £, the ‘foreign’ currency, so buy futures now.)
Contract size = £62,500; tick = $6.25
December futures (1st expiry date after the transaction): $500,000/1.5136 = £330,338;
£330,338/62,500 = 5.3, say 5.
We are told to assume spot rate on 30/11 is 1. 41 – 1. 75 and the futures price is 1.5723.
Futures price has moved by 0.1861 (1.5136 up to 1.6997) an increase of 1861 ticks
1861 x 5 contracts x $6.25 = $58,156 profit
Receive $500,000 + $58,156 = $558,156
This will be converted to $558,156/1.75 = £296,197.
Note that if we could have converted at the spot rate on 1/6, we would have received
$500,000/1.5745
This will produce sterling of $518,344/1. 75 = £317,561
The hedge is not perfect because:
๏ The number and value of contract is not an exact fit to the transaction
๏ There is basis risk, meaning that futures prices do not stay perfectly in line with spot rates.
8.2. Options
Options are radically different. They give the holder the right, but not the obligation, to buy or sell a
given amount of currency at a fixed exchange rate (the exercise price) in the future. (If you
remember, forward contracts were binding.)
The right to sell a currency at a set rate is a put option (think: you ‘put’ something up for sale); the
right to buy the currency at a set rate is a call option.
Suppose a UK exporter is expecting to be paid US$ 1 million for a piece of machinery to be

delivered in 90 days. If the £ strengthens against the US$ the UK firm will lose money, as it will
receive fewer £ for the US$ 1million. However, if the £ weakens against the US$, then the UK
company will gain additional money. Say that the current rate is $/£ 1.40 and that the exporter will
get particularly concerned if the rate moved beyond $/£1.50. The company can buy £ call options
at an exercise price of $/£ = 1.50, giving it the right to buy £ at $1.50/£. If the dollar weakens
beyond $/$1.50, the company can exercise the option thereby guaranteeing at least £666,667. If
the US$ stays stronger – or even strengthens to say $/£1.20, the company can let the option lapse
(ignore it) and convert at 1.20, to give £833,333.
This seems too good to be true as the exporter is insulated from large losses but can still make
gains. But there’s nothing for nothing in the world of finance and to buy the options the exporter
has to pay an up-front, non-returnable premium. Options can be regarded just like an insurance
policy on your house. If your house doesn’t burn down you don’t call on the insurance, but neither
do you get the premium back. If there is a disaster the insurance should prevent massive losses.
Options are also useful if you are not sure about a cash flow. For example, say you are bidding for a
contract with a foreign customer. You don’t know if you will win or not, so don’t know if you will
have foreign earnings, but want to make sure that your bid price will not be eroded by currency
movements. In those circumstances, and option can be taken out: used if necessary or ignored if
you do not win the contract or currency movements are favourable.
Example 4
A company is importing goods costing $200,000 from the US. The current exchange rate is €/$ 0.75
payment to be made in 3 months. The company buys a three month option for €4000 at an
exercise price of €/$ 0.77. What will the total cost of the import be if the exchange rate is:
€/$ 0.70?
€/$ 0.80?
Solution:
$200,000 would cost €140,000 (200,000 x 0.7) using the spot rate or €154,000 (200,000 x 0.77) if the
option is exercised. Therefore, allow option to lapse. Total cost of goods = €144,000 (140,000 +
4,000).
$200,000 would cost €160,000 (200,000 x 0.8) using the spot rate or €154,000 (200,000 x 0.77) if the
option is exercised. Therefore, exercise the option. Total cost of goods = €158,000 (154,000 +
4,000).
8.3. Option pricing
There are two elements to the price of an option:
๏ Intrinsic value
๏ Time value
The intrinsic value is determined by the exercise price compared to the current price of the
underlying asset.
For example: a put option allowing you to sell an asset at $5 when the current market price of the
asset is $4, gives an intrinsic value of $1.
Similarly: a call option at an exercise price of $7 when the actual purchase price if $10 gives an
intrinsic value of $3.
In the two examples above, the option would be said to be ‘in the money’. A put option at an
exercise price of $6 when the market price is $7 is ‘out of the money’ and has no intrinsic value.
The time value related to the length of time that the option lasts and therefore what protection it
might offer against adverse price movements. Think of how you would be prepared to pay more for
an insurance policy if:
๏ The period of the insurance increased; and/or

๏ The volatility of the underlying security increased (greater volatility implies more protection is
given by the option).
In addition the value of a call option increases if general interest rates increase because the call
option allows you to safely defer purchase and to keep your money earning interest for longer.
Chapter 11
HEDGING TECHNIQUES FOR INTEREST
RATE RISK
1. Introduction
Risk arises for businesses when they do not know what is going to happen in the future, so
obviously there is risk attached to many business decisions and activities.
Interest rate risk arises when businesses do not know:
๏ how much interest they might have to pay on borrowings, either already made or planned;
or
๏ how much interest they might earn on deposits, either already made or planned.
If the business does not know its future interest payments or earnings, then it cannot complete a
cash flow forecast accurately. It will have less confidence in its project appraisal decisions because
changes in interest rates will alter the weighted average cost of capital and the outcome of net
present value calculations.
There is, of course, always a risk that if a business had committed itself to variable rate borrowings
when interest rates were low, a rise in interest rates might not be sustainable by the business and
that liquidation becomes a possibility.
Note carefully that the primary aim of interest rate management (and indeed currency rate
management) is not to guarantee a business the best possible outcome, such as the lowest interest
rate it would ever have to pay. The primary aim is to limit the uncertainty for the business so that it
can plan with greater confidence.
2. Traditional and basic approaches

2.1. Matching and smoothing
When taking out a loan or depositing money, businesses will often have a choice of variable or
fixed rates of interest. Variable rates are sometimes known as floating rates and they are usually set
with reference to a benchmark such as LIBOR, the London Interbank Offered Rate. For example,
LIBOR +3%.
If fixed rates are available then there is no risk from interest rate increases: a $2 million loan at a
fixed interest rate of 5% per year will cost $100,000 per year. Although a fixed interest loan would
protect a business from interest rates rises, it will not allow the business to benefit from interest
rates decreases and a business could find itself locked into high interest costs and thereby losing
competitive advantage.
Similarly if a fixed rate deposit were made a business could be locked into disappointing returns.
Smoothing
In this simple approach to interest rate risk management the loans or deposits are simply divided
so that some are fixed rate and some are variable rate. Looking at borrowings, if interest rates rise,
only the variable rate loans will cost more and this will have less effect than if all borrowings had
been at variable rate. Deposits can be similarly smoothed.
There is no particular science about this. The business would look at what it could afford, its
assessment of interest rate movements and divide its loans or deposits as it thought best.
Matching
This approach requires a business to have both borrowed and deposited money. The closer the two
the amounts the better.
For example, let’s say that the deposit rate of interest is LIBOR + 1% and the borrowing rate is LIBOR
+ 4%, and that $500,000 is deposited and $520,000 borrowed. Assume that LIBOR is currently 3%.
Currently:
Annual interest paid = $520,000 x (3 + 4)/100 = $36,400
Annual interest received = $500,000 (3 + 1)/100 = $20,000
Net cost = $16,400
Now assume that LIBOR rises by 2% to 5%
New interest amounts:
Annual interest paid = $520,000 x (5 + 4)/100 = $46,800
Annual interest received = $500,000 (5 + 1)/100 = $30,000
Net cost = $16,800
The increase in interest paid has been almost exactly offset by the increase in interest received. The
extra $400 relates to the mismatch of the borrowing and deposit of $20,000 x increase in LIBOR of
2% = $20,000 x 2/100 = $400.
3. Asset and liability management

This relates to the periods for which loans (liabilities) and deposits (assets) last. The issues raised are
not confined to variable rate arrangements because a company can face difficulties where amounts
subject to fixed interest rates or earnings mature at different times.
Say, for example, that a company borrows using a ten-year mortgage on a new property at a fixed
rate of 6% per year. The property is then let for five years at a rent that yields 8% per year. All is well
for five years but then a new lease has to be arranged. If rental yields have fallen to 5% per year, the
company will start to lose money.
It would have been wiser to match the loan period to the lease period so that the company could
benefit from lower interest rates – if they occur.
4. Forward rate agreements (FRA)

These arrangements effectively allow a business to borrow or deposit funds as though it had
agreed a rate which will apply for a period of time. The period could, for example start in 3 months’
time and last for 9 months after that. Such an FRA would be termed a 3 – 12 agreement because is
starts in 3 months and ends after 12 months. Note that both parts of the timing definition start
from the current time.
The loans or deposits can be with one financial institution and the FRA can be with an entirely
different one, but the net outcome should provide the business with a target, fixed rate of interest.
This is achieved by compensating amounts either being paid to or received from the supplier of the
FRA, depending on how interest rates have moved.
Technically, if you are borrowing, you buy an FRA; if you are depositing money you would sell an
FRA.
FRAs are ‘over the counter’ instruments
Example 1
Nero Plc’s cash flow forecast shows that it will have to borrow $2 million from Goodfellow’s Bank in
4 months’ time for a period of 3 months. The company fears that by the time the loan is taken out,
interest rates will have risen. The current interest rate is 5% and this is offered by Helpy Bank on the
required FRA.
Required
What FRA is needed?
Show the cash flows if the interest rate has risen to 6.5% when the loan is taken out
Show the cash flows if the interest rate has fallen to 4% when the loan is taken out
Solution:
(i) The FRA needed would be a 4 – 7 FRA at 5%
(ii) The interest rate has risen to 6.5%:
Interest on loan paid to Goodfellow’s bank = $2 million x 6.5/100 x 3/12 = (32,500)
Paid to Nero under FRA by Helpy Bank = $2 million x (6.5 – 5)/100 x 3/12 = 7,500
Net cost of the loan (25,000)

(iii) The interest rate has fallen to 4%:
$
Interest on loan paid to Goodfellow’s bank = $2 million x 4/100 x 3/12 = (20,000)
Paid to Nero under FRA to Helpy Bank= $2 million x (4 – 5)/100 x 3/12 = (5,000)
Net cost of the loan (25,000)

Note:
(a) In both cases the effective rate of interest on the loan is 5%, the FRA agreed rate:
$2 million x 5/100 x 3/12 = $25,000.
(b) In part (iii) when interest rates have fallen, Nero Plc would no doubt wish that it hadn’t
entered the FRA so that it wouldn’t have to pay Helpy Bank $5,000. However, the purpose of
the FRA is to provide certainty, not to guarantee the lowest possible cost of borrowing and
$5,000 will have to be paid to Helpy Bank.
5. Interest rate derivatives

The interest rate derivatives that will be discussed are:
๏ Interest rate futures

๏ Interest rate options
๏ Interest rate caps, floors and collars
5.1. Interest rate futures

Futures contracts are of fixed sizes and for given durations. They give their owners the right to earn
interest at a given rate, or the obligation to pay interest at a given rate.
Selling a future creates the obligation to borrow money and the obligation to pay interest
Buying a future creates the obligation to deposit money and the right to receive interest.
Interest rate futures can be bought and sold on exchanges such as LIFFE, the London International
Financial Futures Exchange.
The price of futures contracts depends on the prevailing rate of interest and it is crucial to
understand that as interest rates rise, the market price of futures contracts falls. In fact, the price of
a futures contract is 100 – the interest rate.
Think about that and it will make sense: say that a particular futures contract allows borrowers and
lenders to pay or receive interest at 5%, which is the current market rate of interest available. Now
imagine that the market rate of interest rises to 6%. The futures contract has become less attractive
to buy because depositors can earn 6% at the market rate but only 5% under the futures contract.
The price of the futures must fall.
Similarly, borrowers will now have to pay 6% but if they sell the future contract they have to pay at
only 5%, so the market will have many sellers and this reduces the selling price until a buyer-seller
equilibrium price is reached.
๏ A rise in interest rates reduces futures prices.

๏ A fall in interest rates increases futures prices.
Remember: price of the futures contract = 100 – interest rate.
Interest rate option contracts are for fixed amounts (typically £500,000) last for only 3 months. So
to obtain cover for a £3m loan for 6 months the number of contracts needed would be
£3m/£0.5m x 6 months/3 months = 12 contracts.
In practice, futures price movements do not move perfectly with interest rates so there are some
imperfections in the mechanism. This is known as basis risk.
The approach used with futures to hedge interest rates depends on two parallel transactions:
๏ Borrow/deposit at the market rates

๏ Buy and sell futures in such a way that any gain that the profit or loss on the futures deals
compensates for the loss or gain on the interest payments.
Borrowing or depositing can therefore be protected as follows:
Depositing and earning interest
The depositor fears interest rates falling as this will reduce income.
If interest rates fall, futures prices will rise, so buy futures now (at the relatively low price) and sell
later (at the higher price). The gain on futures can be used to offset the lower interest earned.
Of course, if interest rates rise the deposit will earn more, but a loss will be made on the futures
(bought at a relatively high price then sold at a lower price).
As with FRAs, the objective is not to produce the best possible outcome but to produce an
outcome where the interest earned plus the profit or loss on the futures deals is stable.
Borrowing and paying interest
The borrower fears interest rates rising as this will increase expense.
If interest rates rise, futures prices will fall, so sell futures now (at the relatively high price) and buy
later (at the lower price). The gain on futures can be used to offset the lower interest earned.
Students are often puzzled by how you can sell something before you have bought it. Simply
remember that you don’t have to deliver the contract when you sell it: it is a contract to be fulfilled
in the future and it can be completed by buying in the future.
Of course, if interest rates fall the loan will cost less, but a loss will be made on the futures (sold at a
relatively low price then bought at a higher price).
Once again, the aim is stability of the combined cash flows.
Summary
The summary rule for interest rate futures is:
๏ Depositing: buy futures then sell

๏ Borrowing: sell futures then buy
Example 2
Today is 3 October, and interest rates are 8% p.a. X plc will wish to borrow $6M for 6 months
starting on 1 January. 3 month January interest rate futures are available at 92.00.
Show how interest rate futures may be used to hedge the risk, and calculate the outcome on
1 January.
(Assume that on 1 January interest rates have changed to 10% and the futures price to 90.00)
Solution:
Sell futures – amount = 6M x 6/3 =$12M
On 1 January:
Loan interest: $6M × 10% × 6⁄12 = 300,000
Profit on futures: 12M × (92 – 90)/400 (60,000)
Net payment $240,000
The net payment is equivalent to 8% x $6m x 6/12.
Note: 92 – 90 = movement on the futures price, but strictly there are percentages.
Just as 5% = 0.05, 92 = 0.92.
The contracts last for only three months so the interest gain/loss is for ¼ of a year. (Earlier we had
used 6/3 to account for 6 months coverage).
So the profit on futures will be 12M x (92% - 90%)/4 or 12M x (92 - 90)/400.
5.2. Interest rate options
Interest rate options allow businesses to protect themselves against adverse interest rate
movements whilst allowing them to benefit from favourable movements. They are also known as
interest rate guarantees. Options are like insurance policies:
(1) You pay a premium to take out the protection. This is non-returnable whether or not you
make use of the protection.
(2) If interest rates move in an unfavourable direction you can call on the insurance.
(3) If interest rates move favourable you ignore the insurance.
Options are taken on interest rate futures and they give the right, but not the obligation, either to
buy the futures or sell the futures at an agreed price at an agreed date.
Interest rate option contracts are for fixed amounts (typically £500,000) last for only 3 months. So
to obtain cover for a £3m loan for 6 months the number of contracts needed would be
£3m/£0.5m x 6 months/3 months = 12 contracts.
Using options when borrowing
As explained above, if using simple futures the business would sell futures now then buy later.
When using options, the borrower takes out an option to sell a future at today’s price (or another
agreed price). Let’s say that price is 95. An option to sell is known as a put option (think about
putting something up for sale).
If interest rates rise the futures price will fall, let’s say to 93. Therefore the borrower will buy at 93
and will then choose to exercise the option by exercising their right to sell at 95. The gain on the
options is used to offset the extra interest that has to be paid.
If interest rates fall the futures price will rise, let’s say to 97. Obviously, the borrower would not buy
at 97 then exercise the option to sell at 95, so the option is allowed to lapse and the business will
simply benefit from the lower interest rate.
Using options when depositing
As explained above, if using simple futures the business would buy futures now then sell later.
When using options, the investor takes out an option to buy at today’s price (or another agreed
price). Let’s say that price is 95. An option to buy is known as a call option.
If interest rates fall the futures price will rise, let’s say to 97. The investor would therefore sell at 97
then exercise the option to buy at 95. The gain on the options is used to offset the lower interest
that has been earned.
If interest rates rise the futures price will fall, let’s say to 93. Obviously the investor would not sell
futures at 93 and exercise the option by insisting on their right to sell at 95. The option is allowed to
lapse and the investor enjoys extra income form the higher interest rate.
Options therefore give borrowers and lenders a way of guaranteeing minimum income or
maximum costs whilst leaving the door open to the possibility of higher income or lower costs.
These ‘heads I win, tails you lose’ benefits have to be paid for and a non-returnable premium has to
be paid up front to acquire the options.
Example 3
Today is 3 October, and interest rates are 8% p.a. X plc will wish to borrow $6M for 6 months
starting on 1 January. 3 months January interest rate futures are available at 92.00.
Show how interest rate futures may be used to hedge the risk, and calculate the outcome on
1 January.
(Assume that on 1 January interest rates have changed to 10% and the futures price to 90.00)
5.3. Interest rate caps, floors and collars
Interest rate cap:
A cap involves using interest rate futures options to set a maximum interest rate for borrowers. If
the actual interest rate is lower, the option is allowed to lapse. This is simply the explanation above
of using an option when borrowing and the borrower would buy a put option.
Interest rate floors:
A floor involves using interest rate futures options to set a minimum interest rate for investors. If
the actual interest rate is higher the investor will let the option lapse. This is simply the explanation
above of using options wen depositing and the investor would buy a call option.
Interest rate collar:
A collar involves using interest rate options to confine the interest paid or earned within a pre-
determined range. A borrower would buy a cap (buy a put) and sell a floor (sell a call), thereby
offsetting the cost of buying a cap against the premium received by selling a floor. Note this is the
first time we have dealt with selling an option: previously we have bought puts or calls.
Selling the call option allows the other party to insist on receiving interest at a minimum rate. If
actual rates are lower than this, we will end up having to pay that person interest – hence a floor is
set for us as borrowers.
A depositor would buy a floor and sell a cap.
6. Interest rate swaps

In interest rate swaps: two parties agree to exchange interest payments with each other over an
agreed period.
๏ There have to be advantages to both parties.

๏ The advantages usually arise because the parties are offered different terms for fixed and
floating rate loans and these differences can be exploited.
For example:
Company A can borrow at a fixed rate of 8% or at a variable rate of LIBOR + 2%
Company B can borrow at a fixed rate of 9% or at a variable rate of LIBOR + 5%.
Company A wants to have a fixed rate loan and Company B wants a variable rate loan.
Show how both companies can borrow from an interest rate swap.
If each company borrows the type of loan it wants, Company A will borrow fixed at 8% and
Company B will borrow variable at LIBOR + 5%.
The total interest bill will be: LIBOR + 5% + 8% = LIBOR + 13%
If they borrow in the ways they don’t want, Company A will borrow variable at LIBOR + 2% and
Company B will borrow fixed at 9%.
The total interest bill will be: LIBOR + 2% + 9% = LIBOR + 11%.
There is therefore a 2% difference that the companies should be able to exploit by borrowing in the
ways they don’t want then swapping the interest rate payments so that they pay fixed/variable as
they wish.
They can split the 2% advantage in whatever way they want to. In the following solution it has been
assumed that they enjoy 1% each, so at the end of the swap, Company A will be paying fixed rate
interest but at 8 – 1 = 7%, and Company B will be paying variable rate interest but at LIBOR + 4%.
Company A Company B
Borrow in the way that will open up the advantage (LIBOR + 2%) (9%)
Swap the variable rate LIBOR + 2% (LIBOR + 2%)
Swap a fixed rate (7%) 7%
(7%) (LIBOR + 4%)
In practice there are many ways in which the swap could take place, but the key is to ensure that
each party ends up better than they would have if borrowing what they wanted directly.
In this example, two companies cooperated without any intermediary. In practice, this
matchmaking can be difficult to bring off as each company needs to find another it trusts with
complementary needs. Instead, swaps are often arranges directly with a bank, or through a bank
which will either pay or accept LIBOR in exchange for fixed interest. The bank will take a cut.
For example:
Company A: Fixed rate 10%, or LIBOR + 1% [prefers to borrow fixed]
Company B: Fixed rate 9% or LIBOR + 0.5% [prefers to borrow variable]
If they borrow in the way they prefer the total interest bill will be: 10% + LIBOR + 0.5% = LIBOR +
10.5%
If they borrow ‘the other way’, the total interest bill will be: LIBOR + 1% + 9% = LIBOR + 10%.
So there is 0.5% to play for.
Instead of swapping directly they go through a bank that will pay LIBOR to Company A in exchange
for 8.8% fixed, and will accept LIBOR from Company B in exchange 8.6% interest.
Note that with regard to the bank, the LIBOR in and out have cancelled, but the bank receives 8.8%
from Company A and pays only 8.6% to Company B, thus making a profit.
The position can be shown as:
8.8% 8.6%
Company A Company B
BANK
Borrows LIBOR +1% LIBOR LIBOR Borrows fixed 9%
The final position is:
Company A pays: LIBOR + 1% + 8.85 – LIBOR = 9.80 [better than direct fixed borrowing of 10%]
Company B pays: 9% + LIBOR - 8.6% = LIBOR + 0.4% [better than direct variable borrowing of
LIBOR + 0.5%]
Between them the companies save (10 – 9.8) + (0.5 – 0.4) = 0.3
The bank earns 0.2%
Chapter 12
PERFORMANCE MANAGEMENT
1. Introduction
๏ Performance: A task or operation seen in terms of how successfully it is performed
(www.Oxforddictionaries.com).
The task could be to make profits, increase share price, curing patients in a hospital, clear
household rubbish. An organisation’s primary tasks can often be found in the organisation’s
mission statement For example a car manufacturer’s primary task is to produce cars
profitably. Although that might be its ‘primary tasks’ the task of making profits always rests
on subsidiary tasks such as good design, low cost per unit, quality, flexibility, successful
marketing and so on. Many of these are non-financial achievements.
๏ Management: The process of dealing with or controlling things or people
(www.Oxforddictionaries.com).
Implicit in the idea of controlling something (like a bicycle) is knowing where it is now,
knowing where you need to go and how to manoeuvre it to reach your destination.
2. Features of a modern performance measurement system

Performance measurement is fundamental to both the concept of performance (what is meant by
successful performance?) and its management (assessment of current position, and where we need
to be). It is essential to good performance measurement that suitable performance measures are
set.
The expected features of modern performance measurement systems are.
Feature Explanation
๏ They should measure the effectiveness of For example: a local council will have
the business and its processes in meeting objectives for street cleaning and waste
the organisation’s objectives in order to disposal so as to provide a safe and pleasant
link to the overall strategy; environment for the local population.
Performance in these areas should be
measured to maximize the chance of the
objectives being met.
๏ They should measure the efficiency of For example: although the council, above,
resource utilisation within the might keep its streets spotless it would also
organisation; have a responsibility to achieve this in a cost-
effective way by ensuring that tasks are
performed efficiently.
๏ They should contain internal and external For example: the performance of different
measures of performance; cleaning teams can be compared. In addition it
is important to compare (benchmark) the
council’s performance to that of other councils
so that meaningful targets are set.
๏ They should comprise a mix of financial For example: running costs, % of rubbish bins
and non-financial (quantitative and not emptied as scheduled, householder
qualitative) methods; satisfaction ratings.
๏ They will require to make clear the For example: should rubbish bins be emptied
different dimensions of performance so weekly or only every fortnight? Costs saves and
that judgements on trade-offs between loss of amenity must be compared to allow a
them are explicit (e.g. quality and cost); rational decision to be made.
๏ They will link to the targets set for For example: a monthly employee bonus based
employee motivation; on % of rubbish bins emptied on schedule.
๏ They should cover both the short-term For example: short term there will be cost
and long-term performance of the constraints; long term the council might want
organisation; to attract more people to the area to boost the
economy. Attracting new people will partly
depend on providing a clean environment and
good council services.
๏ They should be flexible in order to For example: there will be short term
respond to changes in the business disruption over public holidays or periods of
environment. very bad weather. Long term, if industry grows
in the area, measures might have to be divided
to cover both domestic waste and industrial
waste.
There are a number of potential pitfalls on the design of performance measurement

systems:
๏ Not enough performance measures are set. Often directors and employees will be judged on
the basis of performance measure results. It has been said that ‘Whatever you measure you
change’ and employees will tend to concentrate on achieving the required performance
where it is measured. The corollary is that ‘Whatever you don’t measure you don’t change’
and the danger is that employees will ignore areas of behaviour and performance which are
not assessed.
๏ Too many performance measures, especially where they are not ranked by importance.
Performance measures have to be measured, calculated, reported to management and
discrepancies explained or excuses invented. Trying to juggle too many measures can divert
time from more important tasks and there is a danger that employees concentrate on the
easier but more trivial measures than on the more difficult but vital targets. It is essential to
identify the really important measures and the identification of critical success factors (‘CSF’)
can achieve this. CSFs must be achieved if the organisation is going to succeed.
๏ The wrong performance measures. For example, applying strict cost measures in an
organisation where luxury products and services are sold is likely to detract from the
organisation’s success.
๏ Too tight/too loose performance measures. For example, performance indicators that are too
difficult to attain can lead to a loss of employee motivation, gaming and to the
misrepresentation of data. A performance measure that is too loose can pull down
performance. It is important that measures are set at challenging yet attainable levels and it is
here that benchmarking exercises can help. Internal benchmarking generally sets measures
based on previous period’s measures or set measures with respect to other branches or
divisions. However these internal benchmarks can lead to complacency as many
organisations have to compete with others and benchmarks should be aligned to
competitors’ performance.
๏ ‘Hit and run’ performance indicators. By this I mean that a performance indicator is set then it
is assumed that things will look after themselves. The performance indicator needs a
management framework if it is to be at all effective.
3. Control systems
3.1. Introduction
Control systems are necessary throughout an organisation to monitor performance so that

corrective action may be taken where appropriate.
An example is a budgetary control system, where costs might be compared against budget and
action taken to attempt to correct any over-spends.
Another example is a quality control system, where production is compared against pre-defined
standards, and again appropriate action is taken when the quality deviates from the standard.
All control systems operate in the same basic way, and you should be aware of the diagram below
and the terminology.
ENVIRONMENTAL FACTORS STANDARD
EFFECTOR / ADJUSTOR
INPUTS COMPARATOR
PROCESS
OUTPUT SENSOR
3.2. Feedback/feedforward control
Feedback control is where the outputs of a process are measured and information is then
provided regarding corrective action, after the outputs have been produced.
Variance analysis is an example of this. At the end of (say) each month, variances are calculated. If
there is an overspend in January, then attempts will be made to correct the problem for the future.
It is however too late to do anything about January
It is vital that any feedback needed is applied sufficiently quickly to prevent further deterioration in
performance. Delays can creep in at any stage:
๏ Delay in collecting data

๏ Delay in carrying out comparisons (eg delays in producing variance analyses)
๏ Delay in managers reading the reports, deciding what to do and effecting change.
IT systems can be of great help in reducing delays in control systems because the data can often be
collated and reported in real time.
Feed forward control is where a problem is identified in advance and corrective action taken
before the problem occurs.
An example of this is one use of the budgeting process. If a budget is prepared for the coming year
and forecasts an unacceptably low profit, then ways will be looked for of changing plans to
increase the profit. For example, increasing selling prices or cutting cost
3.3. Negative/positive feedback
Negative feedback is where the control mechanism reduces the problem, and is what we would
desire to achieve. For example if actual costs are above budgeted costs, negative feedback would
be applied
Positive feedback however, is where the departure from the plan is to be encouraged. For
example, if sales are ahead of budget the organisation would try to encourage that behaviour.
4. Information for performance management

4.1. Introduction
Information can be classified as follows:
Information
Non-financial Financial
Quantitative Qualitative
Examples are:
๏ Financial: sales, profits, costs, GP%, return on capital employed

๏ Non-financial quantitative: percentage of product rejects, volume of sales, number of
complaints.
๏ Non-financial qualitative: reputation, effectiveness, customer satisfaction, staff morale.
The information provided must match the performance drivers of the organisation’s success. In
particular, non-financial performance is a very important determinant of the long term success of
any enterprise. For a business, short term financial performance can often be improved by reducing
quality, innovation and training. However, a business pursuing these approaches is likely to suffer
financially in the long term. It is not so much that a business is interested in making high quality
products for their own sake, but if the business positions itself as a high quality manufacturer it
must deliver high quality and, therefore, quality needs to be monitored. If the business were known
as a ‘cheap and cheerful’ supplier, the measurement of quality would be much less important but
costs per unit would become more important. It is a common theme of questions for reports to
display only financial information; this allows the opportunity for candidates to criticise the lack of
relevant non-financial information.
4.2. Budgets in performance management
The functions of a budget are:
๏ Forecasting
๏ Planning and control
๏ Coordination
๏ Communication
๏ Authorisation
๏ Motivation
๏ Evaluation
Particular difficulties can arise when using budgets to evaluate performance:
๏ Time consuming and costly to put together

๏ Constrains responsiveness, flexibility and change
๏ Rarely strategically focussed
๏ Concentrate on cost reduction, not value creation
๏ Strengthen vertical control and command reflect emerging network structures
๏ Encourage ‘gaming’ and perverse behaviour.
๏ Developed and updated too infrequently
๏ Based on unsupported assumptions and guesses
๏ Reinforce departmental barriers
๏ Make people feel undervalued.
4.3. Beyond budgeting

๏ Measuring success against the competition.
๏ The target setting based on external benchmarks.
๏ Motivation through challenges and delegating responsibility
๏ Empowerment of operational managers by giving them the means to act independently
(access to resources).
๏ The resource utilisation process is based on direct local access to resources through internal
markets
๏ Organization based on customer-oriented teams
๏ Creation of a single “truth” in the organization
5. The balanced scorecard (Kaplan and Norton)

The balanced looks at performance over four perspectives:
๏ Financial perspective
๏ Customer perspective
๏ Internal business perspective
๏ Innovation and learning perspective
The perspectives form a hierarchy:
Financial performance is easy to measure, but those measurements do not tell you how goods
performance was attained. The source of good performance can be thought of as happy, loyal
customers who are willing to pay goods prices.
The customer perspective looks at how well we are regarded by customers. Measures include sales
growth, repeat orders, growth of new customer, customer surveys.
The internal business perspective looks at what the organisation is doing so that customers are
delighted and operations are carried out efficiently. There will be delighted, loyal customers, and
delighted if the organisation does well what it purports to do – whatever that is. So if customers
require fast delivery, then delivery times have to have targets and actual delivery performance has
to be measured. If customers wan low prices, our operations must deliver that and we must
measure success there. If customers want fantastic quality, then that has to be measured.
The organisation might currently be the best one around, but nothing stands still. Competitors will
be trying to out-do us and improve their internal business perspectives. Therefore organisations
cannot rest on their laurels: continual improvement is needed and this is what the innovation and
learning perspective addresses. Measurements could include new products brought to market,
patents filed, staff gaining qualifications, improvements in the performance of products.
6. Factors relevant when designing performance

measurement systems
6.1. Mission statements
These define the important aspects of performance that sum up the purpose of the organisation.
See the article “The design of reports for performance management”.
6.2. Stakeholder analysis
Recognises that different stakeholders have different views on what constitutes good performance.
Sometimes what stakeholders want is different to what the mission statement suggests as the
purpose of the organisation. This is a particular problem when key-players are at odds with the
organisation’s mission. For example, a hospital would probably mention high quality patient care in
its mission statement. One of the measures that could be used to assess that could be how long
patients have to wait for treatment. Say that currently the hospital had essential staff present only
at weekends and that no elective procedures were planned then. To improve the use of facilities
and to allow patients to be seen more quickly the hospital now wants to introduce full facilities
seven days a week. This plan could cause strong resistance from staff, particularly if the staff
belonged to a powerful trade union and were thus key players. Let’s say that staff require large pay
rises to work more flexibly. So there is a conflict: the mission statements implies that seven day
working is desirable, but key player stakeholders desire more pay.
6.3. Company structure
Different structures inevitably affect both performance and its management. Tall narrow structures
are rather out of fashion but might be required in high risk industries where close supervision is
needed to avoid catastrophe. In fast changing environments, however, wide flat structures will
more readily allow flexibility, information sharing and fast decision-making on which the
organisation’s performance might depend. If success depends on flexibility and fast response to
customer requirements then there should be an attempt to measure performance there. As
businesses become larger, many choose a divisionalised structure to allow specialisation and
concentration on different parts of the business: manufacturing/selling, European market/Asian
market/North American market, product type A/product type B. Divisional performance measures,
such as return on investment and residual income then become relevant
6.4. Information technology
What systems and information are required to maximise performance and to measure
performance? How could new technologies help performance? Remember that sophisticated new
technology does not guarantee better performance as costs can easily outweigh benefits. If IT is
vital to a business then down time and query response time are relevant as might be a measure of
system usability. Back-up procedures and recovery times should be tested to ensure that proper
performance is achieved.
As noted above, IT can allow performance to be measured in real-time so that adjustments can be
quickly made.
6.5. Human resource management
What type of people should be recruited, how are they to be motivated, appraised and rewarded to
maximise the chance of good organisational performance? Again, you always have to question
whether or not recruiting better qualified people, paying them more generously and giving
better working conditions will improve performance. There are, of course ethical issues raised by
poor working conditions, but all organisations whether profit-seeking or not have to watch their
wage bills. Performance measures are needed to, for example, monitor training, performance, job
satisfaction, recruitment and retention. In addition, considerable effort has to be given to
considering how employees’ remuneration should be linked to performance.
It is also important to set targets to individuals which are effective in generating the proper
behaviours and performances. It is suggested that key performance indicators should comply with
the following:
๏ Ownership: refers to the idea that KPIs will be taken more seriously if you have a say in setting
targets. You will be more committed and will better understand why that KPI is needed.
๏ Achievability: if KPIs are frequently and obviously not achievable then motivation is harmed.
Why would you put in extra effort to try to achieve a target (and bonus) if you believe failure
is inevitable.
๏ Fairness. Everyone should be set similarly challenging objectives and it is essential that
allowance should be made for uncontrollable events. Managers should not be penalised for
events that are completely outside everyone’s control (for example, a natural disaster) or
which is someone else’s fault
Employee rewards should be set up to encourage employees to achieve the KPI targets:
๏ Clarity: exactly how does performance translate into a reward?

๏ Motivation: the reward must be both desirable and must be perceived as achievable if it is to
be motivating.
๏ Controllable: achievement of the KPI giving rise to the reward should be something the
manager can influence and control.
6.6. Quality
Increasingly quality is seen as key to sustained good performance whether you are talking about a
profit-seeking organisation, not-for profit hospital or school. However, high quality is not an
absolute goal. Performance measures are needed to ensure that products and services achieve the
quality levels set as being appropriate to the organisation.
Quality can be analysed as follows:
๏ Prevention costs
๏ Appraisal costs
๏ Internal failure costs
๏ External failure costs.
The most convincing argument for setting up a quality control system is to imagine no quality
control at all. All failures would then happen when goods arrived with customers (external failure
costs) and this cost is very high indeed (replace unit, poor reputation, perhaps damage at
customer’s premises).
External failure could largely be prevented by testing completed units in-house before
despatch.Failure at this point would be less expensive, but a whole unit needs to be examined and
repaired.
If units were tested and appraised as they were being made then repairs would be easier to carry
out or if the unit had to be scrapped at least less work would have been done on it.
Best (and cheapest) of all is to concentrate quality control on prevention: good design, good
suppliers and components, good training of staff.
The money spent on prevention will be much less than having to spend it on quality further along
the chain.
๏ Prevention and appraisal costs are known as costs of conformance (improving quality)
๏ Internal and external failure costs are known as costs of non-conformance (allowing for poor
quality).
Chapter 13
AUDITING AND FRAUD
1. Introduction to auditing
External audit:
‘A periodic examination of the books of account and records of an entity carried out by an
independent third party (the auditor), to ensure that they have been properly maintained, are
accurate and comply with established concepts, principles, accounting standards, legal
requirements and give a true and fair view of the financial state of the entity.’
(CIMA’s Management Accounting Official Terminology)
Internal audit:
‘An independent appraisal activity established within an organisation as a service to it. It is a
control which functions by examining and evaluating the adequacy and effectiveness of
other controls; a management tool which analyses the effectiveness of all parts of an entity’s
operations and management.’
(CIMA’s Management Accounting Official Terminology)
CIMA members and the P£ exam are primarily focussed on internal audit.
2. Internal audit – types of assignment

๏ Transactions audit: tracing transactions through the system, often from start to finish, to see if
they are treated correctly.
๏ Systems audit: an information technology or information systems audit, is an examination of
the management controls within an Information technology (IT) infrastructure.
๏ Risk-based audits: an internal audit which is primarily focused on the inherent risk involved in
the activities or system and provide assurance that risk is being managed by the organisation
to the defined risk appetite level.
๏ Accounting systems audit: ensuring, for example, that the proper accounting controls are
being applied consistently.
๏ Operational audits: a systematic review of effectiveness, efficiency and economy of
operation. For example, examining how customer complaints are dealt with.
๏ Value for money and best value. Usually associated with public or non-profit organisations. Its
purpose is to assess the effectiveness and efficiency of its use of public funds.
๏ Management audits: analysis and assessment of competencies, abilities and capabilities of a
company's management in order to evaluate their effectiveness, especially regarding the
strategic objectives and the implementation of the policies of the business.
๏ Social and environmental audits: A social and environmental audit looks at factors such as a
company's record of charitable giving, volunteer activity, energy use, recycling waste,
diversity in recruitment, non-discrimination in appointments, the standard of the work
environment, workers’ remuneration to evaluate the social and environmental impact the
company is having.
๏ Special assignments such as investigating a case of fraud
๏ Assisting the external auditors.
3. Comparison of internal and external audit

Internal audit External audit
Reports to Management – must have a Shareholders

clear route to the board
though day-to-day reporting
to the audit committee.
Appointed by Management Shareholders
Power from Management Statute – allows external
auditors to insist on seeing all
documents and to be given
full explanations.
Employed by Company (unless outsourced) External firm
Coverage All categories of risk and Financial statements: true and
investigation fair view
Responsibility for improving A major function of internal Will report to management on
the organisation audit internal control weaknesses
4. The audit risk model
Risk of material misstatement
AR = IR x CR x DR
Audit Risk
Control risk
Inherent Risk Detection Risk
Sampling Risk Non-sampling Risk
The audit risk model sets out the current, risk-based, approach to auditing.
Audit risk is the risk that the auditor comes to a wrong conclusion about a figure in the financial
statements or the accounting system. For example, the auditor, whether internal or external,
concludes that an amount is correct when, in fact, it is wrong.
For that to happen, three problems must have occurred:
๏ Inherent risk: this is the risk that an error is made in the first place before the application of
any controls of checks. Inherent risk is increased by factors such as:
‣ Inexperienced staff
‣ Time pressure
‣ Complex transactions
‣ Figures requiring a high degree of estimation
‣ Pressure to perform well eg to make results look good.
๏ Control risk: this is the risk that the organisations system of internal control does not prevent
or detect the error. For example, a junior employee might have committed an error (inherent
risk), but good supervision and checking of that person’s work should detect and correct the
error.
If both of these occur, then a wrong figure is in the financial statements or in the accounting
records.
๏ Detection risk: this is the last line of defence and this refers to work the auditor does. If the
auditor performs a lot of work, detection risk will be low as there is a good chance that the
audit work detects the problem. If the auditor does relatively little work, then the chance of
picking up an error will be low.
Auditors can’t alter inherent risk or control risk in the short term (though they should certainly
be able to influence control risk in the long term). Therefore, to keep the audit risk low (and
this is essential), if the auditor perceives high inherent and control risk, a large amount of
audit work will have to be performed. If, however, the auditor perceives inherent and control
risk to be low, the auditor will perform much less audit work yet still achieve a reasonable
degree of assurance about the figures in the accounting system.
Detection risk depends on:
‣ Sampling risk – if a sample is too small then errors might not be found. This risk is
decreased by increasing sample sizes.
‣ Non-sampling risk – typically because the auditors are too inexperienced, badly
supervised and their work poorly reviewed. Samples could be 100% but if the auditor
didn’t know what he or she was looking for detection risk will be very high.
5. Audit planning
The first step in any audit is to plan: what are the main risks? How will they be addressed? How
many auditors do we need and with what experience? How long will it take? How many locations
do we need to visit?
Risk can be assessed by:
Knowledge of the business. For example, a jewellery business will have high risk in inventory (small,
high-valued items).
๏ Talking to staff. For example, they might tell the auditor of an accounting problems or that
the new IT system was giving problems.
๏ Analytical procedures. Compare this period’s results with last periods and with budgets. If, for
example, receivables collection periods have increased form 34 days to 56 days the auditors
need to know why. Is it a deliberate change to terms? Has the credit control department
become sloppy? Is it an error? Is there a large unrecoverable amount that should perhaps be
written off?
6. Internal control systems

Most auditing relies on testing the system of internal control. This is the system put in place to
prevent or detect errors. Typical controls are:
๏ Segregation of duties: split up the stages of a transaction so that one person doesn’t carry out
every step. This helps to stop fraud and also means that several minds are involved in
ensuring the transaction is correct.
๏ Physical: for example, lock cash and inventory away.
๏ Authorisation and approval: for example, overtime claims are signed by managers as
approval.
๏ Management and supervision: managers and supervisors keep an eye on what’s going on.
๏ Organisation: for example, ensuring that the sales team can’t decide on sales prices to boost
demand and their commissions.
๏ Arithmetic and accounting: reperform calculations. Carry out reconciliations.
Internal control systems should be set out in a procedures manual and internal auditors will assess:
๏ Are the procedures adequate?

๏ Are the procedures being carried out as they should be?
Examples of poor internal control include:
๏ Not cancelling suppliers invoices when posted/paid (they could go round the system again).
๏ Employees self-certifying time sheets and expense claim forms
๏ Ability of junior staff to write off debts (or to carry out other journal entries).
๏ Not ensuring that cash receipts are promptly banked
๏ Not establishing credit limits for customers and not following up slow payers
๏ Not approving orders for material so that too much of the wrong type can be ordered
7. Collecting audit evidence

Auditors collect evidence in the following ways (AEIOU):
๏ Analytical procedures – ratios and comparisons as explained above.

๏ Enquiry and confirmation: for example, ask employees how they carry out certain operations.
Write to customers and ask how much they think they owe.
๏ Inspection: for example, inspect orders to ensure they have been properly authorised
๏ Observation: for example, watch operations in the receiving bay to ensure that personnel
count and inspect the goods delivered.
๏ RecalcUlation and reperformance. For example, redo a bank reconciliation to ensure that it
was carried out correctly.
8. Computer assisted audit techniques

8.1. Introduction
Even very small businesses will usually maintain their computer records on computer. There are
many advantages to this, not least that trial balances will usually balance and control accounts will
reconcile to the underlying detailed records. However, the absence of as many hand-written data
and documents data can make auditing more difficult. For example, it can be difficult to test
whether a computer is carrying out a procedure correctly and it can be more difficult to ‘see’ and
examine the information and records than in a manual system.
Computer Assisted Audit Techniques (CAAT) have been developed to assist the auditor when the
client maintains computerised records.
8.2. Types of CAAT – audit software
Audit software (or audit programs) is software developed and used by auditors. Audit software
allows clients’ accounting data files to be read and examined.
Auditor’s audit Reads Client’s accounting

software data
The processes carried out by the auditor’s software commonly include:
๏ Adding up the records. For example, inventory values and receivables balances. The totals are
the amounts that should appear in the statement of financial position.
๏ Performing calculations for analytical reviews.
๏ Identifying and printing details of unusual items for further investigation, such as credit
balances on a receivables ledger or negative inventory balances.
๏ Picking samples. For example, that audit software can be programmed to create a stratified
sample or a pure random sample.
๏ Picking all items with particular characteristics, such as all sales orders approved by a certain
employee.
Once it is set up, audit software can quickly, efficiently and economically examine every item on a
data file. This which would often be difficult or impossible if attempted manually. It can greatly
speed up audit completion and reduce costs.
8.3. Types of CAAT – test data
Test data is auditor’s data that is operated on by client’s program. It is used to test the workings and
resilience of programs.
Is processed by
Auditor’s Test data Client’s programs
The results produced by client programs are compared with predictions of what should happen
and any discrepancies are investigated.
Test data is designed to:
๏ Test that calculations are carried out correctly by client software. For example, enter time
sheet data of 50 hours worked and ensure that the correct wages and tax are calculated.
๏ Test that programmed controls and procedures are carried out correctly. For example, if a
client’s system should reject orders from customer over their credit limit, test that such orders
are indeed rejected by entering an order that should be rejected. Another example of a
programmed control would be testing that only staff members who are allocated certain
privileges can log-on and change someone’s salary: log-on with what should be inadequate
rights and ensure that you cannot change a salary.
๏ Test how resilient software is against input errors. For example, test what happens if an
account number is entered incorrectly, or a negative amount of stock id ordered, or an
impossible date is entered.
Test data might be the only way in which certain controls can be verified. For example, a company
web-site might properly reject an order from a customer, but there might be no permanent record
available to the auditors to verify that this control is happening.
8.4. Problems with CAAT techniques

๏ Technical/set-up problems. Initially, additional time and technical expertise will be needed to
set up audit software and test data properly. The time and expenses of this should be repaid
in subsequent years.
๏ Clients or departments can be reluctant to let auditors interfere with their computer records.
This is more of a problem with test data where deliberately false transactions are processed to
test the system. The normal way round this is for the auditor to use a copy of the system and
to process their test data against that. This technique is known as ‘dead’ test data. There is a
risk, of course, that the programs being used are different to the copies being used by the
auditor.
9. The internal audit report

At the end of the audit process, internal auditors will issue a report that will detail:
๏ Deficiencies in the internal control system’s design

๏ Incidents where the internal control system was not complied with
๏ Errors discovered
Often the reports will be in the format:
Details about the nature of the The possible effects of these Suggestions as to how to fix
internal control deficiency and deficiencies and departures the problems
departures from the specified
internal control procedures
10. Responsibilities, status and outsourcing

10.1.Responsibilities for internal control
Note that directors are responsible for:
๏ Maintaining sound risk management and internal control systems

๏ Setting the control environment (a culture where there is an appreciation of the benefits and
importance of controls, internal control procedures and their operation
๏ The effectiveness of these elements should be regularly reviewed.
๏ Keeping the needs for internal audit under regular review
๏ Listed companies must report on internal control in their annual reports.
10.2.Status and qualifications

Internal auditors should be:
๏ Qualified
๏ Experienced
๏ Independent
๏ Professional
Although ultimately they report to the board this will often be through the audit committee. Even
then, because of the employer/employee relationship it might be difficult for internal auditors to
criticise internal controls set up by the finance director.
10.3.Outsourcing internal audit
It is increasingly common for the internal audit function to be outsourced (ie internal audit
functions are externally supplied). Advantages and disadvantages of this are as follows:
Advantages Disadvantages
No recruitment, staffing or training worries Less knowledge and expertise about the
business
Specialist services will be available from large Cost – external providers will charge quite high
external suppliers that might be difficult to hourly rates.
provide in-house eg forensic investigations
Flexibility to carry out special investigations There can be ethical complications if external
that are urgent auditors are used in an internal audit function
Quicker to set up initially
Appropriate amounts of time can be spent. A

company might not be large enough to keep
an internal audit team fully employed (and a
team is needed to provide mutual strength).
Greater independence
11. Fraud
11.1.Introduction
Fraud is an intentional act involving deception to gain unjust or illegal advantage.
There are two types:
๏ Fraudulent financial reporting. For example, overstating profits to generate high directors’
bonuses, boost the share price or to achieve a good sale price for the company.
๏ Misappropriation of assets. For example theft of cash or inventory.
Managers and those charges with governance are responsible for the prevention or detection of
fraud. Auditors should always be aware of an organisation’s susceptibility to fraud.
11.2.The pre-conditions for fraud:
Three conditions or risk factors are necessary for fraud to be committed:
๏ Incentive
๏ Opportunity
๏ Attitude/dishonesty
Risk factor Examples relating to fraudulent Examples relating to the

financial reporting misappropriation of assets.
Incentive ๏ Pressure from shareholders to ๏ Personal financial pressure
perform ๏ Greed
๏ Fear of losing job
๏ Dislike of the employer (I’ll get my
๏ Incentives related to performance own back!)
Opportunity ๏ Poor internal control ๏ Poor internal control
๏ Poor corporate governance eg a ๏ High-value portable inventory
dominant chief executive who is also ๏ Cash-based business
chairman
๏ Poor supervision
๏ Results dependent on many
estimates and a high degree of
judgement
Attitude ๏ Poor ethics ๏ Poor ethics
๏ Poor morale ๏ Dislike of the employer
๏ Excessively aggressive targets ๏ Other employees’ behaviour (and
you become convinced that the
‘fiddle’ is normal and therefore
acceptable)
11.3.An anti-fraud strategy
An anti-fraud strategy has three elements:
๏ prevention
๏ detection
๏ deterrence
๏ response
CIMA shows that these interrelate as follows:
(Fraud risk management: a guide to good practice, CIMA)
Deterrence is the result of prevention (too difficult to get to the inventory to steal it), detection (you
will be subject to random searches as you leave the factory), response (you will definitely be
prosecuted).
Surrounding these specific anti-fraud strategies there are:
๏ Legislation: for example, what types of actions (such as insider trading) are illegal?
๏ Risk management: an awareness by the organisations senior managers and directors of
where the main dangers of fraud lie and then suitable controls being put in place.
๏ Corporate governance. For example, non-executive directors providing independent advice
about behaviour. Audit committee being available to support internal audit and
whistleblowers.
๏ Ethical culture: for example, making it clear that ‘shady’ practices are wrong and will not be
tolerated by the company. Training in ethical behaviour will be important
11.4.Whistleblowing
Whistleblowing is defined as “making a disclosure that is in the public interest”.
Many frauds are known about or suspected by people who are not involved in the dishonesty. The
challenge for management is to encourage these ‘innocent’ people to speak out and to
demonstrate that it is very much in their own interest to do so. Reporting mechanisms are a very
important element of risk management and fraud deterrence.
There can be many conflicting emotions influencing the potential ‘whistleblower’:
๏ working group/family loyalties

๏ intimidation
๏ fear of consequences
๏ suspicion rather than proof.
The organisation’s anti-fraud culture and reporting processes can be a major influence on the
whistleblower, as it is often fear of the consequences that has the impact. To the whistleblower the
impact of speaking out can be traumatic, ranging from being dismissed to being shunned by other
employees. Confidential reporting mechanism might help.
In the UK, whistleblowers (employees, trainees, agency workers) are protected by law if they report:
๏ a criminal offence, eg fraud

๏ someone’s health and safety is in danger
๏ risk or actual damage to the environment
๏ a miscarriage of justice
๏ the company is breaking the law, eg doesn’t have the right insurance
๏ you believe someone is covering up wrongdoing
Personal grievances (eg bullying, harassment, discrimination) aren’t covered by whistleblowing

law, unless your particular case is in the public interest.
To enjoy legal protection, disclosures by whistleblowers must actually be in the public interest.
Therefore, to be protected by the law the whistleblower must:
๏ have made the disclosure in good faith – in other words you must be disclosing the
information because it is in the public interest and is clearly wrong
๏ reasonably believe that the information is substantially true
๏ reasonably believe you are making the disclosure to the right prescribed person.

CIMA P3 2019 Notes PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

CIMA P3 2019 Notes PDF

Hochgeladen von

Copyright:

Verfügbare Formate

20

Please spread the word about

Visit opentuition.com for the latest updates -

OpenTuition Lecture Notes can be downloaded FREE from http://opentuition.com

IMPORTANT!!! PLEASE READ CAREFULLY

In addition question practice is vital!!

3. Enterprise risk management! 17

4. Some quantitative techniques! 25

5. Business unit/divisional performance measurement and transfer pricing! 37

9. Financial risk: business risk and gearing risk! 71

10. Foreign currency risk and its management! 83

11. Hedging techniques for interest rate risk! 97

12. Performance management! 109

13. Auditing and fraud! 119

๏ The chance of a 20 year-old driver having an accident;

Risk is often expressed in terms of a combination of the consequences of an event (including

3. Conformance and performance

A simple matrix can be used to illustrate the point:

Examples could be:

One categorisation is strategic, operational, reporting and compliance risks:

๏ Environmental: the release of dangerous chemicals into the local river.

5. How much risk should an organisation take on?

Risk appetite is determined by two factors:

๏ Stakeholder’s attitude to risk

Taking a personal example:

6. Potential advantages of risk management

1. A framework for risk management – the CIMA risk

Review and refine Understand and assess

Implement and Develop risk response

The framework is logical and easy to understand.

๏ Establish a risk management group and set goals

๏ Develop a risk response strategy

2. Identifying risk areas

3. Understand and assess the scale of the risk

(1) The likelihood that the event will occur; and

(2) The impact of the event.

Flight disruption because

The severity of the risk can be estimated by methods such as:

๏ Calculation of average/expected loss, largest predictable loss

Transfer Methods of transferring risk include insurance, sub-contracting operations or

5. Gross and net risks

Net risk = the residual risk after reduction and mitigation.

The gross risk is initially dependent on:

Counter values could be:

Asset: reduce the amount of inventory

Threat: impose no-smoking rules (if not already present),

Counter values could be:

Vulnerability: offer good pay, conditions and prospects.

6. The risk register

๏ Description of the risk

Enterprise Risk Management (ERM) can be defined as the:

Enterprise Risk Management – Integrated Framework,

Think of ERM as a development and formalisation of the approaches already described.

2. The COSO framework for ERM

๏ Information and communication

Here is an extract from Unilever’s 2015 report and financial statements:

4. Principal Risk Factors

DESCRIPTION OF THE RISK WHAT WE ARE DOING TO MANAGE THE RISK

SUPPLY CHAIN We have contingency plans designed to enable

5. Environmental, social, and ethical issues of risk

Examples of environmental issues

๏ BP and the Deepwater Horizon oil spill in the Gulf of Mexico

Unilever’s risk report also contains a section on sustainability: