ASSIGNMENT COVER

REGION: MASH EAST SEMESTER: YEAR: 2020

PROGRAMME: BACHELOR OF ACCOUNTING HONOURS INTAKE: 2

FULL NAME OF STUDENT: ABIGAIL RUTH NAWASHA PIN: P1972133E

EMAIL ADDRESS: ruthnawasha@gmail.com

CONTACT TELEPHONE/CELL: 0773364008 ID.NO. :43-157935 Y 47

COURSE NAME: RISK MANAGEMENT COURSE CODE: BIAH422

ASSIGNMENT NO. ONE

DUE DATE: 18 JANUARY 2021 SUBMISSION DATE:

ASSIGNMENT TITLE:

Instructions
Marks will be awarded for good presentation and thoroughness in your approach.

NO marks will be awarded for the entire assignment if any part of it is found to be copied directly
from printed materials or from another student.

Complete this cover and attach it to your assignment. Insert your scanned signature.

Student declaration
I declare that:

 I understand what is meant by plagiarism

 The implications of plagiarism have been explained to me by the institution
 This assignment is all my own work and I have acknowledged any use of the published or
unpublished works of other people.

MARKER’SCOMMENTS________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
OVERALLMARK: MARKER’SNAME: _________________________

MARKER’S SIGNATURE: DATE: ____________________

ASSIGNMENT 1

1. (a) Discuss the concept of enterprise-wide risk management. [5]

Solution

Enterprise Risk management (ERM) is a plan based business strategy that aims to identify,
assess, and prepare for any dangers, hazards, and other potentials for disaster – both physical
and figurative – that may interfere with an organisation’s operations and objectives. The
discipline not only calls for corporations to identify all the risks to manage actively, but also
involves making that plan of action available to all stakeholders, shareholders and potential
investors as part of their annual reports, industries such as aviation, construction, public
health, international development, energy, finance and insurance all utilize ERM. The
Committee of Sponsoring Organizations of the Treadway Commission (COSO) published an
Enterprise Risk Management (ERM) standard in 2004. The COSO ERM cube is well known
to risk management practitioners and it provides a framework for undertaking ERM. It has
gained considerable influence because it is linked to the Sarbanes-Oxley requirements for
companies listed in the United States. ISO 31000 was published in 2009 as an internationally
agreed standard for the implementation of risk management principles.

2. (b) Discuss the challenges of implementing the enterprise-wide risk management

framework. [20]

Solution

ERM is a process or methodology for enterprise wide risk management. In common with
most methodologies, it is not an exact science. Factors such as human error, imprecise
calculations, incomplete information and breakdown of internal controls preclude a board
and management from having complete confidence in the effectiveness of ERM
The success of an ERM framework is dependent on a number of key factors:
 CEO and senior management commitment
 assignment of risk management responsibilities within the organisation
 allocation of appropriate resources for training
 The development of enhanced risk awareness by all stakeholders.

An ERM framework will not be effective if any of these factors fail.

There are five main aspects that cause mistakes when implementing an Enterprise Risk
Management tool. Firstly, the system itself can be inappropriate. The second factor deals with
“human errors”, the third factor is the complexity of the environment. The next factor deals
with the challenges in identifying risks which is linked to the last part the metrics.

The decision for an appropriate framework includes the selection of an appropriate risk
framework and the implementation into the organisation. Some of the frameworks have
advantages, such as workbook materials and display slides that may help the implementation
process. Internal auditors can help a management evaluate which are best suited to the
organisation's needs. Related to that, the technologic part is important as well. Many risk
management packages use a methodology that is not specifically based on the framework. If
that happens, the deficiencies can lead to difficulties. Technology should be built around the
methodology and used in several ways. Another impact could be that the Human Resource is
not integrated in the ERM System. From the Human Resource's view, specific goal-setting
tied to the success of ERM must be part of an individual’s performance management plan. If
this is not done, the implementation exercise could fail. The business strategy should be
defined at the outset of the exercise along with the organisation's mission and vision. The
ERM process will flow forward from this strategy, and events will be identified that may
impact the achievement of the organisation's strategies and objectives (Schanfield/Helming,
2008)

Human Errors
To ensure that the framework suits an organisation, the human factor needs to be minimised.
There are different types of human errors. Therefore, the next section will focus on the
different types and their impacts. One problem for both tools (GRC and COSO-Cube) could
be that not everyone is “on the same page”. That is why the project team should develop a
risk glossary at the beginning of the ERM implementation process, so the company can save
money and time. The risk management team has to agree on definitions for risks, risk
assessment, risk management, ERM, significance, likelihood, inherent risk and residual risk.
Afterwards it is very important to define what risk really means for the entire organisation,
because there are several different interpretations. After this process, when the team is at the
same level, they can go on. Effective monitoring needs to ensure that the agreed-upon risk
response is actually implemented and working. It is important to clarify monitoring
responsibilities among internal auditing, individual business managers, and the board.
Software based on key performance metrics may be used to design an effective continuous
monitoring process.

A risk-aware culture is necessary to ensure that the risk process becomes institutionalised
within the organisation. More advanced risk identification techniques, such as control self-
assessment, may be adopted eventually. Decisions and actions within the organisation must
be viewed within the context of a team approach. Moreover, each team member authority and
responsibility for risk must be spelled out. The last step is to communicate the most important
impacts to the rest of the organisation. So the entire organisation understands the benefits
they gain from implementing an ERM model (Schanfield/Helming, 2008).

3. Discuss the main functions of an independent risk management function.

[25]

Introduction:
An independent risk management function is the second line of defense. Its job is to
complement the management activities of the business line. This function has a reporting
structure independent of the risk-generating business lines and is responsible for the
planning, maintenance, and ongoing development of the banking corporation’s risk
management framework.

One of its major duties is to challenge the adequacy of the business lines’ inputs for risk
management, risk measurement, the banking corporation’s reporting systems, and the
adequacy of the outputs obtained. Other compliance, monitoring, and control functions
such as the compliance and anti-money laundering officer, the Chief Accounting Officer,
and control of financial reportage are part of the second line of defense. A banking
corporation shall define the interfaces between all functions that comprise the second line
of defense to ensure coordination and cooperation.

Definition of terms:
Risk Management – Process for risk identification and assessment and measurement of
risk exposures monitoring of risk exposures and ongoing determination of appropriate
capital requirements, monitoring and assessment of decisions related to risk taking, risk
mitigants, and reportage of risk exposure and capital positions to senior management and
board of directors
Main Functions of an independent risk management function:
a. The risk management function identifies current and emerging risks to which an entity
is exposed to and how they are properly managed by the relevant functions. The
function is also responsible for adjusting the risk profile to the risk appetite that the
board has established. In terms of leading and coordinating risk related actions, the
independent risk management function is centralized. Prime responsibility for
ongoing risk management belongs to business line management.

b. The independent risk management function is also responsible for assessing possible
ways of managing risk exposures and shall, to the extent necessary, recommend ways
to mitigate or hedge risk in order to limit exposures. This is very important because all
possible risks need to be managed as well as making recommendations as to ways to
curb the risk if encountered.

c. The independent risk management function encourages senior management and

business lines to identify and assess risks in a critical way that is not based on overly
optimistic assumptions. There is need for critical assessment of risk in order for the
organisations to be aware of the depth of the risk and how it can overcome the risk. A
way that will not be based on overly optimistic assumptions.

d. The independent risk management function is tasked to establish policies, practices

and other control mechanisms to manage risk. In order to manage risk, the risk
management function needs to ensure that sound policies are established in order to
govern the way forward. There is also need to ensure that control mechanisms are put
in place so that risk is manageable.

e. The independent risk management function is entitled to have adequate resources for
its planning and budgeting processes in order for it to discharge its duties and exercise
its powers, including the need for adequate risk assessment and specifically human
resources and internal information. In order for the department to function as a whole,
there is need to ensure it is equipped to the fullest with the required personnel and
must have adequate resources to execute every task assigned.
References
Aswath Damodaran (2003) Strategic Risk Taking. A Framework for Risk Management,
Wharton School Publishing.

Erik Banks (2004) Alternative Risk Transfer: An Integrated Risk Management through
Insurance, Reinsurance and the Capital Market.

Erik Banks and Richard Dunn (2003) Practical Risk Management: An Executive Guide to
Avoiding Surprises and Losses, John Wiley & Sons.

Erik Banks (2002) The Simple Rules of Risk: Revisiting the Art of Financial Risk
Management.

John Besis (1998) Risk Management in Banking, John Wiley & Sons.

Karen A. Horcher (2005) Essentials of Financial Risk Management.

Peter F. Christoffersen (2003) Elements of Financial Risk Management.

Philippe Jorion (2010) Financial Risk Manager Handbook, John Wiley & Sons.

Robert Mark, Dan Galai and Michel Crouhy (2000) Risk Management, McGraw Hill.

Tony Merna and Faisal (2005) Corporate Risk Management; An Organisational Perspective.