TABLE OF CONTENTS Contents

TABLE OF CONTENTS..................................................................................................1 Contents..................................................................................................................... 1 1.0 INTRODUCTION.....................................................................................................2 1.1 THE AUDITORS CONCERN ABOUT BUSINESS RISK............................................2 1.1.0 Business risk identification, steps involved.................................................3 2.0 CLASSIFICATION OF BUSINESS RISK..................................................................4 2.1Internal business risks........................................................................................4 2.2 External business risks......................................................................................6 3.0 C0NCLUSION .......................................................................................................8 3.1 RECOMMENDATION..............................................................................................8 REFERENCES.............................................................................................................. 9

1.0 INTRODUCTION Definition;

Risk Risk is defined as the probability of an event and its consequences. In all types of undertaking, there is the potential for events and consequences that constitute opportunities for benefit (upside) or threats to success (downside).

A business risk is a circumstance or factor that may have a negative impact on the operation or profitability of a given company. Sometimes referred to as company risk, a business risk can be the result of internal conditions, as well as some external factors that may be evident in the wider business community1 Risks from significant conditions, events, circumstances or actions that could adversely affect the ability of the company to achieve the objectives and execute its strategies2 Business risk as the risk that reflect the possibility the business will not be able to repay its loans because of economic or business conditions such as a recession, poor management decision or unexpected condition in the industry (Alvin A. Arens)3

1.1 THE AUDITORS CONCERN ABOUT BUSINESS RISK

Company face variety of risks, management is responsible for identifying such risks and responding to them, the auditor is primarily concerned with the risk that may affect financial statements. The risk that causes the greatest concern by an auditor is the risk that the auditor gives a clean audit report opinion when financial statements are materially misstated (known as audit risk). Newest version of ISA 200 states that auditor should plan and perform the audit to reduce risk to the acceptably low level that is consistent with the objective of an audit4. Business risk leads to material misstatement and therefore will in one way or another be the issue of auditor concern.
1 2

Auditing and Assurance services. 8th Ed. Alan Millichamp pg 216 Principles of Auditing and assurance services , 16th Ed. Whittington and Pany. Pg 17 3 Alvin A. Arens
4

Principles of Auditing and assurance services, 16th Ed. Whittington and Pany. Pg 197

2 |Page

1.1.0 Business risk identification, steps involved Step 1 Analyze the source of potential internal or external triggers that can cause problems. For example, use websites such as U.S. Computer Emergency Readiness Team to learn about risks that might affect your business. Step 2 Analyze problems you perceive are threats to your business. Prioritize with your executive leadership team which pose the most urgency, should they occur. Use a what-if analysis technique to ask yourself what might happen to disrupt your business from achieving its strategic objectives. In a small group, use a brainstorming approach to work through possible questions and scenarios. Encourage your employees to describe their experiences, including plans already in place or lessons learned from previous occurrences. Step 3 Determine which events may adversely impact project teams and prevent them from achieving their strategic objectives. Train your employees to recognize and handle these events. Step 4 Examine different scenarios that may occur in your business. Identify any events that trigger undesirable occurrences. Once you identify your business risk, establish a contingency plan that defines the scope of the problem, when the plan should be put into action, the sequence of activities to take and who will accomplish each task. Step 5 Break down possible risk sources to reveal why they may occur to establish the likelihood of each risk happening and the cost or impact if the issue did arise. Qualify risks in terms that apply to your business, such as a low, medium or high loss of production time. Step 6 List common risks associated with conducting business in your industry. Be prepared to identify preventative measures you can take to reduce risk from occurring or lessen the impact to acceptable level. Examine sample contingency plans and disaster recovery plan templates available from resources that include the Small Business Administration website. Step 7Create a chart or table to help you identify factors with increase or decrease risk occurrences. For example, list resources you need to accomplish a business task. Then, in a second column, list the threats associated with each resource. In a third column, explain the
3 |Page

consequences of each threat. Using this information, you can prioritize the relative importance of each risk to your business and the need to respond promptly. Step 8 Categorize risks to take appropriate and efficient action. For example, business commonly develop plans to respond to physical threats, such as malicious access to buildings or equipment, and electronic threats, such as computer hackers trying to access your sales data or computer viruses, worms or other infections, and technical failures, such as equipment failures or unexpected downtime due to power interruptions. Do not discount human error. Mistakes could cause catastrophic data loss. Step 9 Create a risk register document, which acts as a permanent record of your concerns. Use this risk register as a checklist to review risks on a regular basis, such as annually. Ensure that actions recommended do not make the problem worse or cause a continuing issue.

2.0 CLASSIFICATION OF BUSINESS RISK5

The risks can be categorized in various ways such as Basing on relationship to the organization Basing on the cause of the risk

Basing on the relationship to the organization risk are classified into main two types which are the internal business risk and the external business risk with their sources from in and out the organization respectively. My concern in this study will be to determine the type of business risk whereby I will classify business risks basing on the relationship to the organization thus the discussion will be on the internal and external business risks that a firm faces.

2.1Internal business risks

Internal factors may also result in the development of significant business risk for the investor. Often, these are factors that can be identified and corrected. Failure to modernize products

Internal and external business risk, Alan Millichamp. Pg 216

4 |Page

This is a risk that occurs when a firm fail to modernize its product or when it fails to diversify to production of new products. When a firm relies only on single product, there is a greater possibility of failure when the demand for its product fall or the product is out of date/fashion. For example when the industry develops the possible risk here is when a firm does not have personnel to deal with the changes in industry can lead to lag back technologically and a firm fail to survive the competition leading to failure.

Management incompetence

When the management of an organization is weak in terms of unqualified personnel in the management team, this will have an impact on the performance of the firm and the goal of the firm will hardly met. This is because the management is the body involved in implementing the policies set by the board of directors (for the case of unitary board) but when managers are incompetent, there is a possibility that policies wont be implemented as per the plan leading to business failure. Managing talented personnel

Also possible business risk is on managing the talented personnel whereby to the firm like engineering firm, people with this professional are very few making them mobile, in this kind of organization the possible risk is of labour shortage, to overcome this risk, the business will need to reward the available employees reasonably to retain them in the organization because their leave will have negative impact to the firm existence.

Computer system failure

For the organizations which use computerized system, there is a possibility of loss due to system failure, for these kinds of organizations, security measures like having system backups, restore points, system retrieval, access control should be taken to reduce or eliminate associated risks. With the system breakdowns, the risk that the system will produce incorrect information is high which when the information is relied will also lead to undesired results.

Excessive reliance on a dominant Chief Executive

Excessive reliance on one person by the company can result into a serious loss to the business when he quit the organisation. For example having a single person that has knowledge of the system and he to control the all system is very dangerous especially when he decide to leave the organization the act will cost much the organization and sometime may lead to temporary shutdown. 5 |Page

Fraud

In broad strokes definition, fraud is a deliberate misrepresentation which causes another person to suffer damages, usually monetary losses. A fraud can also be expressed as 'abuse of position, or false representation, or prejudicing someone's rights for personal gain'. A fraud also describes as an intentional act by one or more individuals among management, those charged with governance (management fraud), employees (employee fraud) or third parties involving the use of deception to obtain an unjust or illegal advantage.

2.2 External business risks

External business risks are the outside factors that can create an element of business risk, one of the most predominant risks is that of a change in demand for the goods and services produced by the company. If the change is a positive one, and the demand for the offerings of the company increase, the amount of risk is decreased a great deal. However, if consumer demands for the offerings decreases, either due to loss of business to competitors or change in general economic conditions, the amount of risk involved to investors will increase significantly. When a companys risk factor is considered to be increased due to outside factors that are beyond the control of the company to correct, chances of attracting new investors is severely limited. Non compliance with rules and regulations

On its operation, the business may fail to comply with the laws established by the government whereby it will be subject to fines and penalties due to non compliance to the rules and regulations. Changes in some laws and regulation by the government will necessitate the change of policies and strategies of the company which may result into losses especially when the company formulated strategies that cant accommodate any change.

Natural calamities

The natural calamities includes floods, earthquakes, volcanic eruptions and their occurrence are the possible business risks. For example the TANESCO, the possible business risk when assume there is no other power source (SONGAS do not exist and no coal to be used as a source), and the company have only water to generate 6 |Page

electricity, when drought exist for consecutive two years its likely to suffer losses because they will fail to generate electricity. It is advisable for the firm to diversify its activities to many lines of business avoid the possible losses. Exchange risk

Since the firm is trading in the dynamic economy, it is exposed to various risks like the fluctuating exchange rates and inflation all of which are dangerous to the firm growth because when the situation changes may lead to loss by the firm. This can be evidenced by the fluctuation of currency (exchange rate fluctuations). A firm may place an order today when the exchange rate is 1USD to 1500TSH and after three months when the order is ready the exchange rate may be 1USD to 1800TSH therefore there will be an extra cost of TSH 300, this can be the case also when the USD depreciate implying loss to the supplier side. The firm may take precaution on this example by entering into forward contracts to avoid/reduce the possible risk. Environmental maters

Environment where the firm operates also can be a possible business risk when fails to comply with all the environmental conservation law, it may happen that firm channel untreated chemicals and waste to the river or to peoples settlement which obviously will lead to fines or penalties including refund for the loss caused and the extra cost of re channeling the waste. This can be evidenced by one of the mining company Mara region (Nyamongo) which was fined due to non compliance with the environmental laws Competition

Most organizations except for the monopolists are always operating in competitive environment making them subject to many competition related risks like loss of market share, possible closure, and loss of customers. With these possible losses, need to come out with strategies that will be able to survive the competition and win the market and maintaining its market share. The firm can formulate strategies following the Michael porters five models which when followed will probably reduce the risk associated with competition.

Change in public opinion

This is the way that people from outside the organization sees the business, this has a greater impact on the survival of the organization because when people create negative attitude towards the organization it possible that will have impact on the sales and the quality of companys product. This situation might have come about 7 |Page

due to the spoil technique by the competitors who produce the same kind of products spoil their fellows product to win the market by boosting their sales

3.0 C0NCLUSION
To conclude the discussion on the types of business risks which are categorized into the external and internal risk, the organization Company risk can vary depending on the culture of a business as well as the industry in which the organization belongs. Some places are more willing to accept financial liabilities or take chances than others. This factor could be determined by the type of management that is in place and the past experiences that have led to success. Even the most conservative executives, however, face some uncertainties The resources required to identify, assess, mitigate and implement the organizations risk should be clearly established at each level of management and within each business unit. In addition to other operational functions they may have, those involved in risk management should have their roles in coordinating risk management policy/strategy clearly defined. The same clear definition is also required for those involved in the audit and review of internal controls and facilitating the risk management process.

3.1 RECOMMENDATION
Risk management should be embedded within the organization through the strategy and budget processes. It should be highlighted in induction and all other training and development as well as within operational processes e.g. product/service development projects.

8 |Page

REFERENCES
Audit and investigation 8th Edition. Alan Millichamp. (pg 216 221) Principles of Auditing and assurance services, 16th Ed. Whittington and Pany. Arens A.A, Elder R.J, Besley M.S 2008. Auditing and Assurance services, 12th Ed. Pearson Prentice Hall, New Jersey A.H Millichamp (2002) Auditing, 8th Ed. Continuum Group London. Ersnt & young business risk report 2010. Top ten risks for business. A sector - wide view of the risks facing business across the globe Audit planning, ISA 300 Knowledge of the business, ISA 315 http://www.facilitatedcontrols.com/internal-auditing/risk.shtml (accessed on 4th dec 2011) http://www.theiia.org) http://www.coso.org/documents/COSO_ERM_ExecutiveSummary.pdf

9 |Page