Risk management

Question 1

What is risk? Vs Uncertainty

Answer 1

Risk can be defined as “the possible variation in outcome from what is
expected to happen”.
Uncertainty is “the inability to predict the outcome from an activity due
to a lack of information”

Question 2

Types of risk

Answer 2

There are two main types of variation that can take place.
Downside risk (pure risk) is the possibility that the outcome will be
worse than expected – i.e. the worst case scenario.
Upside risk (opportunity risk) is the possibility that something could
got better than expected – i.e. the best case scenario

Question 3

Measuring risk

Answer 3

The degree of risk that an organisation faces can be measured by considering two
main issues.
Risk = Likelihood × Impact

Question 4

The risk management process

Answer 4

Risk management is the process of identifying and assessing
(analysing and evaluating) risks and the development, implementation
and monitoring of a strategy to respond to those risks.

Question 5

Risk management process

Answer 5

Strategic objectives
Risk analysis (assessment)
Risk appetite
Risk identification
Risk evaluation and response
Risk monitoring and reporting
Review process and feedback

Question 6

Risk appetite

Answer 6

Risk appetite is the extent to which a company is prepared to take on
risks in order to achieve its objectives.

Question 7

Influences of risk appetite

Answer 7

Expectations of shareholders
National culture
Regulatory framework
Nature of ownerships
Personal views of managers

Question 8

Miles and Snow

Answer 8

Miles and Snow suggested that there are four main types of management attitudes.

Question 9

Miles and Snow
Type - Definition

Answer 9

Typical characteristics

Approach to risk

Question 10

Miles and Snow
Type
Reactors

Answer 10

Typical characteristics
 Inconsistent
 Fail to link technology,
structure and process to
strategies

Approach to risk
Risk averse
 Only change if forced to do
so
 Strategies often out of date
in changing markets

Question 11

Miles and Snow
Type
Defenders

Answer 11

Typical characteristics
 Specialist provider of a
specific product
 Narrow area of
operations
 Management expertise
 Stable, efficient

Approach to risk
Low risk tolerance
 Maintain share of chosen
market
 Ignore developments
outside expertise
 Grow incrementally

Question 12

Miles and Snow
Type
Analysers

Answer 12

Typical characteristics
Two business areas –
one stable (c.f.
defenders) and one
innovative (c.f.
prospectors)

Approach to risk
Balanced attitude to risk/return
 Wait and see market
reaction to new
developments before
committing
 Then establish formal
structures to ensure
efficiency

Question 13

Miles and Snow
Type
Prospectors

Answer 13

Typical characteristics
 Continually changing
structure/technology
 Broad approach to
planning
 Results orientated
 Wide portfolio

Approach to risk
Risk seeking
 Entrepreneurial
 Responsive to new trends
 Seek new markets/products

Question 14

Risk identification

Answer 14

Risk identification sets out to identify an organisation’s exposure to
risk.
Risks are fundamentally similar to threats

You can use PESTEL analysis and Porter’s Five Forces model to help you to identify
risks in the exam

Question 15

Risk assessment

Answer 15

Risk assessment establishes the financial consequences of each risk
(severity) and its likelihood of occurrence.

Risk assessment
Financial consequences (Impact)
Likelihood of occurrence

Question 16

Risk evaluation

Answer 16

Risk evaluation is the process by which a business determines the
significance of any risk and whether those risks need to be addressed.

What is the likely cost?
What are the likely benefits?
Legal or regulatory requirements
Stakeholders views
Socioeconomic and environmental factors

Question 17

Risk response

Answer 17

The TARA model provides an outline of general risk responses.

Avoidance
 Avoid downside by
not undertaking/
terminating risky
activities
 Usually lose upside
potential as well

Reduction
 Retain the activity
but take action to
limit risk to
acceptable levels
 Mitigating controls:
 Preventative
 Corrective
 Directive
 Detective

Transfer
 Transfer risk to a
third party
 e.g. insurance,
hedging

Acceptance/Retention
 Tolerating losses
when they arise
 For small risks could
be cheaper than
insurance (‘selfinsurance’)

Question 18

Risk monitoring and reporting
The need for systems

Answer 18

 To monitor the effectiveness of the current risk management process.
 To monitor whether the risk profile is changing.

Question 19

Reporting on risk management
Minimum board disclosure:

Answer 19

 Existence of a process for managing risks.
 How the board has reviewed the effectiveness of the process.
 Process accords with Turnbull guidance.

Question 20

Reporting on risk management
Additional board disclosure:

Answer 20

 That they are responsible for the company’s systems of internal control.
 That systems have been designed to manage, not eliminate, risk.
 How the board have dealt with the internal control aspects of significant
problems highlighted in the accounts.
 Any weaknesses in internal control that have resulted in material losses.

Question 21

Risk registers

Answer 21

Risk registers can be used to document and monitor the risks that have been
identified and the risk mitigation strategies.

Question 22

Quantitative analysis

Answer 22

Various methods of quantitative analysis can be used to analyse risks.
These include:
 Break-even analysis
 Sensitivity analysis
 Expected values
 Decision trees
 Statistical analysis.

Question 23

Break-even analysis

Answer 23

The break-even point is the level of production required for the
business to make neither a profit nor a loss.

The exam often contains calculations which are based on the break-even concept.
Total profit = Total contribution – Total fixed costs
Total contribution = Units sold × Contribution per uni

Question 24

Break-even point:
Calc

Answer 24

Total contribution = Total fixed costs

Break-even units = Total fixed costs
/ Contribution on per unit

Question 25

Sensitivity analysis

Answer 25

Sensitivity = Estimated profit / Total value of the cash flow affected

Some exam questions look at how an estimated performance of the company might
change if the variables change.

Question 26

Expected values

Answer 26

An expected value is a weighted average value, based on
probabilities.

These can offer a helpful guide for management decisions.
 A project with a positive expected value should be accepted
 A project with a negative expected value should be rejected
Expected value = sum of (outcome × probability)

Question 27

Limitations of expected values

Answer 27

Evaluating decisions by using expected values has a number of limitations:
The probabilities are themselves estimates and may be inaccurate.
Expected values are long-term averages and therefore less useful for one-off
decisions.
Expected values do not consider the attitudes to risk of the decision makers.
No consideration of the time value of money.

Question 28

Decision trees

Answer 28

A decision tree is a pictorial method of showing a sequence of
interrelated decisions and their expected outcomes.
Decision trees can incorporate both the probabilities of, and values of,
expected outcomes.
Commonly management will use decision trees to structure the choices
and outcomes of a decision.

Question 29

Producing a decision tree

Answer 29

 Choices will be mapped as squares
 Outcomes of those choices will be marked as circles

Question 30

Statistical analysis

Answer 30

Statistical analysis is the collection and interpretation of data in order to
uncover patterns and trends, to help with decision making and analyse
risks. There are three statistical techniques that you need to be aware
of:

Mean
Standard deviation
Co-efficient of variation

Question 31

Mean

Answer 31

this is the average value of a data set. For example, if you measure the
height of ten different people at random, what is the average height per person?

Question 32

Standard deviation

Answer 32

– in order to measure the risk associated with a particular
project, it is helpful to find out how wide-ranging the possible outcomes are. The
conventional measure for this is the standard deviation. A low standard deviation
means low variability and therefore lower risk; a high standard deviation (in relative
terms) shows high variability and so higher relative risk.
Understanding standard deviation can help identify the relative risks of different
projects.

Question 33

Co-efficient of variation –

Answer 33

this is the ratio of the standard deviation to the mean. It is
useful when comparing the degree of variation from one data series to another, even
if the means are quite different from each other.
In a financial setting, the coefficient of variation allows you to determine how much
risk you are assuming in comparison to the amount of return you can expect from an
investment. The lower the ratio of standard deviation to mean return, the better the
risk-return trade-off will be.