Chapter 10 Risk Management Flashcards
1.1 Risk and uncertainty
Risk is the possible variation in outcome from what is expected to happen. Uncertainty is the inability to predict the outcome due to a lack of information. The two main types of variation are:
- Downside risk (pure risk): outcome worse than expected
- Upside risk (opportunity risk): outcome better than expected
Risk = likelihood x impact
2.1 Risk management process
Process of identifying and assessing risks and the development, implementation and monitoring of a strategy to respond to those risks. The process is as follows:
Strategic objectives – risk appetite – risk identification – risk analysis – risk evaluation and response – risk monitoring and reporting – review process and feedback
3.1 Risk appetite
Is the extent to which a company is prepared to take on risks to achieve objectives. The influences of risk appetite are expectations of shareholders, national culture, regulatory framework, nature of ownerships and personal views of managers. There are two main management attitudes:
- Reactors: inconsistent characteristics. Risk averse and only change if forced, leading to out-of-date strategies in changing markets
- Defenders: characteristics include narrow area of operations, management expertise, stable and specialist provider of a specific product. Low risk tolerance, they maintain share of chosen market, ignore developments outside expertise and grow incrementally
- Analysers: characteristics are two business areas, one stable and one innovative. Balance attitude to risk, they wait and see market reaction to developments before committing and establish formal structures to ensure efficiency
- Prospectors: continually change structure, broad approach to planning, results orientated and wide portfolio. Risk seeking, often entrepreneurial structures, responsive to new trends and seek new markets and products
4.1 Risk identification and assessment
Risk identification sets out to identify an organisation’s exposure to risk. Risk assessment establishes the financial consequences of each risk and its likelihood of occurrence.
Risk assessment is the financial consequences (impact) and the likelihood of occurrence.
The potential difficulties are measuring impact (non financial impact of potential outcomes which could be difficult to quantify) and the measuring likelihood (likely to be subjective).
5.1 Risk evaluation and response
Risk evaluation is the process by which a business determines the significance of any risk and whether those risks need to be addressed. The TARA model provides an outline of general risk responses.
- Avoidance: avoid downside by not undertaking/terminating risky activities and usually lose upside potential as well
- Reduction: retain the activity but take action to limit risk to acceptable levels. Mitigating controls: preventative, corrective, directive and detective
- Transfer: transfer risk to a third party
- Acceptance/retention: tolerating losses when they arise. Small risks it could be cheaper than insurance
6.1 Risk monitoring and reporting
The need for systems include monitoring the effectiveness of the current risk management process and monitoring whether the risk profile is changing.
The minimum board disclosure on risk is the existence of a process for managing risks, how the board has reviewed the effectiveness of the process and the process accords with Turnbull guidance. Additional board disclosure includes:
- That they are responsible for company’s systems of internal control
- Systems are designed to manage, no eliminate risk
- How the board have dealt with internal control aspects of significant problems highlighted in the accounts
- Any weaknesses in internal control that have resulted in material losses
Risk registers can be used to document and monitor the risks that have been identified and the risk mitigation strategies.
7.1 Quantitative analysis
Quantitative analysis to analyse risks include break-even analysis, sensitivity analysis, expected values, decision trees and statistical analysis.
Break even analysis: breakeven point is when total contribution = total fixed costs.
Break even units = total fixed costs / contribution per unit
Sensitivity analysis: sensitivity = estimated profit / total value of the cash flow affected
Expected values is a weighted average value, based on probabilities. These offer a guide for management decisions. A project with a positive expected value should be accepted, negative value rejected. Expected value = sum of (outcome x probability)
Limitations are the probabilities are estimates, expected values are long-term averages and less useful for one-off decisions, expected values do not consider attitudes to risk of the decision makers and no consideration of the time value of money.
Decision trees: method of showing a sequence of interrelated decisions and their expected outcomes. They incorporate both probabilities of, and values of, expected outcomes. Choices are mapped as squares and outcomes as circles.
Statistical analysis: three techniques in the exam are mean, standard deviation (low deviation means low variability and lower risk) and co-efficient of variation (ratio of standard deviation to the mean, allows management to determine how much risk they are assuming in comparison to amount of return they expect from an investment, the lower the ratio to mean return, the better the risk-return trade off will be).
