Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Strategic Business Analysis CA 2.6 > Chapter 4 - Risk and Risk Management > Flashcards

Chapter 4 - Risk and Risk Management Flashcards

1
Q

1
The meaning of Risk

A

A Risk is anything that threatens an organization’s ability to achieve it’s objectives and goals.
Downside Risk is the risk something could go wrong and the organization is damaged, meaning risks are purely in negative terms.
Risk management, means minimizing the chances that adverse events will happen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

1.2
Types of Risks

A

1) Fundamental Risks
- are those that affect society in general and are beyond the control of any one individual, the risk of atmospheric pollution.

2) Particular Risks
- are Risks over which an individual may have some measure of control eg risk attached to smoking which one can control buy not smoking.

3) Speculative Risks
- are those from which either good (upside risk) like earning profit after forming a business venture or a bad risk (downside risk) like earning losses.

4) Pure Risks
- are those whose only possible outcome is harmful eg damage to property by fire.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

1.5.1
Risk Appetite

A

Risk Appetite is the organization’s willingness to accept Risk in the pursuit of value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

1.5.2
Risk Attitude

A

Risk attitude is the level of Risk considered desirable by an organization.

Aversion - focuses on Risk level, ie an organization should not undertake an activity if it results in higher risk.

Seeking - focuses on the return level, ie an activity must be undertaken if it results in higher returns, regardless of the risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

1.5.3
Risk Capacity

A

Risk Capacity refers to the maximum amount of Risk an organization is prepared to bear.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

1.7
Sources of Risk

A

1) Environmental Risks
- These risks arise from the impact of the organization on the natural environment or vice versa and they include:
Earthquakes, fire, and flooding.

2) Economic Risks
- An organization may be adversely affected by wrong economic decisions assumptions.

3) Business Disruption Risks
- Risks to Business operations come in many forms like:
New technology, new competitors, changed investor perceptions, etc.
Supply Risk is the risk of disruptions to operations due to shortage of necessary supplies.

4) Product Risk
- Revenues from existing products will fall on new product launches will be unsuccessful due to poor branding and marketing strategies.

5) Political, Cultural and Legal Risk.

-Political risk Is the risk that political action will affect the position and value of a company

  • Cultural risk relate to a business trading in environments that are different from it’s home country, and facing differences in customs, laws and Language.
  • Country Risk is the risk associated with undertaking transactions with, or holding assets in a particular country.
  • Legal risks arise from breaches of legislation, regulations or codes of conduct, eg penalties, ambiguous contracts, etc.

6) Financial Risk
- A business can be affected by changes in interest rates, economic climate, Gearing ratio, liquidity, insolvency and bad debt risk.

7) Reputation Risk.
- Loss of reputation caused by the adverse consequences of another risk.

8) Relationship Risk
- A poor relationship with stakeholders is also a significant strategic risk. Eg
Investors will be concerned with Financial returns, accuracy, timeliness of information and quality of leadership.
Relations with suppliers and employees.
Relations with customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

2.
Strategic Risk

A

Strategic Risk is the potential volatility of profits caused by the nature and type of business strategies.
Essentially Strategic risks are the risks of failing to achieve the business objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

2.1
Business Risks

A

Business risks is concerned with the viability of the business and whether the business will be able to generate sufficient revenue to cover costs and make profits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

2.1.1
Categories of Business Risks

A

1) Systematic Risks
- These refers to the general level of Risks associated with any business enterprise.
This Risk is a result of uncertainty surrounding economic, political and market conditions.

2) Unsystematic Risks
- Refers to Risks which are specific to the activities in which a particular business is engaged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

2.2
Factors influencing strategic risks

A

1) The type of industry or market in which the business operates.
2) State of the economy.
3) The actions of competitors and the possibilities of mergers and Acquisitions.
4) The stage of the product Lifecycle, ie, higher risks in the introduction and decline stages.
5) The dependence upon inputs and fluctuating prices, eg wheat.
6) The level of operating Gearing, ie the propotion of fixed costs to total costs.
7) The flexibility of production processes to adapt to different specifications or products.
8) The organization’s research and development capacity and ability to innovate.
9) The significance of new technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

2.3
Financial Risks

A

Financial Risks relate to the structure of finance the organization has in place, ie the risk of not being able to access funding and also overtrading which is having insufficient long-term capital base for the amount of trading.

Short-term Financial Risks:

  • Credit Risk - Is the possibility of payment default by a customer.
  • Liquidity Risk - Is the risk of being unable to finance the credit, arising from the need for more cash.
  • Cash Management Risk - Risks arising from unpredictable cash flows.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

2.3
Financial Risks
2.3.1
Interest Rate Risks

A

Future interest rates can not be easily predicted and interest rate movement will give rise to uncertainty about the cost of servicing debts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

2.3
Financial Risks
2.3.2 - Currency Risks

A

It is the possibility of loss or gain due to future changes in exchange rates, when a firm trades with an overseas supplier or customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

2.3.2
Currency Risks

A

Transaction Risk:
Refers to changes in transaction settlement values arising from exchange rate movements.

Translation Risk:
Refers to changes of values of foreign assets and liabilities arising from re-translation at different exchange rates at the year end in the Statement of financial position.

Economic Risk:
Refers to effects of exchange rate movements on the international competitiveness of the organization.

Of the above three, Transaction Risk affects the day to day cash flows of an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

2.4
Reputation and Ethics

A

Reputation and ethical behavior of the company and its staff is very important because businesses operate on trust.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

2.5
IT Risks

A

These can be operational or Strategic and IT has an impact on many aspects of the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

3.
Operational Risk.

A

Operational or Process risk is the risk of loss from a failure of internal business and control processes.
Operations must be both effective and efficient for a business to be successful.

Operational Risks includes:
- Losses from internal control systems or audit inadequacies.
- Non-compliance with regulations or internal procedures.
- Information technology failures
- Human error
- Loss of key-person risk
- Fraud
- Business interruptions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

3.
Operational Risk.
3.1 - Hazards

A

A Harzard is a possible source of danger and hazards can be categorized into two main groups:

Natural Hazards:
- Geological- Earthquakes, tsunami and Volcano.
- Meteorological - Flood, Storms, Drought and Lightning strikes.
- Biological- Pandemic diseases.

Human or Caused Hazards:
- Accidental - Chemical spills, Release of flammable corrosives.
- Intentional- Terrorist attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

4.
Risk Assessment and Analysis
4.1 - Risk and Event Identification

A

No one can manage a risk without first being aware that it exists.
Thus, actively identifying risks before they occur makes it easier to think of methods that can be used to manage them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

4.
Risk Assessment and Analysis
4.1.1 - Risk Conditions

A

Conditions Identification:
a) Physical inspection which will show up poor housekeeping.
b) Enquiries, eg checks on employees’ references.
c) Checking all memos and letters for new projects.
d) Brainstorming with representatives of different departments.
e) Checklists ensuring risk areas are not missed.
f) Benchmarking against external experiences.

Can also use PESTEL or SWOT Analysis to identify the risks.

21
Q

4.
Risk Assessment and Analysis
4.1.2 - Event Identification

A

1) External Events - Economic changes, political developments and technological advances.

2) Internal Events - Equipment problems, human errors and difficulties with products.

3) Leading Event Indicators - Identifying conditions that could give rise to an event, customers having balances outstanding beyond a certain time being likely to default.

4) Trends and Root Causes - May be better to tackle the causes rather than respond to the Events.

5) Escalation triggers - Certain events happening or levels being reached that require immediate action.

6) Event Interdependencies - Identifying how one event can trigger another and how events can occur concurrently. For example, failure to invest in new machinery may increase the number of production delays.

22
Q

4.2
Risk Analysis

A

Risk Analysis involves obtaining an idea of the consequences of the risk materializing and how frequently.

Unexpected items in the event that your car breaks down:

  • Fares home, and to and from work, until you have a replacement.
  • Work you must turn down because you have no car.
  • Time spent waiting for lifts, which is difficult to value.
23
Q

4.3
Risk and Corporate Governance

A

Corporate Governance guidelines in relation to risk:

Establish appropriate control mechanisms for dealing with risks the organization faces.
Monitor risks themselves by regular reviews.
Disclose their risk management process in the accounts.

24
Q

4.4
The Role and Function of the Audit Committee

A

The Audit Committee should liase with external audit, supervise internal audit, review internal controls and annual accounts.

25
Q

4.4
The Role and Function of the Audit Committee
4.4.1 - Review of Financial Statements and Systems

A

The committee should review both the Quarterly and Annual Accounts, assess the judgements made about the overall appearance and presentation of accounts and key accounting policies.

26
Q

4.4
The Role and Function of the Audit Committee
4.4.2 - Review of Internal Controls.

A

a) The Audit Committee must actively monitor the effectiveness of control over financial reporting and needs to demonstrate professional Scepticism.

b) The Committee should also address the risk of fraud, ensuring that mechanisms are put in place for fraud to be reported and be investigated.

c) Review the company’s statement on internal controls prior to approval by the board.

27
Q

4.4
The Role and Function of the Audit Committee
4.4.3 - Review of Risk management

A

The Audit Committee plays an important role in risk management.
Benefits of an Audit Committee:

a) Improve the Quality of financial reporting, by reviewing the financial statements on behalf of the board.
b) Create a climate of discipline and control which will reduce the opportunity for fraud.
c) Enable the NEDs to contribute an independent Judgement, which is an important role.
d) Strengthen the position of the external auditor by providing a channel of communication and independence from management.
e) increase public confidence in the credibility and objectivity of financial statements.

28
Q

4.5
The Role of accounting ratios in assessing risks.

A

a) Debt Ratio = (Total Debt / Total Assets) * 100%

Ie Total Debt = 1,000,000.00
Total Assets = 500,000.00

Answer = (1000,000,00 / 18,000.00)*100%

= 55.56%

50% is a helpful benchmark for many organizations.

b) Gearing Ratio =
Interest bearing Debt/ (Shareholders’ Equity + Interest Bearing Debt) * 100%

Example:
Interest Bearing Debt is USD100,000.00
And Shareholders Equity is USD50,000.00

Answer: 100,000.00/ (50,000.00+100,000.00) * 100%
= 0.67%.
Again a Gearing Ratio of 50% is used as a benchmark.

Interest Cover = Profit be4 interest and Tax - divided by - Interest Charges

Example: PBIT is 1,000,000.00
Interest Charges is 150,000.00

Answer- 1,000,000.00/ 150,000.00
= 6.67

Cash flow Ratio = Net cash Inflowp

29
Q

4.6
Risk Quantification

A

Ascertain certain key figures.

  • Average or expected result or loss.
  • Frequency of losses.
  • Chances of losses.
  • Largest predictable loss.
30
Q

4.7
Risk Mapping
Severity or Frequency Matrix

A

Risks mapping involves grouping risks into risk families.

Severity: Low to Low
Top Left hand box
- Loss of Small Suppliers

Severity: High to Low
Top Right hand box
- Loss of senior or specialist staff
- Loss of sales to a competitor
- Loss of sales due to macroeconomic factors.

Severity: High to High
Bottom Left hand side
- Loss of Lower Level Staff.

Severity: High to High
Bottom Right hand side
- Loss of key customers
- Failure of Computer Systems

Frequency: Low to Low
Top Left hand box
- Loss of Small Suppliers

Frequency: Low to High
Top Right hand box
- Loss of senior or specialist staff
- Loss of sales to a competitor
- Loss of sales due to macroeconomic factors.

Frequency: High to High
Bottom Left hand side
- Loss of Lower Level Staff.

Frequency: High to High
Bottom Right hand side
- Loss of key customers
- Failure of Computer Systems

According to the above Diagram, the nearer the risk is towards the bottom right-hand corner (the High-High corner) the more important and the more strategic the risk will be.
On the other hand, Low-Low means No Risk, and the Low to high or High to Low which is the medium section means that the risks can be managed.

Factors used to determine which quadrant a risk should be allocated to include:

  • The importance of the strategic objective to which the risk relates.
  • The type of risk and whether it represents an opportunity or a threat.
  • The direct and indirect impact of the threat.
  • The likelihood of the risk.
  • The cost of different responses to the risk.
  • The organization’s environment.
  • Constraints within the organization.
  • The organization’s ability to respond to events.
31
Q

4.7.2
Objective and Subjective risk perception.

A

Risks can be objectively assessed where assessments can be made with a high degree of certainty, maybe even scientific accuracy, that is both hazard and Risk can be either quantified or ranked.

Risks may be Subjectively assessed where quantitative accuracy is not possible mainly because the risks will be depending on so many factors.

32
Q

4.7.2
Sensitivity Analysis

A

Sensitivity Analysis is a modeling and risk assessment procedure in which changes are made to significant variables in order to determine the effect of these changes on the planned outcome.

33
Q

4.8
Risk Register

A

A Rusk Register is an organization’s tool that lists and prioritises the main risks being faced, and is used as the basis for decision making on how to deal with the risks, who is responsible for dealing with these risks and actions taken.

34
Q

4.8
Managing Risk Accross the Enterprise .
The Ernst and Young Report.

A

Key Risk Summary:
- Risk type: eg Financial, Operations, Compliance and Strategic.
- Risk description.
- Overall ratings: eg Impact, likelihood, control effectiveness.
- Key Risk management activities.
- Monitoring approach and results.
- Gaps, issues and actions.
- Risk owner or Accountable party.
- Processes, initiatives and Objectives affected.

35
Q

4.9
Diversification of Risks

A

Risk diversification is designed to spread risk and return by creating a portfolio of neutral risks based on a number of events, ie a combination of extremely good and extremely bad risks.

Diversification can be used to manage risks in various ways:

  • Having a mixture of Higher and lower risk investments, products and markets and this depends on Risk Appetite.
  • Having a mix of Equity and Debt finance of short and long-term debt etc.
  • Having a diversified structure, eg separable divisions or subsidiaries.
  • Expanding through the supply chain by forward or backward integration.

Diversification may be difficult for companies to achieve because of following reasons:

  • The assets the business owns can only be used to produce specific products.
  • The business may lack the resources to adjust its portfolio.
36
Q

5.
Risk Response and Mitigation
TARA Model

A

Having understood the risks facing the organization, the next step is to decide what can be done to reduce the risks.
Risk Responses are linked to the Severity/Frequency Mattix and appetite for risk-taking.

The TARA Model describes the options for managing risk.

TARA

Transfer
Avoid
Reduce
Accept

Severity: Low to Low
Top Left hand box
Accept
- Risks are not significant and costs of dealing with these risks unlikely to be worth the benefits.

Severity: High to Low
Top Right hand box
Transfer
- Insure risk or implement contingent plans.
- Reduction of severity risk will minimize insurance premiums.

Severity: High to High
Bottom Left hand side
Reduce or Control
- Take some action eg enhanced control systems to detect problems or put contingent plans to reduce impact.

Severity: High to High
Bottom Right hand side
Avoid or Abandon
- Take immediate action, eg changing major suppliers or abandoning activities.

37
Q

5.1
Risk Transfer

A

Risks can be transferred to other internal departments or externally to; customers, suppliers or insurers.

38
Q

5.1.1
Risk Sharing

A

Risks can be partly held and transfered to someone else, eg an insurance policy where the insurer pays any losses incurred by the policy holder above a set amount.

39
Q

5.2
Risk Avoidance

A

A company may deal with risk by Abandoning operations, eg stopping operations in politically volatile countries where costs for loss of life and expenditures are considered to be to High.

40
Q

5.3
Risk Reduction

A

Many a times, Risks can only be controlled or reduced to acceptable levels by the cost of Risk Mitigation, but not avoided altogether.

  • Contingent planning involves identifying the post-loss needs of the business, drawing plans in advance and regularly reviewing them to take account of changes in the business.
    The process has 3 constituents.
    a) Information- How do you turn off the sprinklers once the fire is extinguished. All necessary information must be put here.

b) Responsibilities - What must be done and by whom.

c) Practice- The results of any testing should be monitored.

Loss control
- Control of losses requires careful advance planning on physical devices that can be installed to minimize losses when harmful events occur, eg Sprinklers, give extinguishers, etc.
- There are also psychological factors which are awareness and commitment, ie notifying every person in the business that looses are possible and they can be controlled while Commitment to control is achieved by making managers accountable for losses under their control.

Operating procedures:
- Rules and regulations.
- Other codes
- Procedures.

Risk Pooling and Diversification
- Risk Pooling or Diversification involves creating a portfolio of different risks based on a number of co-ordinated events, such that if some turn out well others will turn out badly, and the average outcome will be neutral.

  • Risk hedging involves taking action to offset one risk by incurring a new risk in the opposite direction.
41
Q

5.4
Risk Acceptance

A

Risk Acceptance or Retention is where the organization bears the full risk itself and suffer the full loss in the event of an unfavorable outcome. Risk Acceptance should generally be Low frequency and Low severity risks.

42
Q

5.5
Residual Risk or Net Risk

A

Residual or Net Risk is the Risk remaining after actions have been taken to manage risks.

43
Q

5.6
The ALARP Principle

A

The ALARP principle is used to judge the effectiveness of the organization’s risk management. The general principle is, The higher the level of risk, the less acceptable it is.

As
Low
As
Reasonably
Practicable

ALARP: As Low As Reasonably Practicable.

44
Q

6.
Enterprise Risk Management
6.1 - Framework of Enterprise Risk Management Model

A

ERM - Enterprise Risk Management is a process, effected by an entity’s board of directors, Management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity and manage risks to be within its risk appetite, in order to provide, reasonable assurance regarding the achievement of entity objectives. By
(Committee of Sponsoring Organizations of the Treadway Commission (COSO).

COSO 4 objective categories:
1) Strategic- High level goals, aligned with and supporting the organization’s mission.
2) Operational- Effective and Efficient use of resources.
3) Reliability of reporting.
4) Compliance- Compliance with applicable laws and regulations.

45
Q

6.1.1
COSO Framework

A

COSO Framework consists of give interrelated components:

1) Component: Control Environment
Explanation: This covers the tone of an organization, and sets the basis for how risk is viewed and addressed by an organization’s people, including risk management philosophy and risk appetite, Integrity and ethical values, and the environment in which they operate.

2) Risk Assessment is an analysis process to clearly determine which risks controllable and which ones are not.
3) Control Activities- Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.

4) Information and Communication- Relevant information is identified, captured and communicated in a form and time frame that enable people to carry out their responsibilities.

5) Monitoring Activities- Risk control processes are monitored and modifications are made if necessary. Effective monitoring requires active participation by the board and senior management.

46
Q

6.2
Benefits of Enterprise Risk Management

A

1) It aligns risk appetite and strategy by setting objectives that align with strategy and developing mechanisms to manage the accompanying risks and manage them.

2) Links growth, risk and return by seeking a given level of return for the level of risk tolerated.

3) Choose best risk Response eg whether to reduce, eliminate or transfer risks.

4) Minimize surprises and losses by identifying potential loss-inducing events and taking corrective action.

5) Seize opportunities by considering events as well as risks, which result in managers identifying opportunities as well as losses.

Benefits of risk management:

1) Effective processes and Systems.
2) Increased confidence of Shareholders and other investors.

47
Q

6.3
Controls over Financial Reporting.

A

Robust controls need to be in place to ensure good quality financial reporting.
Important controls to ensure the accuracy of information include:

  • Full documentation of Assets, Liabilities and transactions.
  • Matching of source documents and accounting records.
  • Confirmation of information by suppliers, customers and banks.
  • Reconciliation of information from source documents and other sources.
  • Completeness checks over documents and accounting entries.
  • Repeating Accounting Calculations.
48
Q

6.4
Criticisms of Enterprise Risk Management

A

There have been some criticism to COSO Framework:

a) Internal Focus - ERM model is said to start at the wrong place, the internal and not external environment.

b) Risk Identification- The ERM discusses risks in terms of events, particularly sudden events.

c) Stakeholders- The guidance fails to discuss the influence of Stakeholders.

Strategic Business Analysis CA 2.6 (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions