risk management Flashcards
(18 cards)
why should a business incur risk?
gain competitive advantage - not accepting risk generally leads a business to be less dynamic an implies follow the leader strategies
increase financial return - can be decreased costs or intangible like better quality information
for some risks there is market rate of return, might be the case for a quoted equity where shareholder invests in a company with expectation of a certain level of dividend and capital growth. would be based on the level of return an investment in that particular market would be expected to make over a certain period. here, mkt is contributing to outcome experienced by business.
what are some of the more common risk categories?
- International
- Fraud and employee malfeasance
- Corporate reputation
- Environmental
- Technology
- Financial
- Economic
- Political, legal and regulatory
- Business
what is business risk? what risk categories sit within it?
arising from nature of business, products and operations.
categories within here:
- strategic - possible consequences of strategic decisions taken by the org
- product - loss of interest in new and existing products
- product reputation
- operational risk - operations may be inefficient or processes may fail
- commodity price
- contractual inadequacy risk - terms of a contract do not fully cover a business against all potential outcomes
- fraud and employee misconduct risk
what is risk management? how is it evolving?
risk mgment = the process of understanding and managing the risks that the org is inevitability subject to in attempting to achieve its corporate objectives.
traditionally was about avoiding the downside, but new approach is benefitting from the upside.
what is EY’s model of risk mgment?
shareholder value = static NPV of existing business model + value of future growth options
i.e. what you do now + what you could do in the future. good risk mgment means you can exploit future growth opportunities while protecting value already created. by aligning risk mgment activity to shareholder’s considerations of success factors in the business.
what are EY’s 4 strategies within their risk mgment model?
establish what shareholders value - talk with investment community and linking value creation process to KPIs
identify risks around key shareholder value drivers - investment community can identify factors that will influence their valuation of the company. all other risks will be considered even if not known by investors.
determine preferred treatment for risks - investment community can give views on actions they would like mgment to take in relation to risks, risk/reward trade off can be quantified by change in mkt value if each risk treatment implemented.
communicate risk treatments to shareholders - shareholders need to be well informed, as a shared vision is important in relation to inter-related concept of risk mgment and shareholder value
what are the elements of the framework for broad consideration of risk?
business strategy - what company will do
risk appetite - what company will accept
risk attitude/capacity - overall approach / maximum risk accepted
risk strategy - how to manage
residual risk - that cannot be managed
what is CIMA’s risk mgment cycle?
- establish risk mgment group and set goals, link in business strategy
- identify risk areas
- understand and assess scale of risk
- development of risk response strategy
- implement strategy and allocate responsibilities
- implementation and monitoring of controls
- review and refine, do it again!
2-7 all feed information in for decision making
what is the TARA framework?
Transfer - usually insurance, sometimes known as risk sharing. third party suffers all/most of loss.
Avoid - only possible by not investing into or withdrawing from a business area. also true for non-profits even if there’s no financials involved.
Reduce - limit exposure or try to decrease adverse effects should risk crystallise.
Accept - normally appropriate where adverse effect is minimal.
what is risk mapping?
potential loss from adverse outcome is function of probability it occurs and impact if it does occur. map has these on the two axes and immediately indicates which risks should be given priority. for high prob, high impact try to estimate probability of adverse/favourable outcomes more accurately and assess impact on org of adverse outcome.
what is a risk response/risk treatment?
process of selecting and implementing measures to modify the risk. can be risk control mitigation, risk avoidance or transfer, risk financing (insurance).
what does a risk response involve?
- setting a policy that defines the organisation’s attitude to a particular risk and the objectives of the risk response.
- individual accountability for the management of the risk, with the nominated person having the expertise and authority to effectively manage the risk.
- the management processes currently used to manage the risk.
- recommended business processes to reduce the residual risk to an acceptable level.
- key performance measures to enable management to assess and monitor risk.
- assessment of the adequacy of the risk response by independent expertise.
- contingency plans to manage or mitigate a major loss following the occurrence of an event.
how is the CIMA code of ethics split out?
Part A establishes the fundamental principles of professional ethics and provides a conceptual framework for applying those principles.
Parts B and C illustrate how the conceptual framework is to be applied in specific situations:
Part B applies to professional accountants in business.
Part C applies to professional accountants in public practice.
what are the fundamental ethical principles in CIMA?
integrity - straightforward, honest in all professional / business relationships
objectivity - members should not allow bias or conflict of interest in business judgements
professional competence and due care - members must maintain professional knowledge and skill at an appropriate level
confidentiality - members must not disclose info on clients without specific appropriate authority
professional behaviour - members must comply with relevant laws and avoid actions discrediting the profession
what kind of approach does CIMA’s code of ethics take?
has a ‘threats and safeguards’ approach. If identified threats are other than clearly significant, a management accountant should apply safeguards to eliminate the threats or reduce them to an acceptable level such that compliance with the fundamental principles is not compromised.
who is the accountancy profession’s public?
- Client
- Credit providers
- Governments
- Employees
- Employers
- Investors
what is the public interest?
can be defined as that which supports the good of society as a whole, as opposed to what serves the interests of individual members of society, or of specific sectional interest groups.
why does an accountant need to act in the public interest?
For an accountant, acting in the public interest is acting for the collective wellbeing of the community of people and institution that he or she serves. The concept of public interest may affect the working of an organisation in a number of ways.
The actions of the organisation itself may be harmful to society, for example from excessive pollution or poor treatment of the labour force.
The government may then decide, in the public interest, to limit the actions of that organisation for the greater good of society as a whole.
businesses can manage reputational risk by applying their own positional power or by changing society for better in terms of public interest.
