Foundations of Risk ManagementPart One: Introduction to Risk Management
Lecture 1: Risk Management Approach & Impact of Risk on Organisations
Mark L. Zammit MBA (Henley) CIRM
BKF2050, 2nd Year, Banking & Finance, 2015
READING LIST
Hopkin, Paul (2010); Fundamentals of Risk Management; Kogan Page
Chapters 1 to 4
Risk is the effect of uncertainty on objectives. Note that an effect may be positive, negative or a deviation from the expected. Also, risk can be described by an event, a change in circumstances or a consequence.
ISO Guide 73, ISO 31000
Risk is the combination of the probability of an event and its consequence. Consequences can range from positive to negative.
Institute of Risk Management
The uncertainty of an event occurring that could have an impact on the achievement of the objectives. Risk is measured in terms of consequences and likelihood.
Institute of Internal Auditors
Risk is the effect of uncertainty on objectives. Note that an effect may be positive, negative or a deviation from the expected. Also, risk can be described by an event, a change in circumstances or a consequence.
ISO Guide 73, ISO 31000
Which of the 3 definitions is the most accepted?
Risks can be defined and categorised into 3 distinct Categories:
HAZARD RISKS (PURE RISK)
CONTROL RISKS (UNCERTAINTY)
OPPORTUNITY RISKS (SPECULATION)
Example of Risk Types Computer Viruses
Virus Infection in a new computer = HAZARD RISK
Installation and/or upgrade of a software package = CONTROL RISK
Selection of a new software package = OPPORTUNITY RISK
Name of RiskStatement of Risk (scope of risk and events)Nature of RiskStakeholders in the RiskRisk Attitude, Appetite, Tolerance Likelihood and MagnitudeControl StandardIncident ExperienceResponsibilityRecommendationsImplementation of improvementsAuditing Responsibilities
The inherent level of risk is defined as the level of risk which is present before any actions have been taken to change the likelihood or magnitude of the risk itself.
Example Crossing the Road
Inherently dangerous unless there are no controls in place:
People look both ways before crossingDrivers are aware that people may cross the road
Other controls may be necessary such as:
Traffic lightsZebra CrossingPolice/Warden assisted crossings for Schools
INH
ER
EN
T R
ISK
MA
NA
GE
D R
ISK
Impact
Lik
eli
ho
od
1 2 3 4 5
1
2
3
4
5
Controls to reduce likelihood
Gross (Inherent)risk
Controls to reduce impactNet (Residual)
risk
Source: Anderson, R (2010) adapted
LIKELIHOOD (Probability)
MA
GN
ITU
DE
(Im
pac
t)
After the Financial Crisis of 2008 the importance given to Risk and its impact on organisations was greatly enhanced.
Proactive Approach to Risk and Risk Management allows organisations to achieve:
1. More Efficient Operations2. More Effective Processes3. More Efficacious Strategies
Risk Exposure
Po
ten
tial
Rew
ard
Risk VS Reward: The Ferrari Case
LIKELIHOOD
MA
GN
ITU
DE
HAZARD RISK
CONTROL RISK
OPPORTUNITY RISK
Pure risk
Theft, fire, flood etc
HAZARD RISK
People
Premises
Assets
Suppliers
Information Technology
Communications
Categories of Disruption
Uncertainty
Project Management
CONTROL RISK
Positive Risk
Speculation, Investment, business relocation
OPPORTUNITY RISK
It is normal practice for organisations to tolerate a small amount of risk exposure as it would be more cost-effective (less expensive) for them rather than actually investing in more risk averse systems.
Example..............
Petty theft of office stationery Shoplifting in supermarkets
Project Management and Change Implementation both are examples ofoperations that involve Control Risk as they deal with uncertaintywhich is inevitable in undertaking a project.
Contingency Planning
Time Constraints and penalties
Budgets and forecasts
Unexpected events (eg. Weather, Natural disasters, loss of keypersonnel)
Over focus on Control Risks may suppress the entrepreneuraleffort
Opportunity risks are those which are deliberately taken by theorganisation in order to achieve their mission and strategic goals.
Types of Opportunity Investment Risks:
Marketplace risk financial investments and speculationCommercial risk investing in different operations to gain competitive
advantageStrategic risk risk aggressive or risk averse organisation
1950 - The practice of Risk Management became pivotal through the prohibitive cost of insurance.
1970 The concept of Total Cost of Risk became a focal point in Europe and non-insurable risk was looked into.
1990 Risk is no longer heavily linked to Insurance and the latter is deemed as only a control function of hazard risk.
2000 - The emergence of Financial, Commercial, Marketplace and reputational risks start emerging.
2002 Enterprise Risk Management comes to the forefront of Risk Management. Introduction of Sarbanes-Oxley Act
2008 Global Financial Crises put emphasis on the role of Risk Management in Corporate success of Financial Institutions.
Institute of Risk Management (IRM)Risk Management is the process which aims to help organisations understand,evaluate and take action on all their risks with a view to increasing theprobability of success and reducing the likelihood of failure.
HM TreasuryRisk Management is all the processes involved in identifying, assessing andjudging risks, assigning ownership, taking actions to mitigate or anticipatethem, and monitoring and reviewing progress.
London School of EconomicsRisk Management is the selection of those risks a business should take andthose which should be avoided or mitigated, followed by action to avoid orreduce risk.
Business Continuity InstituteThe culture, processes and structures that are put in place to effectively managepotential opportunities and adverse effects.
HOLISTIC approach (Planning-Implementing-Measuring-Learning) to managing risk (refer to Appendix C).Levels of risk management sophistication:
Reform - Hazard managementConform - Control managementPerform - Opportunity managementDeform - Inactivity
Bow-Tie representation of risk: CAUSE - RISK EFFECT
Mark L Zammit MBA (Henley) CIRMEmail: [email protected]
Thank you
