Month: July 2020

Bangalore University B.com Notes

Management of Business Risk

indiafreenotesby indiafreenotes0

Business Risk management is a subset of risk management used to evaluate the business risks involved if any changes occur in the business operations, systems and process. It identifies, prioritizes and addresses the risk to minimize penalties from unexpected incidents, by keeping them on track. It also enables an integrated response to multiple risks, and facilitates a more informed risk-based decision making capability.

Businesses today are unpredictable, volatile and seem to become more complex every day. By its very nature, it is filled with risk. Businesses have viewed risk as an evil that should be minimized or mitigated, whenever possible. However, risk assessment provides a mechanism for identifying which risks represent opportunities and which represent potential pitfalls. Risks can have negative impact, positive impact, or both. Risks with a negative impact can prevent value creation or erode existing value. Risks with positive impact may offset negative impacts or represent opportunities.

The risk management process involves:

  • Identifying risks: Spotting the evolving risks by studying internal and external factors that impact the business objectives
  • Analyzing risks: It includes the calibration and, if possible, creation of probability distributions of outcomes for each material risk.
  • Responding to risk: After identifying and analyzing the potential risk, appropriate strategy needs to be incorporated. Either by establishing new processes or eliminating, depending on kind and severity of the risk.
  • Monitoring risk and opportunities: Continually measuring the risks and opportunities of the business environment. Also keep a check on performance of management strategies.

Types of risks

  • Hazard risk: A hazard is anything in the workplace that has the potential to harm people. Hazard risk includes factors which are not under the control of business environment, such as fallout of machinery or dangerous chemical, natural calamities.
  • Financial risk: A large number of businesses take risk with their financial assets, quite regularly. Sometimes choosing a wrong supplier or distributor can backfire. Financial risk also includes risk in pricing, currency exchange and during liquidation of any asset. Business risk management should say how much risk is too much in financial relationship.
  • Operational risk: Evaluation of risk loss resulting from internal process, system, people or due to any external factor through which a company operates.
  • Strategic risks: Might arise from making poor or wrong business plans and losing the competition in the market. Failure to respond to changes in the business environment or inadequate capital allocation also represents strategic risk.

Running a business comes with many different types of risk. Some of these potential hazards can destroy a business while others can cause serious damage that can be costly and time-consuming to repair. Despite the risks implicit in doing business, CEOs and risk management officers can anticipate and prepare for potential risks regardless of the size of the business.

Identifying Risks

If and when a risk becomes a reality, a well-prepared business can minimize the impact on earnings, the lost time and productivity, and the negative impact on customers. For startup businesses and established organizations, the ability to identify which risks pose a threat to successful operations is a key component of strategic business planning. Business risks are identified using various methods, but each identifying strategy relies on a comprehensive analysis of specific business activities that could present challenges to the company. Under most business models, organizations face preventable, strategic, and external threats that can be managed through either acceptance, transfer, reduction, or elimination.

 Hiring a risk management consultant is a good investment for most companies. A consultant can analyze a business and determine which risks should be covered by insurance.

Below are the main types of risk that firms face:

Physical Risks

Building risks are the most common type of physical risk. Fire or explosions are the most common risk to a building. To manage building risk, and the risk to employees, it is important that organizations do the following:

  • Make sure all employees know the exact street address of the building to give to the 911 operator in case of emergency.
  • Make sure all employees know the location of all exits.
  • Install fire alarms and smoke detectors.
  • Install a sprinkler system to provide additional protection to the physical plant, equipment, documents, and, of course, personnel.
  • Inform all employees that in the event of emergency their personal safety takes priority over everything else. Employees should be instructed to leave the building and abandon all work-associated documents, equipment, and/or products.

Location Risks

Among the location hazards facing a business are nearby fires, storm damage, floods, hurricanes or tornados, earthquakes, and other natural disasters. Employees should be familiar with the streets leading in and out of the neighborhood on all sides of the place of business. Individuals should keep sufficient fuel in their vehicles to drive out of and away from the area. Liability or property and casualty insurance are often used to transfer the financial burden of location risks to a third-party or a business insurance company.

Human Risks

Alcohol and drug abuse are major risks to personnel in the workforce. Employees suffering from alcohol or drug abuse should be urged to seek treatment, counseling, and rehabilitation, if necessary. Some insurance policies may provide partial coverage for the cost of treatment.

Protecting against embezzlement, theft, and fraud may be difficult, but these are common crimes in the workplace. A system of double-signature requirements for checks, invoices, and payables verification can help prevent embezzlement and fraud. Stringent accounting procedures may discover embezzlement or fraud. A thorough background check before hiring personnel can uncover previous offenses in an applicant’s past. While this may not be grounds for refusing to hire an applicant, it would help HR to avoid placing the new hire in a critical position where the employee is open to temptation.

Illness or injury among the workforce is inevitable and a persistent problem. To prevent loss of productivity, assign and train backup personnel to handle the work of critical employees when they are absent due to a health-related concern.

Technology Risks

A power outage is perhaps the most common technology risk. Auxiliary gas-driven power generators are a reliable back-up system to provide electrical energy for lighting and other functions. Manufacturing plants use several large auxiliary generators to keep a factory operational until utility power is restored.

Computers may be kept up and running with high-performance back-up batteries. Power surges may occur during a lightning storm (or randomly), so organizations should furnish critical business systems with surge-protection devices to avoid loss of documents and destruction of equipment. Establish offline and online data back-up systems to protect critical documents.

Although telephone and communications failure are relatively uncommon, risk managers may consider providing emergency-use-only company cell phones to personnel whose use of the phone or internet is critical to their business.

Strategic Risks

Strategy risks are not altogether undesirable. Financial institutions such as banks or credit unions take on strategy risk when lending to consumers while pharmaceutical companies are exposed to strategy risk through research and development for a new drug. Each of these strategy-related risks is inherent in an organization’s business objectives. When structured efficiently, the acceptance of strategy risks can create highly profitable operations.

Companies exposed to substantial strategy risk can mitigate the potential for negative consequences by creating and maintaining infrastructures that support high-risk projects. A system established to control the financial hardship that occurs when a risky venture fails often includes diversification of current projects, healthy cash flow, or the ability to finance new projects in an affordable way, and a comprehensive process to review and analyze potential ventures based on future return on investment.

Making a Risk Assessment

After the risks have been identified, they must be prioritized in accordance with an assessment of their probability.

Establish a probability scale for purposes of risk assessment.

For example, risks may be:

  • Very likely to occur
  • Have some chance of occurring
  • Have a small chance of occurring
  • Have very little chance of occurring

Other risks must be prioritized and managed in accordance with their likelihood of occurring. Actuarial tables—statistical analysis of the probability of any risk occurring and the potential financial damage ensuing from the occurrence of those risks—may be accessed online and can provide guidance in prioritizing risk.

Insuring Against Risks

Insurance is a principle safeguard in managing risk, and many risks are insurable. Fire insurance is a necessity for any business that occupies a physical space, whether owned outright or rented, and should be a top priority. Product liability insurance, as an obvious example, is not necessary for a service business.

Some risks are an inarguably high priority, for example, the risk of fraud or embezzlement where employees handle money or perform accounting duties in accounts payable and receivable. Specialized insurance companies will underwrite a cash bond to provide financial coverage in the event of embezzlement, theft, or fraud.

When insuring against potential risks, never assume a best-case scenario. Even if employees have worked for years with no problems and their service has been exemplary, insurance against employee error may be a necessity. The extent of insurance coverage against injury will depend on the nature of your business. A heavy manufacturing plant will, of course, require more extensive coverage for employees. Product liability insurance is also a necessity in this context.]

If a business relies heavily on computerized data—customer lists and accounting data, for example—exterior backup and insurance coverage are mandatory. Finally, hiring a risk management consultant may be a prudent step in the prevention and management of risks.

Risk Prevention

The best risk insurance is prevention. Preventing the many risks from occurring in your business is best achieved through employee training, background checks, safety checks, equipment maintenance, and maintenance of the physical premises. A single, accountable staff member with managerial authority should be appointed to handle risk management responsibilities. A risk management committee may also be formed with members assigned specific tasks with a requirement to report to the risk manager.

The risk manager, in conjunction with a committee, should formulate plans for emergency situations such as:

  • Fire
  • Explosion
  • Hazardous materials accidents or the occurrence of other emergencies

Employees must know what to do and where to exit the building or office space in an emergency. A plan for the safety inspection of the physical premises and equipment should be developed and implemented regularly including the training and education of personnel when necessary. A periodic, stringent review of all potential risks should be conducted. Any problems should be immediately addressed. Insurance coverage should also be periodically reviewed and upgraded or downgraded as needed.

Bangalore University B.com Notes

Approaches and Processes of Corporate Risk Management

indiafreenotesby indiafreenotes1

The coordination of the risk management process should be centralized: the risk office analyses and draws up information related to each process phase, and proceeds with strategic planning, in coordination with the organization’s board.

The risk committee, with the risk manager playing the role of coordinator, sets up the criteria to select the most relevant information coming from the risk management information system (selective approach). Significant risks in terms of impact or strategic level are reported by the office supporting the risk manager on a regular, specific and exceptional basis. The risk manager gives directions on translating strategies into risk management objectives, and monitors their achievement by divisions/offices and managers within their own competence. The risk manager therefore finalizes the information received, by adapting it to the organizational context (down to the any single office level), in order to correct possible deviations from strategic priorities.

Risk register development involves detailing organizational risks (corporate as well as project and operational ones), and setting up specific risk registers on particular topics (work health and safety, fraud, IT security, environment, etc.).

Three kinds of approach can be followed for involving management and stakeholders in identifying risks:

  • Top down-approach: The decision-making process is centralized at governance level. This approach can show two modes: a) Full top-down mode, where the business units’ risks are listed at department level, meaning that heads of unit cannot add risks themselves at unit level. There is no need of risk escalation, except at departmental level. b) Prevailing top-down mode, where a corporate risk register is directly created from a detailed operational risk register.
  • Bottom-up approach: The decision-making process is done at management level. Operational risks are identified by any staff member while performing his or her daily work (e.g., in order to encourage the staff to be more active in defining non-conformities, an opportunity to register them online has been provided).
  • Mixed approach: The board entity states the criteria (top-down) by which the heads of unit identify and manage risks (bottom-up). Risks may be viewed and assessed throughout the organization at any level (e.g., group, program, office, project, etc.). In order to set the framework, the hierarchy of risks on which attention is focused corresponds to the enterprise, operational and project levels.

Such approaches are not mutually exclusive, and a combination of approaches to the management of processes is desirable to achieve effective integration of risk management at any level within the organization.

These risk management approaches are also a way of cutting across the organization hierarchy and overcome organizational barriers.

The figure below outlines the risk management process according to the top-down perspective; it also highlights the information flows related to decision-making processes, according to the different roles involved.

Processes of Corporate Risk Management

The risk management process is a framework for the actions that need to be taken. There are five basic steps that are taken to manage risk; these steps are referred to as the risk management process. It begins with identifying risks, goes on to analyze risks, then the risk is prioritized, a solution is implemented, and finally, the risk is monitored. In manual systems, each step involves a lot of documentation and administration.

Step 1: Identify the Risk

The first step is to identify the risks that the business is exposed to in its operating environment. There are many different types of risks – legal risks, environmental risks, market risks, regulatory risks, and much more. It is important to identify as many of these risk factors as possible. In a manual environment, these risks are noted down manually. If the organization has a risk management solution employed all this information is inserted directly into the system. The advantage of this approach is that these risks are now visible to every stakeholder in the organization with access to the system. Instead of this vital information being locked away in a report which has to be requested via email, anyone who wants to see which risks have been identified can access the information in the risk management system.

Step 2: Analyze the risk

Once a risk has been identified it needs to be analyzed. The scope of the risk must be determined. It is also important to understand the link between the risk and different factors within the organization. To determine the severity and seriousness of the risk it is necessary to see how many business functions the risk affects. There are risks that can bring the whole business to a standstill if actualized, while there are risks that will only be minor inconveniences in analyzed. In a manual risk management environment, this analysis must be done manually. When a risk management solution is implemented one of the most important basic steps is to map risks to different documents, policies, procedures, and business processes.

Step 3: Evaluate or Rank the Risk

Risks need to be ranked and prioritized. Most risk management solutions have different categories of risks, depending on the severity of the risk. A risk that may cause some inconvenience is rated lowly, risks that can result in catastrophic loss are rated the highest. It is important to rank risks because it allows the organization to gain a holistic view of the risk exposure of the whole organization. The business may be vulnerable to several low-level risks, but it may not require upper management intervention. On the other hand, just one of the highest-rated risks is enough to require immediate intervention.

Step 4: Treat the Risk

Every risk needs to be eliminated or contained as much as possible. This is done by connecting with the experts of the field to which the risk belongs to. In a manual environment, this entails contacting each and every stakeholder and then setting up meetings so everyone can talk and discuss the issues. The problem is that the discussion is broken into many different email threads, across different documents and spreadsheets, and many different phone calls. In a risk management solution, all the relevant stakeholders can be sent notifications from within the system. The discussion regarding the risk and its possible solution can take place from within the system. Upper management can also keep a close eye on the solutions being suggested and the progress being made from within the system. Instead of everyone contacting each other to get updates, everyone can get updates directly from within the risk management solution.

Step 5: Monitor and Review the risk

Not all risks can be eliminated – some risks are always present. Market risks and environmental risks are just two examples of risks that always need to be monitored. Under manual systems monitoring happens through diligent employees. These professionals must make sure that they keep a close watch on all risk factors. Under a digital environment, the risk management system monitors the entire risk framework of the organization. If any factor or risk changes, it is immediately visible to everyone. Computers are also much better at continuously monitoring risks than people. Monitoring risks also allows your business to ensure continuity.

The basics of the risk management process stay the same

Even under a digital environment, the basics of the risk management process stay the same. What changes is how efficiently these steps can be taken, and as it should be clear by now, there is simply no competition between a manual risk management system and a digital one.

Risk management

Risk management is an important business practice that helps businesses identify, evaluate, track, and mitigate the risks present in the business environment. Risk management is practiced by the business of all sizes; small businesses do it informally, while enterprises codify it.

Businesses want to ensure stability as they grow. Managing the risks that are affecting the business is a critical part of this stability. Not knowing about the risks that can affect the business can result in losses for the organization. Being unaware of a competitive risk can result in loss of market share, being unaware of a financial risk can result in financial losses, being aware of a safety risk can result in an accident, and so on.

Businesses have dedicated risk management resources; small businesses may have just one risk manager or a small team while enterprises have a risk management department. People who work in the risk management domain monitor the organization and its environment. They look at the business processes being followed within the organization and they look at the external factors which can affect the organization one way or the other.

A business that can predict a risk will always be at an advantage. A business which can predict a financial risk will limit its investments and focus on strengthening its finances. A business which can assess the impact of a safety risk can devise a safe way to work which can be a major competitive advantage.

If we think of the business world as a racecourse then the risks are the potholes which every business on the course must avoid if they want to win the race. Risk management is the process of identifying all the potholes, assessing their depth to understand how damaging they can be, and then preparing a strategy to avoid damages. A small pothole may simply require the business to slow down while a major pothole will require the business to avoid it completely.

Knowing the severity of a risk and the probability of a risk helps businesses allocate their resources effectively. If businesses understand the risks that affect them then they will know which risks need the most attention and resources and which ones the business can disregard. Risk management allows businesses to act proactively in mitigating vulnerabilities before any major damage is incurred. There are different types of risk management strategies and solutions for different types of risks.

Management Notes

Riskiness of Returns

indiafreenotesby indiafreenotes0

After investing money in a project a firm wants to get some outcomes from the project. The outcomes or the benefits that the investment generates are called returns. Wealth maximization approach is based on the concept of future value of expected cash flows from a prospective project.

So cash flows are nothing but the earnings generated by the project that we refer to as returns. Since fixture is uncertain, so returns are associated with some degree of uncertainty. In other words there will be some variability in generating cash flows, which we call as risk. In this article we discuss the concepts of risk and returns as well as the relationship between them.

Concept of Risk

A person making an investment expects to get some returns from the investment in the future. However, as future is uncertain, the future expected returns too are uncertain. It is the uncertainty associated with the returns from an investment that introduces a risk into a project. The expected return is the uncertain future return that a firm expects to get from its project. The realized return, on the contrary, is the certain return that a firm has actually earned.

The realized return from the project may not correspond to the expected return. This possibility of variation of the actual return from the expected return is termed as risk. Risk is the variability in the expected return from a project. In other words, it is the degree of deviation from expected return. Risk is associated with the possibility that realized returns will be less than the returns that were expected. So, when realizations correspond to expectations exactly, there would be no risk.

Elements of Risk

Various components cause the variability in expected returns, which are known as elements of risk. There are broadly two groups of elements classified as systematic risk and unsystematic risk.

(i) Systematic Risk

Business organizations are part of society that is dynamic. Various changes occur in a society like economic, political and social systems that have influence on the performance of companies and thereby on their expected returns. These changes affect all organizations to varying degrees. Hence the impact of these changes is system-wide and the portion of total variability in returns caused by such across the board factors is referred to as systematic risk. These risks are further subdivided into interest rate risk, market risk, and purchasing power risk.

(ii) Unsystematic Risk

The returns of a company may vary due to certain factors that affect only that company. Examples of such factors are raw material scarcity, labour strike, management ineffi­ciency, etc. When the variability in returns occurs due to such firm-specific factors it is known as unsystematic risk. This risk is unique or peculiar to a specific organization and affects it in addition to the systematic risk. These risks are subdivided into business risk and financial risk.

Measurement of Risk

Quantification of risk is known as measurement of risk.

Two approaches are followed in measurement of risk:

  • Mean-variance approach
  • Correlation or regression approach

Mean-variance approach is used to measure the total risk, i.e. sum of systematic and unsystematic risks. Under this approach the variance and standard deviation measure the extent of variability of possible returns from the expected return and is calculated as:

Where, Xi = Possible return,

P = Probability of return, and

n = Number of possible returns.

Correlation or regression method is used to measure the systematic risk. Systematic risk is expressed by β and is calculated by the following formula:

Where, rim = Correlation coefficient between the returns of stock i and the return of the market index,

σm = Standard deviation of returns of the market index, and

σi = Standard deviation of returns of stock i.

Using regression method we may measure the systematic risk.

The form of the regression equation is as follows:

Where, n = Number of items,

Y = Mean value of the company’s return,

X = Mean value of return of the market index,

α = Estimated return of the security when the market is stationary, and

β = Change in the return of the individual security in response to unit change in the return of the market index.

Concept of Return

Return can be defined as the actual income from a project as well as appreciation in the value of capital. Thus there are two components in return—the basic component or the periodic cash flows from the investment, either in the form of interest or dividends; and the change in the price of the asset, com­monly called as the capital gain or loss.

The term yield is often used in connection to return, which refers to the income component in relation to some price for the asset. The total return of an asset for the holding period relates to all the cash flows received by an investor during any designated time period to the amount of money invested in the asset.

It is measured as:

Total Return = Cash payments received + Price change in assets over the period /Purchase price of the asset.

In connection with return we use two terms realized return and expected or predicted return. Realized return is the return that was earned by the firm, so it is historic. Expected or predicted return is the return the firm anticipates to earn from an asset over some future period.

Management Notes

Corporate Risk Management

indiafreenotesby indiafreenotes0

Corporate risk management refers to all of the methods that a company uses to minimize financial losses. Risk managers, executives, line managers and middle managers, as well as all employees, perform practices to prevent loss exposure through internal controls of people and technologies. Risk management also relates to external threats to a corporation, such as the fluctuations in the financial market that affect its financial assets.

Protecting Shareholders

A corporation has at least one shareholder. A large corporation, such as a publicly-traded or employee-owned firm, has thousands, or even millions, of shareholders. Corporate risk management protects the investment of shareholders through specific measures to control risk. For example, a company needs to ensure that its funds for capital projects, such as construction or technology development, are protected until they are ready to use.

Types of Risk

Consider the types of risk that a corporation must address every day. A corporation may become insolvent if it hasn’t bought insurance, implemented loss control measures and used other practices to prevent financial loss. Insurance is no substitute for successfully identifying measures to prevent losses, such as safety training to prevent worker injuries and deaths. Risks can include hazard risks, financial risks, personal injury and death, business interruption/loss of services, damage to a corporation’s reputation, errors and omissions and lawsuits.

Probability and Consequences for corporate risk management

To prevent financial losses, a corporation engages in a certain amount of speculation. A risk manager calculates the probability of each type of event that would damage the firm’s financial position and the consequences. Calculating the likelihood that something will happen and its associated costs enables a risk manager to recommend ways to address the most probable risks to senior management, the board of directors and owners of the corporation.

Solutions for corporate risk management

A corporate risk manager is a multi-disciplinary professional with an understanding of internal business processes and many financial instruments. This professional might have a background in business management, finance, insurance or actuarial science. She might suggest solutions to a corporation to protect its assets. For instance, she might recommend buying millions of dollars in commercial liability insurance coverage. Some risks that she calculates, as potentially damaging to the corporation, are ignored while others are covered by this liability policy. She might recommend buying other types of insurance, such as fire or fraud, after first weighing the costs versus the benefits of each type of coverage.

Building strategies for Corporate Risk Management

Strategies for corporate risk management usually consist of two processes: setting the framework for the company’s risk management and setting the communication channels in the organization. Risk management is, though, useless unless you measure and know your risks first. You must also have a robust procedure for ongoing monitoring and a cycle of continual assessment.

Risk management planning encompasses three elements:

  • Operational risk management, such as damage to property or other risks that can’t be planned for.
  • Financial risk management, which emerges from the effects of markets on an entity’s assets; this includes risks to credit, price and liquidity.
  • Strategic risk management, or thinking about the bigger picture and the future of the company.

Consider what happened to Kodak once digital cameras came along, and ask if that was a failure of operational risk management or strategic risk management.

One of the best available metrics of risk measurement is economic capital, which is the amount of equity required to cover any unexpected losses. The economic capital required to support an individual risk can be calculated and results aggregated across all risks. Dividing the anticipated after-tax return on each strategic initiative by the economic capital gives you a RAROC, or risk adjusted return on capital, figure – if the RAROC is less than the cost of capital, it will destroy value and is, therefore, a huge risk to the company.

Outside of economics, there are five steps to take when first assessing the risk and deciding on the best solutions for mitigation:

  • Identify the risk: Risks can be internal or external, so include any events that could cause problems or benefits for the company.
  • Analyze the risk: Thoroughly analyze the potential effects each risk will have on consumer behavior, the company or any endeavors underway.
  • Evaluate the risk: Rank risks according to the likelihood of each outcome to see how severely a set risk could impact the company or its strategy.
  • Treat the risk: Look at ways to reduce the probability of a negative risk and increase the probability of positive risks, preparing preventative and contingency plans as needed.
  • Monitor the risk: Track variables and proposed possible threats, and calmly treat any problems that arise as your tracking system identifies changes.

Once the risk assessment is complete, assign a strategy to treat the identified risks. Generally, there are four ways to handle a risk:

  • Avoid the risk, or forfeit all activity that carries the risk – though this also means forfeiting all associated potential returns and opportunities.
  • Reduce the risk, or make small changes to reduce the weight of both risk and reward.
  • Transfer or share the risk, or redistribute the burden of loss or gain by entering partnerships or bringing on new entities.
  • Accept the risk, or assume any loss or gain entirely; this is usually put into play for small risks where any loss can be easily absorbed by the entity.
Bangalore University B.com Notes

Various Elements of Cost of Risk

indiafreenotesby indiafreenotes1

Cost of Risk is a quantifiable, controllable number that can be identified and reduced. Simply put, TCoR is the total cost of your insurance premiums, retained losses (deductibles/uninsured losses) and internal/external risk control costs. By recognizing these costs we can plan and implement management strategies to reduce them.

Most people assume it’s their insurance premiums alone. They’re only partially correct: premiums are only a piece of the puzzle. While insurance premiums are the most visible cost associated with risk, they are hardly the only cost. There are many other costs associated with risk that are either not tracked or are viewed as fixed costs. That is the paradigm. What most business owners don’t realize is that these additional costs are controllable. All of the costs related to risk can be tracked and monitored. In addition, there are operational strategies that can be implemented which will manage and ultimately reduce these costs.

Elements of Total Cost of Risk

Insurance premiums

The first and most easily tracked component of Total Cost of Risk is insurance premiums. This includes the amount a firm spends on insurance coverage and brokers’ commissions.

Retained losses

The next element is retained losses. The retained loss value is the amount of money that a firm spends “out of pocket” for losses incurred. These are costs that are below a company’s deductible. An example is a small mishap such as dry-cleaning a client’s suit due to spillage from an employee.

Costs to protect employees/customers from injury

The next applicable costs may not be as easy to track but are still important components captured in the TCoR calculation. These are the costs needed to protect your employees or customers from injuries. Examples are safety equipment, mats, warning signs, training, etc. These costs should be tracked as part of the TCoR for your business internally.

Costs to engage firms for help with risk & insurance issues

The next component is money spent with professional firms to help you handle insurance or other risk associated issues. These would include costs for an attorney to respond to a complaint or to review a contract’s indemnification agreement. These are also part of the TCoR calculation and are considered external risk control costs.

Productivity loss

Other relevant cost is productivity loss due to injuries or losses. Having your employees spend their time either driving other employees to the doctor, investigating incidents, cleaning up spills, etc. are also costs that are risk related and are taking away from your bottom line.

Administration Costs

Financial impacts incurred in providing the services required to effectively administer a Total Cost of Risk Program. They include claims management, risk control and all other project costs such as data analytics. In the case where a firm pays additional fees or expense for these services, they are an addition to the TCOR formula. However, when they are provided by a third party (Insurance Brokerage or Risk Management Services Provider) as part of the relationship, they are a reduction to the extent that the measurable ROI exceeds the cost of the services.

Loss Costs

Loss Costs are generally broken up into 2 parts. The direct cost of the losses and the indirect cost of losses. Both of these items impact the organization’s Total Cost of Risk.

  • Direct Cost of Losses: Deductibles and claims that are anticipated and funded inside the organizations risk financing program. (i.e. Captive, Deductible or Self Insurance Programs) In addition the cost of administering claims by third party administrators (TPA’s) are considered a direct cost of the loss as the TPA expense is usually a direct correlation of the claims experience. Any uninsured loss is also a direct cost of loss.
  • Indirect Loss Costs: Every loss creates a corresponding expense that is unfunded and in some cases unanticipated. While the risk financing (insurance) may pay the known claim, there is a high correlation of additional unfunded business expenses that arise from virtually any claim. These loss costs are commonly known as The Iceberg. These are quantified and measured in an accurate Total Cost of Risk calculation. (For more on the subject of Indirect Loss Costs see the Wikipedia Indirect Loss cost topic)
Bangalore University B.com Notes

Static and Dynamic Risk

indiafreenotesby indiafreenotes0

A static risk refers to damage or loss to a property or entity that is not caused by a stable economy but by destructive human behavior or an unexpected natural event. This risk can be covered by insurance.

Static risks are often associated with a commodity the value of which will not be affected by an economic change. It even further presumes that the financial state is, more or less, stable.

Static risks include damage caused by human behavior, such as theft, vandalism, robbery, arson, and burglary. It also includes damage caused by natural conditions like rain, thunder, or lightning.

Insurance covers these kinds of risk. A policy might require a policyholder to specify which risks they want to have covered or they might simply opt for a more comprehensive insurance coverage.

Static Risk

Static risks are risks that involve losses brought about by irregular action of nature or by dishonest misdeeds and mistakes of man.  Static losses are present in an economy that is not changing (static economy) and as such, static risks are associated with losses that would occur in an unchanging economy.  For example, if all economic variables remain constant, some people with fraudulent tendencies would still go out steal, embezzle funds and abuse their positions.  So, some people would still suffer financial losses.  These losses are brought about by causes other than changes in the economy.  Such as perils of nature, and the dishonesty of other people.

Static losses involve destruction of assets or change in their possession because of dishonesty.  Static losses seem to appear periodically and because of these they are generally predictable.  Because of their relative predictability, static risks are more easily taken care of, by insurance cover then are dynamic risks.  Example of static risk include theft, arson assassination and bad weather.  Static risks are pure risks.

Dynamic Risk

Dynamic risk is risks brought about by changes in the economy.  Changes in price level, income, tastes of consumers, technology etc (which is examples of dynamic risk) can bring about financial losses to members of the economy.  Generally dynamic risks are the result of adjustments to misallocation of resources.  In the long run, dynamic risks are beneficial to the society.  For example, technological change, which brings about a more efficient way of mass producing a higher quality of article at a cheaper price to consumers than was previously the case, has obviously benefited the society.

Dynamic risk normally affects many individuals, but because they do not occur regularly, they are more difficult to predict than static risk.

Difference between dynamic risk and static risk

Static Risk

Dynamic Risk
Most static risks are pure risks They are mainly speculative risks.
They are easily predictable They are not easily predictable
The society derives no benefit or gain   from static risk.  Static risks are always harmful. The society derives some benefits from dynamic risk.
Static risks are present in an unchanging economy. Dynamic risks are only present in a changing economy
Static risks affect only individuals or very few individuals. Dynamic risk affect large number of  Individuals.
Bangalore University B.com Notes

Sources of Risk and Exposure

indiafreenotesby indiafreenotes1

Sources of Risk:

There are a variety of situations that give rise to risk.

  1. Decision/Indecision:

Taking or not taking a decision at the right time is generally the first cause of risk. Suppose a banker takes deposits and decides not to put money in statutory liquidity requirements, the bank would be called upon to pay penalties. Indecision in selling a Government security when the market is upswing is also a risk as it causes loss of revenue. The risk of revenue loss is on account of indecision.

  1. Business Cycles/Seasonality:

There are certain exposures that are affected by seasonality or business cycles. Lending to sugar industry in India disregarding the fact that the production of sugar is restricted to six/seven months in a year, may give rise to risky situations.

  1. Economic/Fiscal Changes:

The Government’s economic and taxation policies are sources of risk. The levying of import duty on certain capital goods can escalate the funding cost and bank finance requirement. While the borrower’s repay­ing capacity remains the same, such a situation enhances the exposure adding to the risk. The changes in Government policies can impact the cash inflow for the borrowing cus­tomer thereby limiting his repayment capacity.

  1. Market Preferences:

Over the years, the consumer demands and preferences particularly from the youth segment, are changing substantially. The preference for a motorcycle over a scooter is an example. Lending to scooter dealers or manufacturers will have to be cautious due to this market trend.

  1. Political Compulsions:

A Government may force the banks to lend in areas where the rewards may not be proportional.

  1. Regulations:

The impact of change in regulations is similar to the changes in Government policies. In developed countries like the USA, there are certain anti- boycott laws prescribing restrictions. The anti-boycott laws specifically refer to boy­cotts involving one foreign Government against another foreign Government and participation of people in the US in those boycotts.

Indian banks operating in the USA do have to assess the regulatory risks. With the passing of USA Patriot Act, the processes for anti-money laundering have been strengthened. Compliance of a variety of regulations is also a source of risk.

  1. Competition:

In order to remain competitive banks assume risks for enhancing the returns. In the quest to achieve better result there could be a tendency to assume risks highly unrelated to the return. The selection of the right counter party, lack of proper risk assessment, failure to appreciate the borrower rating, etc., all contribute in risk acceleration. Competition remains a major source of risk for banks as for all other sectors.

  1. Technology:

Technology is both, a solution and a cause of risk. Deals worth millions are made in treasury operations through advanced technology supports. The process of maker-checker is scrupulously followed while entering into such deals. Still, machines can go wrong. The reflection of inaccurate values like dates, amounts, interest rates, etc., can cause a huge risk. It is a part of operational risk wherein technology itself becomes the source of risk.

  1. Non-availability of Information:

Technology is an enabler for decision support for rational and data-based decision mak­ing. More often than not, in the absence of information support, banks do take decisions. The banks fix exposure limits per party or per industry. Exposures exceed these prudential limits in the absence of real time information, thereby multiplying the risk exposures.

In reality, the risk drivers are:

  1. Changes in external environment, including regulatory as­pects,
  2. Deficiencies in systems and procedures,
  3. Errors, either intentional or otherwise,
  4. Inadequate information and absence of required flows,
  5. Unsuitable technology supports,
  6. Communication gap or failure,
  7. Lack of leadership, and 
  8. Excessive and unreasonable incentives.

Indicators of Risk:

Risks very rarely occur as accidents. There are symptoms that indicate the possibility of risk. These indicators can be used to take pre-emptive actions. These actions may not eliminate the risks, but they would at least facilitate to minimize their impact.

  1. Lack of supervision of lending/investment activities by designated officers.
  2. Lack of specific lending or treasury policies or failure to enforce the existing policies.
  3. Lack of code of conduct or failure to enforce existing code.
  4. Dominant figure allowed to exerting influence without re­straint.
  5. Lack of separation of duties.
  6. Lack of accountability.
  7. Lack of written policies and/or internal controls.
  8. Circumvention of established policies and/or controls.
  9. Lack of independent members of management and / or Board.
  10. Entering into transactions where the institution lacks exper­tise.
  11. Excessive growth through low quality loans.
  12. Unwarranted concentrations.
  13. Volatile sources of funding such as short-term deposits from out of area brokers.
  14. Too much emphasis on earnings at the expense of safety and soundness.
  15. Compromising credit policies.
  16. High rate high risk investments.
  17. Underwriting criteria allowing high risk loans.
  18. Lack of documentation or poor documentation.
  19. Lack of adequate credit analysis.
  20. Failure to properly obtain and evaluate credit data, collat­eral, etc.
  21. Failure to properly analyze and verify financial statement data.
  22. Too much emphasis on character and collateral and not enough emphasis on credit.
  23. Lack of proper mix in asset portfolio.
  24. Unresolved exceptions or frequently recurring exceptions on exception reports.
  25. Out of balance conditions.
  26. Funds used for purposes other than the purpose recorded.
  27. Lax policies on payment of checks against uncollected funds.
  28. The institution is a defendant in a number of lawsuits alleging improper handling of transactions.
Bangalore University B.com Notes

Pure Risk and Speculative Risk

indiafreenotesby indiafreenotes0

Pure Risk

There are only two possibilities; something bad happening or nothing happening. It is unlikely that any measurable benefit will arise from a pure risk. The house will enjoy a year with nothing bad occurring or there will be damage caused by a covered cause of loss (fire, wind, etc.). Predicting the outcomes of a pure risk is accomplished (sometimes) using the law of large numbers, a prior data or empirical data. Pure risk, also known as absolute risk, is insurable.

Pure risk is a type of risk that cannot be controlled and has two outcomes: complete loss or no loss at all. There are no opportunities for gain or profit when pure risk is involved.

Pure risk is generally prevalent in situations such as natural disasters, fires, or death. These situations cannot be predicted and are beyond anyone’s control. Pure risk is also referred to as absolute risk.

Pure risk examples

Personal risks affect individuals and involve losing or reducing personal assets. For example, unemployment is a pure risk resulting in financial loss when income and benefits are taken away. There are numerous other types of personal, pure risks, however: Poor health runs the risk of large medical bills, and the risk of an unforeseen, permanent disability could end a person’s career and, as a result, dramatically reduce their income. The pure risk of premature death also impacts the deceased family members who might struggle to pay household bills if the breadwinner unexpectedly dies.

Pure risk to property includes fires, wind damage, flooding and other natural disasters that cause damage to personal belongings.

Liability risks are also considered pure risks and pertain to potential litigation against a person or organization. For example, a homeowner could be sued by a person who slipped on their walkway for medical expenses, lost income or other damages.

Types of Pure Risk

Personal risks directly affect an individual and may involve the loss of earnings and assets or an increase in expenses. For example, unemployment may create financial burdens from the loss of income and employment benefits. Identity theft may result in damaged credit, and poor health may result in substantial medical bills, as well as the loss of earning power and the depletion of savings.

Property risks involve property damaged due to uncontrollable forces such as fire, lightning, hurricanes, tornados, or hail.

Liability risks may involve litigation due to real or perceived injustice. For example, a person injured after slipping on someone else’s icy driveway may sue for medical expenses, lost income, and other associated damages.

Insuring Against Pure Risk

Unlike most speculative risks, pure risks are typically insurable through commercial, personal, or liability insurance policies. Individuals transfer part of a pure risk to an insurer. For example, homeowners purchase home insurance to protect against perils that cause damage or loss. The insurer now shares the potential risk with the homeowner.

Pure risks are insurable partly because the law of large numbers applies more readily than to speculative risk. Insurers are more capable of predicting loss figures in advance and will not extend themselves into a market if they see it as unprofitable.

Speculative Risk

Unlike pure risk, speculative risk has opportunities for loss or gain and requires the consideration of all potential risks before choosing an action. For example, investors purchase securities believing they will increase in value.

But the opportunity for loss is always present. Businesses venture into new markets, purchase new equipment, and diversify existing product lines because they recognize the potential gain surpasses the potential loss.

Speculative risk is a category of risk that, when undertaken, results in an uncertain degree of gain or loss. All speculative risks are made as conscious choices and are not just a result of uncontrollable circumstances. Since there is some chance of either a gain or a loss, speculative risk is the opposite of pure risk, which is the possibility of only a loss and no potential for gain.

Almost all investment activities involve some speculative risks, as an investor has no idea whether an investment will be a blazing success or an utter failure. Some assets such as an options contract carry a combination of speculative risk and risk that you can hedge.

Some investments are more speculative than others. For example, investing in government bonds has much less speculative risk than investing in junk bonds because government bonds have a much lower risk of default. In many cases, the greater the speculative risk, the higher the potential for profits or returns on the investment.

Examples of Speculative Risk

Most financial investments, such as the purchase of stock, involve speculative risk. It is possible for the share value to go up, resulting in a gain, or go down, resulting in a loss. While data may allow certain assumptions to be made regarding the likelihood of a particular outcome, the outcome is not guaranteed.

Sports betting also qualifies as having speculative risk. If a person is betting on which team will win a football game, the outcome could result in a gain or loss, depending on which team wins. While the outcome cannot be known ahead of time, it is known that a gain or loss are both possible.

If you buy a call option, you know in advance that your maximum downside risk is the loss of the premium paid if the options contract expires worthless. At the same time, you do not know what your potential upside gain will be since nobody can know the future.

On the other hand, selling or writing a call option carries unlimited risk in exchange for the premium collected. However, some of that speculative risk can be hedged with other strategies, such as owning shares of the stock or by purchasing a call option with higher strike price. In the end, the amount of speculative risk will depend on whether the option is bought or sold and whether it is hedged or not.

Pure vs. speculative risk

While pure risk is beyond human control and can only result in a loss if it occurs, speculative risk is taken on voluntarily and can result in either a profit or loss. Speculative risks are undertaken through a conscious choice, and they are considered a controllable risk. Almost all financial investment activities, for example, are considered speculative risk because they ultimately result in an unknown amount of success or failure.

Betting on sports is also considered a speculative, controllable risk. A person betting on an NFL game could see either a financial gain or financial loss from the bet, depending on which team wins. Unlike pure risk that will only result in a loss, betting on the game could result in either a gain or a loss for the person undertaking the bet, or in this case, the risk.

Bangalore University B.com Notes

Limitations, Advantage and Disadvantage of Risk Management

indiafreenotesby indiafreenotes0

Risk assessment is one method in a much broader field of risk management. Risk assessment is a process that does not result in a fixed final answer. It is impossible to determine the true magnitude and extent of any actual contamination at a site.

Advantages or Benefits of Risk Management Process

Risk management process is considered as an important discipline that the business has in its recent times.

Many organizations tend to realize the advantages of enterprise risk management. Following are a few benefits of risk management in projects:

  1. Benefits of risk identification

Risk identification helps in fostering the vigilance in times of discipline and calm at the times of crisis. It implies all the risks in prior that are most likely to happen and are planned to execute without any assumptions that run.

These positive risks are often held upon most of the occurrences. It helps in opportunity risks so as to be aware of the forthcoming issues.

  1. Benefits of risk assessment

It focuses on the identified tasks on assisting the impact of business or projects. This phase focuses on the ideas that are discussed among the stakeholders. It has the greatest advantage of dealing with the points that are finalized with more possible solutions.

It has a sense of all views that turns into accountability of each and every social life. Participation in these kinds of assessments will help one to tackle his/her risks. It promotes organizational culture.

  1. Treatment of risks

It helps in treating one’s own risks that are the subsets of implementing a plan. It has internal compliance that is brought and mitigated towards the forsaken actions.

Its opportunity falls in the lack of preparation and even more realized upon the profitable data that relieves through internal controls.

  1. Minimization of risks

The risks that are handled within the given assessments plans are foreseen within the business functions. It enables one to speed up the data to change policies and contingencies that are made successful within the mapped business functions.

Here the cost-beneficial analysis is to be revised within the ownership of risks. It focuses on the change of policies within the detailed structural behavior.

  1. Awareness about the risks

Here the terms that are noticed will create awareness among the scheduled terms of risks that are a successful analysis and evaluation of exercising the modules of risks.

It enables one to concentrate on the risk treatments within the lessons learned and are scheduled into lack of preparation. It has subsequent phases regarding each module within the identified data.

  1. Successful business strategies

Risk management strategy is not a one-time activity and the grade points are finalized within the recent status. It has different stages that modulate to lack of preparation, planning and successful implementations of all the plans.

It has the operational efficiency that is realized upon the mitigation of negative risks. It has contingent policies over the preparation of business in the measures of treatment.

  1. Saving cost and time

It threats to the task that is completed over the projects and the other business strategies.

It always results in saving the costs that are consolidated within the items that are practiced. It prevents wastage and makeup time for firefighting.

  1. New opportunities

The opportunities that are emerging are held within the new ways of communicating on the unravel issues.

It has a collective and least significant part that matches with most of the scenarios. It prepares for future endeavors and the related exhaustive efforts as inputs.

  1. Harvesting knowledge

Here one must try to spend the knowledge about the stakeholder’s experience of the preemptive approach that is made applicable for the unprepared threats towards the knowledge gained and this provides a template to face the readymade risks.

It has successive plans that are indulged from the start till the collective knowledge.

  1. Protecting resources

The risk management plans and policies under help in protecting the resources of the organization. This helps in promoting the resources instead of using them illegally.

It also equips safety among the adaptive changes to the staff alternatives and is bundled together with the other resources. It builds production plans and alternative plans for the process of re-routing.

  1. Improvement in credit ratings

The improvement in credit ratings evolves numerous agencies that support the accomplished tasks resulting in lower budget investments.

It has capital volatility that translates the greater confidence issues, particularly with the stakeholders. It aims at building multiple business aspects that have tangible benefits.

  1. Regulatory compliances

This framework helps in meeting regulatory needs. It performs and measures risk management. This improvement helps in attaining higher credit aspects.

It also derives higher efficiency towards the capital volatility and even the rating metrics that are assigned to the compensated business plans. It translates into greater confidence of improved stakeholders that are made applicable within the insured business.

  1. Values shareholders

It aims at the borrowing capacity of the shareholder that has significant effort within the management and assumes the determinant roles that the company can extend to.

It has the exact decision-making process within the current models and also the expected regulatory recruitment.

  1. Possibilities of risks

It dictates the clear possibilities of risk that are managed within the severity or impact of the organization that is updated to own risk strategies. It has an insight of real balance sheets that supports the culture of risk management.

It modulates the designed data and even the approach towards the compatible and the insight of balancing. It supports all the ordinary requirements of a plan.

  1. Faster competition

When the organization contributes to different levels of budgets with the people of various skills set, the commitment towards the work will be more.

It achieves competitive advantage on the logic schedules that are better. It has the deepest level of managing risks. These competitions are managed within the up and downs of an entire life.

  1. Provides support

It provides support to the organization that is handled between both the chances of achieving and losing the financial plans.

Here the benefits of financial risk management are uninformed at both the level of improving chances to make the acquisition of achieving a potential breakthrough in the supply chain. It has concentrated support of the chances of achieving the pre-planned financial activities.

  1. Identification of risks

A risk management system helps in identifying the risks that have a precise network to determine the optimal management of risks. It has the maximized opportunity of the risks that are relevant in implementing the guidance provided.

It has holistic support from the entire organization when the risks are identified. It will become streamlined and efficient within the complex elements.

  1. Provides guidance

It provides prior guidance about the framework that is enabled within the experience and assessing the risks that are modeled within the strategies of risk.

It has the development of advanced risk management techniques that are interrelated within the consequences of the gained knowledge and the other risks.

  1. Identification of possible threats

This identification provides compensatory mundane activities that aim at motivating the employees to gather information about the consequent changes.

It spends time on the research and development of the execution of maintenance strategies. It accustoms the employees within the persuaded timing.

  1. Reduces impact and loss

Risk management has more defined proceedings when there is a pre-planned schedule or loss of the object. It contributes a part to stress and worry. The complexity matters when they are gathered.

Here it ensures the organization with all possible outcomes of the independent and objective assessments that are analyzed on taking challenges.

  1. Stability of earnings

The business operations that are held within the next operation level will concentrate more on the scheduled amount of data.

It reduces the impact of business activities. Employees will be retrenched so as to keep in the comfort zone.

  1. Managing strategic plans

Managing risks has the strategic plans that are related to the plans that are most used in various strategic plans. This manages the data that depends on most of the resources that are linked to the migration defined data.

It reflects on the generated data that manages most of the generated cash flows that are in adverse situations.

  1. Handling previous projects

If the analyzing of risk is done correctly in the previous stages, then it can be moved without processing the detailed information along various channels of risks. This memory can be held to unfold the future risks that are conflicted within the schematic schedule.

It enlarges new risk towards the competitors that are managed within the forbidden strategies.

  1. Nurturing risks

Each possibility of the risks will be accompanied by the different logics that can compensate within the rigid comparisons and the choices made defining the aligned decision-makers of each project. This requires well-trained operators so as to optimize the situations of risks.

  1. Collaborated work

Risks focus payoff and even to yield the profit. Sometimes the mistakes done can also be productive. It manages the possibility to perform tasks with organizational behavior.

Here managers are encouraged to focus on the risks that can be defined as exploitable challenging proposals.

Disadvantages of Risk Management Process

Managing the risks provides the waste of time to compensate for the projects. It persuades the projects that reciprocate to improve the funds in the company. It is spent on the research and development of the allocated issues that hold to ensure project management.

  1. Complex calculations

Risk management involves complex calculations in terms of managing risks. Without the automatic tool, each and every calculation regarding risks becomes difficult.

  1. Unmanaged losses

If the organization meddles with a loss, then that pay will be delivered to the pay loss of the firm.

Here, the organization is responsible for the loss that happened due to improper schedule about risk management.

  1. Ambiguity

Even if the ambiguity is out of loss then people have to cover it within the planned scale of losses of the discounts and even the consideration into unnecessary insurance discounts.

  1. Depends on external entities

Managing risks depends on the external entities that are modulated within the organization, usually depends on the external data.

It includes all the dependent information about the risks regarding other valid resources. The transferable resources depend on the external entities that tend to have data.

  1. Mitigation

Usually, mitigation guarantees losses of the concealed impairment of money which may cause improper management of risks. This leads to unsafe acceptance of data within rare company losses.

  1. Difficulty in implementing

Risk management takes a long time to gather information regarding strategic plans. It has universal standards that are mitigated and accepted according to the monetary values.

It matches with a hard understanding without recent experience without compensation of the required quantity of data.

  1. Performance

Since the risk management can be processed only with subjectivity, it holds on the control of prospects within each issue. It can be identified with the difficult implementation of controls.

It manages the cost-benefits analysis that is not implemented. This process concentrates more on the implementation of controls.

  1. Potential threats

These potential threats are to be maintained carefully so as to organize and disappear from the market. This implementation reduces the level of risk and proportionally increases the control over it.

Any kind of process will have its own limitations and benefits of project risk management. Thus to build an effective risk management one has to focus on the mitigated strategic plans of risks that are effective on the risk-takers. It is to identify the maximum of the entire management to overcome forthcoming dangers.

Risk management becomes the major case when the organization has targeted results apart from potential threats, damages, and vulnerabilities.

Bangalore University B.com Notes

Various Means of Managing Risk

indiafreenotesby indiafreenotes0

Risk Management is the process of identifying, assessing, and controlling threats to an organization’s capital and earnings. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents, and natural disasters. IT security threats and data-related risks, and the risk management strategies to alleviate them, have become a top priority for digitized companies. As a result, a risk management plan increasingly includes companies’ processes for identifying and controlling threats to its digital assets, including proprietary corporate data, a customer’s personally identifiable information (PII) and intellectual property.

All risk management processes follow the same basic steps, although sometimes different jargon is used to describe these steps. Together these 5 risk management process steps combine to deliver a simple and effective risk management process.

Step 1

Identify the Risk. You and your team uncover, recognize and describe risks that might affect your project or its outcomes. There are a number of techniques you can use to find project risks. During this step you start to prepare your Project Risk Register.

Step 2

Analyze the risk. Once risks are identified you determine the likelihood and consequence of each risk. You develop an understanding of the nature of the risk and its potential to affect project goals and objectives. This information is also input to your Project Risk Register.

Step 3

Evaluate or Rank the Risk. You evaluate or rank the risk by determining the risk magnitude, which is the combination of likelihood and consequence. You make decisions about whether the risk is acceptable or whether it is serious enough to warrant treatment. These risk rankings are also added to your Project Risk Register.

Step 4

Treat the Risk. This is also referred to as Risk Response Planning. During this step you assess your highest ranked risks and set out a plan to treat or modify these risks to achieve acceptable risk levels. How can you minimize the probability of the negative risks as well as enhancing the opportunities? You create risk mitigation strategies, preventive plans and contingency plans in this step. And you add the risk treatment measures for the highest ranking or most serious risks to your Project Risk Register.

Step 5

Monitor and Review the risk. This is the step where you take your Project Risk Register and use it to monitor, track and review risks.

Risk is about uncertainty. If you put a framework around that uncertainty, then you effectively de-risk your project. And that means you can move much more confidently to achieve your project goals. By identifying and managing a comprehensive list of project risks, unpleasant surprises and barriers can be reduced and golden opportunities discovered. The risk management process also helps to resolve problems when they occur, because those problems have been envisaged, and plans to treat them have already been developed and agreed. You avoid impulsive reactions and going into “fire-fighting” mode to rectify problems that could have been anticipated. This makes for happier, less stressed project teams and stakeholders. The end result is that you minimize the impacts of project threats and capture the opportunities that occur.

Preventable Risks

These are internal risks, arising from within the organization, that are controllable and ought to be eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, illegal, unethical, incorrect, or inappropriate actions and the risks from breakdowns in routine operational processes. To be sure, companies should have a zone of tolerance for defects or errors that would not cause severe damage to the enterprise and for which achieving complete avoidance would be too costly. But in general, companies should seek to eliminate these risks since they get no strategic benefits from taking them on. A rogue trader or an employee bribing a local official may produce some short-term profits for the firm, but over time such actions will diminish the company’s value.

This risk category is best managed through active prevention: monitoring operational processes and guiding people’s behaviors and decisions toward desired norms. Since considerable literature already exists on the rules-based compliance approach, we refer interested readers to the sidebar “Identifying and Managing Preventable Risks” in lieu of a full discussion of best practices here.

Strategy Risks

A company voluntarily accepts some risk in order to generate superior returns from its strategy. A bank assumes credit risk, for example, when it lends money; many companies take on risks through their research and development activities.

Strategy risks are quite different from preventable risks because they are not inherently undesirable. A strategy with high expected returns generally requires the company to take on significant risks, and managing those risks is a key driver in capturing the potential gains. BP accepted the high risks of drilling several miles below the surface of the Gulf of Mexico because of the high value of the oil and gas it hoped to extract.

Strategy risks cannot be managed through a rules-based control model. Instead, you need a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain the risk events should they occur. Such a system would not stop companies from undertaking risky ventures; to the contrary, it would enable companies to take on higher-risk, higher-reward ventures than could competitors with less effective risk management.

External Risks

Some risks arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters and major macroeconomic shifts. External risks require yet another approach. Because companies cannot prevent such events from occurring, their management must focus on identification (they tend to be obvious in hindsight) and mitigation of their impact.

Companies should tailor their risk-management processes to these different categories. While a compliance-based approach is effective for managing preventable risks, it is wholly inadequate for strategy risks or external risks, which require a fundamentally different approach based on open and explicit risk discussions. That, however, is easier said than done; extensive behavioral and organizational research has shown that individuals have strong cognitive biases that discourage them from thinking about and discussing risk until it’s too late.

Classification of Risks in Banking sector

     

  1. Credit Risk

  • Credit risks involve borrower risk, industry risk and portfolio risk. As it checks the creditworthiness of the industry, borrower etc.
  • It is also known as default risk which checks the inability of an industry, counter-party or a customer who are unable to meet the commitments of making settlement of financial transactions.
  • Internal and external factors both influences credit risk of bank portfolio.
  • Internal factors consist of lack of appraisal of borrower’s financial status, inadequate risk pricing, lending limits are not defined properly, absence of post sanctions surveillance, proper loan agreements or policies are not defined etc.
  • Whereas external factor comprises of trade restrictions, fluctuation in exchange rates and interest rates, fluctuations in commodities or equity prices, tax structure, government policies, political system etc.

How banks manage this risk?

  • Top management consent or attention should be received in order to manage the credit risk.
  • Credit Risk Management Process include:
  1. In a loan policy of banks, risk management process should be articulated.
  2. Through credit rating or scoring the degree of risk can be measured.
  3. It can be quantified through estimating expected and unexpected financial losses and even risk pricing can be done on scientific basic.
  • Credit Policy Committee should be formed in each bank that can look after the credit policies, procedures and agreements and thus can analyze, evaluate and manage the credit risk of a bank on a wide basis.
  • Credit Risk Management consists of many management techniques which helps the bank to curb the adverse effect of credit risk. Techniques includes: credit approving authority, risk rating, prudential limits, loan review mechanism, risk pricing, portfolio management etc.

  1.  Market Risk 

  • Earlier, majorly for all the banks managing credit risk was the primary task or challenge.
  • But due to the modernization and progress in banking sector, market risk started arising such as fluctuation in interest rates, changes in market variables, fluctuation in commodity prices or equity prices and even fluctuation in foreign exchange rates etc.
  • So, it became essential to manage the market risk too. As even a minute change in market variables results into substantial change of economic value of banks.
  • Market risk comprises of liquidity risk, interest rate risk, foreign exchange rate risk and hedging risk.

How banks manage this risk?

  • The major concern for the top management of banks is to manage the market risk.
  • Top management of banks should clearly articulate the market risk policies, agreements, review mechanisms, auditing & reporting systems etc. and these policies should clearly mention the risk measurement systems which captures the sources of materials from banks and thus has an effect on banks.
  • Banks should form Asset-Liability Management Committee whose main task is to maintain & manage the balance sheet within the risk or performance parameters.
  • In order to track the market risk on a real time basis, banks should set up an independent middle office.
  • Middle office should consist of members who are market experts in analyzing the market risk. The experts can be: economists, statisticians and general bankers.
  • The members of Middle office should be separated from treasury departments or in daily activities of treasury department.

  1. Operational Risk

  • For a better risk management practice, it has become essential to manage the operational risk.
  • Operational risk arise due to the modernization of banking sector and financial markets which gave rise to structural changes, increase in volume of transactions and complex support systems.
  • Operational risk cannot be categorized as market risk or credit risk as this risk can be described as risk related to settlement of payments, interruption in business activities, legal and administrative risk.
  • As operational risk involves risk related to business interruption or problem so this could trigger the market or credit risks. Therefore, operational risk has some sort of linkages with credit or market risks.

How banks manage this risk?

  • There is no uniform approach in measuring the operational risk of banks. Till date simple and experimental methods are used but foreign banks have introduced some advance techniques to manage the operational risk.
  • For measuring operational risk, it requires estimation of the probability of operational loss and also potential size of the loss.
  • Banks can make use of analytical and judgmental techniques to measure operational risk level.
  • Risk of operations can be: audit ratings, data on quality, historical loss experience, data on turnover or volume etc. Some international banks has developed rating matrix which is similar to bond credit rating.
  • Operational risk should be assessed & reviewed at regular intervals.
  • For quantifying operational risk, Indian banks have not evolved any scientific methods and are using simple benchmark system which measures business activity.
error: Content is protected !!