FIN 110 NOTES

Chapter I: Introduction Concept of Risk

Definition of Risk
Two categories in which risks are expressed
1. By means of probabilities and expected values
2. Through events or consequences and uncertainties
Risk Is an Event wherein the outcome Is uncertain
Exposes something or someone in danger, harm, liability or loss.
A future event that may effect the mission objective/success of an organization.

Risks exist independently of our perceptions and our knowledge claims, subjective
judgments, about what is at risk and how likely a risk will be realized.

Events and consequences are subject to uncertainties.

Certainty is elusive while uncertainty and risk are pervasive.

Uncertainty is having two potential outcomes for an event or situation

Properties of Risk
I.

It accommodates both undesirable and desirable outcomes

-Accommodating both undesirable and desirable outcomes is a requirement for
any definition of risk.
-Consequences

II.

It addresses uncertainties instead of probabilities and expected values

-Probability is a common tool to express uncertainty, but the transformation of
knowledge to probabilities is not straightforward
-Uncertainties exist without specifying probabilities

III.

It addresses outcome stakes instead of specific consequences

Type of Risk Problems: Simplicity, Complexity, Uncertainty and Ambiguity

Simplicity
o Characterized by situations and problems with low complexity, uncertainties
and ambiguities.
o Examples: car accidents, smoking, and natural disasters etc.
Complexity
o Refers to the difficulty of identifying and quantifying casual links between a
multitude of potential casual agents and specific effects.
o traced back to interactive effects among these candidates (synergisms and
antagonisms), positive and negative feedback loops, long delay periods
between cause and effect, inter-individual variation, intervening variables, and
others

 Uncertainty
o Refers to the difficulty of predicting the occurrence of events and/or their
consequences based on incomplete or invalid data bases, possible changes of
the causal chains and their context conditions, extrapolation methods when
making inferences from experimental results, modeling inaccuracies or
variations in expert judgments.
o Examples : natural disasters (such as earthquakes), possible health effects of
mass pollutants, acts of violence such as terrorism and sabotage
o Models
Can be reduces by improving our knowledge and our models
uncertainty remains fuzzy about the time, the exact location and/or the
persons who will suffer
Ambiguity
o Refers to different views related to:
o The relevance, meaning and implications of the basis for the decision making
(interpretative ambiguity)
o The values to be protected and the priorities to be made (normative ambiguity)
o ambiguity exists on the ground of differences in criteria or norms to interpret
or judge a given situation
Normative Ambiguity
o raises the question about the tolerability of the risk
o Example: genetically modified organisms (GMO) encounter a high level of
opposition in the area of food, but are widely accepted in the area of medical
applications, because they are associated with the hope for great benefits.
Systemic Risks
o These are risks that affect the systems on which the society depends (health,
transportation, environment, telecommunications etc.)
o Are at the cross-roads between natural events, economic, social and
technological developments and policy driven actions both domestic
and
the international level
Basic Concepts of Risk Management

Risk Management
o Prevents, reduces or alters the consequences of an uncertain event
o Identifies and explores the consequences related to a hazard or threat
The Evolution of Risk Management: Enterprise Risk Management

Credit Crisis (2008-2009)

o

Also known as the global financial crisis.

The event wherein it threatened large financial institutions towards an

unexpected downfall.

It also led to drop of prices in the stock market worldwide.

Caused by risky and complex financial products.

 Enterprises Risk Management (ERM)

o

The process wherein risk evaluation is done to help in forming rational

decisions concerning the business transactions and operations of the company.

How do we evaluate activities in terms of losses and gains within the

firms main goal of value maximization?

Enterprise Risk Management within Firm Goals

o

Traditionally, the drive for the firm to maximize value referred to the drive to
maximize stockholders wealth.

However, most people now believe that firms must satisfy the needs of all the
stakeholdersincluding employees and their families, the public at large,
customers, creditors, the government, and others.

Enterprise Risk Management within Firm Goals

o

These newly considered values are the hidden good will values that are
necessary in a companys risk management.

A firms brand equity entails the value created by a company with a good
reputation and good products.

Maximization of Firms Value for Sustainability

o

Sustainability, in a broad sense, is the capacity to maintain a certain process or

state.

In an ecological context, sustainability can be defined as the ability of an

ecosystem to maintain ecological processes and functions.

To be sensible, the firm must add a long-term perspective to its goals to

include sustainable value maximization.

How Risk Managers Can Maximize Values

o

The individual concerned with the organizations ERM strategy is often given
the position chief risk officer (CRO).

They are responsible for the risk assessment necessary for every decisions and
actions that the firm might take.

Their recommended course of action should always bring benefit to the firms
value and goals.

Risk management process

Objectives of risk management
Risk management starts with a review of all relevant information, particularly from:

Combined Risk Appraisal

o

Risk Assessment

A risk assessment is a methodology to determine the nature and extent

of risk

Concern Assessment

Address affects and changes to the socio-economic environment,

positive or negative, that wholly or partially results from the risks

Based on risk perception studies, economic impact assessments and the

scientific characterization of social responses to the risk source

Judgement

Made in the phase of risk characterization and evaluation

o

Aims at making judgement about risk acceptability and/or

tolerability

3 potential outcomes:

Unanimity- all relevant actors agree with how a given risk situation should be
qualified

Situation of conflict- major actors challenge the classification undertaken by others

The degree of controversy is one of the drivers for selecting the

appropriate instruments for risk prevention or risk reduction.

For a systematic analysis of the risk management process, it is advisable

to focus on tolerable risks and those where tolerability is disputed;

Intolerable risks - tolerable but highly disputed risks

risk managers should opt for prevention strategies as a means of replacing the
hazardous activity with another activity, leading to identical and similar benefits. One should
first make sure, however, that the replacement does not introduce more risks or more
uncertainties than the agent it replaces.

Acceptable risks - , it should be left to private actors to initiate additional risk

reduction or to seek insurance for covering potential but acceptable losses

Tolerable risk - tolerable or acceptable,

risk management needs to design and implement actions that make these risks
acceptable over time if this not be feasible, then risk management, aided by

communication, needs at least to credibly convey the message that major

effort is undertaken to bring these risks closer to being acceptable
Steps of Risk Management
Generic risk management options include

Risk avoidance,
either selecting a path that does not touch on the risk or taking action in
order to fully eliminate the risk

Risk transfer
deals with ways of passing the risk on to a third party

Self-retention.
o

management option essentially means taking an informed decision to do

nothing about the risk and to take full responsibility both for the decision and
any consequences occurring thereafter

Risk reduction
o

can be accomplished by many different means:

Risk reduction

Technical standards and limits- that prescribe the permissible threshold of

concentrations, emissions, take-up or other measures of exposure

Performance standards - for technological and chemical processes, such as minimum

temperatures in waste incinerators

Technical prescriptions- referring to the blockage of exposure (e.g. via protective

clothing) or the improvement of resilience (e.g. via immunization or earthquake
tolerant constructions)

Governmental economic incentives-, including taxation, duties, subsidies and

certification schemes

Third-party incentives (i.e. private monetary or in-kind incentives)

Compensation schemes (monetary or in kind)

Insurance and liability

Co-operative and informative options-, ranging from voluntary agreements to

labelling and education programs

Can be used individually or in combination in order to accomplish even more effective

risk reduction

Options for risk reduction can be initiated by private and public actors or both
together

ALARP-principle

Expressing that risk should be reduced to a level that is as low as reasonably

practicable.

based on reversed burden of proof, which means that an identified measure, should
be implemented unless it cannot be documented that there is an unreasonable
disparity (gross disproportion) between costs/disadvantages and benefits.

. As a rule, in a risk assessment context, suggestions for measures always arise, but
often a systematic approach for the generation of these is lacking, and in many cases,
the measures often lack ambitions.

On the basis of existing solutions (base case), identify measures that

can reduce the risk by, for example, 10, 50, and 90%.

Specify solutions and measures that can contribute to reaching these

levels.

*The solutions and measures must then be assessed prior to making a

decision on possible implementation. Although expressed by numbers,
the assessments need not express risk on a precise scale. The important
point here is to generate measures with a certain magnitude of risk
reducing effect

Assessment of Risk Management Options with Respect to Predefined Criteria

Each of the options will have desired and unintended consequences which relate to the risks
that they are supposed to reduce. In most instances, an assessment should be conducted
according to the following criteria:

Effectiveness: does the option achieve the desired effect?

Efficiency: does the option achieve the desired effect with the least resource
consumption?

Minimization of external side effects: does the option infringe upon other valuable
goods, benefits or services, such as competitiveness, public health, environmental
quality, social cohesion, etc.? Does it impair the efficiency and acceptance of the
governance system itself? 8.2 Steps of Risk Management 123

Sustainability: does the option contribute to the overall goal of sustainability? Does it
assist in sustaining vital ecological functions, economic prosperity and social cohesion?

Fairness: does the option burden the subjects of regulation in a fair and equitable
manner?

Political and legal implementation: is the option compatible with legal requirements
and political programs?

Ethical acceptability: is the option morally acceptable?

Public acceptance: will the option be accepted by those individuals who are affected
by it? Are there cultural preferences or symbolic connotations that have a strong
influence on how the risks are perceived?

*Measuring management options against these criteria may create conflicting messages
and results. Many measures that prove to be effective may turn out to be inefficient or
unfair to those who will be burdened. Other measures may be sustainable, but not
accepted, by the public or important stakeholders.

Evaluation of Risk Management Options

this step integrates the available evidence on how the options perform in terms of the
evaluation criteria with a value judgement about the relative weight that each
criterion should be assigned

Ideally, the evidence should come from experts and the relative weights from
politically legitimate decision makers

In practical risk management, the evaluation of options is conducted in close

cooperation between experts and decision-makers

*As pointed out later, this is the step where direct stakeholder involvement and public
participation are particularly important, and it is therefore best ensured by making
use of a variety of methods

Selection of Risk Management Options

a decision has to be made as to which options are selected and which rejected.

This decision is obvious if one or more options turn out to be dominant (relatively
better on all criteria)

Otherwise, trade- offs have to be made that require legitimization

A legitimate decision can be made on the basis of formal balancing tools (such as cost
benefit or multi-criteria decision analysis), by the respective decision-makers or in
conjunction with participatory procedures.

Implementation of Risk Management Options

It is the task of risk management to oversee and control the implementation process.

implementation is delegated

the risk management team has the implicit mandate to supervise the implementation
process or at least to monitor its outcome.

Monitoring of Option Performance

refers to the systematic observation of the effects of the options once they are
implemented.

The monitoring system should be designed to assess intended, as well as unintended,

consequences.

the monitoring phase should also provide new information on early warning signals for
both new risks and old risks viewed from a fresh perspective.

occasionally the assessment of different options requires new options to be created in

order to achieve desired results.

In other cases, the monitoring of existing rules affects the decision to add new criteria
to the portfolio.
CRISIS MANAGEMENT

Key issues

Crisis Management

Crisis management is the process by which an organization deals with a major unpredictable
event that threatens to harm the organization, its stakeholders, or the general public

crisis mindset

Requires the ability to think of the worst-case scenario while simultaneously

suggesting numerous solutions.

Trial and error is an accepted discipline, as the first line of defense might not work. It
is necessary to maintain a list of contingency plans and to be always on alert.

Elements of a Crisis

Three elements are common to most definitions of crisis:

(a) a threat to the organization,
(b) the element of surprise,
(c) a short decision time
(d) a need for change

Crisis management - 1

Crisis management consists of:

Methods used to respond to both the reality and perception of crises

Establishing metrics to define what scenarios constitute a crisis and should

consequently trigger the necessary response mechanisms.

Communication that occurs within the response phase of emergency management

scenarios
Types of Crises

Natural disasters natural phenomena

Technological Crises complex technology; something goes

wrong in the system

Malevolence Crises criminal means of getting something

Confrontation fighting businesses

Organizational misdeeds takes action that will harm the

company

Workplace violence physical violence against other employees

Rumors false information about an organization hurting its reputation

Crisis Management

Types of crises of organizational misdeeds:

-

Crises of skewed management values

Crises of deception

Crises of management misconduct.

CRISIS LEADERSHIP

Sudden crisis circumstances that occur without warning.

Smoldering crisis begin as minor internal issues that, due to managers negligence,
develop to crisis status.

Crisis communication effort taken by an organization to communicate with public

and stakeholders when an unexpected event occurs that could have a negative impact
on the organization.
FIVE LEADERSHIP COMPETENCIES

Building an environment of trust

Reforming the organizations mindset

Identifying obvious and obscure vulnerabilities of the organization

Making wise and rapid decisions as well as taking courageous action

Learning from crisis to effect change.

Example of Successful Crisis Management

The Pepsi Corporation faced a crisis in 1993, which was successfully managed by the
company.
In 1993, claims of syringes being found in cans of diet Pepsi were made.

Pepsi released videos and made public, showing the production process to demonstrate
that such tampering was impossible within their factories.

Crisis was managed through effective communication.

Example of Unsuccessful Crisis Management

The Ford-Firestone Tire and Rubber Company dispute transpired in August 2000.

15-inch Wilderness AT, radial ATX and ATX II tire treads were separating from the tire
core leading to crashes Firestone recalled 6.5 million tires.

Three major blunders:

They blamed consumers for not inflating their tires properly.

They blamed each other for faulty tires and faulty vehicle design.

They said very little about what they were doing to solve a problem that had
caused more than 100 deaths.

role of risk management

Identify risks

Develop strategies to guard against risks

Execute strategies

Motivate members to cooperate in these strategies

Determine critical risks