Context of Risk

Management

What is Risk?
-

Uncertainty about the outcome of an event

The effect of uncertainty on objectives

The combination of the Probability of an

event and its consequences

What is Risk Management?

-

A process that organizations follow to

manage their risks.

Concerned with avoiding or limiting

undesirable consequences of possible
events.

Risk Professionals attempt to anticipate

misfortune and minimize its impact.

Risk Prone Vs. Risk Averse

Risk Prone : Enjoy and use risk

Risk Averse: Want to avoid risk
Some people are between two extremes

Risk and Consequence

Organizations Risks:- Organizations face a wide range of risk
- Within Organization

- Around the Organization

- Responsibilities and others

Risk Consequences
Understanding the Nature of Risk

- Could it happen?
- How bad would the loss or damage be?
- How often could it happen?

Strategy and Speculative Risk

-

Directors and Senior Managers make a

range of decisions;

Strategy Risk is concerned with this

decision making.

single Wrong
devastating;

Decision

may

be

Strategy and Speculative Risk

Speculative Risk is where someone
choose to place money or other resources
risk.
Examples:-

Investment risk

Start New operations

at

Operational Risk
Risk encountered
operational Risks.

daily

operations

are

Examples:
- Injury to person on Building

- Key

designer
house

suddenly

leave

fashion

Risk Management Standards

- Risk Management as a profession

twentieth century

began

in

- Currently UK Stock Exchange require new companies

to submit Risk Management reports.
- Professional Organizations have attempted to set Best
Practice Standards e.g ISO 2009, ISO 31000 etc

Relationship Between Risk &

Objectives of an Insurance
Company
Objectives and Plans:
- All Organizations have range of Objectives;

- Some are more crucial than others;

- Larger Organizations need some formal focus to
communicate common objectives;
- Risk Mangers will be more concerned with the
plans & objectives.

Relationship Between Risk &

Objectives of an Insurance
Company
Dependencies:
- Organizations have range of dependencies;

- Other organizations, resources or markets.

- Common set of dependencies are normally
stakeholders;
- Dependencies are changing with modernization of
Business.

Relationship Between Risk &

Objectives of an Insurance
Company
Errors and Deficiencies:
- Modern Business Model is different than that of
twenty years ago;
- It offers less margin for errors;
- Understanding this risk and it management is
critical.

Relationship Between Risk &

Objectives of an Insurance
Company

Reputation:

- Damage to the reputation may damage the future

of business;
- Sometime the greatest risk to achievement of
objectives will be from outside influences;
- Pressure group can influence reputation
- Government can impose regulations employees
resist change etc.

Relationship Between Risk &

Objectives of an Insurance
Company
Stakeholders:
- Employees
- Suppliers

- Customers and other Recipients of Service

- Distributors

- Regulations
- The Media

Relationship Between Risk &

Objectives of an Insurance
Company
Stakeholders: Cont'd

- Private Investors
- Banking Industry

- Quoted Shareholders
- Business Partners
- Environmental Group
- Other Groups

Relationship Between Risk &

Objectives of an Insurance
Company
Damage or Loss:
- People
- Assets
- Revenue and Cash Flow
- Legal Obligations

Organisational Risk
Damage:
An organisation has to consider the value and
responsibilities that it needs to safe from damage or
loss.
Safety of people;
Assets owned by the organisation and those assets
belonging to others for whom it carries;
The confidence in the business and thus the value of
brand name;

Organizational Risk
The avoidance of litigation costs;
The legality of the organization and compliance

with relevant regulators requirement; and

The operational ability to continue to manage the

organization effectively and deliver in time and

quality on promises and contract.

Organizational Risk
People:
In relation to it people organization needs

Safe Environment for protection from accident

and crime;
A safe environment that protect employees and

visitors from illness.

Organizational Risk
Assets:
Intellectual Assets;
The reputation of, and confidence in, the

organization;
The network of critical supplies;
The distribution system;
Customer Base.

Organizational Risk
Revenue and Cash Flows:
Financial control
Timely cash flow

Legal Obligations:
Regulatory and Licence approval
Contractual responsibilities
Environmental Responsibilities
Fines and Penalties emerging from criminal Law

Organizational Risk
Expenses arising from litigation by employees and
third parties
Other Statutory responsibilities.

The need for and Value of Risk

Management

Exploring Risks

Cost of Negligence

Death and injury

Loss of Money or other

Valuables
Loss of Physical Valuables

Loss of Intellectual Assets

Loss of Reputation, confidence and destruction of

brand values
Different organization needs

Global and Political Risks

Difference in National Risk: An organization cant

assume that culture and legal system overseas are

the same as in the home country.
There will be physical and environmental

difference in infrastructure and supporting

services and deference in custom and practice.
Risk Professionals need to thoroughly understand

international risk to absorb them into risk

management programs.

Arrangement of Insurance
Additional risks due to overseas working cannot
always be managed simply by additional insurance
or extensions to existing policies.
Such local regulatory demands could be ones
requiring certain compulsory insurance and may
insist that some business is placed in the local

insurance
Tailored solutions are available.

Uncovered Events
In countries with political, national or religious
instability an organization will have to be clear
what compensation, if any is available for damage

caused by riots, disturbances, civil war, terror

attacks and other generally mensurable events.
Relevant information on international security

risks should be sought from wide and varied

sources appropriate to the risk being evaluated.

Internal Management
Organization possibly suffer greater loss from
internal miss-managed risks.
Common Policies designed at head office are not

implemented abroad.
Threats arise from distance managers signing poor

contracts, not managing cash flow and controlling

product liability.
Threats of fraud and embezzlement or just

personal incompetence going undetected.

Control Transactions and

Interpretation
Part of risk management is Security of process ,
procedures and internal controls;
What one group people accept may be totally alien

to another, leading to different interpretation and

misinformation arriving at head office.
Properly designed IT system may help but also

threat in not lead properly.

Global Risks
Events and trends that potential global impact
are unknown as global risks.
Global trends such as population growth and

climate change affect everyone as resources

have to be shared and natural environment as
threatened.
Five categories of Risk are:-Economics,
environmental, Social, Technological,
Geopolitical.

Economic Risk

Financial issues that affect particular market sector or

global trading environments examples include:

Food Price Volatility

Oil Price Rises
Reduction of Chinese economics growth
Revaluation of the US Dollar
World banking crises
Assets price collapse.
Fiscal policy, market Reassessment and price structure can help to manage these
risks.

Global Environmental Risks

It can be Natural phenomena, Weather related or

man-made activity;

Large Earthquakes, droughts, flood air pollution and

biodiversity.

Private organization should follow local activities

which will determine their responsibilities and
liabilities in emergency situations and long term
precautions they may need.

Social Risks

Arise from the area with which people and ideas move around the
world.
Worldwide television, telephone, radio and internet coverage result in
movement of culture, expectations and standards.
Government try to control Malaria, smallpox, AIDS and other
pandemics.
They try to control migration with various controls and laws.

Technological Risk

Internet or satellite failure;

Result in breakdown of commercial distribution and customer
service facilities.
Relate to Data loss, data fraud on global scale.
'Millennium Bug' threatened to stop all the computers at century turn
is an example of technological risk.

Geopolitical Risk

Arise when a group of nation disagree, causing tension and the risk
of armed conflict;or where a particular nation's philosophy and
behavior is seen as a general threat to the other.
Example: Middle East Discontention of Palestine issue.
Solution would diplomacy, discussion and mediation.

The Risk Management Process

Establish the context

Identify Risks
Communication
Analysis Risks
Evaluate Risks

Monitor &
Review

Treat Risk

The Risk Management Process

Steps to manage Risk in more detail are as
follow:

Clarify the brief & context;

Understand what threats there are;
Understand the potential within those threats;
Understand the likely frequency;
Decide risk level;
Take action on acceptable Risk
Upgrade and maintain the risk level
Communicate information to all departments.

Steps of Risk Management

Developing Risk Management Philosophy:

The statement may define different levels of

perceived threat, likelihood and impact, each require
different responses.
A clear organization wide, risk management
philosophy enables individual risk work to be done
within framework of long-term objectives and decision
making.
It include how Risk is monitored, reported, role and
key responsibilities of key people involved and risk
management communication.

Write a Risk Policy Statement

A published document designed to communicate
the risk management philosophy that has
been developed.
Includes things as:

Role & objective of Risk management function

Statement of organizational attitude.

Risk culture

Risk appetite

Risk architecture

Risk assessment

Risk documentation

Write a Risk Policy Statement

Risk Mitigation
Monitoring of change
Risk Management Training
Allocation of responsibilities
Risk activities and priorities
Criteria for monitoring change
Risk mitigation requirements
Each organization have its own philosophy,
objectives,
strategy,
architecture
and
methods.Each will also have its own budget
requirements depending on employed resources.

Identify Risk

Risk do need to be identified formally.

Individual function managers are often best

able to understand what threats they carry.

The debate need to start with clear

objectives with a definition of the tasks and
contribution from all those that can add to
debate.

Analyze Risks

Once risk have been identified as existing

we need to analyze them.
Both likely frequency of the risk incident
happen and potential severity of damage
are relevant to these considerations.
There are tools to measure risk impact.
Risk policy statement continue to be the
foundation stone

Risk and Impact Control

Organizations have a number of choices

available when setting out to control an
unacceptable risk.
They can also prepare contingency plans
that will enable them to manage themselves
through an incident in a way that will avoid
unacceptable levels of damage.

Reducing the Risk

Prior to a loss occurring, an organization has

plenty of opportunity to reduce the chance of risk
incident happening.
Physical Control can include fire protection, health
& safety measurement, security controls,
duplication offsite of computer data etc.
Non-physical Controls can include effective staff
recruitment and other procedure that remove an
unacceptable concentration of people risk.
Throughout all these measures, employee
awareness and training are vital risk tools.

Retaining the Risk

An organization may consider that if a

particular risk incident occurs 'worst case'
damage would not be sufficient to divert
that organization from its objectives and
responsibilities.
Decision would be made to accept the
consequences if that risk incident were to
occur.

Transferring the Risk

Insurance is often first thought when

transferring the risk of financial loss.
An organization may create and fund a
different legal entity, Financial instruments
such as derivatives can also be used.
The directors, however, must still be
sensitive to the fact that the failure of the
counterparty may still leave unacceptable
exposure at their own door.
Some of risks such as safety of employees
can not be transferred.

Continuity Planning

A process whereby an organization will

anticipate an incident and then prepare
itself so that it can manage through the
consequences to the point that the incident
could not destroy the vital organs of that
organization.
Examples: Backing u data, storing backup
tapes offsite,
Continuity Planning can prepare for a range
of incidents.

Updating and Communication

Organizations stand still and neither do the

environment they operate in.
Consequently, all our risk management process
must recognize and plan for change.
Not all change will be significant of course, but
those that must be identified and their significance
evaluated.
Different organization will adopt different rules
and review periods according to their attitude to
risk and resources they are willing to deploy.

Quality Control

All organizations adopt some from of quality

control.
Large organizations arrange audit reporting etc.
In small organizations managers personally
assess the quality of work.
Where an organization has dedicated risk
professionals they too will interested in quality, to
assesses risk involved in failing to meet either
contractual or statutory requirement in products
and services supplied.
Organizations must establish effective internal
controls e.g ISO Compliance.