Risk Management

By Dr Safdar A Butt

What is Risk?

Risk arises from uncertainty; but all uncertainties do not carry risk. Possibility of an unfavorable outcome of an uncertainty is risk. Outcome of an uncertainty may even be favorable. Is that a risk? In certain cases, yes.

Why take risks?

Because you have to. Because it brings rewards. Risk Aversion

Risk Management Process

Risk Identification / Exposure Risk Assessment Selection of risk management techniques Implementation Review

Risk Identification

Risk profile of a company Formal listing of all potential risks. External professional help Risk is inevitable; however unfavorable consequences of risk can be controlled.

Degree of risk to be assumed

Classification of Risk

Production risk Price risk of inputs / outputs Reputational risk Project risk Environmental risk (weather) Political risk Economic conditions risk
6

Risk Assessment
Having listed all the potential risks, ask: How likely is it for any of these risks to actually materialize? What is the maximum possible loss that can arise from each of the listed situations? Can you stand that loss?
7

Risk Management Techniques

Risk avoidance Loss prevention and control

Internal controls

Risk retention Risk transfer

Risk Transfer Modes

Hedging Options Insurance Diversification

Implementing the Plan

Get quotes, find the best provider and create a contract. Keep reviewing the situation. Keep revising your risk profile. Keep a record of cost of risk transfer against benefits of risk transfer. Amend plans as necessary.
10

Board is responsible for protection of company assets. Board must work to improve shareholders value, which is not possible without taking some risks. Not taking risks may be the biggest risk.

Is risk management a Corporate Governance issue?

11

Risk Management Reporting

CC of CG requires: Audit Committees Report Boards Statement on Internal Controls

12

Audit Committees Report

List significance risks; how they are being identified, assessed and managed. Report on effectiveness of the systems put in place to manage these risks List of actions being taken to remedy significant failings or weaknesses Comment on need for greater monitoring of procedures

13

Boards Statement on Internal Control

Essentially it is about status of internal controls, e.g. There is an ongoing process for identifying, evaluating and managing significant risks. That the process was there during the year under report. It is being regularly reviewed by the Board. It is in accordance with Turnbull Guidance
14

Turnbull Report

Risk Assessment Control Environment Control Activities Information and Communication Monitoring

15

Risk Assessment

Clear objectives, clearly communicated to all concerned. Significant risks assessed regularly
Market risks Technological risks (H&S, Environment) Credit and liquidity risks Reputational risks, legal risks

Clear understanding of risks being retained

16

Disaster Recovery Plans

Disasters happen, or are made to happen. What plans does a company have to ensure that:
Its operations are restored quickly Its data is not lost

Most important for financial institutions

17

Thank you

Dr Safdar A Butt

18