Concept of Risk Mgt

What is Risk?
 Is anything that may affect the achievement of an
organization’s objective. It is uncertainty that
surrounds the future events and outcomes.

 Combination of the probability of an event

occurring and its consequences for
organization/project objectives
 Uncertainty: The perception that several
different outcomes are possible
1
 Risk Mgt concepts cont…
 Risk is defined as “the chance of something happening that will
have an impact on objectives”. Organizations of all sizes face
risks. Some risks are so severe they cause a business to fail.
Other risks are minor and can be accepted without another
thought.
 The international guide to risk-related definitions is ISO Guide
73, which defines risk as effect of uncertainty on objectives.
Note that an effect may be positive, negative, or a deviation
from the expected. Also, risk is often described by an event, a
change in circumstances or a consequence. 2
 Risk Mgt concepts cont….
 Risk = Probability x Consequence
It is the expression of the likelihood and impact of
an event with the potential to influence the
achievement of an organization’s objectives.
Probability
• The likelihood that an event will occur (measured or recorded as)
• Frequent-occurs often
• Likely - Occurs several times
• Occasional - occurs sporadically- at regular intervals
• Seldom – Unlikely, but could occur
• Unlikely – Probably won’t occur.
3
 Risk mgt concepts cont…
No Level of Consequences
Risk
1 Catastrophic Loss of ability to accomplish the mission or mission failure.

Death or permanent total disability (accident risk). Loss of major or

mission-critical system or equipment

2 Critical Permanent partial disability, temporary total disability exceeding 3

months time (accident risk). Extensive (major) damage to equipment
or systems. Significant damage to property or the environment

3 Marginal Minor damage to equipment or systems, property, or the environment.

Lost day due to injury or illness not exceeding 3 months (accident risk).
Minor damage to property or the environment.

4 Negligible Little or no adverse impact on mission capability. First aid or minor

medical treatment (accident risk). Slight equipment or system damage,
but fully functional and serviceable. Little or no property or
environmental damage.
4
 Risk Mgt concepts cont….
 The impact that risk brings depends on its Severity. Severity
is the expected result of an event (degree of injury,
property damage or other mission impairing factors).
• The impact of risk can be in terms of:
i. Cost, Timeliness, and Quality,
ii. Health and safety issues,
iii.Confidentiality,
iv.Sensitivity of information,
v. Environmental impact,
vi.Public image and
vii.Political embarrassment
5
The objectives of Risk Management
i. Organizations may wish to protect themselves as
well as they can against negative outcomes that
could threaten their survival and their capacities
to address their missions. It also makes an
organization aware of its vulnerabilities and
pushes it to do something about them

6
 Objectives of Risk Mgt cont…
ii. Improved strategic and business planning by pro-
actively recognizing and capitalizing on
opportunities. It creates confidence that your
organization can deliver the desired outcomes,
manage threats to an acceptable degree, and
make informed decisions about opportunities

7
 Objectives of Risk Mgt cont…
iii. Develop a common and consistent approach to risk
across the organization. By increasing risk awareness –
What could affect the achievement of objectives? What
could change? What could go wrong? What could go
right?

iv. Promote a “healthy” risk culture – It’s safe to talk about

risk. Open and transparent via enhanced communication
between business units and departments
8
 Objectives cont…..
v. More effective use of resources. Allows the early
identification of potential problems (the proactive
approach) and provides input into management
decisions regarding resource allocation

vi. Is proactive…. not reactive – Prepare for risks

before they happen. Identify risks and develop
appropriate risk mitigating strategies
9
 Objectives cont….
vii. It increases organizations ability to quickly grasp
new opportunities. This is because RM increases
understanding of risk – sensitivities. What makes
my risks increase/decrease/disappear?

viii. Build stakeholder (shareholder) confidence. The

ability to reassure key stakeholders throughout
the organization
10
 Objectives of risk mgt cont…
ix. Having in place a robust contingency plan.
Contingency planning is the act of preparing a
plan, or a series of activities, should an adverse
risk occur. Having a contingency plan in place
forces the organization or project team to think in
advance as to a course of action if a risk event
takes place.
11
 Benefits of integrating Risk Mgt cont….
 Improves the quality of decision-making (appropriate, fast,
accurate, and effective). RM alone or linked with a value
management exercise can ensure that strategic decision
making are well founded. Respond in a manner that reduces
the likelihood of downside outcomes and increases the upside

 Developing and supporting people and the organization’s

knowledge base. RM can help to ensure clear accountability,
once risks are established, risk minimization can be assigned to
individuals within the team
12
Benefits of integrating Risk Mgt cont….
Improves planning processes by enabling the key
focus to remain on core activities, and helps
ensure continuity of service delivery
Contributing to more efficient use/allocation of
capital and resources within the organization by
improving deployment of capital to achieve
performance and profitability and to prevent
losses 13
 Benefits of risk mgt cont….
 Reducing volatility in the non essential areas of the business via
minimizing uncertainty on projects or during changes in
company organization. Deal effectively with potential future
events that create uncertainty.
 Protecting and enhancing assets and company image.
Increased focus on the achievement of specific strategies – Risk
management will highlight areas in which objectives are unclear
or fail to link with the organization strategy. For construction
projects these will include risk associated with design,
construction and maintenance or operations 14
 Benefits of integrating risk mgt cont…
• Optimizes performance through efficiencies in service
delivery, major change and quality assurance initiatives. In
planning of work RM allows activities/projects with high risk
to be balanced with activities/projects of lower risks

• Promotes teamwork: involves personnel at all levels of the

project/organization and focuses their attention on a
shared organization/product vision and provides a
mechanism for achieving it.
15
 Categories of Risks…
 Within the framework of risk levels there are two
obvious elements of classification depending on
the origin of the risk; Internal and External Risks.
i. Internal Risks originate within the organization,
whereas external risks originate from the
environment. Internal risks are to some extent
calculable and controllable.
ii.External Risks may be calculable but they are
generally outside the control of the organization.

16
 Categories of risk cont….
• An obvious internal risk is that of an employee acting
fraudulently. The risk emanates purely from within the
organization, and there is no direct external involvement.

• An external risk may be created by fluctuations in the

general level of economic activity. An example of an
external strategic risk is the risk resulting from the
emergence of a new major competitor into the same
market.
17
 Internal risks
1. Operational Risk

 This is the risk associated with the ordinary activities of the

institutions, and can be associated, for instance, with a
breakdown in software systems, management failures, fraud,
human error, etc. Risks to core business activities such as:
inadequate human resources, poor service levels, Physical
damage to assets or threats to physical safety. Operational risk
relates to the production process. This includes the process
itself, the asset base, the people within any project teams, and
the legal controls within which the organization operates. 18
 Internal Risks cont….
• Operational Risk can be defined as ‘the risk of
direct or indirect loss, resulting from inadequate
or failed internal processes, people and systems
or from external events’. Operational risk also
effectively includes anything that can impact on
the overall performance of the organization and
on the ability of the organization to create value.
19
 Internal Risks ….
2. Technical Risks

• Risks of managing assets of an organization such as

equipment failure. E.g. Information Technology (IT)
and other forms of technology provide increasingly
important internal risk. Modern organizations are
generally very reliant on IT, and a significant
proportion of organizations cannot function
effectively without it.
20
 Technical risk cont…
• This internal dependence creates a significant risk to the
organization if the system fails or changes have to be
made. Modern banks use computers for virtually all
aspects of their operations. Even at branch level all
transactions are entered onto the central computer,
even if some paperwork such as receipts and paying-in
slips still exists. If the main system goes down for any
reason, the tellers have no way of executing a
transaction. 21
 Internal Risks cont…
3. Compliance Risks
• Risks to meeting regulatory obligations, standards
and requirements. Such non-compliance with
accounting standards or environmental regulations.
Breach of financial regulations, breach of Companies
ordinance requirements, breach of competition
regulations and breach of other regulations and
laws. 22
 Internal risk cont….
4. Supply chain Risk

• The supply chain is the chain that connects the firm's

inputs through the production and operational
processes to the organization’s outputs. Supply
chains can be highly complex and interrelated, and a
problem in one part may lead to far- reaching
consequences in other parts of the chain.
23
 Supply chain risk cont…
• Typically, the more efficient the supply chain, the
higher the degree of dependence that the purchasing
organization has upon it. The two main risks that
affect the purchasing company are supplier
production continuity (the risk of breaks in supplier
production) and supplier reliability (the risk that
components purchased from suppliers may have
quality problems). 24
 Internal risks …..
5. Competence Risk
• Employee and management competence represents a
significant risk to an organization. Poor leadership can lead to
losses in production and reduced staff morale. Poor
communication can lead to misunderstandings and errors.
Failure to modernize and move with the times is another
common risk associated with poor management. Poor
workmanship or competence has led to the downfall of many
organizations that developed a reputation for their products or
failures
25
 Internal risk cont….
6. People Risk
• Refers to the costs that will arise in the organization as a
consequence of things that happen to its people. This type of
risk relates particularly to individuals within the organization
who leave the organization with specialized knowledge/skill.
E.g., senior people who have developed detailed operational
knowledge over years that can be very difficult to replace once
they retire. Also sales manager may have all the necessary
contacts for customers, whose orders are critical to the future
success of an organization. 26
 People risk cont…..
• The effects of the person leaving can be controlled by
the maintenance of accurate records and the
establishment of proper succession planning. People
risk, however, can result from the loss of information
(for example business contacts) as well as a loss of
knowledge (for example how to manage a part of the
business effectively).

27
 Internal risks cont….
7. Residual Risk
• Residual risk is the risk that remains after whatever levels
of risk treatment and response have been carried out. It
will be recalled that it is not generally possible to eradicate
all risk, nor is it desirable to attempt to do so. From a cost
point of view alone it is rarely practical to try to achieve a
risk-free state. Achieving zero risk in most situations is
prohibitively expensive. Most organizations will aim for a
level of residual risk offering the best compromise between
cost increase and risk reduction. 28
 External Risk
1. Strategic Risks
• The risk that an institution will be unable to fulfill its mission
as a result of its failure to adapt to the changing needs of its
stakeholders and operating environment, or its failure to
implement all or part of its strategic plan.
• Risk relates to risk at the corporate level, and it affects the
development and implementation of an organization’s
strategy. An example is the risk resulting from an incorrect
assessment of future market trends when developing the
initial strategy. 29
 Strategic risks cont…
• In developing a strategy, an organization makes an
assessment of market conditions today. It then
goes on to forecast the various changes that will
occur in the market over a period of time. The
market is highly variable and can change at
relatively short notice, as can the economic
characteristics of the country or countries in which
a given organization is operating. 30
 Strategic risks cont….
• For example, a company manufacturing personal
computers (PCs) might decide to adopt a strategy to
include the development and introduction of faster
and faster operating speeds. In doing so the company
will presumably analyze the current market and
decide that market research indicates that there will
be a continuing high demand for faster and faster
PCs.
31
 External Risks cont….
2. Financial Risk
• Is an umbrella term for multiple types of risk associated
with financing, including financial transactions that
include company loans in risk of default, variations to an
organization’s expected financial asset and financial
liability values. These values may be expressed in the
balance sheet, income statement, statement of cash
flows, or notes. All financial risks are externally derived.
Examples are; 32
 Financial Risks cont…..
i. Credit Risk - Credit risk is most simply defined as the
potential that a bank borrower or counterparty will fail
to meet its obligations in accordance with agreed terms

ii. Market Risk - Market risk refers to the risk of loss to an

institution resulting from movements in market prices,
in particular, changes in interest rates, foreign
exchange rates, and equity and commodity prices

33
 Financial Risks cont
iii. Interest rate risk - This type of risk is evident where
changes in interest rates directly affect the value of
assets and liabilities on the company balance sheet
and also off-sheet items such as derivatives. The
value of items of plant or equipment can be
expressed in terms of the discounted net present
value (NPV) of all the future cash incomes that will be
generated by that machine.
34
 Interest rate risks cont…
 If interest rates rise, the value of the machine
goes down. Interest rates are controlled by
national banks or by government, and are
outside the control of individual organizations.

35
 Financial Risks cont…..
iv. Volatility risk-Volatility risk affects items where the
volatility of an underlying risk factor changes and this
directly affects items within the organization’s portfolio.
In the case of purchased options, a decline in volatility
means that there is less chance of the option expiring
profitably. For written options volatility works the other
way round, and lower volatility increases the risk of a
profitable expiry
36
 Financial Risks cont…..
v. Convexity risk - Convexity risk is a market risk that is
closely related to interest rate risk. This relates to items
such as bonds, where the value drops in inverse
proportion to rises in interest rates but not as a linear
inverse proportionality. Generally, the amount of the
bond price change depends on the level of interest rate
change. Large changes in interest rates can lead to very
large variations in bond prices.
37
 Financial Risks cont…..
vi. Time-dependent risk -Time-dependent risk relates to items
where there is a fixed time limit for something to happen. A
typical example is an insurance policy. An organization may
take out insurance cover for a specific amount of time and
for which agreed premiums are payable. If the organization
does not claim on the insurance policy within the timescale
for expiry, the result is a net loss to the organization. Each
day that passes leaves one less day for the policy to be
activated and therefore add value to the organization.
38
 Financial Risks cont…..
vii. Liquidity Risk- Liquidity risk is one specific type of financial
risk that can arise from the organization’s own activities. It
is the risk that cash income and current balance totals are
insufficient to cover cash outgoings. This can sometimes
lead to a requirement to liquidate assets in order to
generate cash, a process both costly and damaging. Most
large organizations have liquidity plans and liquidity
contingencies in place to counter this risk. Market liquidity
risk is a specific type of liquidity risk.
39
 External Risks cont….
3. Exposure Risk
• All companies are exposed to different levels of risk, and
different risks will affect them in different ways. The risk
profile is a measure of an organization’s exposure to risk.
Factors such as borrowing will affect the firm's exposure and
its ability to survive changes in the environment such as
interest rate changes. Some organizations can be particularly
exposed in some areas and not in others. The classical
example is the exposure of oil producers to world oil prices.
40
 External Risks cont….
4. Shareholder Risk
• A firm that depends on equity has to keep the
shareholders happy. If shareholder confidence declines,
the effects on the company can be significant. In
particular, they can affect the company's ability to raise
capital. Shareholder confidence and willingness to retain
shares can be affected by a wide range of internal and
external variables.
41
 External Risks cont….
5. Legislative Risk
• Governments constantly change existing statutes and
introduce new ones, and companies take on legally
binding duties when they sign contracts. Some statutory
requirements, such as environmental legislation, impose
a direct charge on organizations for consuming energy or
using environmentally damaging practices such as
making use of landfill waste sites.
42
 Sources of Organizational Risk
1.Natural Factors

• There certain natural factors like floods, earthquakes

etc. which can damage the business/organization.

For human being nature is controllable, so any loss

due to natural calamities is unavoidable and

uncontrollable.
43
 Sources of Organization Risks cont…

2. Human Asset Exposure

• Human causes of risk. Risk caused by employee

dishonesty, errors, mistakes, and omissions, as

well as the unpredictability of customers or the

workplace
44
 Source of Org Risks cont…
3. Economic Environment
• Risk that emerges in the economic environment due to changes
in overall business conditions such as consumer’s changing
tastes and preferences. Population changes, Change in demand
for the product - If there is a sudden change in demand for a
certain product can create a business risk. Competition- when
business have strong competitors in the market and
manufacturers indulge in cut throat competition by cutting
down price of the goods or by producing cheaper quality of the
product, which is a great hazard for business. 45
 Sources of Org Risks cont….
4. Political Environment

• Change in government policies-Government

policies is unavoidable for business. If a sudden
change comes in monetary and fiscal policies of
government which is not favorable for business
will lead to loss e.g., Tozo

46
 Sources of Org Risks cont….
5. Legal Environment
• Establishes rights and duties that create risk through entering
contracts, obligations, agreements, and commitments. Breach
of contract resulting in potential fines or litigation

6. Operational Environment
• The manner in which organization goes about its work e.g
mistakes or missed opportunities. It can result from disruption
of day-to-day activities due to systems or process failure
resulting in potential loss of productivity
47
 Sources of Org risks cont…
6. Physical Asset Exposure
• Tangible assets such as motor vehicle, buildings, inventories and
intangible assets such as good will or political support are
exposed to risk damage or change in reputation

7. Financial assets exposure

• Financial risks arises from possible losses in financial markets
due to movements in financial variables, usually associated with
leverage with the risk that obligations and liabilities cannot be
met with present assets E.g. Investment instruments, debt
obligations 48