FR2105: L1 (Introduction to Risk Management)

ISO risk definition

the effect of uncertainty on objectives

COSO risk definition

the possibility that events will occur and effect the achievement of strategy and business objectives

how is risk measures (2 factors)

impact and likelihood

3 central corporate risk questions

1. what can go wrong/well w/ the firm?

2. whats the likelihood that happens?

3. what are the consequences to the firm?

risk components (3)

origin, uncertainty, outcome

risk origin

risk cause/source

risk uncertainty

events/trends/changes that can have a +/- outcome

risk outcome

risk effects and consequences

CS: BP & The Deepwater Horizon oil spill (2010)

• origin: poor safety controls, overly focused on cost cutting led to poor design choices

• uncertainty: oil leak/spill

• outcome: massive oil spill in the Gulf of Mexico, environmental damage, collapse of local fishing economies, legal/rep costs

risk consequence categories (7)

• growth

• profitability

• reputation

• health/safety

• asset protection

• resilience

• sustainability

key risk management regulations/legislation (4)

• sarbanes-oxley act, 2002

• basel III, 2010

• dodd-frank act, 2010

• solvency II, 2016

risk categories (4)

1. compliance/mandatory

2. hazard/pure

3. control/uncertainty

4. opportunity/speculative

compliance/mandatory risks

adherence to laws/regulations

• organizations seek to minimize/avoid these risks

hazard/pure risks

operational/insurable risks resulting in only negative outcomes

• organizations mitigate through tolerance limits

control/uncertainty risks

associated w/ unknown/unexpected events

• organizations are averse to them and manage w/ insurance

opportunity/speculative risks

associated w/ taking/not taking opportunities

• organizations embrace them due to potential positive returns

risk bow-tie

• left side: sources of risk (STOC, proactive barriers)

• middle: events (4Ps)

• right side: impact of risk (FIRM, reactive barriers)

proactive barriers

risk prevention methods

reactive barriers

risk mitigation methods

STOC

• strategic, tactical, operational, compliance

• firm’s core processes & source of risk

4Ps

• people, premises, processes, products

• the component of risk, what does the risk pass through

FIRM

• finances, infrastructure, reputation, marketplace

• the impact of an event

risk matrix/risk map/heat map

plots event likelihood against impact

risk attitude

approach to risk

• adverse, neutral, seeking

risk appetite

risk level firm is willing to take to achieve objectives

risk capacity

risk level firm can afford to take w/o threatening survival

inherent/absolute/gross risk

risk pre-implementation of controls

current/managed/residual/net risk

risk post-implementation of controls

short term risk

immediate impact (easiest to identify/mitigate)

medium term risk

1 yr impact

long term risk

5yr+ impact

present risk

risks resulting from present practices

legacy risk

risks resulting from past practices

latent/emerging risks

risks resulting from an accumulation of past practices

risk management approaches (2)

1. conventional/traditional

2. contemporary/enterprise (ERM)

conventional/traditional risk management

protect value by focusing on threats and known risks

contemporary/enterprise risk management

protect and create value by focusing on opportunities/threats and known/emerging risks

benefits of corporate risk management

• more opportunities

• reducing negative surprises/increasing gains

• reducing performance variability

• improving stakeholder sentiment

• improving resource deployment

• identifying/managing risk entity-wide

ISO Guide 73

provides standardized definitions relating to risk management