RISKMA: CHAPTER 9 MULTIPLE CHOICES

REVIEWER FOR MIDTERM EXAMINATION

Business Failure

a business that closes or ceases operations, causing the creditors to lose money.

Business Failure

• A business can fail when it is no longer able to turn a profit. 

• If the principal owner leaves a business, whether due to death or retirement, but does not leave the business with any debts, this is not considered as business failure

Business Failure

• a topic that no entrepreneur wants to face, but it is a reality that many businesses have to confront at some point. 

• A failed business can cause immense financial and emotional stress, not to mention the loss of time and resources that have been invested in the venture. 

• Bad things can happen to good companies when management fails to recognize and address critical risks that can lead to business failure.

C-level executives

• are chartered with risk management as part of their everyday responsibility. 

• They need to continually maximize the value of the business while minimizing the risk.

Bad hires

the wrong person in the job

Project failure

a business initiative that failed to produce the expected results

Brand Erosion

- the loss of the positive image that maintains customer loyalty

Misjudging the competition

whether through hubris or ignorance

Mismanaged business transitions

- change and the failure to manage it well is one of the major risks a company faces

Risk avoidance

is not the goal of business leadership, rather a skillful balancing of risk and reward is required.

Hiring risks

are among the most expensive risks companies make, especially at the executive level. The wrong person in the job can lead to costly and sometimes fatal results for an SMB company.

1. Mis-defining the role.

A company hires an individual who, while possibly having great credentials in a related area, does not fit with the job at hand. 

For example, perhaps a company really needs a super sales person, and instead hires an expensive sales operations individual. Or needs a VP of Field Marketing, and hires a great VP of corporate marketing.

2. Mis-defining the goals.

The definition of the objective and expected results of the job at hand are at odds.

For example, a company needs a great COO to work "in" the company, and hires a CEO type who is great working "on" the company.

3. Mis-defining the skill set required.

For example, the company really needs an entrepreneurial individual to focus on "effectiveness," and hires a process-minded individual that is an expert on "efficiency."

Inexperience

is a key cause of project failure, especially in a small to mid-sized business (SMB). Whether the project is a new initiative or the development of a new product, research shows that "projects gone bad" constitute close to 20%, while fewer than a third of all projects were deemed true successes.

"failed"

was defined as cancelled or finished but never used. Many participants called their "challenged" projects "failed" because of the cost or time overruns or failure to meet intended results.

Talbots,

as one well-known example, lost its core customers - middle-aged women when they tried to introduce younger, flashier styles with short skirts. The company not only did not understand the buying preferences of the post-teen shoppers, they lost their traditional target until they re-instated the kind of clothes that appealed to those adult women buyers.

Business exposure

can be mitigated by bringing in experienced leadership on an interim basis.

"analysis paralysis"

typical of decision-makers who have not confronted critical questions before can be eliminated through use of independent leadership skilled in recognizing and managing risk because they can make a decision rapidly, based on their expertise and prior experience.

Operational Risk Management

• The standardization has been in response to government regulators, credit-rating agencies, stock exchanges, and institutional investor groups demanding greater levels of insight and assurance over companies' risk-control environment; that is, risks and the effectiveness of controls in place to mitigate them.

Senior Management

typically has one of two perspectives on risk.

traditional Enterprise Risk Management (ERM)

view, the goal is to find the perfect balance of risk and reward.

The Operational Risk Management (ORM)

perspective is more risk-averse, focusing on protecting the organization.

INTERNAL FRAUD

Employee theft, intentional misreporting of positions, and insider trading on an employee’s own account

EXTERNAL FRAUD

Robbery, forgery, and checking kiting

EMPLOYMENT PRACTICES AND WORKPLACE SAFETY

Workers compensation and discrimination claims, violation of employee health and safety rules, and general liability

CLIENTS, PRODUCTS, AND BUSINESS PRACTICES

Fiduciary breaches, misuse of confidential customer information, money laundering, and sale of unauthorized products

DAMAGE TO PHYSICAL ASSETS

Terrorism, vandalism, earthquakes, fires, and floods

BUSINESS DISRUPTION AND SYSTEM FAILURES

Hardware and software failures, telecommunication problems, and utility outages

EXECUTION, DELIVERY, AND PROCESS MANAGEMENT

Data entry errors, collateral management failures, incomplete legal documentation, and vendor disputes

Operational risk 

• the risk of loss as a result of ineffective or failed internal processes, people, systems, or external events which can disrupt the flow of business operations. 

• These operational losses can be directly or indirectly financial. (For example, a poorly trained employee may directly lose the company a sales opportunity, or a company's reputation can suffer indirectly from poor customer service.)

Operational risk

• Can refer to both the risk in operating an organization and the processes management uses when implementing, training, and enforcing policies. 

• can be viewed as part of a chain reaction:overlooked issues and control failures can - whether small or large - lead to greater risk materialization, which may result in an organizational failure that can harm a company's bottom line and damage its reputation.

operational risk management

is considered a subset of enterprise risk management, it excludes strategic, reputational, financial, and market risks, focusing on unsystematic risks.

operational risk management

The goal of the ____________________ function is to focus on the risks with the most impact on the organization and to hold employees who manage operational risk accountable.

Examples of operational risk include:

1. Employee conduct and employee error

2. Breach of private data resulting from cybersecurity attack

3. Technology risks tied to automation, robotics, and artificial intelligence

4. Business processes and controls

5. Physical events, such as natural catastrophes

6. Internal and external fraud

7. Workplace safety risks

Operational Risk Management

attempts to reduce risks through the linear process of risk identification, risk assessment, measurement and mitigation, monitoring, and reporting while determining who manages operational risk.

These stages are guided by four principles:

1. Accept risk when benefits outweigh the cost.

2. Accept no unnecessary risk.

3. Anticipate and manage risk by planning.

4. Make risk decisions at the right level.

Risk Identification. 

• identifying what can go wrong. 

• As a best practice, a control framework should be used or developed to ensure completeness. 

Identifying risks begins with scenario analysis taking a look at the challenges facing the business and pinpointing areas that could disrupt operations or pose another risk to the organization.

Risk Assessment.

Once the risks are identified, the risks are assessed using an impact and likelihood scale, also known as a Risk Assessment Matrix. At this stage, risks are categorized by type of risk and level of risk.

Measurement and Mitigation.

In the risk assessment, risks are measured against a consistent scale to allow the risks to be prioritized and ranked comparative to one another. The measurement also considers the cost of controlling the risk related to the potential exposure.

Monitoring and Reporting.

Risks are monitored through an ongoing risk assessment to determine any changes over time. The risks and any changes are reported to senior management and the board to facilitate decision-making processes.

Operational Risk Management

The primary objective of __________________ is to mitigate risks related to the daily operations of an organization.

Operational Risk Management

The practice of ___________________________ focuses on operations and excludes other risk areas such as strategic and financial risks.

Enterprise Risk Management (ERM),

emphasize optimizing risk appetites to balance risk-taking and potential rewards,

Operational Risk Management

processes primarily focus on controls and eliminating risk.

ORM framework

• starts with risks and deciding on a mitigation strategy.

operational risk

The Risk Management Association defines _______________- as "the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events, but is better viewed as the risk arising from the execution of an institution's business functions.

People.

The people category includes employees, customers, vendors, contractors, and other stakeholders.

Technology.

Technology risk from an operational standpoint includes hardware, software, privacy, and security.

Regulations.

Risk for non-compliance to regulation exists in some form in nearly every organization.

Risk and Control Self-Assessment (RCSA). 

•  a framework providing an enterprise view of operational risk and can be used to perform operational risk assessments, analyze your organization's operational risk profile, and chart a course for managing risk.