CHAPTER 2

Chapter Preview

• The chapter covers:

  • The nature of risk

  • Categorizing risk

  • Prioritizing risk

  • Responding to risk

Learning Objectives

• Objective 2.1: Describe the nature of risk.

• Objective 2.2: Classify risks into different risk categories.

• Objective 2.3: Determine the quantitative value of risk.

• Objective 2.4: Explain how businesses respond to risk.

Understanding Risk

Nature of Risk

• Essential for accounting professionals to understand risks.

• Technology introduces new methods and potential risks.

• Ongoing risk assessment is critical for professionals both formally and informally.

Importance of Risk

• Definition: Risk refers to the potential for events that can negatively impact business success.

• Variability: Risks vary based on business type, size, industry, and locale.

• Calculated Risk: Companies must accept risk to lead in their industries.

• Risk-Aware Culture: Promotes proactive identification and management of risks.

Optimal Level of Risk-Taking

• There is an ideal balance for risk-taking that companies need to identify.

Applying Risks to a Business

Organizational Risk Awareness

• Companies must identify where risks occur within their structures.

• Risks assessed at a departmental level to understand accountability.

Types of Business Processes

• Basic business models are comprised of three main categories or processes.

Business Function Risks

• An example from a fictional company, "Julia's Cookies," showcases specific risks associated with business processes.

Understanding Risks

Granular Risk Identification

• Risks can impact specific events, processes, functions, or the entire organization.

• Combining portfolio (entity level) and profile (granular level) views enhances risk management.

Enterprise Risk Management (ERM)

• Definition: ERM involves a comprehensive evaluation of risks across the organization.

• Four Steps of ERM: Identify, categorize, prioritize, and respond to risks.

Identifying Risks

• Risk identification involves critical thinking and assessing worst-case scenarios.

• Methods for identifying risks include:

  • Brainstorming

  • Historical data analysis

  • Process diagramming

  • Operational assumption development.

Risk Statements

• A risk statement consists of two parts: the risk issue and its potential outcome.

• Common keywords include "because," "caused," and "possible."

Risk Classification

Learning Objective 2.2

• Identifying Risks: Important to classify risks found at both entity and process levels.

• Internal Risks: Arise during normal operations, often preventable through careful management.

• External Risks: Originating outside the company; often unpredictable but can be prepared for.

Internal Risk Categories

• Operational Risk: Related to internal procedures.

• Financial Risk: Concerns regarding financial practices or market conditions.

• Reputational Risk: Risks to public perception and brand reputation.

Examples of Risks

• Reputational Risk: Social media can negatively influence a company's reputation.

• Strategic Risk: For example, Blockbuster's missed opportunity to acquire Netflix.

Types of Risk Table

• Internal Risks:

  • Operational risks (e.g., technology interruptions)

  • Financial risks (e.g., failed investments)

  • Reputational risks (e.g., negative press)

• External Risks:

  • Compliance risks (e.g., regulatory fines)

  • Strategic risks (e.g., competitive disadvantages)

  • Physical risks (e.g., natural disasters)

Risk Inventory

• A risk inventory categorizes and lists all recognized risks.

• Entity-wide risk inventories assist in mapping to goals and processes.

Learning Objective 2.3: Risk Quantification

Assessing Risk Severity

• Crucial for businesses with limited resources to prioritize risks effectively.

• Likelihood and Impact: Measured on a scale from low to high to evaluate severity.

• Risk Scores: Utilized to compare risks using qualitative and quantitative methods.

Creating Risk Matrices

• Risk matrices, like heat maps, visually represent the prioritization of risks based on scores.

Learning Objective 2.4: Risk Responses

Risk Management Strategies

• Addressing risks requires decision-making and critical thinking skills.

• Risk Appetite: The amount of risk a company is willing to assume.

Traditional Risk Responses

• Accept: Acknowledge the risk without action.

• Mitigate: Reduce the impact through preventative measures.

• Transfer: Shift risk to a third party (e.g., insurance).

• Avoid: Eliminate the risk by changing operations.

Risk Evaluation Terminology

• Inherent Risk: The natural level of risk without interventions.

• Residual Risk: Remaining risk after interventions are applied.

Conclusion

• Businesses must effectively identify, classify, prioritize, and respond to various risks to ensure sustainable operations and risk management.