CHAPTER 2

Chapter Preview

  • The chapter covers:

    • The nature of risk

    • Categorizing risk

    • Prioritizing risk

    • Responding to risk

Learning Objectives

  • Objective 2.1: Describe the nature of risk.

  • Objective 2.2: Classify risks into different risk categories.

  • Objective 2.3: Determine the quantitative value of risk.

  • Objective 2.4: Explain how businesses respond to risk.

Understanding Risk

Nature of Risk

  • Essential for accounting professionals to understand risks.

  • Technology introduces new methods and potential risks.

  • Ongoing risk assessment is critical for professionals both formally and informally.

Importance of Risk

  • Definition: Risk refers to the potential for events that can negatively impact business success.

  • Variability: Risks vary based on business type, size, industry, and locale.

  • Calculated Risk: Companies must accept risk to lead in their industries.

  • Risk-Aware Culture: Promotes proactive identification and management of risks.

Optimal Level of Risk-Taking

  • There is an ideal balance for risk-taking that companies need to identify.

Applying Risks to a Business

Organizational Risk Awareness

  • Companies must identify where risks occur within their structures.

  • Risks assessed at a departmental level to understand accountability.

Types of Business Processes

  • Basic business models are comprised of three main categories or processes.

Business Function Risks

  • An example from a fictional company, "Julia's Cookies," showcases specific risks associated with business processes.

Understanding Risks

Granular Risk Identification

  • Risks can impact specific events, processes, functions, or the entire organization.

  • Combining portfolio (entity level) and profile (granular level) views enhances risk management.

Enterprise Risk Management (ERM)

  • Definition: ERM involves a comprehensive evaluation of risks across the organization.

  • Four Steps of ERM: Identify, categorize, prioritize, and respond to risks.

Identifying Risks

  • Risk identification involves critical thinking and assessing worst-case scenarios.

  • Methods for identifying risks include:

    • Brainstorming

    • Historical data analysis

    • Process diagramming

    • Operational assumption development.

Risk Statements

  • A risk statement consists of two parts: the risk issue and its potential outcome.

  • Common keywords include "because," "caused," and "possible."

Risk Classification

Learning Objective 2.2

  • Identifying Risks: Important to classify risks found at both entity and process levels.

  • Internal Risks: Arise during normal operations, often preventable through careful management.

  • External Risks: Originating outside the company; often unpredictable but can be prepared for.

Internal Risk Categories

  • Operational Risk: Related to internal procedures.

  • Financial Risk: Concerns regarding financial practices or market conditions.

  • Reputational Risk: Risks to public perception and brand reputation.

Examples of Risks

  • Reputational Risk: Social media can negatively influence a company's reputation.

  • Strategic Risk: For example, Blockbuster's missed opportunity to acquire Netflix.

Types of Risk Table

  • Internal Risks:

    • Operational risks (e.g., technology interruptions)

    • Financial risks (e.g., failed investments)

    • Reputational risks (e.g., negative press)

  • External Risks:

    • Compliance risks (e.g., regulatory fines)

    • Strategic risks (e.g., competitive disadvantages)

    • Physical risks (e.g., natural disasters)

Risk Inventory

  • A risk inventory categorizes and lists all recognized risks.

  • Entity-wide risk inventories assist in mapping to goals and processes.

Learning Objective 2.3: Risk Quantification

Assessing Risk Severity

  • Crucial for businesses with limited resources to prioritize risks effectively.

  • Likelihood and Impact: Measured on a scale from low to high to evaluate severity.

  • Risk Scores: Utilized to compare risks using qualitative and quantitative methods.

Creating Risk Matrices

  • Risk matrices, like heat maps, visually represent the prioritization of risks based on scores.

Learning Objective 2.4: Risk Responses

Risk Management Strategies

  • Addressing risks requires decision-making and critical thinking skills.

  • Risk Appetite: The amount of risk a company is willing to assume.

Traditional Risk Responses

  • Accept: Acknowledge the risk without action.

  • Mitigate: Reduce the impact through preventative measures.

  • Transfer: Shift risk to a third party (e.g., insurance).

  • Avoid: Eliminate the risk by changing operations.

Risk Evaluation Terminology

  • Inherent Risk: The natural level of risk without interventions.

  • Residual Risk: Remaining risk after interventions are applied.

Conclusion

  • Businesses must effectively identify, classify, prioritize, and respond to various risks to ensure sustainable operations and risk management.