CGR 510

Risk Management

Assignment 01

Assignment 01

Semester 1 2018

Prepared for:

Prepared by: Sadia Kamrul Kabeer

Student Number: B1702147

Date Submitted: 06/09/2019

 Assignment 01

QUESTION 1:

1. Differentiate between Risk Assessment and Risk Management.

Risk is defined as the probability of an event occurring that could either have a positive or
negative impact on the business activity. For instance, if a project is reliant on the obtainment of
leasing land, the probability of the agreements taking longer than scheduled is risk that the
project is facing. Thus, a project manager will assign a likelihood rating of the risk taking place
and the impact to the overall project if it does. By itself, risk is not always a negative event. But
it is important to balance out the negative risks with the opportunities for possible positive
outcomes. (Ssempebwa 2013) Thus, it is to benefit of the organization that risks be assessed and
managed appropriately. In only that way, the organization can make come to a better decision
making process regarding business activities. To deal with business risks in turbulent markets
like today for the benefit of the business, it is necessary to carry out active risk management.

Risk Management: Risk Management is an important business driver and business stakeholders
have become more and more concerned with associated with risks. Risk is widely considered to
be one of the main drivers behind strategic decisions. The key is to make risk management an
active and responsive part of the initiative and not just a something to conduct when one has to
face the risks. When setting out to establish effective goals for risk management, the expected
benefits of the initiative should established in advance and aligned to organisation goals. At this
point, the outputs from the risk management process should include compliance, assurance and a
nuanced and evolved decision-making process. This benefits will be seen in day-to-day
operations and ultimately, in the efficacy of the organization structure. Risk management is
comprehensive in the manner that it is step-by-step process that s embedded in the organizational
culture to be effective:

Risk management should be continual process that supplements the developments and
implementation of organization strategy. Methodically, this process will address the arising risks
from business-related activities of the organization. A primary mandate of the an effective risk
management process is a risk aware culture, a phenomena that always starts at the top echelons
of the organisation by ensuring commitment on the part of the Board to convert risk strategy into

1|Page
 Assignment 01

achievable goals for the organisation and assign risk responsibilities throughout the organisation.
The risk responsibilities come with rsik awareness, accountability, key performance indicators.
The Risk management process greatly benefits from a swell established, cemented structure that
will show key activities in the process. This can be known as a Risk Management Framework.
Companies generally have their own frameworks in place and it consists of a dossier of
coordinated activities (Investopedia, 2018).

Risk Governance

Risk
Identification Risk
Risk Rating Monitoring
of Risks Responses
& Reporting

Risk Management Process

 Identification of Risks: the first step in identifying the risks an enterprise faces is to
outline the hazard universe. The risk universe is virtually a listing of all feasible risks.
Examples consist of IT risk, operational danger, regulatory hazard, legal risk, political
risk, strategic risk and credit score danger. After list all feasible dangers, the organisation
can then choose the dangers to which it's far exposed and categorize them into
fundamental and non-fundamental dangers. Fundamental risks are people who the
company ought to take with a view to drive performance and lengthy-time period growth.
Non-center risks are frequently not essential and can be minimized or removed
absolutely.

 Risk Assessment & Measurement (Rating): Risk Rating offers records on either a specific
risk publicity or an aggregate risk exposure, and the opportunity of a loss happening due
to those exposures. Whilst measuring particular risk exposure it's far crucial to take into
account the impact of that risk on the general risk profile of the business enterprise. a few

2|Page
 Assignment 01

risks may offer diversification advantages even as others might not. Another crucial
consideration is the capacity to rank an exposure. A few risks can be easier to measure
than others.

 Risk Responses. Risk Responses can be tolerating the risk, treating the risk, transfer of
the risk or termination of the risk. As comprehensive assessment of the Risk Source will
allow for a decision to be made regarding how to deal with the risk. Some risks may take
more resources to treat or terminate than tolerating. Thus, it is in the best interest of the
organisation to whether the risk if it occurs.

 Risk Monitoring & Reporting: It is essential for a robust risk management process to
regularly report on the risk measures to ensure that risks are relevant and the threats are
managed at an optimum level.

 Risk Governance: Risk Governance is ensuring that all levels of employees perform their
duties according to the Risk Management Framework in place and the duties assigned to
them according to the risk management.

Risk Assessment:

Risk assessment is the procedure of analyzing a possibility of losses from a given risk using a
combination of known information about the state of affairs, information about the underlying
process, and judgment about the information that isn't always recognised or nicely understood.

Risk assessment consists of four general steps:

 Risk Identification,

 Evaluating relationship between exposure to a risk and Impact,

 Exposure assessment - Assessing the conditions that lead to exposure to a risk,

 Risk classification - describe nature of negative effects, their likelihood, and the reasons
behind these characterizations.

3|Page
 Assignment 01

As evidenced from the above description the process of risk assessment is a crucial part of the
Risk Management Process. In order to deal with Risk effectively, an organisation cannot just do a
Risk Assessment. It would be mostly pointless knowing and doing an analysis of risks and risk
sources. To be comprehensive, it is necessary to follow risk assessment by formulating risk
responses and risk monitoring and reporting.

2. Explain and provide a numerical computation of Portfolio Risk.

Investments always carry risks of losses. With higher potential returns, the risks will be higher. A
portfolio of investments will have risks associated with each of those investments. These risks
combined are called a portfolio risk. The key to a strong portfolio is combine high risk and low
risk investments to offset each other. This process of combination of investments is called
diversification. This is when these multiple investments will be tied to different circumstances so
that if one investments turns a loss, the others are not subject to the same risks.

The risks of the portfolio is measures using the standard deviation of the portfolio of assets.

Example of Portfolio Risk Computation:

Returns from two assets in the portfolio are R1 and R2. The weight of the two assets should be

equal to one (1). Thus, and are weights of the respective

W1 W2 = +
Rp W1 R1

assets. The returns from the portfolio will be weighted average of the
returns from the two assets.

Asset 1 is $60,000 with 20% returns and asset 2 is $40,000 with 12% returns. Their respective
weights are 60% and 40%.

So, R p = 0.6 x20% + 0.4x12% = 16.8%.

To calculate Portfolio Risk, two (2) things need to be considered:

i. Weight average of the standard deviation of the assets

4|Page
 Assignment 01

ii. Covariance and correlation

The covariance reflects the co-movement of the returns of the two assets. Unless the two assets
are perfectly correlated, the covariance will have the impact of reduction in the overall risk of the
portfolio. The portfolio standard deviation is calculated as follows:

If the standard deviation of the two assets

are 10 and 16, the correlation between them
-1.

To calculate the standard deviation of the

portfolio, we can use this:

σP = Sqrt(0.6^2*10^2 + 0.4^2*16^2 + 2*(-1)*0.6*0.4*10*16) = 0.4

While this example uses only two assets, if the number of assets increase so will the complexity
as the covariance will need to be considered between multiple sets of assets. The method will
manifestly keep in mind the chance (standard deviation of returns) of both investments but will
even need to include a measure of covariability as this impacts the extent of risk reduction. The
correlation coefficients among returns on investments tend to lie between zero and +1. Certainly,
the returns on investments inside the same industry have a tendency to have an excessive high-
quality correlate on of approximately 0.9, even as the returns on investments in unrelated
industries tend to have a low correlation of approximately 0.2. As a result investors have a desire
to spend money on specific industries therefore aiming to create a well- varied portfolio,
ensuring that the maximum risk reduction effect is obtained. If investors want to lessen their risk
they ought to accept a reduced return. But, portfolio theory shows us that it's viable to reduce risk
while not having a consequential reduction in return. This can be proved pretty effortlessly, as a
portfolio’s anticipated return is same as to the weighted average of the expected returns on the
individual investments, By contrast a portfolio’s risk is less than the weighted average of the risk
of the individual investments due to the risk reduction impact of diversification as a result of the
correlation coefficient being less than +1.

5|Page
 Assignment 01

The total risks of a portfolio can divided into systematic and unsystematic risk. With a large
enough, portfolio, the unsystematic risk can be totally eliminated (Patrick Lynch, 2004).

Unsystematic Risk: refers back to the effect on a organization’s cash flows of in large part
random events like industrial relations issues, device failure, R&D achievements, changes in the
senior management group and so forth. In a portfolio, such random elements have a tendency to
cancel as the quantity of investments within the portfolio rises.

Systematic Risk: general economic elements are those macro -economic factors that have an
effect on the cash flows of all organizations within the stock market in a steady manner, eg a
country’s rate of economic growth, corporate tax rates, unemployment stages, and interest rates.
Because of these factors cause returns to move in the same path they can't cancel out.
Consequently, systematic/marketplace risk stays all portfolios.

3. List down the names of five (5) components describe in the COSO report as internal
control and evaluate their appropriateness for banking industry using Basel II Capital
Accord.

COSO is the Committee of Sponsoring Organisations of the Treadway Commission, the

popular publisher of the “Internal Control Integrated Framework”. It is a famous framework
adopted by United States. The design of COSO framework is geared toward helping businesses
establish, assess and enhance internal controls in relation to security and reporting (Sharise Cruz.
2016).

A well-designed and functioning internal control system ensures the proper establishment of
reporting procedures which are essential in representing organizational particulars to investor,
potential and existing. It is an ongoing exercise in transparency. This also reasonably increases
the chances of better decisions being made owing to the increased accuracy and speed of
reporting. The COSO framework has five (5) components (Oduware Uwadiae):

6|Page
 Assignment 01

a) Control Environment: The set of standards,

procedures, frameworks and structures that
provide the platform upon which internal
control can be spread out across the
organization. The top echelons of the
organization, Board of Directors and
Management will set the tone of the
organization, the kind that emphasizes the
importance of internal control systems and the standard code of conduct (which can be
expressed via an official document or by
accepted and encouraged set of behaviours
and culture). The ethical values and standards of integrity are pieces of the control environment
along with the role of Board of Directors and their limits of corporate governance oversight, the
organizational structure and assigned roles and responsibilities, the design and implementation of
the recruiting process, the emphasis on performance control and measures will all be
encompassed in Control Environment which will result in the overall system of internal control.

b) Risk Assessment: It is the qualifier of an entity operating in the market, that it will face
various internal and external sources of risks. Risk Assessment is continuous and dynamic
process of identifying and assessing the risks to the achievement of objectives. It is essential
to identify the objectives of the functional departments and/or projects and organisations and
their compliance goals to assess which risks will threaten these objectives or enhance these
objectives. Then it will possible to accurately assess the likelihood and impact of these
perceived risks and the sources from which they arise. Risk Assessment needs to be iterative
in order to make sure that internal controls are sufficient for risks that arise from changes in
the external and internal environment.

c) Control Activities: Actions related to policies and procedures in place to ensure that risks are
mitigated as directed by management in order to reach the objective. These are performed
throughout all levels in the organization and encompass processes like obtainment of
approvals, reconciliations, authorizations and business performance reviews. The control

7|Page
 Assignment 01

activities are normally segregated during development of controls to increase the integrity
and reduce the interdependency of procedures.

d) Information & Reporting: Information is reported by means of effective communication

methods and channels. This is sharing and obtaining of necessary information both internally
and externally. Relevant information is transferred via the internal systems across the
organization where it is needed for optimum business operations and decisions. External
Communication is important because it communicates the status of the organization,
accurately and transparently to investors and it is also carried out to third parties for the
purpose of business activities.

e) Monitoring: Ongoing reviews, separate evaluations, or some mixture of the two are used to
check whether or not each of the five (5) components of internal control, together with
controls to impact the concepts inside each aspect, is there and it is functioning. Ongoing
reviews, built into organisation processes at varied levels of the organisation, offer well timed
information. Separate evaluations, performed periodically, will vary in scope and frequency
depending on assessment of risks, effectiveness of ongoing reviews, as per management
decisions. Findings are evaluated towards standards established by using regulatory bodies,
or management and the board of directors, and deficiencies are communicated to
management and the Board.

BASEL II

The Basel II Framework is a revision of the Basel I framework, that was initially released by the
Basel Committee on Banking Supervision in 1988 (Basel Accord). The Basel Accord was
established as a means to establish a common international set of regulations for financial
institutions. The Basel II has three (3) pillars. Pillar 1 defined capital requirements according to
the methodology to measure risks, as per the Framework. Pillar 2 is definition of powers and
duties that belong to the financial supervisor and Pillar 3 addresses the various ways the market
could share the responsibility to maintain safety and stability of the financial (banking) sector.
These three (3) pillars developed the techniques and processes to deal with the following three
(3) types of risks (Cardim de Carvalho, 2005):

8|Page
 Assignment 01

i. Credit Risk: is the risks of loss on a debt takes place when the borrower fails to pay
off the principle and associated interest quantities of a loan back to the lender on due
dates. Some realistic examples of credit risks to understand it better:

When a lender provides credit to the other party (via loans, credits on invoices,
making an investment in bonds or insurance), then there's continually a risk existed
for the lender that it won't get hold of the credited amount again from the other party.
Such risks are termed as credit risks.

It calculates total capacity of a borrower to pay the loans back to the lender. With a
view to keep away from or lessen credit risks, a lender typically checks the credibility
and background of the borrower.

Lower credit risks means, a borrower can receive a better quantity of loans with out
attaching any collaterals to the contract otherwise loan might be allocated according
to the value of protection connected as collateral (Wall Street Mojo).

ii. Operational Risks: Operation Risk is the risks associated with the events of the
business operations with a view to accomplishing all business objectives. This
encompasses not only the chance of losses incurred from internal process, system and
control failures but also from other external events like catastrophic events, computer
hackings, fraud risks and so on. This are all events that can affect business activities
and are classified as operational risks.

The seven (7) types of risks as projected by Basel II are (Mohammed Nasser Barakat,
2014):

9|Page
 Assignment 01

Employement
Employement
Internal
Internal Fraud
Fraud External
External Fraud
Fraud Practices &
Practices & Work
Work
Safety

Clients Products &

Clients Products & Damage
Damage toto Business
Business decisions
decisions
Business Practice Physical assets & System Failures

Execution,
Execution,
Delivery & Process
Management

iii. Market Risks: The European Banking Authority defines market risks as the risk
arising from the losses due to on and off-balance sheet position from adverse
movements in market prices.

The main drivers of market risk are (Mayra Rodriguez Valladares, 2019):

Commodity
Commodity Prices
Prices

Interest Rates

Equity Prices
Equity Prices

Credit
Credit Spreads
Spreads

Foreign
Foreign Exchnge
Exchnge

As an internal framework COSO makes major effort to effectively identify and manage risks
comprehensively throughout the organization. It deals with risks on an organizational level and
how the premise of risk culture will affect the sustainability of an organization. COSO also deals
in assigning roles, regulations, responsibility and accountability. The BASEL II Framework is
essentially similar in the fact that it deals with the risk based framework for financial institutions.
However, this happens in a broader sense. BASEL II identifies the three categories of risk, but it
is with the supplementation of COSO’s five (5) components that these risks can be dealt with. If

10 | P a g e
 Assignment 01

an organization wants to deal with credit risk or operational risk, the entity will set up a
framework of internal controls as described COSO. This would include the entity bumping up
risk culture through the management and Board initiatives, assign accountability and risk
management responsibilities, a setup of internal controls to manage the risks (as identified for
business processes), reporting the effectiveness of the internal controls and risk responses and
finally, monitoring that all the controls are in working order, all the risks have been updated and
the risk portfolio is up-to-date. This allows the organization to account for perceived threats and
create responses and contingencies.

Suppose you have recently been appointed as an Assistant Risk Manager of Ankow Petroleum
Limited. It is Tuesday 25th September 2017, your first day in the company. On your desk there
was a note marked urgent attention required from your company’s Risk Manager. The note reads
as follows: “Mr. Bashan, one of the directors has put some queries related to the risk
management. I am forwarding it to you to be answered till tomorrow. Feel free for any help.”

4. Develop and apply an entity’s Risk Assessment Process

Organisations will use an effective Risk Assessment Process to measure the scale of a risk and to
determine if the organization has the right internal controls to respond to the risk in an
appropriate manner. The risks need to be identified on various levels of the organization:
enterprise level, operational level and even project level. This will apply all levels of an
organization in Ankow Petroleum Limited. To clarify the risk assessment process is a part of a
risk management framework.

A primary aspect of a petroleum company’s strategic planning and objectives and decision
making is the various risks of different likelihoods and impacts.

11 | P a g e
 Assignment 01

Identify Risks

Who will be impacted and how

Risk Evaluation and Responses

Risk Reporting

Risk Monitoring and Updating

Some of risks that a petroleum company would face are identified as listed below (Energy
Digital, 2011):

i. Identify Risk: Inadequate or unavailable insurance coverage

Who will be impacted and how: The whole organization will be affected.

Risk Evaluation & Response: Due to a risk event (inadequate coverage) the scale of the
impact would be massive. However, this impact is tied to systematic risks and no
systematic risks. The best response is this case would be mitigate it.

Risk Reporting: This Risk Issue need to be communicate to the Board and appropriate
management in order to facilitated a response such as buying multiple insurance
policies or hedging the risk and so on.
Risk Monitoring: Depending on the Risk Sources, the chances of the risk event may be
updated and so will its impacts and likelihood.
ii. Identify Risk: Ability to attract or detain key personnel

Who will be impacted and how: Functional Department, Project Level and
Organisational Level.

12 | P a g e
 Assignment 01

Risk Evaluation & Response: Due to a risk event, it is best to either avoid the risk or
barring that, mitigate the risks.

Risk Reporting: This Risk Issue need to be communicate to the Board and appropriate
management in order to facilitated a response such as deciding on a set of fixed criteria
for higher, good benefits, development and training programs, merit based recognition
and so on.
Risk Monitoring: Depending on the Risk Sources, the chances of the risk event may be
updated and so will its impacts and likelihood
iii. Identify Risk: Environmental Restriction & Regulations

Who will be impacted and how: Organisational Level.

Risk Evaluation & Response: Due to a risk event, it is accept the risk and mitigate it
where possible.

Risk Reporting: This Risk Issue need to be communicate to the Board and appropriate
management in order to facilitated a response such as deciding on making decision to
proactively handle the risk by evaluating regulations in place and implementing them
into organization level –by-level. Because of regulatory obligations, its not possible to
avoid, so the best response is to accept the risk.
Risk Monitoring: Depending on the Risk Sources, the chances of the risk event may be
updated and so will its impacts and likelihood and to create a business model to
diversify the business operations so the sole income does not rely on petroleum.

A petroleum company will, of course be subject to a lot more risk that need to be identified and
dealt with but the above is an attempt to explain the risk assessment process. More details will
also be added, including who will undertake the actual processes and so forth as included is the
Risk Management Framework.

13 | P a g e
 Assignment 01

REFERENCES

1. AirSafe.com, L. (2019). The Basics of Risk Assessment and Risk Management.

Retrieved 2 September 2019, from https://www.airsafe.com/risk/basics.htm

2. Borkar, P. (2019). Credit Risk Examples | Top 3 Examples of Credit Risks with
Explanation. Retrieved 2 September 2019, from https://www.wallstreetmojo.com/credit-
risk-examples/

3. Cardim de Carvalho, Fernando. (2005). BASEL II: A CRITICAL ASSESSMENT.

4. Cruz, S. (2019). What Are the Five Components of the COSO Framework?.
Retrieved 2 September 2019, from https://info.knowledgeleader.com/bid/161685/what-
are-the-five-components-of-the-coso-framework

5. Lynch, P. (2004). The risk and return relationship part - Google Search. Retrieved
2 September 2019, from https://www.google.com/search?client=firefox-b-
d&q=The+risk+and+return+relationship+part

6. Uwadiae, O. (2019). COSO – Information and Communication & Monitoring Activities.

Retrieved 2 September 2019, from
https://www2.deloitte.com/ng/en/pages/audit/articles/financial-reporting/coso-
information-and-communication-monitoring-activities.html

7. Ssempebwa, Ronald. (2013). PROJECT RISK MANAGEMENT.

8. Risk Management Framework (RMF): An Overview

9. Valladares, M. Basel Committee Finalizes Long-Awaited Market Risk

Framework. Retrieved 2 September 2019, from

14 | P a g e
 Assignment 01

https://www.forbes.com/sites/mayrarodriguezvalladares/2019/01/14/basel-committee-
finalizes-long-awaited-market-risk-framwork/#2118e25465f1

10. Writer, S. (2011). Top 20 Risk Factors Facing the Oil & Gas Industry. Retrieved 2
September 2019, from https://www.energydigital.com/utilities/top-20-risk-factors-facing-
oil-gas-industry

15 | P a g e