0% found this document useful (0 votes)

40 views78 pages

Prathamesh 3

Uploaded by

jofraarcher711

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

40 views78 pages

Prathamesh 3

Uploaded by

jofraarcher711

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 78

INDEX

Table of Contents
CHAPTER NO. 1.............................................................................................................................................
INTRODUCTION...........................................................................................................................................
1.1 Identification.....................................................................................................................................
1.2 Risk Management Process................................................................................................................
1.3 Risk communication.........................................................................................................................
CHAPTER NO. 2...........................................................................................................................................
REASEARCH METHODOLOGY................................................................................................................
CHAPTER NO.3............................................................................................................................................
LITERATURE REVIEW...............................................................................................................................
3.1 Risk Management Planning..............................................................................................................
3.2 Types of risk management................................................................................................................
3.3 Risk assessment................................................................................................................................
3.4 Risk Management Area....................................................................................................................
3.5 Characteristics of risk management..................................................................................................
3.6 Risk control......................................................................................................................................
3.7 Risk management audit....................................................................................................................
3.8 Risk Analysis....................................................................................................................................
3.9 Environmental Risk Management Authority....................................................................................
3.10 Limitation.......................................................................................................................................
CHAPTER NO.4............................................................................................................................................
DATA ANALYSIS INTERPRETATION........................................................................................................
4.1 Data Analysis.........................................................................................................................................
4.2 Interpretation.........................................................................................................................................
CHAPTER NO. 5...........................................................................................................................................
Conclusion..................................................................................................................................................
Reference....................................................................................................................................................

1
CHAPTER NO. 1

INTRODUCTION

In ideal risk management, a prioritization process is followed whereby the risks with the
greatest loss (or impact) and the greatest probability of occurring are handled first.
Risks with lower probability of occurrence and lower loss are handled in descending order. In
practice the process of assessing overall risk can be difficult, and balancing resources used to
mitigate between risks with a high probability of occurrence but lower loss, versus a risk with
high loss but lower probability of occurrence can often be mishandled. Intangible risk

2
management identifies a new type of a risk that has a 100% probability of occurring but is
ignored by the organization due to a lack of identification ability. For example, when
deficient knowledge is applied to a situation, a knowledge risk materializes. Relationship risk
appears when ineffective collaboration occurs. Process-engagement risk may be an issue
when ineffective operational procedures are applied. These risks directly reduce the
productivity of knowledge workers, decrease cost-effectiveness, profitability, service, quality,
reputation, brand value, and earnings quality. Intangible risk management allows risk
management to create immediate value from the identification and reduction of risks that
reduce productivity. Opportunity cost represents a unique challenge for risk managers. It can
be difficult to determine when to put resources toward risk management and when to use
those resources elsewhere. Again, ideal risk management minimizes spending (or manpower
or other resources) and also minimizes the negative effects of risks. Risk is defined as the
possibility that an event will occur that adversely affects the achievement of an objective.
Uncertainty, therefore, is a key aspect of risk. Systems like the Committee of Sponsoring
Organizations of the Treadway Commission Enterprise Risk Management (COSO ERM), can
assist managers in mitigating risk factors. Each company may have different internal control
components, which leads to different outcomes. For example, the framework for ERM
components includes Internal Environment, Objective Setting, Event Identification, Risk
Assessment, Risk Response, Control Activities, Information and Communication, and
monitoring.

1.1 Identification

After establishing the context, the next step in the process of managing risk is to identify
potential risks. Risks are about events that, when triggered, cause problems or benefits.
Hence, risk identification can start with the source of our problems and those of our
competitors (benefit), or with the problem consequenses.

• Source analysis – Risk sources may be internal or external to the system that is the
target of risk management (use mitigation instead of management since by its own
definition risk deals with factors of decision-making that cannot be managed).

Some examples of risk sources are: stakeholders of a project, employees of a company or the
weather over an airport.

3
• Problem analysis – Risks are related to identified threats. For example: the threat of
losing money, the threat of abuse of confidential information or the threat of human
errors, accidents and casualties. The threats may exist with various entities, most
important with shareholders, customers and legislative bodies such as the government.

When either source or problem is known, the events that a source may trigger or the upevents
that can lead to a problem can be investigated. For example: stakeholders withdrawing during
a project may endanger funding of the project; confidential information may be stolen by
employees even within a closed network; lightning striking an aircraft during takeoff may
make all people on board immediate casualties.

The chosen method of identifying risks may depend on culture, industry practice and
compliance. The identification methods are formed by templates or the development of
templates for identifying source, problem or event. Common risk identification methods are:

Objectives-based risk identification – Organizations and project teams have objectives.

Any event that may prevent an objective from being achieved is identified as risk.

Scenario-based risk identification – In scenario analysis different scenarios are created.

The scenarios may be the alternative ways to achieve an objective, or an analysis of the
interaction of forces in, for example, a market or battle. Any event that triggers an undesired
scenario alternative is identified as risk – see Futures Studies for methodology used by
Futurists.

Taxonomy-based risk identification – The taxonomy in taxonomy-based risk

identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge
of best practices, a questionnaire is compiled. The answers to the questions reveal risks.

Common-risk checking – In several industries, lists with known risks are available. Each
risk in the list can be checked for application to a particular situation.

Risking– This method combines the above approaches by listing resources at risk, threats
to those resources, modifying factors which may increase or decrease the risk and
consequences it is wished to avoid. Creating a matrix under these headings enables a variety
of approaches. One can begin with resources and consider the threats they are exposed to and
the consequences of each. Alternatively one can start with the threats and examine which

4
resources they would affect, or one can begin with the consequences and determine which
combination of threats and resources would be involved to bring them about.

1.2 Risk Management Process

The risk management process is a framework for the actions that need to be taken.
There are five basic steps that are taken to manage risk; these steps are referred to as the risk
management process. It begins with identifying risks, goes on to analyze risks, then the risk is
prioritized, a solution is implemented, and finally, the risk is monitored. In manual systems,
each step involves a lot of documentation and administration.

Now let’s look at how these steps are carried out in a more digital environment.

Step 1: Identify the Risk

The first step is to identify the risks that the business is exposed to in its operating
environment. There are many different types of risks – legal risks, environmental risks,
market risks, regulatory risks, and much more. It is important to identify as many of these
risk factors as possible. In a manual environment, these risks are noted down manually.

If the organization has a risk management solution employed all this information is inserted
directly into the system. The advantage of this approach is that these risks are now visible to
every stakeholder in the organization with access to the system. Instead of this vital
information being locked away in a report which has to be requested via email, anyone who
wants to see which risks have been identified can access the information in the risk
management system.

Step 2: Analyze the Risk

Once a risk has been identified it needs to be analyzed. The scope of the risk must be
determined. It is also important to understand the link between the risk and different factors
within the organization. To determine the severity and seriousness of the risk it is necessary to
see how many business functions the risk affects. There are risks that can bring the whole
business to a standstill if actualized, while there are risks that will only be minor

5
inconveniences in the analysis. In a manual risk management environment, this analysis must
be done manually .When a risk management solution is implemented one of the most
important basic steps is to map risks to different documents, policies, procedures, and
business processes. This means that the system will already have a mapped risk framework
that will evaluate risks and let you know the far-reaching effects of each risk.

Step 3: Evaluate or Rank the Risk

Risks need to be ranked and prioritized. Most risk management solutions have different
categories of risks, depending on the severity of the risk. A risk that may cause some
inconvenience is rated lowly, risks that can result in catastrophic loss are rated the highest. It
is important to rank risks because it allows the organization to gain a holistic view of the risk
exposure of the whole organization. The business may be vulnerable to several low-level
risks, but it may not require upper management intervention. On the other hand, just one of
the highest-rated risks is enough to require immediate intervention.

Step 4: Treat the Risk

Every risk needs to be eliminated or contained as much as possible. This is done by connecting with
the experts of the field to which the risk belongs. In a manual environment, this entails
contacting each and every stakeholder and then setting up meetings so everyone can talk and
discuss the issues. The problem is that the discussion is broken into many different email
threads, across different documents and spreadsheets, and many different phone calls.

In a risk management solution, all the relevant stakeholders can be sent notifications from
within the system. The discussion regarding the risk and its possible solution can take place
from within the system. Upper management can also keep a close eye on the solutions being
suggested and the progress being made within the system. Instead of everyone contacting
each other to get updates, everyone can get updates directly from within the risk management
solution.

6
Step 5: Monitor and Review the Risk

Not all risks can be eliminated – some risks are always present. Market risks and
environmental risks are just two examples of risks that always need to be monitored. Under
manual systems monitoring happens through diligent employees. These professionals must
make sure that they keep a close watch on all risk factors. Under a digital environment, the
risk management system monitors the entire risk framework of the organization. If any factor
or risk changes, it is immediately visible to everyone. Computers are also much better at
continuously monitoring risks than people. Monitoring risks also allows your business to
ensure continuity.

1.2 Risk communication

Risk communication is a complex cross-disciplinary academic field related to core

values of the targeted audiences. Problems for risk communicators involve how to reach the
intended audience, how to make the risk comprehensible and relatable to other risks, how to
pay appropriate respect to the audience's values related to the risk, how to predict the
audience's response to the communication, etc. A main goal of risk communication is to
improve collective and individual decision making. Risk communication is somewhat related
to crisis communication, but there are clear distinctions. Risk communication deals with
possible risks and aims to raise awareness of those risks to encourage or persuade changes in
behavior to relieve threats in the long term. On the other hand, crisis communication is aimed
at raising awareness of a specific type of threat, the magnitude, outcomes, and specific
behaviors to adopt to reduce the threat Some experts coincide that risk is not only enrooted in
the communication process but also it cannot be dissociated from the use of language.

7
Though each culture develops its own fears and risks, these construes apply only by the
hosting culture

CHAPTER NO. 2

8
REASEARCH
METHODOLOGY

What is a program risk methodology?

Most of us are familiar with the process of risk management; identify, analyse, manage and so
on- if you want more information it’s quite nicely bundled up within the International
Standards for Risk Management: ISO 31000:2009. However, the concept of a program risk
management methodology seems quite foreign to most.

A program risk methodology defines for an organisation the overview for the process of risk
management. Rather than practically identifying risks; it states how risks should be
identified, the methods that should be used, the people who should be involved and even the
documents and templates which are appropriate.

Not all organization’s adopt the same approach to risk management. I have found that whilst
some organisations approach risk management with military precision, like an organised unit
perfectly orchestrated to deliver results, others use a much looser approach, fumbling their
way through the dark. The difference in these approached can be considered as the
differences in the implementation of the risk management methodology.

Risk management is the process of identifying areas of risk that could negatively impact the
success of the project and proactively managing those areas. Risk is analyzed during the

9
initial stages of the project to lay the foundation for success and on an ongoing basis
throughout the project.

Risk assessments are the means used to analyze risk. They highlight common areas of risk
with the intent of identifying and controlling the risk. After high-risk areas are identified, risk
control processes are selected and implemented. The following risk assessment (Exhibit 3)
describes potential high-risk areas of projects and documents the mechanism established to
control these areas.

Exhibit 4 describes a Quantitative Assessment and how probability and impact are used to
assess risk.

Exhibit 5 outlines common risk areas.

Exhibit 6 is the Risk Tracker tool used as part of the assessment.

10
• Terms and Definitions

• Risk: the chance of damage, loss, injury, or destruction

• Probability: the likelihood of an event occurring

• Impact: the cost or consequence of failure

• Likelihood of risk occurring

• High (26% to 100%)

• Medium (11% to 25%)

• Low (0% to 10%)

• Percentage of impact measured in time and/or cost

• High (16% to 100%)

• Medium (6% to 15%)

• Low (0% to 5%)

Exhibit 4 – Quantitative Risk Assessment Method

11
CHAPTER NO.3
LITERATURE REVIEW

Literature Review
Wissem Ennouri

Polish journal of management studies 8, 288--297, 2013

The complexity of the industrial activities and the important mass of flows crossing the
supply chain promotes the emergence of risks that must be considered in the decision process.
For this reason, we have developed this paper to clarify the basics of risk management
through a short new suggestion of literature review for risk management. Our justification of

12
this attempt is that this area is the most discussed in our days and it is impossible to present
all definition of the risk concept, we have tried to collect the most recent studies in this paper.

3.1 Risk Management Planning

The starting point is risk management planning, this will consider the context and operating
environment of the organisation, the organisations risk appetite, the key risk areas and those
categories which the organisation is more sensitive to than others.

The risk management plan aims for a consistent risk management process across the
organisation. This is important to minimise misunderstandings and retraining of staff
migrating across areas, to enable risk comparison across projects; such as risk ratings, as well
as to enable the organisation to adopt a single language with clear meanings for otherwise
ambiguous terminology.

The risk management planning process is generally conducted by senior management and
embedded through the organisation in the form of risk management plans; becoming the
practical document (or set) to manage risks at a project or program level.

Given the nature and complexity of the projects implemented by the organisation, there may
be several project management plans in existence. These are often separated by a dollar
value; generally, the total project’s investment. This separation allows organisations the
ability to increase the rigour of risk management when they have a lot at stake, whilst
keeping a more efficient process for lower value projects.

The risk management plan should provide:

• An overview of the risk management process

• Roles and responsibilities of key personnel
• Approval requirements and delegated authorities for risk acceptance
• Standard definitions for terms
• Processes for incorporating lessons learnt from past projects
• Processes for collecting and documenting lessons learnt for future projects
• Processes for establishing the context

13
• Methods for tracking and reporting risk
• Mechanisms for adjustment based upon context

3.2 Types of risk management

• Inflation Risk
• Sequence of Returns Risk
• Interest Rate Risk
• Liquidity Risk
• Market Risk
• Opportunity Risk
• Tax Risk

Fortunately, there are strategies available to manage each type of risk. By taking advantage of
these strategies, you may be able to pursue returns that will help you meet your needs as an
investor while limiting your exposure to several types of risk.

Types of Risk Management

Longevity Risk

One of the greatest concerns investors have is that they will outlive their money. This is
longevity risk in a nutshell. People are living longer and living healthier. That’s the good
news. The bad news is that you should plan on funding a potentially longer retirement. You
may have built a substantial balance during your working life, but will it provide the lifestyle
you desire throughout your retirement? Longevity risk is a good place to start our
conversation about risk for two reasons.

14
First, it clearly demonstrates that a discussion of investment risk is ultimately about people,
not abstract returns. The desire to meet a personal goal such as replacing your paycheck in
retirement becomes more important than abstract concerns such as the performance of your
investments against a benchmark.

Second, longevity risk is interesting because it clearly demonstrates how different parties
view the same risk. Insurance companies, for example, view increased longevity from the
standpoint of being on the hook for paying benefits on certain types of contract (long-term
care or annuities, for example) for a longer duration. This can increase the cost (or lower the
benefits) of those products to consumers, making it even more important for them to attempt
to ensure additional savings in retirement.

Investors can limit their longevity risk in many ways including, working longer, delaying
social security for a higher benefit that may represent a greater percentage of retirement
income and planning for a conservative portfolio withdrawal rate in retirement, generally no
more than 4% for those retiring at a normal age.

15
Inflation Risk

Inflation is the increase in the cost of goods and services in an economy relative to the
currency. When we experience inflation in the United States, the same number of dollars will
buy less in the market that it did in the past.

You may not have thought much about inflation early in life. This is very common for a
couple reasons, the most obvious of which is that when you are young you haven’t lived long
enough to see inflation have a substantial material impact on the cost of everyday items.
Think of inflation as the hour hand on an analog watch. You know it’s moving, but you can’t
see the movement in real time – you can only recognize it has moved in retrospect.

You also become more concerned with inflation later in life because you’ve had an
opportunity to build savings that can be affected negatively by inflation. When you are
younger and have yet to build substantial savings, you may be indifferent to inflation. If you
are in debt, you may benefit since inflation erodes the value of what you owe.

As an investor, you will need to be keenly aware of inflation risk and select asset classes and
investment strategies with the potential to provide a “real rate of return” which is a return
above the rate of inflation.

If inflation is 3%, for example, you haven’t really made progress in your portfolio by
achieving a 3% return for the year. You’ve simply maintained your purchasing power which
means the balance you have would buy the same goods and services it would have a year ago.
To increase your wealth from a practical standpoint, you will need to achieve a rate above
inflation, greater than 3% in this example.

This is particularly important to consider when evaluating low yielding asset classes such as
cash or cash equivalent items including bank CDs, money market, and savings accounts. If
you’re offered a rate below the rate of inflation, don’t confuse the numeric increase in your
account value with progress that will allow you to purchase more with your money. This is
not to say you should avoid those assets entirely but simply that you should evaluate the

16
effects of inflation on your overall portfolio and include assets such as equities that can
provide long-term returns above the rate of inflation.

Sequence of Returns Risk

Often investors focus on average returns. This can be the average of a portfolio allocation or
their own experiences in the past. The challenge with a plan based on an average return is that
even if it is achieved, there can be wide variation from year to year and the order in which
returns occur can affect your investment experience.

Imagine you have a balance of one million dollars to invest. The first year you’re up ten
percent and the following year you’re down ten percent. Your average annual return may be
0% but you’re not even. You would have $990,000 since the ten percent loss was experienced
on a higher balance.

You can lessen your sequence of return risk by choosing a conservative withdrawal amount,
also known as a sustainable distribution rate. For many retiring at a normal age, this is 4%. It
will generally be well below your expected return for the portfolio. This will not only provide
a cushion but also assist in combating the previously mentioned risk of inflation. In addition
to selecting a conservative withdrawal rate, you can make sure to rebalance your portfolio
periodically to make sure you are not exceeding the level of risk necessary to reach your
goals. This is important since your most aggressive asset classes can potentially through
appreciation represent a larger portion of your overall balance than they did in your initial
allocation.

Interest Rate Risk

Changes in interest rates can affect your portfolio in many ways. When interest rates go up,
for example, fixed income items such as bonds may no longer be as competitive and may
decrease in value. Even equities may experience the effect of the changing interest rates on
the overall economy or a specific business. Think of credit as the fuel that drives economic
activity. Interest is the cost of credit. What happens to your driving habits when fuel costs go
up?

17
You can protect yourself from interest rate risk by owning many different asset classes and
choosing your fixed-income investments so that you have a variety of maturity dates among
short, intermediate and long-term since longer maturities usually carry the greatest interest
rate risk. This strategy also comes with a bonus in that it also helps with our next risk,
liquidity risk.

Liquidity Risk

You may have checked the value of your home online recently and been excited to see the
value, only to have your thoughts turn to the process of selling. How long will it take? How
much will the commission be? What if it sits for too long after I’ve purchased the next
property? This is a perfect example of liquidity risk, but it’s not confined to real estate only.

Many investments have lock-up periods or charges for early sale, often called “surrender
charges” in annuity contracts. The non-monetary costs such as hassle and uncertainty can
often be a large factor in considering some investments without a liquid market.

You can protect yourself from liquidity risk by limiting the amount of your portfolio that is
difficult to liquidate or difficult to do so without incurring expenses. You don’t need access to
your entire balance at all times, but you should easily be able to convert a portion to cash in a
reasonable timeframe if necessary.

Market Risk

Market risk is what most investors imagine when they think of risk in general. It’s the
possibility that the value of your investment can decrease. Fortunately, there are ways to limit
your market risk. Avoid investing a sizable portion of your portfolio in a single asset.
Investors often get “oneitis” and are so convinced in the merits of a single investment that
they lose sight of the additional risk they take by owning too much of any single investment.

18
A Sample of a Diversified 60% Stocks / 40%
Bonds Portfolio

This hypothetical example is used for illustrative purposes only. Diversification and asset location do not
guarantee positive results.

Purchasing investments at various times or “averaging in” can reduce the risk associated with
timing your investment. You will also want to consider diversifying among a variety of asset
classes. Owning several different stocks may provide some diversity, but stocks, in general,
may be affected by similar market forces and move in similar directions. If you use an
electronic site to follow your quotes, how often is it all green or all red? When you have not
just a variety of stocks but also items from other asset classes such as bonds, real estate,
commodities or others, you will have returns that are less correlated to one another, meaning
they do not move in the same direction or react similarly to the same market conditions.

Opportunity Risk

Opportunity risk is interesting because it is a type of risk people often assume unknowingly
when they are attempting to avoid risk in general. Sitting on the sidelines or placing your
money under the mattress can seem safe.You will, after all, preserve your principal balance.

19
However, you are experiencing the opportunity cost of not receiving a return on the balance,
which can be detrimental to your investment goals over extended periods of time.

Trying to time the market and “sit out” the downturns can do more harm than good for many
investors. This is because by doing so you miss out on the possibility for upside that often
happens specifically during a downturn. You may have heard the phrase that one should focus
on the “time in the game” rather than “timing of the game.”

Reacting Can Hurt Your Performance:

Missing Only a Few Days of Strong Returns Can Drastically Impact Overall
Performance
Performance of the S&P 500 Index, 1990–2017

In US dollars. For illustrative purposes. The missed best day(s) examples assume that the
hypothetical portfolio fully divested its holdings at the end of the day before the missed best
day(s), held cash for the missed best day(s), and reinvested the entire portfolio in the S&P
500 at the end of the missed best day(s). Annualized returns for the missed best day(s) were

20
calculated by substituting actual returns for the missed best day(s) with zero. S&P data
copyright 2018 S&P Dow Jones Indices LLC, a division of S&P Global. All rights reserved.

“One-Month US T- Bills” is the IA SBBI US 30 Day TBill TR USD, provided by Ibbotson

Associates via Morningstar Direct. Data is calculated off rounded daily index values. Indices
are not available for direct investment. Their performance does not reflect the expenses
associated with the management of an actual portfolio. Past performance is not a guarantee of
future results.

Opportunity risk is also frequently coupled with inflation risk. It’s not just that you’re
preserving your balance only while missing out on an additional return. The balance you
preserve is worth less over time due to inflation. Standing still is going backward when you
consider what you can purchase with your money. In our discussion of inflation risk, we
pointed out that you need a return at least equal to the rate of inflation before you have a “real
rate of return” above it. Sitting on the sidelines and looking for the ideal time to jump back in
can prevent this from happening.

A strategy to limit opportunity risk is to have an emergency fund that will cover three to six
months of emergency expenses but not more. The specific amount within that range can be
decided based on how many earners are in the household and the stability of the jobs, but
having an emergency fund will prevent you from needing to pay a fee, commission or tax bill
to get out of an investment and prevent needing to sell at a less than ideal time. You
understand you’re not going to get a large return from money in a savings account or similar
vehicle, but you make the tradeoff for liquidity. It’s unlikely that you will need more than this
amount in a brief period so having an emergency fund greater than a few months of expenses
can lead to too much opportunity risk.

Tax Risk
Tax risk is a very important consideration for investors. You may have an excellent return on
your investments, but it’s the amount you’re able to keep after tax that will most directly
affect your lifestyle. There are several ways to contain tax risk and ensure you can keep the
most amount of your money possible.

21
Invest in all available “pools” of money. Often investors have most of their savings in
taxdeferred accounts such as their employer-sponsored retirement accounts. Tax-deferred
accounts are only one of the three “pools” available to investors in the United State.

Financial risk management

Financial risk management is the practice of protecting economic value in a firm by using
financial instruments to manage exposure to risk: operational risk, credit risk and market
risk, foreign exchange risk, shape risk, volatility risk, liquidity risk, inflation risk, business
risk, legal risk, reputational risk, sector risk etc. Similar to general risk management,
financial risk management requires identifying its sources, measuring it, and plans to
address them.
Financial risk management can be qualitative and quantitative. As a specialization of risk
management, financial risk management focuses on when and how to hedge using
financial instruments to manage costly exposures to risk.
In the banking sector worldwide, the Basel Accords are generally adopted by internationally
active banks for tracking, reporting and exposing operational, credit and market risks.

Uses of financial risk management

Finance theory (i.e., financial economics) prescribes that a firm should take on a project if it
increases shareholder value. Finance theory also shows that firm managers cannot create
value for shareholders, also called its investors, by taking on projects that shareholders could
do for themselves at the same cost.
When applied to financial risk management, this implies that firm managers should not hedge
risks that investors can hedge for themselves at the same cost. This notion was captured by
the so-called "hedging irrelevance proposition" In a perfect market, the firm cannot create
value by hedging a risk when the price of bearing that risk within the firm is the same as the
price of bearing it outside of the firm. In practice, financial markets are not likely to be
perfect markets.
This suggests that firm managers likely have many opportunities to create value for
shareholders using financial risk management, wherein they have to determine which risks
are cheaper for the firm to manage than the shareholders. Market risks that result in unique
risks for the firm are commonly the best candidates for financial risk management. The
concepts of financial risk management change dramatically in the international realm.

22
Multinational Corporations are faced with many different obstacles in overcoming these
challenges. There has been some research on the risks firms must consider when operating in
many countries, such as the three kinds of foreign exchange exposure for various future time
horizons: transactions exposure, accounting exposure and economic exposure.
Enterprise risk management
Enterprise risk management (ERM) in business includes the methods and processes used by
organizations to manage risks and seize opportunities related to the achievement of their
objectives. ERM provides a framework for risk management, which typically involves
identifying particular events or circumstances relevant to the organization's objectives (threats
and opportunities), assessing them in terms of likelihood and magnitude of impact,
determining a response strategy, and monitoring process. By identifying and proactively
addressing risks and opportunities, business enterprises protect and create value for their
stakeholders, including owners, employees, customers, regulators, and society overall.

ERM can also be described as a risk-based approach to managing an enterprise, integrating

concepts of internal control, the Sarbanes–Oxley Act, data protection and strategic planning.
ERM is evolving to address the needs of various stakeholders, who want to understand the
broad spectrum of risks facing complex organizations to ensure they are appropriately
managed. Regulators and debt rating agencies have increased their scrutiny on the risk
management processes of companies.

According to Thomas Stanton of Johns Hopkins University, the point of enterprise risk
management is not to create more bureaucracy, but to facilitate discussion on what the really
big risks are.

Operational risk management

The term operational risk management (ORM) is defined as a continual cyclic process which
includes risk assessment, risk decision making, and implementation of risk controls, which
results in acceptance, mitigation, or avoidance of risk. ORM is the oversight of operational
risk, including the risk of loss resulting from inadequate or failed internal processes and
systems; human factors; or external events. Unlike other type of risks (market risk, credit
risk, etc.) operational risk had rarely been considered strategically significant by senior
management.

23
Supply chain risk management (SCRM) is "the implementation of strategies to manage both
everyday and exceptional risks along the supply chain based on continuous risk assessment
with the objective of reducing vulnerability and ensuring continuity".

Supply-chain risk management

Supply-chain risk management is aimed at managing risks in complex and dynamic supply
and demand networks(cf. Wieland/Wallenburg, 2011)

SCRM applies risk management process tools after consultation with risk management
services, either in collaboration with supply chain partners or independently, to deal with
risks and uncertainties caused by, or affecting, logistics-related activities, product availability
(goods and services) or resources in the supply chain.

A Planning risk management

Risk identification and monetary identification

Performing qualitative risk analysis

Communicating the risk to stakeholders and the funders of the project

Refining or iterating the risk based on research and new information

Monitoring and controlling risks

Finally, risks must be integrated to provide a complete picture, so projects should be

integrated into enterprise wide risk management, to seize opportunities related to the
achievement of their objectives.

IT risk management

This article may be too technical for most readers to understand.

"Information risk management" redirects here. For the risk of inaccurate information, see
Assurance services.

IT Risk Management is the application of risk management methods to information

technology in order to manage IT risk, i.e.:

24
Risk Management Elements

The business risk associated with the use, ownership, operation, involvement, influence and
adoption of IT within an enterprise or organization

IT risk management can be considered a component of a wider enterprise risk management

system.

The establishment, maintenance and continuous update of an Information Security

Management System (ISMS) provide a strong indication that a company is using a systematic
approach for the identification, assessment and management of information security risks.[2]

Different methodologies have been proposed to manage IT risks, each of them divided into
processes and steps.

According to the Risk IT framework, this encompasses not only the negative impact of
operations and service delivery which can bring destruction or reduction of the value of the
organization, but also the benefit enabling risk associated to missing opportunities to use
technology to enable or enhance business or the IT project management for aspects like
overspending or late delivery with adverse business impact.[clarification needed
incomprehensible sentence]

Because risk is strictly tied to uncertainty, decision theory should be applied to manage risk as
a science, i.e. rationally making choices under uncertainty.

Generally speaking, risk is the product of likelihood times impact (Risk = Likelihood *
Impact).

The measure of an IT risk can be determined as a product of threat, vulnerability and asset
The process of risk management is an ongoing iterative process. It must be repeated
indefinitely. The business environment is constantly changing and new threats and
vulnerabilities emerge every day. The choice of countermeasures (controls) used to manage
risks must strike a balance between productivity, cost, effectiveness of the countermeasure,
and the value of the informational asset being protected.

25
Enterprise risk management

Enterprise risk management (ERM) in business includes the methods and processes used by
organizations to manage risks and seize opportunities related to the achievement of their
objectives. ERM provides a framework for risk management, which typically involves
identifying particular events or circumstances relevant to the organization's objectives (threats
and opportunities), assessing them in terms of likelihood and magnitude of impact,
determining a response strategy, and monitoring process. By identifying and proactively
addressing risks and opportunities, business enterprises protect and create value for their
stakeholders, including owners, employees, customers, regulators, and society overall.

ERM can also be described as a risk-based approach to managing an enterprise, integrating

According to Thomas Stanton of Johns Hopkins University, the point of enterprise risk
management is not to create more bureaucracy, but to facilitate discussion on what the really
big risks are

3.3 Risk assessment

This article's lead section may be too short to adequately summarize its key points.

Broadly speaking, a risk assessment is the combined effort of:

Identifying and analyzing potential (future) events that may negatively impact individuals,
assets, and/or the environment (i.e. hazard analysis); and

Making judgments "on the tolerability of the risk on the basis of a risk analysis" while
considering influencing factors (i.e. risk evaluation).

26
Put in simpler terms, a risk assessment determines possible mishaps, their likelihood and
consequences, and the tolerances for such events. The results of this process may be
expressed in a quantitative or qualitative fashion. Risk assessment is an inherent part of a
broader risk management strategy to help reduce any potential risk-related consequences.

Project risk management

Risk management activities are applied to project management. Project risk is defined by PMI
as, "an uncertain event or condition that, if it occurs, has a positive or negative effect on a
project’s objectives."

With the above disciplines of Operational, Financial and Underwriting risk management, the
concepts of risk, risk management and individual risks are nearly interchangeable; being
either personnel or monetary impacts respectively. Impacts in project risk management are
more diverse, overlapping monetary, schedule, capability, quality and engineering disciplines.
For this reason, in project risk management, it is necessary to specify the differences
(paraphrased from the "Department of Defense Risk, Issue, and Opportunity Management
Guide for Defense Acquisition Programs"

Risk Management: Organizational policy for optimizing investments and (individual) risks to
minimize the possibility of failure.

Risk: The likelihood that a project will fail to meet its objectives.

A risk: A single action, event or hardware component that contributes to an effort's "Risk."

An improvement on the PMBOK definition of risk management is to add a future date to the
definition of a risk. Mathematically, this is expressed as a probability multiplied by an
impact, with the inclusion of a future impact date and critical dates. This addition of future
dates allows predictive approaches.[citation needed]

Good Project Risk Management depends on supporting organizational factors, having clear
roles and responsibilities, and technical analysis.

Chronologically, Project Risk Management may begin in recognizing a threat, or by

examining an opportunity. For example, these may be competitor developments or novel
products. Due to lack of definition, this is frequently performed qualitatively, or

27
semiquantitatively, using product or averaging models. This approach is used to prioritize
possible solutions, where necessary.

In some instances it is possible to begin an analysis of alternatives, generating cost and

development estimates for potential solutions.

Once an approach is selected, more familiar risk management tools and a general project risk
management process may be used for the new projects:

A Planning risk management

Risk identification and monetary identification

Performing qualitative risk analysis

Communicating the risk to stakeholders and the funders of the project

Refining or iterating the risk based on research and new information

Monitoring and controlling risks

Finally, risks must be integrated to provide a complete picture, so projects should be

integrated into enterprise wide risk management, to seize opportunities related to the

achievement of their objectives.

3.4 Risk Management Area

A deals with sources of funding, the capital structure of corporations, the actions that
managers take to increase the value of the firm to the shareholders, and the tools and analysis
used to allocate financial resources. The primary goal of corporate finance is to maximize or
increase shareholder value.

Correspondingly, corporate finance comprises two main sub-disciplines.[citation

needed]Capital budgeting is concerned with the setting of criteria about which value-adding
projects should receive investment funding, and whether to finance that investment with
equity or debt capital. Working capital management is the management of the company's
monetary funds that deal with the short-term operating balance of current assets and current
liabilities; the focus here is on managing cash, inventories, and short-term borrowing and
lending (such as the terms on credit extended to customers.

28
The terms corporate finance and corporate financier are also associated with investment
banking. The typical role of an investment bank is to evaluate the company's financial needs
and raise the appropriate type of capital that best fits those needs. Thus, the terms "corporate
finance" and "corporate financier" may be associated with transactions in which capital is
raised in order to create, develop, grow or acquire businesses. Recent legal and regulatory
developments in the U.S. will likely alter the makeup of the group of arrangers and financiers
willing to arrange and provide financing for certain highly leveraged transactions.

Although it is in principle different from managerial finance which studies the financial
management of all firms, rather than corporations alone, the main concepts in the study of
corporate finance are applicable to the financial problems of all kinds of firms. Financial
management overlaps with the financial function of the accounting profession. However,
financial accounting is the reporting of historical financial information, while financial
management is concerned with the deployment of capital resources to increase a firm's value
to the shareholders.

3.5 Characteristics of risk management

The term “risk management” is used in the field of statistic’s, economics, psychology, the
social sciences, biology, engineering, toxicology, systems analysis, research operations, etc.
What does it mean? For socialanalysts, politicians and academics it is the management of
environmental and nuclear risks which threatenour existence, for bankers and financial
employees it isthe sophisticated use of techniques, such as currencyhedging against loss, for
insurance agents it is the coordination of insurable risk and the reduction of insurance costs,
for rescuers it is the reduction in the number ofaccidents and injuries.

Another term linked with the overall activity of a business is perceived in a relatively new
way. This is business risk management. Presentations on this topic focuson clarifying the
course of risk itself, on providing examples of application and on discussing ways forward in
this field. Consultants promote their ability to manage business risks, auditors examine how
to incorporate business risk management procedures into business audits, professional
journals are starting to publish studies on business risk management and books, too, are

29
beginning to appear on the topic, and several universities now offer courses entitled business
risk management. Risk management today has its roots in a number of unrelated disciplines.

Military risk analysis led to the development of operations research. Personal and commercial
risks led to the emergence of an insurance and accounting approach to risk management.
Strategic analyses of risk and the recognition that the future need not necessarily be in line
with the past brought about the birth of so-called scenario planning. Another approach is the
use of the options valuation theory for obtaining various alternatives. Currency, interest rate
and credit risks have created a banking approach to risk management and hedging via various
instruments. Operational andenvironmental risk management have helped the development of
contingency planning methods. All these contribution’s help us understand risk better.

It is necessary to understand that various results of a specific undertaking are possible on the
basis of specific circumstances; this means that nothing is impossible and nothing is
absolutely certain. In the real world determining the probability of the influences of various
circumstances is often connected with difficulties. By means of a simulation method focused
on the future, experts attempt to estimate (to generate) objective probabilities of the
occurrence of these influences. If we do not assign any estimates of probabilities to individual
circumstances, there arises the extreme case of risk – uncertainty. Business risk arises, on the
one hand, when, while we are not able to foresee the future, we can determine the probability
of possible future situations in the business entity’s environment. On the other hand it must
hold true that a lack of knowledge as to the future has an impact on achieving objectives.
From our experience we know that managers do not manage risks in a way that they would
be an advantage for their companies. Various schools of thought discuss various risks, use
various approaches, often however at a very low level. Many companies do not have a
summary mechanism for alerting the management to the importance of risk management and
revenues from risk. This is all the more serious due to the fact that risk is

CHARACTERISTICS OF BUSINESS RISK MANAGEMENT

A key strategic feature of a business's development and risk management is a strategic
business process (Diagram). This is a process where the organisation methodologically
evaluates the riskiness of its activities with the aim of achieving profit in the framework of
each activity and at the same time in the framework of the portfolio of all activities.

30
Management should estimate whether business activities of the company are in accordance
with its strategic goals set, and how risk management is connected with investing and
decisions on growth. The management should have a general overview of risk threats in order
to avoid surprises. This process begins with a flow of inputs from the firms’ external
environment. Most firms do not have a coherent procedure for monitoring the surrounding
environment in which they operate, therefore they are not even aware of the risks they must
face. The second step is, with the help of an analysis of the surrounding environment, to
examine opportunities and threats.

When the opportunities and threats have been ascertained, the management must decide to
what extent the risk is bearable and to set targets for risks and revenues. The management
should develop a vision and strategy of risk founded on the risk environment and
shareholders' attitude to risk. Different groups of investors usually have different attitudes to
risk. A summary risk-management strategy should include a philosophy of risk management
and organisational liability. On the basis of the preceding characteristics it is appropriate to
separate risk management out into the following phases:

• Risk identification (ascertaining and quantifying the firm’s risk potential),

• Risk assessment (risk policy based on probability),

• Risk elimination (strategy and measures),

• Risk control.

Risk identification

Risk identification forms the basis for the development of risk management and control. In
practice however many difficulties arise, risks are often overlooked or even intentionally
ignored. Individual risks on their own are less problematic, the difficulties lie in the relations
between them, as well as their seriousness in the overall context of the business. From the
portfolio theory it ensues that it is the correlation itself between individual business risks that
plays the central role in ascertaining the size of a risk. The system of the risk identification
procedure is depicted in diagram 2.

The degree and consequences (impact) of a risk are, however, different since the degree of
risk is the result of several concordant and opposing flows and factors influ-19

BIATEC, Volume XII, 6/2004ECONOMICS FOCUS CHARACTERISTICS OF BUSI

31
ending the desired result. It expresses the difference between the forecast and actual result. In
this, it is important to quantify the probability of the occurrence of a risk, its statistical
distribution, the probability of the consequences of the risk, as well as a correlation analysis
of risk factors.

The links between the degree of a risk and its impact correlate in various ways. Even the
same degree of risk can have various effects, and it does not always hold true the imagined
slogan: the greater the risk, the greater the profit. From the practical side it is more useful to
admit several different co-relationships, since in practice also the opposite relationship
applies: even a low degree of risk can have a great impact.

In an analysis and assessment of risk it is, moreover, necessary to count not only on direct
consequences, but also on the consequences brought about in the form of a chain reaction. In
addition, it is necessary to count on the long-term lasting consequences of a cumulative
nature. In principle, four main variant situations can occur :

• A high degree of risk and its consequences, e.g. in emergency situations in continual
production equipment,

• A high degree of risk with low consequences. This can be expressed more vividly by
comparing the shattering of a signal light on the control panel of a lift and the tearing off of
the lift body.

• A low degree of risk with high potential consequences, e.g. the catastrophic
consequences of a failure at a nuclear power station.

• A low degree of risk with low consequences. The rationality of the decision-making
entity’s proceedings depends both on its specific qualities (internal rationality), as well as on
the need to conduct decision making in accordance with the requirements of the applicable
management system (external rationality). It is necessary to differentiate between:

• incorrect decisions in the case of a lack of information, which may be caused by a lack
of qualification on the side of managers (e.g. they do not know what they cause by which
decision) or their lack of discipline (e.g. they do not bother to check warning signs),

• objective correct decisions founded on forecasts that later show to be incorrect,

because the qualified forecasts failed. An objective decision is deemed to be a decision with
which most qualified managers would agree, if they had the same information available.

32
Risk assessment

The aim of risk assessment is to condense available information on risk into a set of standard
figures (risk assessment parameters), which define the severity of the risk. For defining the
severity of a risk we can use two parameters:

• impact (possible losses that will occur in the case of a certain event),

• probability that the event will occur.

These two parameters often together create a simple measure of the severity of a risk through
using a risk matrix.

It is also appropriate to classify risks into:

• critical – in the case of which the potential losses lead to bankruptcy (regardless of cause),

• important – in the case of which the losses do not lead to bankruptcy, but force the firm to
borrow capital to overcome them,

• unimportant – in the case of which the losses are not large and the firm can face them on its
own strengths.

Risk management

The next step is to select appropriate techniques to eliminate risk. These techniques include:
(a) risk avoidance, (b) risk reduction, (c) risk maintenance and (d) risk transfer. It is a priority
to decide which technique to use for which risk. The scope of a decision varies in each firm.
What is taken into account is the scope of potential losses and their probability, as well as the
size of costs connected with the respective option decided upon. Risk avoidance. Avoiding
risk is one of the techniques of risk management, but it is more a negative than positive
technique. Where it is used to a large degree, businesses miss many opportunities and may be
unable to achieve their objectives as a result. Risk reduction. Risk may be reduced in two
ways.

Firstly, through loss prevention and secondly through control. Safety programmes and
procedures preventing losses, such as healthcare, fire prevention, night security and alarms
are examples of risk management through loss prevention or through reducing the likelihood

33
that a loss will occur. Some techniques are designed so as to avoid the occurrence of the loss,
while others are directed more at controlling the extent of possible damage.

From a certain aspect damage prevention is the most desirable form of risk management. If
the possibility of a loss were to be completely eliminated, the risk too would be eliminated.
Even this approach may be considered inappropriate. It does not matter how hard we try, it is
impossible to avoid all losses. Moreover, in some cases the prevention of a loss can cost more
than the loss itself.

A risk may be reduced also through a combination of a large number of risk units and through
forecasting (a justifiable estimate) of future losses for the whole group. It is on this principle
that, for example, insurance companies operate.

Risk maintenance. Risk maintenance is perhaps the safest risk management method.
Organisations as well enhance can be carried out consciously or unconsciously. We talk of
conscious maintenance when we perceive a risk, but do not reduce or transfer it. If we do not
know of the risk, this is unconscious risk maintenance.

Risk maintenance may also be voluntary or involuntary. In the case of voluntary maintenance
we realize that the risk exists and with silent consent accept losses arisen (usually because no
other more promising alternative exists). The involuntary maintenance of risk is where we do
not realize that a risk exists and also in the case where it is not possible to transfer, avoid, or
reduce it.

Each organisation must decide which risks to leave and which to avoid, or transfer on the
basis of the ability to bear the potential losses. A loss which may for one organisation be a
financial catastrophe, may for another be easily bearable. Generally it holds true that risks left
in an organisation should lead to relatively small losses.

Transferring of risk is used for managing speculative as well as net risk. An excellent
example of managing speculative risk is the process of reinsurance. Net risk is often
transferred into contracts, in which one party estimates the possibility of damage caused to
the other party, e.g. a tenant can agree that under certain conditions he/she will pay the
landlord for damage arisen through using the property. The contractual transfer of risk is
common in the building industry, but also among producers and sellers, where the liability for
the product is specified.

34
Risk distribution. This is a special case of transferring risk and a form of risk maintenance. If
the risk is distributed, the possibility of loss is transferred from the individual to the group. It
is necessary however to realise that a risk transferred by an individual to a group is linked to
the risk which other members bring to the group.

Risk may be distributed among individuals and organisations in various ways. An example
are joint-stock companies where a large number of investors exists and in the case of the
company becoming bankrupt each of them bears a relatively small part of the risk of loss.

Fundamental characteristic.
Evaluating and testing a decision

Evaluation and testing are necessary for two reasons:

1. The process of risk management does not operate in a vacuum. The external and
internal environment of a firm changes, new risks arise, old risks lapse. For this reason some
techniques which were appropriate in the past year need not necessarily be appropriate this
year and maybe not at all in the near or distant future.

2. Sometimes even a mistake occurs. The evaluation and testing of risk management
allows a manager to test decisions and discover mistakes in the hope that this will not be
expensive. Even where evaluation and testing should be an internal matter, it is appropriate to
invite independent (external) consultants. This applies particularly in the case of small firms
that do not have the respective specialists.

3.6 Risk control

In theory risk control represents the last step in the risk management process, in practice
however it is often the first step. Risk control requires the identification of the causes why the
operating results differ from the plan, as well as a decision on appropriate measures for
removing deviations. It is only clear that in conducting business activities the impact of any
potential losses must be limited so as to minimise their effects on the firm’s expected results.

Since risk management is based on decisions adopted in conditions of uncertainty,

appropriate fulfilment of objectives is not quantified only on the basis of whether the given

35
firm survived, but whether it would have been able to survive even under less favorable
conditions.

The existence of an inappropriately directed future development of a business with a

catastrophic scenario constitutes a deviation from the objective. It is this type of deviation
that the process of risk control management deals with.

3.7 Risk management audit

Although the evaluation and testing of a risk management programmed is a continual process,
this programme must be regularly submitted for analysis, which is termed risk audit. Most
people connect the term “audit” with accounting, where it concerns the formal control of
Financial records by public experts in order to verify the accuracy, entirety and correctness of
accounting records. Another meaning of this term is connected with the complete verification
and evaluation of problems covered by the expression “risk management audit programme”.
This type of audit is a detailed and systematic examination of a compiled programme,
focused on testing the suitability of the programme’s objectives from the aspect of the
respective firm, as well as whether the criteria created for achieving the programme
objectives are appropriate and have been correctly implemented.

3.8 Risk Analysis

Risk analysis is a technique used to identify and assess factors that may jeopardize the
success of a project or achieving a goal.

This technique also helps to define preventive measures to reduce the probability of these
factors from occurring and identify countermeasures to successfully deal with these
constraints when they develop to avert possible negative effects on the competitiveness of the
company.

One of the more popular methods to perform a risk analysis in the computer field is called
facilitated risk analysis process (FRAP).

36
Pest risk analysis

Pest risk analysis (PRA) is a form of risk analysis conducted by regulatory plant health
authorities to identify the appropriate phytosanitary measures required to protect plant
resources against new or emerging pests and regulated pests of plants or plant products.
Specifically pest risk analysis is a term used within the International Plant Protection
Convention (IPPC) (Article 2.1) and is defined within the glossary of phytosanitary terms.[1]
as "the process of evaluating biological or other scientific and economic evidence to
determine whether an organism is a pest, whether it should be regulated, and the strength of
any phytosanitary measures to be taken against it". In a phytosanitary context, the term plant
pest, or simply pest, refers to any species, strain or biotype of plant, animal or pathogenic
agent injurious to plants or plant products and includes plant pathogenic bacteria, fungi,
fungus-like organisms, viruses and virus like organisms, as well as insects, mites, nematodes
and weeds.

3.9 Environmental Risk Management Authority

The Environmental Risk Management Authority (ERMA) was a New Zealand government
agency that controlled the introduction of hazardous substances and new organisms (invasive
species and genetically modified organisms).It was disestablished on 30 June 2011 and its
functions taken over by the Environmental Protection Authority.

ERMAERMA was principally responsible for implementing the Hazardous Substances and
New Organisms Act 1996 (HSNO).

The aim of ERMA was stated as:

"Achieve effective prevention or management of risks to the environment, public health and
safety associated with importing or manufacturing hazardous substances and introducing new
organisms, and their use."

ERMA made decisions on applications under Part V of the Hazardous Substances and New
Organisms Act, by evaluating risks, costs and benefits, placing conditions on approvals; and

37
making decisions on transitional licences and other approvals. ERMA used risk management
principles contained in the Methodology to guide its work.

Under the Hazardous Substances and New Organisms Act, the Authority was required to
consider and weigh up the adverse and beneficial effects of a new organism or substance. The
detailed decisions of the Authority also give an insight into how it has dealt with different
aspects of risks, costs and benefits.

To mitigate any risks they applied controls (where relevant and possible) to the application,
just as in everyday life we wear seatbelts to reduce the risks associated with driving. The
controls might include housing the organism or substance in a specially designed laboratory
or they may be to wear protective equipment when handling a certain hazardous chemical.

The Authority's role was to manage risks to the environment and to public health, and they
did this through their decision-making processes on applications. When ERMA received an
application to import a new organism or a new substance they weighed up the adverse and
beneficial effects on society, the environment, public health etc. and in many cases asked the
general public to make submissions as to whether the new organism or substance should be
allowed into New Zealand.

3.10 Limitation

Prioritizing the risk management processes too highly could keep an organization from ever
completing a project or even getting started. This is especially true if other work is suspended
until the risk management process is considered complete.

It is also important to keep in mind the distinction between risk and uncertainty. Risk can be
measured by impacts × probability.

If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of
losses that are not likely to occur. Spending too much time assessing and managing unlikely
risks is to be avoided. Unlikely events do occur but if the risk is unlikely enough to occur it
may be better to simply retain the risk and deal with the result if the loss does in fact occur.

38
Qualitative risk assessment is subjective and lacks consistency. The primary justification for a
formal risk assessment process is legal and bureaucratic.

BUSINESS CONTINUITY

Business continuity may be defined as "the capability of an organisation to continue the

delivery of products or services at pre-defined acceptable levels following a disruptive
incident”,[1] and business continuity planning (or business continuity and resiliency
planning) is the process of creating systems of prevention and recovery to deal with potential
threats to a company.[4] In addition to prevention, the goal is to enable ongoing operations
before and during execution of disaster recovery.[5] Business continuity is the intended
outcome of proper execution of both business continuity planning and disaster recovery.

Disaster risk reduction

Disaster risk reduction (DRR) is a systematic approach to identifying, assessing and reducing
the risks of disaster. It aims to reduce socio-economic vulnerabilities to disaster as well as
dealing with the environmental and other hazards that trigger them. Here it has been strongly
influenced by the mass of research on vulnerability that has appeared in print since the
mid1970s[1] as well as the mapping of natural disaster risks.Disaster risk reduction is the
responsibility of development and relief agencies alike. It should be an integral part of the
way such organizations do their work, not an add-on or one-off action. Disaster risk reduction
is very wide-ranging: Its scope is much broader and deeper than conventional emergency
management. There is potential for Disaster risk reduction initiatives in just about every
sector of development and humanitarian work. Disaster risk is an indicator of poor
development, so reducing disaster risk requires integrating DRR policy and DRM practice
into the sustainable development goals. We need to manage risks, not just disasters.

39
Cat modeling

Catastrophe modeling (also known as cat modeling) is the process of using computer-assisted
calculations to estimate the losses that could be sustained due to a catastrophic event such as
a hurricane or earthquake. Cat modeling is especially applicable to analyzing risks in the
insurance industry and is at the confluence of actuarial science, engineering, meteorology,
and seismology.

Cognitive bias

A cognitive bias is a systematic pattern of deviation from norm or rationality in judgment.

Individuals create their own "subjective reality" from their perception of the input. An
individual's construction of reality, not the objective input, may dictate their behavior in the
world. Thus, cognitive biases may sometimes lead to perceptual distortion, inaccurate
judgment, illogical interpretation, or what is broadly called irrationality.

Although it may seem like such misperceptions would be aberrations, biases can help humans
find commonalities and shortcuts to assist in the navigation of common situations in life.

Some cognitive biases are presumably adaptive. Cognitive biases may lead to more effective
actions in a given context. Furthermore, allowing cognitive biases enables faster decisions
which can be desirable when timeliness is more valuable than accuracy, as illustrated in
heuristics.Other cognitive biases are a "by-product" of human processing limitations,
resulting from a lack of appropriate mental mechanisms (bounded rationality), impact of
individual's constitution and biological state (see embodied cognition), or simply from a
limited capacity for information processing.

A continually evolving list of cognitive biases has been identified over the last six decades of
research on human judgment and decision-making in cognitive science, social psychology,
and behavioral economics. Daniel Kahneman and Tversky (1996) argue that cognitive biases
have efficient practical implications for areas including clinical judgment, entrepreneurship,
finance, and management.

40
Pest risk analysis
Pest risk analysis (PRA) is a form of risk analysis conducted by regulatory plant health
authorities to identify the appropriate phytosanitary measures required to protect plant
resources against new or emerging pests and regulated pests of plants or plant products.
Specifically pest risk analysis is a term used within the International Plant Protection
Convention (IPPC) (Article 2.1) and is defined within the glossary of phytosanitary terms.as
"the process of evaluating biological or other scientific and economic evidence to determine
whether an organism is a pest, whether it should be regulated, and the strength of any
phytosanitary measures to be taken against it". In a phytosanitary context, the term plant pest,
or simply pest, refers to any species, strain or biotype of plant, animal or pathogenic agent
injurious to plants or plant products and includes plant pathogenic bacteria, fungi, fungus-like
organisms, viruses and virus like organisms, as well as insects, mites, nematodes and weeds.

Security management
Security management is the identification of an organization's assets (including people,
buildings, machines, systems and information assets), followed by the development,
documentation, and implementation of policies and procedures for protecting assets.

An organization uses such security management procedures for information classification,

threat assessment, risk assessment, and risk analysis to identify threats, categorize assets, and
rate system vulnerabilities.

Precautionary principle

The precautionary principle (or precautionary approach) is a broad epistemological,

philosophical and legal approach to innovations with potential for causing harm when
extensive scientific knowledge on the matter is lacking. It emphasizes caution, pausing and
review before leaping into new innovations that may prove disastrous.Critics argue that it is
vague, self-cancelling, unscientific and an obstacle to progress.

In an engineering context, the precautionary principle manifests itself as the factor of safety,
discussed in detail in the monograph of Elishakoff. It was apparently suggested, in civil

41
engineering, by Belindor in 1729. Interrelation between safety factor and reliability is
extensively studied by engineers and philosophers.

The principle is often used by policy makers in situations where there is the possibility of
harm from making a certain decision (e.g. taking a particular course of action) and conclusive
evidence is not yet available. For example, a government may decide to limit or restrict the
widespread release of a medicine or new technology until it has been thoroughly tested. The
principle acknowledges that while the progress of science and technology has often brought
great benefit to humanity, it has also contributed to the creation of new threats and risks. It
implies that there is a social responsibility to protect the public from exposure to such harm,
when scientific investigation has found a plausible risk. These protections should be relaxed
only if further scientific findings emerge that provide sound evidence that no harm will result.

The principle has become an underlying rationale for a large and increasing number of
international treaties and declarations in the fields of sustainable development, environmental
protection, health, trade and food safety,[7] although at times it has attracted debate over how
to accurately define it and apply it to complex scenarios with multiple risks. In some legal
systems, as in law of the European Union, the application of the precautionary principle has
been made a statutory requirement in some areas of law.[8]

Risk appetite

This article needs additional citations for verification.

Risk appetite is the level of risk that an organization is prepared to accept in pursuit of its
objectives, before action is deemed necessary to reduce the risk. It represents a balance
between the potential benefits of innovation and the threats, that change inevitably brings.
The ISO 31000 risk management standard refers to risk appetite as the "Amount and type of
risk that an organization is prepared to pursue, retain or take". This concept helps guide an
organization's approach to risk and risk management.

42
Precautionary principle

The precautionary principle (or precautionary approach) is a broad epistemological,

In an engineering context, the precautionary principle manifests itself as the factor of safety,
discussed in detail in the monograph of Elishakoff.It was apparently suggested, in civil
engineering, by Belindor[4] in 1729. Interrelation between safety factor and reliability[5][4]
[6] is extensively studied by engineers and philosophers.

The principle has become an underlying rationale for a large and increasing number of
international treaties and declarations in the fields of sustainable development, environmental
protection, health, trade and food safety, although at times it has attracted debate over how to
accurately define it and apply it to complex scenarios with multiple risks. In some legal
systems, as in law of the European Union, the application of the precautionary principle has
been made a statutory requirement in some areas of law.

Representativeness heuristic
The representativeness heuristic is used when making judgments about the probability of an
event under uncertainty.It is one of a group of heuristics (simple rules governing judgment or

43
decision-making) proposed by psychologists Amos Tversky and Daniel Kahneman in the
early 1970s as "the degree to which [an event] (I)tis similar in essential characteristics to its
parent population, and (ii) reflects the salient features of the process by which it is
generated". Heuristics are described as "judgmental shortcuts that generally get us where we
need to go – and quickly – but at the cost of occasionally sending us off course.” Heuristics
are useful because they use effort-reduction and simplification in decision-making.

When people rely on representativeness to make judgments, they are likely to judge wrongly
because the fact that something is more representative does not actually make it more likely.
[4] The representativeness heuristic is simply described as assessing similarity of objects and
organizing them based around the category prototype (e.g., like goes with like, and causes
and effects should resemble each other). This heuristic is used because it is an easy
computation.[4] The problem is that people overestimate its ability to accurately predict the
likelihood of an event.[5] Thus, it can result in neglect of relevant base rates and other
cognitive biases.

Risk management tools

Risk management tools allow the uncertainty to be addressed by identifying and generating
metrics, parameterizing, prioritizing, and developing responses, and tracking risk. These
activities may be difficult to track without tools and techniques, documentation and
information systems.

There are two distinct types of risk tools identified by their approach: market-level tools using
the capital asset pricing model (CAP-M) and component-level tools with probabilistic risk
assessment (PRA). Market-level tools use market forces to make risk decisions between
securities. Component-level tools use the functions of probability and impact of individual
risks to make decisions between resource allocations.

ISO/IEC 31010 (Risk assessment techniques) has a detailed but non-exhaustive list of tools
and techniques available for assessing risk

44
Reference class forecasting
Reference class forecasting or comparison class forecasting is a method of predicting the
future by looking at similar past situations and their outcomes. The theories behind reference
class forecasting were developed by Daniel Kahneman and Amos Tversky. The theoretical
work helped Kahneman win the Nobel Prize in Economics.

Reference class forecasting is so named as it predicts the outcome of a planned action based
on actual outcomes in a reference class of similar actions to that being forecast.

Discussion of which reference class to use when forecasting a given situation is known as the
reference class problem.

Loss-control consultant
A loss control consultant (also LCC or loss control representative) is someone who possess a
demonstrable knowledge and / or education in arts and science of safety engineering and risk
management. A typical loss control consultant will possess a college degree in engineering or
in business, commercial insurance, industrial safety, industrial hygiene or fire protection.

National Safety Council

This article has multiple issues. Please help improve it or discuss these issues on the talk
page. The National Safety Council (NSC) is a 501(c)(3) nonprofit, public service
organization promoting health and safety in the United States. Headquartered in Itasca,
Illinois, NSC is a member organization, founded in 1913 and granted a congressional charter
in 1953. Members include more than 55,000 businesses, labor organizations, schools, public
agencies, private groups and individuals.

45
International Institute of Risk & Safety Management

IIRSM provides practical education, training, advice, resources and networking to help
people and organisations manage the challenges they face and appreciate the vital role risk
management plays - from protecting profits and reputation, to more importantly lives.

International Institute of Risk & Safety Management

Formation 1975 Type

Professional Membership Organisation

Headquarters

London

Location

United Kingdom

Membership
Apply via website

Official language

English

Chief Executive

Phillip Pearson

Key people

Clive Johnson (President of Council)

Budget

£940,765[1]

Staff

Website

IIRSM

46
IIRSM 's global community of over 8,000 work in a range of sectors and risk disciplines such
as business continuity and crisis management, compliance, emergency planning,
environmental management, insurance, health and safety, project management, quality
management, risk management, security and more

It is a registered British Charity (number 1107666) and UK Company limited by guarantee

(number 5310696).

CHAPTER NO.4
DATA ANALYSIS
INTERPRETATION

4.1 Data Analysis

47
What Is Risk Analysis?

Risk Analysis is a process that helps you identify and manage potential problems
that could undermine key business initiatives or projects.

To carry out a Risk Analysis, you must first identify the possible threats that you
face, and then estimate the likelihood that these threats will materialize.

Risk Analysis can be complex, as you'll need to draw on detailed information such
as project plans, financial data, security protocols, marketing forecasts, and other
relevant information. However, it's an essential planning tool, and one that could
save time, money, and reputations.

When to Use Risk Analysis

Risk analysis is useful in many situations:

• When you're planning projects, to help you anticipate and neutralize possible
problems.

• When you're deciding whether or not to move forward with a project.

• When you're improving safety and managing potential risks in the workplace.

• When you're preparing for events such as equipment or technology failure,

theft, staff sickness, or natural disasters.

• When you're planning for changes in your environment, such as new

competitors coming into the market, or changes to government policy.

How to Use Risk Analysis

To carry out a risk analysis, follow these steps:

48
1. Identify Threats
The first step in Risk Analysis is to identify the existing and possible threats that
you might face. These can come from many different sources. For instance, they
could be:

• Human – Illness, death, injury, or other loss of a key individual.

• Operational – Disruption to supplies and operations, loss of access to essential

assets, or failures in distribution.

• Reputational – Loss of customer or employee confidence, or damage to market

reputation.

• Procedural – Failures of accountability, internal systems, or controls, or from

fraud.

• Project – Going over budget, taking too long on key tasks, or experiencing
issues with product or service quality.

• Financial – Business failure, stock market fluctuations, interest rate changes, or

non-availability of funding.

• Technical – Advances in technology, or from technical failure.

• Natural – Weather, natural disasters, or disease.

• Political – Changes in tax, public opinion, government policy, or foreign

influence.

• Structural – Dangerous chemicals, poor lighting, falling boxes, or any situation

where staff, products, or technology can be harmed.

You can use a number of different approaches to carry out a thorough analysis:

• Run through a list such as the one above to see if any of these threats are
relevant.

49
• Think about the systems, processes, or structures that you use, and analyze risks
to any part of these. What vulnerabilities can you spot within them?

• Ask others who might have different perspectives. If you're leading a team, ask
for input from your people, and consult others in your organization, or those
who have run similar projects.

Tools such as SWOT Analysis and Failure Mode and Effects Analysis can also
help you uncover threats, while Scenario Analysis helps you explore possible
future threats.

2. Estimate Risk
Once you've identified the threats you're facing, you need to calculate out both the
likelihood of these threats being realized, and their possible impact.

One way of doing this is to make your best estimate of the probability of the event
occurring, and then to multiply this by the amount it will cost you to set things
right if it happens. This gives you a value for the risk:

Risk Value = Probability of Event x Cost of Event As a

simple example, imagine that you've identified a risk that your rent may
increase substantially.

You think that there's an 80 percent chance of this happening within the next year,
because your landlord has recently increased rents for other businesses. If this
happens, it will cost your business an extra $500,000 over the next year.

So the risk value of the rent increase is:

0.80 (Probability of Event) x $500,000 (Cost of Event) = $400,000 (Risk Value)

You can also use a Risk Impact/Probability Chart to assess risk. This will help
you to identify which risks you need to focus on.

50
How to Manage Risk
Once you've identified the value of the risks you face, you can start to look at ways
of managing them.

Avoid the Risk

In some cases, you may want to avoid the risk altogether. This could mean not
getting involved in a business venture, passing on a project, or skipping a high-risk
activity. This is a good option when taking the risk involves no advantage to your
organization, or when the cost of addressing the effects is not worthwhile.

Remember that when you avoid a potential risk entirely, you might miss out on an
opportunity. Conduct a "What If?" Analysis to explore your options when
making your decision.

Share the Risk

You could also opt to share the risk – and the potential gain – with other people,
teams, organizations, or third parties.

For instance, you share risk when you insure your office building and your
inventory with a third-party insurance company, or when you partner with another
organization in a joint product development initiative.

Accept the Risk

Your last option is to accept the risk. This option is usually best when there's
nothing you can do to prevent or mitigate a risk, when the potential loss is less than
the cost of insuring against the risk, or when the potential gain is worth accepting
the risk.

51
For example, you might accept the risk of a project launching late if the potential
sales will still cover your costs.

Before you decide to accept a risk, conduct an Impact Analysis to see the full
consequences of the risk. You may not be able to do anything about the risk itself,
but you can likely come up with a contingency plan to cope with its
consequences.

Control the Risk

If you choose to accept the risk, there are a number of ways in which you can
reduce its impact.

Business Experiments are an effective way to reduce risk. They involve rolling
out the high-risk activity but on a small scale, and in a controlled way. You can use
experiments to observe where problems occur, and to find ways to introduce
preventative and detective actions before you introduce the activity on a larger
scale.
• Preventative action involves aiming to prevent a high-risk situation from
happening. It includes health and safety training, firewall protection on
corporate servers, and cross-training your team.
• Detective action involves identifying the points in a process where something
could go wrong, and then putting steps in place to fix the problems promptly if
they occur. Detective actions include double-checking finance reports,
conducting safety testing before a product is released, or installing sensors to
detect product defects.
Plan-Do-Check-Act is a similar method of controlling the impact of a risky
situation. Like a Business Experiment, it involves testing possible ways to reduce a
risk. The tool's four phases guide you through an analysis of the situation, creating
and testing a solution, checking how well this worked, and implementing the
solution.

52
4.2 Interpretation
What Is Data Interpretation?
Data interpretation refers to the implementation of processes through which data is reviewed
for the purpose of arriving at an informed conclusion. The interpretation of data assigns a
meaning to the information analyzed and determines its signification and implications.

The importance of data interpretation is evident and this is why it needs to be done properly.
Data is very likely to arrive from multiple sources and has a tendency to enter the analysis
process with haphazard ordering. Data analysis tends to be extremely subjective. That is to
say, the nature and goal of interpretation will vary from business to business, likely
correlating to the type of data being analyzed. While there are several different types of
processes that are implemented based on individual data nature, the two broadest and most
common categories are “quantitative analysis” and “qualitative analysis”.

Yet, before any serious data interpretation inquiry can begin, it should be understood that
visual presentations of data findings are irrelevant unless a sound decision is made regarding
scales of measurement. Before any serious data analysis can begin, the scale of measurement
must be decided for the data as this will have a long-term impact on data interpretation ROI.
The varying scales include:

Nominal Scale: non-numeric categories that cannot be ranked or compared quantitatively.

Variables are exclusive and exhaustive.

Ordinal Scale: exclusive categories that are exclusive and exhaustive but with a logical
order. Quality ratings and agreement ratings are examples of ordinal scales (i.e., good, very
good, fair, etc., OR agree, strongly agree, disagree, etc.).

Interval: a measurement scale where data is grouped into categories with orderly and equal
distances between the categories. There is always an arbitrary zero point.

Ratio: contains features of all three.

For a more in-depth review of scales of measurement, read our article on data analysis
questions. Once scales of measurement have been selected, it is time to select which of the

53
two broad interpretation processes will best suit your data needs. Let’s take a closer look at
those specific data interpretation methods and possible data interpretation problems.

How To Interpret Data?

When interpreting data, an analyst must try to discern the differences between correlation,
causation and coincidences, as well as many other bias – but he also has to consider all the
factors involved that may have led to a result. There are various data interpretation methods
one can use.

The interpretation of data is designed to help people make sense of numerical data that has
been collected, analyzed and presented. Having a baseline method (or methods) for
interpreting data will provide your analyst teams a structure and consistent foundation.
Indeed, if several departments have different approaches to interpret the same data, while
sharing the same goals, some mismatched objectives can result. Disparate methods will lead
to duplicated efforts, inconsistent solutions, wasted energy and inevitably – time and money.
In this part, we will look at the two main methods of interpretation of data: with a qualitative
and a quantitative analysis.

54
Qualitative Data Interpretation
Qualitative data analysis can be summed up in one word – categorical. With qualitative
analysis, data is not described through numerical values or patterns, but through the use of
descriptive context (i.e., text). Typically, narrative data is gathered by employing a wide
variety of person-to-person techniques. These techniques include:

Observations: detailing behavioral patterns that occur within an observation group. These patterns
could be the amount of time spent in an activity, the type of activity and the method of
communication employed.
Documents: much like how patterns of behavior can be observed, different types of documentation resources
 can be coded and divided based on the type of material they contain.
Interviews: one of the best collection methods for narrative data. Enquiry responses can be grouped by
theme, topic or category. The interview approach allows for highly-focused data segmentation.

A key difference between qualitative and quantitative analysis is clearly noticeable in the

 interpretation stage. Qualitative data, as it is widely open to interpretation, must be “coded”

so as to facilitate the grouping and labeling of data into identifiable themes. As person-
toperson data collection techniques can often result in disputes pertaining to proper analysis,
qualitative data analysis is often summarized through three basic principles: notice things,
collect things, think about things.

Quantitative Data Interpretation

If quantitative data interpretation could be summed up in one word (and it really can’t) that
word would be “numerical.” There are few certainties when it comes to data analysis, but you
can be sure that if the research you are engaging in has no numbers involved, it is not
quantitative research. Quantitative analysis refers to a set of processes by which numerical
data is analyzed. More often than not, it involves the use of statistical modeling such as
standard deviation, mean and median. Let’s quickly review the most common statistical
terms:

Mean: a mean represents a numerical average for a set of responses. When dealing with a data set (or multiple
data sets), a mean will represent a central value of a specific set of numbers. It is the sum of

 61
57
 the values divided by the number of values within the data set. Other terms that can be used to describe the
concept are arithmetic mean, average and mathematical expectation.
Standard deviation: this is another statistical term commonly appearing in quantitative analysis.
 Standard deviation reveals the distribution of the responses around the mean. It describes the degree
of consistency within the responses; together with the mean, it provides insight into data sets.
Frequency distribution: this is a measurement gauging the rate of a response appearance within a
data set. When using a survey, for example, frequency distribution has the capability of determining
the number of times a specific ordinal scale response appears (i.e., agree, strongly agree, disagree,
etc.). Frequency distribution is extremely keen in determining the degree of consensus among data
points.

Typically, quantitative data is measured by visually presenting correlation tests between two
or more variables of significance. Different processes can be used together or separately, and
comparisons can be made to ultimately arrive at a conclusion. Other signature interpretation
processes of quantitative data include:



Regression analysis

Cohort analysis
Predictive and prescriptive analysis

Now that we have seen how to interpret data, let's move on and ask ourselves some questions:
what are some data interpretation benefits? Why do all industries engage in data research and
analysis? These are basic questions, but that often don’t receive adequate attention.

62
Why Data Interpretation Is Important

The purpose of collection and interpretation is to acquire useful and usable information and to
make the most informed decisions possible. From businesses, to newlyweds researching their
first home, data collection and interpretation provides limitless benefits for a wide range of
institutions and individuals.

Data analysis and interpretation, regardless of method and qualitative/quantitative status, may
include the following characteristics:

• Data identification and explanation

• Comparing and contrasting of data
• Identification of data outliers
• Future predictions

Data analysis and interpretation, in the end, helps improve processes and identify problems. It
is difficult to grow and make dependable improvements without, at the very least, minimal
data collection and interpretation. What is the key word? Dependable. Vague ideas regarding
performance enhancement exist within all institutions and industries. Yet, without proper
research and analysis, an idea is likely to remain in a stagnant state forever (i.e., minimal
growth). So… what are a few of the business benefits of digital age data analysis and
interpretation? Let’s take a look!

59
1) Informed decision-making: A decision is only as good as the knowledge that formed
it. Informed data decision making has the potential to set industry leaders apart from the rest
of the market pack. Studies have shown that companies in the top third of their industries are,
on average, 5% more productive and 6% more profitable when implementing informed data
decision-making processes. Most decisive actions will arise only after a problem has been
identified or a goal defined. Data analysis should include identification, thesis development
and data collection followed by data communication.

If institutions only follow that simple order, one that we should all be familiar with from
grade school science fairs, then they will be able to solve issues as they emerge in real time.
Informed decision making has a tendency to be cyclical. This means there is really no end,
and eventually, new questions and conditions arise within the process that need to be studied
further. The monitoring of data results will inevitably return the process to the start with new
data and sights.

2) Anticipating needs with trends identification: data insights provide knowledge, and
knowledge is power. The insights obtained from market and consumer data analyses have the
ability to set trends for peers within similar market segments. A perfect example of how data
analysis can impact trend prediction can be evidenced in the music identification application,
Shazam. The application allows users to upload an audio clip of a song they like, but can’t
seem to identify. Users make 15 million song identifications a day. With this data, Shazam
has been instrumental in predicting future popular artists.

When industry trends are identified, they can then serve a greater industry purpose. For
example, the insights from Shazam’s monitoring benefits not only Shazam in understanding
how to meet consumer needs, but it grants music executives and record label companies an
insight into the pop-culture scene of the day. Data gathering and interpretation processes can
allow for industry-wide climate prediction and result in greater revenue streams across the
market. For this reason, all institutions should follow the basic data cycle of collection,
interpretation, decision making and monitoring.

3) Cost efficiency: Proper implementation of data analysis processes can provide

businesses with profound cost advantages within their industries. A recent data study
performed by Deloitte vividly demonstrates this in finding that data analysis ROI is driven by

60
efficient cost reductions. Often, this benefit is overlooked because making money is typically
viewed as “sexier” than saving money. Yet, sound data analyses have the ability to alert
management to cost-reduction opportunities without any significant exertion of effort on the
part of human capital.

A great example of the potential for cost efficiency through data analysis is Intel. Prior to
2012, Intel would conduct over 19,000 manufacturing function tests on their chips before
they could be deemed acceptable for release. To cut costs and reduce test time, Intel
implemented predictive data analyses. By using historic and current data, Intel now avoids
testing each chip 19,000 times by focusing on specific and individual chip tests. After its
implementation in 2012, Intel saved over $3 million in manufacturing costs. Cost reduction
may not be as “sexy” as data profit, but as Intel proves, it is a benefit of data analysis that
should not be neglected.

4) Clear foresight: companies that collect and analyze their data gain better knowledge
about themselves, their processes and performance. They can identify performance
challenges when they arise and take action to overcome them. Data interpretation through
visual representations lets them process their findings faster and make better-informed
decisions on the future of the company.

61
TABLE 1.1 AGE OF RESPONSES

25
Count of age
20

10 Count of age

0
15-20 20-50

62
TABLE 1.2 GENDERS

GENDER COUNT OF
GENDER
Female 20
Male 10

10 count of gennder

0
female male

TABLE 1.3 QUALIFICATIONS OF RESPONCES

63
QUALIFICATION COUNT OF QUALIFICATION
GRADUATE 08
OTHERS 012
POST GRADUATE 13
UNDER GRADUATE 07

QUALIFICATION
8
GRADUATE
6 OTHERS
POST GRADUATE
4
UNDER GRADUATE

0
1

TABLE 1.4 WHICH ISO GUIDE NUMBER IS RISK

MANAGEMENT

64
. ISO GUIDE NO. RISK COUNT NO. ISO GUIDE NO.
MANAGEMENT RISK MANAGEMENT
73.0 17
93.0 03
83.0 08
103.0 02

8 Series 3
Series 2
6 Series 1

0
Category 1 Category 2 Category 3 Category 4

TABLE 1.5 WHAT IS THE USUAL TIMEFRAME FOR

AUDITING BY INTERNALS AUDITORS

INTERNAL AUDITORS COUNT OF INTERNAL

AUDITORS
WEEKLY 12

65
ANNUAL 15
DAILY 08
MONTHLY 15

COUNT OF INTERNAL AUDITORS

16
14
12
10
8
COUNT OF INTERNAL AUDITORS
6
4
2
0
WEEKLY ANNUAL DAILY MONTHLY

TABLE 1.6 RISK MANAGEMENT INVOLVES ALL OF THE

FOLLOWING PROCESSES EXPECT

INVOLVES FOLLOWING COUNT OF INVOLVES

PROCESS FOLLOWING PROCESS
LOSS DIVERCIFICATION 12
LOSS CONTROL 15

66
LOSS FINANCING 13

8 COUNT OF INVOLVES FOLLOWING

PROCESS
6
INVOLVES FOLLOWING PROCESS
4
2
0
1
2
3
4

TABLE 1.7 EXAMPLES OF FINANCIAL DERIVATIVES DO

NOT INCLUDE

DO NOT FINANCIAL COUNT DO NOT FINANCIAL

DERIVATIVES DERIVATIVES
LOANS 12
OPTIONS 15
SWAPS 02
COMPLIANCE 01

67
6

4 COUNT DO NOT FINANCIAL

DERIVATIVES
3
DO NOT FINANCIAL
2 DERIVATIVES

0
5
10
15

TABLE 1.8 WHICH RISK RESPONSE STATERGY INVOLVES

EXISTING THE ACTIVITIES GIVING RISK TO RISK

STATERGY INVOLVES COUNT STATERGY INVOLVES

EXISTING ACTIVITIES EXISTING ACTIVITIES
AVOIDANCE 15
NONE OF THE ABOVE 10
REDUCTION 03
ALTERNATIVE ACTION 02

68
16
14
12
10
8
6
4
2
0
STATERGY INVOLVES EXISTING
AVOIDANCE
ACTIVITIES
NONE OF THE ABOVE
REDUCTION
ALTERNATIVE ACTION

TABLE 1.9 WHICH DOES THE PROBABILITY OF

OCCURRENCE MULTIPLIED BY THE IMPACT OF THE
EVENT EQUALS TO

THE PROBABILITY OF COUNT THE PROBABILITY OF

OCCURRENCE MULTIPLIED BY OCCURRENCE MULTIPLIED BY
THE IMPACT THE IMPACT
RISK SCALE 15
RISK LEVEL 03
RISK MAGNITUDE 02
RISK TANGENT 12

69
6

4
COUNT DO NOT FINANCIAL
DERIVATIVES
3
DO NOT FINANCIAL
DERIVATIVES
2

0
5
10
15

TABLE 1.10 WHICH TERM REFERS TO THE ACCEPTABLE

LATENCY OF DATA THAT WILL NOT BE RECOVERED AS
PER BIA

LATENCY OF DATA THAT WILL COUNT OF LATENCY OF DATA

NOT BE RECOVERED AS PER THAT WILL NOT BE
BIA RECOVERED AS PER BIA
RPO 10
RTO 08
TRA 02
TPO 10

70
10
9
8
7
6
5
4
3
2
1
0
LATENCY OF RPO RTO TRA TPO
DATA THAT
WILL NOT BE
RECOVERED AS
PER BIA

 Investment portfolio pie chart showing stocks

71
This is a three stage process. The stages in this process are Investment Portfolio,
Funding Portfolio, Expenditure Portfolio.

 Stock Market Bar Chart

72
 Risk Management Stock Market Startgies

73
74
CHAPTER NO. 5
CONCLUSION AND
REFERENCE

Conclusion

Every investment is inherently connected with risk. Its existence and diversity among various
types of investments is one of the driving forces behind the development of the capital
market. The risk has also caused emergence and development of alternative investments.
Flourishment of this segment of the market has also been influenced by periodical financial
crises, which have been the driving force behind the search for investments that would allow
investment portfolio diversification and would provide opportunities for profiting, even
during price declines on the market.

Alternative investments constitute an effective tool for risk diversification, however, they
are not suitable for all investors.

75
Institutional investors, including the banks, pension funds, large companies as well as
individual investors within the wealth management sector, constitute a dominant group of the
investors on the alternative investments market. Investors considering such investments
should rely on their own preferences regarding the acceptable risk as well as on the entities
acting as the trustees of the investors’ assets. Often, it is the experience gained during
management of own alternative investment portfolio, which allows verification and
assessment of the acceptable level of the risk, definition of the maximum loss tolerance, and
designation of achievable financial targets.

This book aims to present alternative investments in management of the inves-tors’ assets.
Analysis of this sector of the global financial market is not possible without determining
which alternative investment categories can be qualified within this group. There is still no
universal definition of alternative investments which would be agreed on in the financial
world and which would indicate a set of homogenous characteristics that are relatively stable
over time. As a result, many individual and institutional investors are not fully convinced that
‘alternative investments’ constitute a separate category of investments. Multitude of various
definitions raises the need for creation of some universal patterns, which would allow correct
classification of individual investments and at, the same time, would make it easier to manage
them.

The book attempts to analyze and evaluate the following types of investments: hedge funds,
funds of funds, managed futures, structured products and private equity/venture capital.
While the hedge funds and funds of funds market is, by far, most developed in North
America, the structured products are an attractive subject of investment on the European
market. On the other hand, the definitions and the development stages of the private equity
and venture capital market vary across different areas of the world.

The attempt to evaluate and forecast the alternative investments market was conducted with
caution. A different specificity, not only of the investments themselves, but of the market on
which these investments are made, have been considered as well. Undoubtedly, the lack of
access to crucial statistical data has hindered the inference considerably.

Despite these difficulties, an attempt has been made to verify the study hypothesis that
globalization and international integration of the financial market will cause the alternative
forms of investing on the securities market to penetrate into new areas, including the

76
European Union. The dynamics of this penetration and its development depends on the pace
of the citizens’ enrichment and on their knowledge about financial innovations.
Diversification of the specificity of alternative investments around the world, resultant from
cultural and historical predispositions as well as from differences in economic development
can be expected.

The estimated forecasts of development of individual categories of alternative investments

allow indication of the priorities in their management. The forecasts also allow measurement
of additional types of risk these investments may bear.

The models constructed in this book have confirmed, that evolution of this segment of
alternative investments leads to development of those categories, which meet the expectations
of the market participants and leads to expiration of those investments, which do not find
customers and cease to be accepted by them.

This monograph is meant to extend the knowledge segment, which will contribute to a better
understanding of alternative investments within the category of modern, contemporary
financial innovations.

It is, however, necessary to further continue the studies on the development of innovative
instruments and the institutions permanently developing on the financial market. Given the
huge capital amounts involved in this market, the directions of development of these
investments have impact on the economies of countries around the world as well as on all
participants of the financial market.

Reference

1. https://www.asisonline.org/publications--resources/news/blog/esrm-
anenduring-security-risk-model/

2. https://en.m.wikipedia.org/wiki/Risk_management

3. Risk Management TYBFM Text Book

77
4. http://www.businessinsurance.com/article/20150309/
ISSUE0401/303159991/c onstructing-a-successful-business-continuity-
plan

PF Passbook
100% (1)
PF Passbook
2 pages
Advanced Financial Risk Management Guide
100% (5)
Advanced Financial Risk Management Guide
21 pages
Risk Management
No ratings yet
Risk Management
14 pages
Risk Assessment and Identifications The Pivot of Risk Management in An Organization.
100% (1)
Risk Assessment and Identifications The Pivot of Risk Management in An Organization.
18 pages
Bakery Accounting Guide
25% (20)
Bakery Accounting Guide
70 pages
Risk Management Is The Identification, Assessment, and Prioritization of Risks Followed by Coordinated and
No ratings yet
Risk Management Is The Identification, Assessment, and Prioritization of Risks Followed by Coordinated and
7 pages
Risk Management Notes
No ratings yet
Risk Management Notes
18 pages
Risk Management - Concepts and Applications
No ratings yet
Risk Management - Concepts and Applications
20 pages
Comprehensive Risk Management Guide
No ratings yet
Comprehensive Risk Management Guide
6 pages
RV RV RV RV RV RV RV
No ratings yet
RV RV RV RV RV RV RV
7 pages
Risk Management
0% (1)
Risk Management
12 pages
Risk Management
80% (5)
Risk Management
26 pages
Managerial Economics
No ratings yet
Managerial Economics
59 pages
Risk Module1
No ratings yet
Risk Module1
14 pages
Risk Management (1) 054114
No ratings yet
Risk Management (1) 054114
31 pages
Risk Management (Article)
No ratings yet
Risk Management (Article)
15 pages
13 Risk, Crisis and Disisaster Management
No ratings yet
13 Risk, Crisis and Disisaster Management
7 pages
Risk Management: For Non-Business Risks, See Risk or The Disambiguation Page Risk Analysis
No ratings yet
Risk Management: For Non-Business Risks, See Risk or The Disambiguation Page Risk Analysis
6 pages
Germic 1 3
No ratings yet
Germic 1 3
74 pages
Financial Risk Management
No ratings yet
Financial Risk Management
21 pages
PGPM31 M57
No ratings yet
PGPM31 M57
29 pages
Risk Management Is The Identification, Assessment, and
No ratings yet
Risk Management Is The Identification, Assessment, and
11 pages
Risk Management Is The Identification, Evaluation, and Prioritization of
No ratings yet
Risk Management Is The Identification, Evaluation, and Prioritization of
8 pages
Risk Management Is The Identification, Evaluation, and Prioritization of
No ratings yet
Risk Management Is The Identification, Evaluation, and Prioritization of
5 pages
Risk Management
75% (4)
Risk Management
10 pages
Project Risk Management - PM0007 SET-1
No ratings yet
Project Risk Management - PM0007 SET-1
5 pages
Geng 417 Lecture Notes
No ratings yet
Geng 417 Lecture Notes
13 pages
PM - Unit-5
No ratings yet
PM - Unit-5
12 pages
1
No ratings yet
1
27 pages
Risk Management
No ratings yet
Risk Management
23 pages
Effective Management of Risk
No ratings yet
Effective Management of Risk
3 pages
Decision Theory 1
No ratings yet
Decision Theory 1
33 pages
CH 3 Assessing Risks and Developing Mitigation Strategies 2
No ratings yet
CH 3 Assessing Risks and Developing Mitigation Strategies 2
42 pages
Lecture
No ratings yet
Lecture
28 pages
Risk Management Section 1
100% (1)
Risk Management Section 1
43 pages
Risk Management
No ratings yet
Risk Management
16 pages
Risk Management
No ratings yet
Risk Management
8 pages
Ali Salman 13
No ratings yet
Ali Salman 13
28 pages
Risk Management Fundamental Tools and Strategies
No ratings yet
Risk Management Fundamental Tools and Strategies
20 pages
Vinfast (Thi)
No ratings yet
Vinfast (Thi)
77 pages
15 Riesgo General 1
No ratings yet
15 Riesgo General 1
54 pages
CIMA P3 Risk Management Guide
No ratings yet
CIMA P3 Risk Management Guide
25 pages
Financial Risk Management Guide
No ratings yet
Financial Risk Management Guide
16 pages
Chapter # 8 Risk Management
0% (1)
Chapter # 8 Risk Management
4 pages
Introduction To Risk Analysis.0603205
No ratings yet
Introduction To Risk Analysis.0603205
7 pages
Lecture 10Q
No ratings yet
Lecture 10Q
30 pages
Project Risk Management
No ratings yet
Project Risk Management
51 pages
Lecture 6 - Risk Management
No ratings yet
Lecture 6 - Risk Management
27 pages
Chapter 12 Project Risk Management
No ratings yet
Chapter 12 Project Risk Management
38 pages
7,8.project Risk Procurement Management
No ratings yet
7,8.project Risk Procurement Management
73 pages
Projectmanagementtopic 5
No ratings yet
Projectmanagementtopic 5
24 pages
CHAPTER 5 Project Risk Management
No ratings yet
CHAPTER 5 Project Risk Management
56 pages
Finals - Risk Management and Classification of Risks
No ratings yet
Finals - Risk Management and Classification of Risks
23 pages
Unit 1 - Introduction To Risk Management
No ratings yet
Unit 1 - Introduction To Risk Management
19 pages
Benua Receipt
No ratings yet
Benua Receipt
1 page
Unorganised Sector of Indian Money Market
No ratings yet
Unorganised Sector of Indian Money Market
10 pages
Corporate Card Statement Summary
No ratings yet
Corporate Card Statement Summary
2 pages
General Ledger Reconciliation Process Flowchart
0% (1)
General Ledger Reconciliation Process Flowchart
6 pages
71 Motijheel C/A Dhaka-1000 VAT Registration No: 001892527-0202 (VAT - 6.3)
No ratings yet
71 Motijheel C/A Dhaka-1000 VAT Registration No: 001892527-0202 (VAT - 6.3)
1 page
Onion
No ratings yet
Onion
5 pages
Brinda Project Final
100% (1)
Brinda Project Final
94 pages
Financial Planning Case Study
No ratings yet
Financial Planning Case Study
1 page
Fin 3507 Note 8 S
No ratings yet
Fin 3507 Note 8 S
14 pages
Sovereign Wealth Funds
100% (3)
Sovereign Wealth Funds
100 pages
Small and Medium Enterprises
No ratings yet
Small and Medium Enterprises
1 page
Article On Insurable Interest
No ratings yet
Article On Insurable Interest
9 pages
Finalexam Shd2213shad2043 Pengurusan Kewangan Semester1sesi20122013
No ratings yet
Finalexam Shd2213shad2043 Pengurusan Kewangan Semester1sesi20122013
6 pages
Partnership Noc
No ratings yet
Partnership Noc
6 pages
Nirmal Bang Apar Industries Q1 FY25 Result Update
No ratings yet
Nirmal Bang Apar Industries Q1 FY25 Result Update
11 pages
Accounting: Business Reporting For Decision Making (Seventh Edition) Jacqueline Birt - The Ebook in PDF and DOCX Formats Is Ready For Download Now
100% (4)
Accounting: Business Reporting For Decision Making (Seventh Edition) Jacqueline Birt - The Ebook in PDF and DOCX Formats Is Ready For Download Now
63 pages
Institutional Factor Allocation Guide
No ratings yet
Institutional Factor Allocation Guide
40 pages
Republic of Uganda: Ministry of Internal A Airs
No ratings yet
Republic of Uganda: Ministry of Internal A Airs
6 pages
A Lxo QVNS1 K 9 Xcyfd
No ratings yet
A Lxo QVNS1 K 9 Xcyfd
3 pages
AccountStatement - 05-02-2025 16 - 12 - 20
No ratings yet
AccountStatement - 05-02-2025 16 - 12 - 20
4 pages
Financial Accounting - Financial Accounting
No ratings yet
Financial Accounting - Financial Accounting
2 pages
Financial Summary for Accountants
No ratings yet
Financial Summary for Accountants
13 pages
PARCOR
No ratings yet
PARCOR
15 pages
Gap Trading Measuring Gaps Gap 04 - Trade - in - Green
No ratings yet
Gap Trading Measuring Gaps Gap 04 - Trade - in - Green
21 pages
Modupe Dina Updated Resume 1
No ratings yet
Modupe Dina Updated Resume 1
1 page
Globalization and Its Impact of Insurance Industry in India: Riaz Ahemad
100% (1)
Globalization and Its Impact of Insurance Industry in India: Riaz Ahemad
10 pages
Bank & Ins. MBA III Sem 2024
No ratings yet
Bank & Ins. MBA III Sem 2024
11 pages
Kanayo PP Presentation
No ratings yet
Kanayo PP Presentation
37 pages