The Institute of Chartered Accountants of Bangladesh

Business and Finance

Chapter-05
Introduction to Risk Management

Presented By: Muhammad Mahbub Alam FCA

24th March ,2022
 Topics
♣ Introduction to risk
♣ Risks for businesses and their investors
♣ Types of risk
♣ Risk concepts
♣ The objectives of risk management
♣ The risk management process
♣ Crisis management
♣ Disaster recovery
 Risk and uncertainty
Risk: The possible variation in an outcome from what is expected to happen.

We can break this definition down to highlight the following issues to do with risk:

• Variability: events in the future cannot be predicted with certainty

• Expectation: we expect something to happen, or perhaps hope that it will not happen
• Outcomes: this is what actually happens compared with what is intended or expected to
happen
So,The possible variation in an outcome from what is expected to happen is called risk.

Uncertainty: The inability to predict the outcome from an activity due to a lack of
information.

Risk and uncertainty are not the same things:

• Risk (the possibility of variation) exists in any situation
• Uncertainty arises only because we are ignorant of all the facts: we lack information
Upside and Downside risks:

Because events could turn out either better or worse than expected, sometimes we refer to two-
way risk or symmetrical risk.

The risk that something will go wrong is called 'downside risk’, if it is likely that things will go right
the term 'upside risk' is used.

COSO definition

Committee of Sponsoring Organizations (COSO) is an international organization dedicated

to improving the quality of financial reporting through business ethics, effective internal control
and corporate governance. COSO pointed to think about risk in the context of managing events
with an eye on achieving objectives

Risk: The possibility that an event will occur and adversely affect the achievement of objective

Opportunity: The possibility that an event will occur and positively affect the achievement of
objective
Risk for the business: The risks faced by business in general:
 Tradecondition might be poor
 Sales might fall
 Cost might rise
 Unsuccessful research and development cost
 Unsuccessful product launch
 Control risk
 Operational risk
 Financial risk
Risks for the business:
If the objective of a business is to maximise shareholder value then risks for the business are
risks of losses, resulting (directly or indirectly) in negative cash flows. When losses
become severe, there might be a risk of insolvency, leading to the liquidation of the
business.

Risk for Investors:

Lenders: Repay loan, pay interest,

Shareholder: Dividend, share price may go down

Volatility of returns : The range of potential variation in returns is known as the volatility of
return.

Risk and Strategic planning:

In the strategic planning process it is important to focus on risks that are specific to the
business or relevant industry, rather than general ones.

It is best to do SWOT analysis and relates risk to CSF.

 SWOT analysis
Positive Negative

Internal
Strength Weakness

External
Opportunities Threats
Risk Appetite: Not all risks are bad, and return is higher for higher-risk projects. The extent
to which a business is prepared to take on the risks in order to achieves its objectives is
called risk appetite.

The approach should be as follows:

→Decide what the business want to achieve (the strategic objectives)

→Decide what the business risk appetite
→Find strategies to achieve the objectives that do not involve more risk than it can
appetite.
→If there are no method of reducing the risk up to the appetite level, the objectives
need to be amended.

Attitude to risk:
→ A risk averse : An investment would be chosen if it has a more certain but possible
lower return than an alternative less certain but potentially higher return

→A risk neutral: An investment would be chosen according to its expected return,

irrespective of the risk

→A risk seeking : An investment would be chosen on the basis of its offering higher level
of risk, even if its expected return is lower than an alternative no risk investment with a
higher expected return.
 Risk

Business Risk Non Business Risk

Strategy
Enterprise
Product Financial Risk Operational Risk
Economic
Technology
Property
Liquidity Process
Gearing People
Default Systems
Credit Legal
Foreign Exchange Event
Interest Rate
Market
 Types of Risk
Business Risk:
→ Strategy : the risk of choosing the wrong corporate business or functional strategy
→ Enterprise : the success or failure of a business operation and whether it should have been
undertaken in the first place
→Product : the chance that customers will not buy the company's products or services in the
expected quantities
→Economic : the effect of unexpected changing economic conditions
→Technology : the risk that the market or industry is affected by some change in production or
delivery technology
→ Property: the risk of loss of property or losses arising from accidents
Non-business risk:
Financial Risk:
Lam, in Enterprise Risk Management, divides financial risk into credit risk and Market risk.

Credit Risk: is the economic loss suffered due to the default of a borrower, customer or supplier.

Market Risk: Is the exposure to potential loss that would result from changes in market prices or
rates, which might include share prices, commodity prices, interest rates and FX rates
 Types of Risk

Operational risk: 'The risk of direct or indirect loss resulting from inadequate or failed
internal processes, people and systems or from external events, including legal risks'. (Basel
Committee on Banking Supervision).

Process risk is the risk that a business's processes may be ineffective (fail to achieve their
objectives) or inefficient (achieve their objectives but at excessive cost).
People risk is the risk arising from staff constraints , incompetence, dishonesty and other
human resource factors.
Systems risk is a term that is usually used in the sense of the risks arising from information
and communication systems such as systems capacity and availability, data integrity, and
unauthorised access and use.
Legal risk is the risk of loss from the fact that a contract cannot be legally enforced. It arises
through uncertainty in laws, regulations and legal actions. Sources of legal risk include
enforceability issues as well as exposure to unanticipated changes in laws and regulations.
Event risk is the risk of loss due to single events that are unlikely but may have serious
consequences. Natural or man-made disasters are the most obvious examples of eventrisk.
These may include:
• Disaster risk
• Regulatory risk
• Reputation risk
• Systemic risk
Risk Concepts : The scale of any risk for a business depends upon four key risk
concepts:

→Exposure : is the measure of the way in which a business is faced by risk.

→Volatility : shows how the factors to which a business is exposed is likely to alter
→Impact : Refers to measures of the amount of the loss if the undesired outcome occurs
→Probability: means how likely it is that a particular outcome will occur.

The greatest risks facing a business will arise when:

→ Exposure is high
→The underlying factor is volatile
→ Impact is sever
→The probability of occurrence is very high
 Risk Management
Risk Management: The identification, analysis, and economic control of risks which threatens
the assets or earning capacity of a business.

Purpose of Risk Management:

→ Reducing the probability of risk occurrence in the first place, and then if they do occur
→ Limiting the impact they will have on the business

When is the risk management necessary:

→Legal requirement
→Licensing authority and regulatory body
→Financial organization

Risk Management Process:

→ Awareness and identification

→ Analysis : Assessment and measurement
→ Response and control
→ Risk monitoring and reporting
 Crisis Management
Crisis: A crisis happens when a risk become a reality. An unexpected event that threatens the
wellbeing of a business or a significant disruption to the business and its normal operations
which impacts on its customers, employees, investors and other stakeholders. Crisis can be
fairly predictable and quantifiable or totally unexpected.

Types of crisis:

→Financial Crisis : Short term liquidity or cash flow problem and long term insolvency
problem

→Public relation crisis: Negative publicity that could adversely affect the success of the
business.

→Strategic crisis : Changes the business environment that call the viability of the business
into question, such as new technology making old products or process obsolete.

There are many types of crisis in terms of their cause : Natural Event, Industrial Accident, Product
or service failure etc

Crisis Management: The Business should seek to prevent crisis and to have contingency plans
to deal with a crisis. Crisis management includes indentifying, planning a response and
confronting and resolving the crisis.
 Disaster Recovery
A disaster is a major crisis or event which causes a breakdown in the business’s operations and
resultant losses. Disaster is relative to the size of the business and significance of the item that
breaks down.

Short term Plan :Minor breakdown occurs regularly and require short term recovery plan such as
agreement with a maintenance company.

Long- term plan: A business needs to recover from a disaster as soon as possible. For that , there should
have a long term plan. A long-term disaster recovery plan will typically provided for:
→ Standby procedures
→Recovery procedures
→Personnel Management

Content of disaster plan: The plan must cover all activities from the initial response to the disaster,
through to damage limitation and full recovery. Responsibilities must be clearly spelt out for all
tasks. The contents of the plan will include the following:

→ Definition of responsibilities.
→Priorities
→Backup and standby arrangement
→Communication with staff
→Public relations
→Risk assessment