RISK MANAGEMENT AND PRACTICAL GUIDELINE IN

REDUCING AND MANAGING BUSINESS RISK

INTRODUCTION

Effective corporate governance cannot be attained without the organization mastering the art of risk management. And risk
management is recognized as one of the most important competencies needed by the board of directors of modern organization,
large as well as small and medium sized business firm.
The levels of risk faced by business firms have increased because of the fast-growing sophistication of organization, globalization,
modern technology and impact of corporate scandals. In addition therefore compliance with legal requirements, top management
should consider adequate knowledge of risk management.

RISK MANAGEMENT DEFINED

Risk management is the process of measuring or assessing risk and developing strategies to manage it. Risk management is a
systematic approach of identifying, analyzing and controlling areas or events with a potential for causing unwanted change. Risk
management is the act or practice of controlling risk. It includes risk planning, assessing risk areas, developing risk handling options,
monitoring risks to determine how risks have changed and documenting overall risk management program.

As defined in the International Organization of Standardization (ISO 31000), Risk Management is the identification, assessment, and
prioritization of risks followed by coordinated and economical application of resources to minimize monitor and control the
probability and/or impact of unfortunate events and to maximize the realization of opportunities.

It is through risk management that risks to any specific program are assessed and systemically managed to reduce risk to an
acceptable level. Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risks accidents, natural
causes and disasters as well as deliberate attack from adversary or events of uncertain or unpredictable root-cause.

BASIC PRINCIPLES OF RISK MANAGEMENT

The International Organization of Standardization (ISO) identifies the basic principles of risk management.

Risk management should:

1. Create value - resources spent to mitigate risk should be less than the consequence of inaction,
I.e., the benefits should exceed the costs
2. Address uncertainty and assumption
3. Be an integral part of the organizational processes and decision-making
4. Be dynamic, iterative, transparent, tailorable, and responsive to change
5. Create capability of continual improvement and enhancement considering the best available
information and human factors.
6. Be systematic, structured and continually or periodically reassessed

PROCESS OF RISK MANAGEMENT

According to Standard ISO 31000 “Risk management - Principles and Guidelines on Implementation,” the process of risk
management consists of several steps as follows:

1. Establishing the Context. This will involve

a. Identification of risk in a selected domain of interest
b. Planning the remainder of the process
c. Mapping out the following:
I. the social scope of risk management
II. the identity and objectives of stakeholders
III. the basis upon which risks will be evaluated, constraints.
d. Defining a framework for the activity and an agenda for identification.
e. Developing an analysis of risks involved in the process
f. Mitigation or solution of risks using available technological, human and organizational
Resources

2. Identification of potential risks. Risk identification can start with analysis of the source of the problem or with the analysis of
the problem itself. Common risk identification methods are:
a. Objective-based risk
b. Scenario-based risk
c. Taxonomy-based risk
d. Common-risk checking
e. Risk charting

3. Risk assessment. Once risks have been identified, their potential severity of impact and probability of occurrence must be
assessed. The assessment process is critical to make the best educated decisions in prioritizing the implementation of the risk
management plan.

ELEMENTS OF RISK MANAGEMENT

In practice, the process of assessing overall risks can be difficult and balancing resources to mitigate between risks and with
 high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be
mishandled. Ideal risk management should minimize spending of manpower or other resources at the same time minimizing
the negative effect of risks.

For the most part, the performance of assessment methods should consist of the following elements:
1. identification, characterization, and assessment of threats
2. assessment of the vulnerability of critical assets to specific threats
3. determination of the risk (i.e. the expected likelihood and consequences of specific types of attacks on specific assets)
4. identification of ways to reduce those risks
5. prioritization of risk reduction measures based on strategy.

RELEVANT RISK TERMINOLOGIES

I. Risk Associated with Investments

Although a single risk premium must compensate the investor for all the uncertainty associated with the investment, numerous
factors may contribute to investment uncertainty. The factors usually considered with respect to investment are
• Business risk
• Financial risk
• Liquidity risk
• Default risk
• Interest rate risk
• Management risk
• Purchasing power risk

BUSINESS RISK
Business risk refers to the uncertainty about the rate of return caused by the nature of the business. The most frequently
discussed causes of business risk are uncertainty about the firm’s sales and operating expenses. Clearly, the firm’s sales are not
guaranteed and will fluctuate as the economy fluctuates or the nature of the industry changes. A firm’s income is also related
to its operating expenses. If all operating expenses are variable, then sales volatility will be passed directly to operating income.
Most firms, however, have some fixed operating expenses (for example, depreciation, rent, salaries). These fixed expenses
cause the operating income to be more volatile than sales. Business risk is related to sales volatility as well as the operating
leverage f the firm caused by fixed operating expenses.

DEFAULT RISK
Default risk is related to the probability that some or all of the initial investment will not returned. The degree of default risk is
closely related to the financial condition of the company issuing the security and the security’s rank in claims on assets in the
event of default or bankruptcy. For example, if a bankruptcy occurs, creditors, including bondholders have a claim on assets
prior to the claim of ordinary equity shareholders.

FINANCIAL RISK
The firm’s capital structure or sources of financing determine financial risk. If the firm is all equity financed, then any variability
in operating income passed directly to net income on equal percentage basis. If the firm is partially financed by debt that
requires fixed interest payments or by preferred share that requires fixed preferred dividend payments, then these fixed
charges introduce financial leverage. This leverage causes net income to vary more than operating income. The introduction of
financial leverage causes the firm’s lenders and its stockholders to view their income streams as having additional uncertainty.
As a result financial leverage, both investment groups, would increase the risk premiums that they require for investing in the
firm.

INTEREST RATE RISK

Because money has time value, fluctuations in interest rate will cause the value of an investment to fluctuate also. Although
interest rate risk is most commonly associated with bond price movements, rising interest rates cause bond prices to decline
interest rates because bond prices to rise. Movements in interest rates affect almost all investment alternatives. For example,
as a change in interest rates will impact the discount rate used to estimate the present value of future cash dividends from
ordinary shares. This change in the discount rate will materially impact the analyst’s estimate of the value of a share of ordinary
share.

LIQUIDITY RISK
Liquidity risk is associated with the uncertainty created by the inability to sell investment quickly for cash. An investor assumes
that the investment can be sold at the expected price when future consumption is planned. As the investor considers the sale
of the investment, he or she faces two uncertainties: (1) What price will be received? (2) How long it will take to sell the
assets? An example of an illiquid asset is a house in a market with an abundance of homes relative to the number of potential
buyers. This investment may not sell for several months or even years. Of course, if the price is reduced sufficiently, the real
estate will sell, but the investor must make a selling price concession in order for the transaction to occur.

In contrast, a government Treasury bill can be sold almost immediately with very little concession on selling price. Such an
investment can be converted to cash almost at will and for a price very close to the price the investor expected.
 The liquidity risk for ordinary equity shares is more complex. Because they are traded on organized and active markets,
ordinary equity shares can be sold quickly. Some ordinary equity shares, however, have greater liquidity risk than others due to
a thin market. The thin market results in a large price spread (the difference between the bid price buyers are willing to pay and
the ask price sellers are willing to accept). A large spread increases the cost of trading to the investor and thus represents
liquidity risk. Investors considering the purchases of illiquid investments – ones that have no ready market or require price
concessions – will demand a rate of return that compensates for the liquidity risk.

MANAGEMENT RISK
Decisions made by a firm’s management and BODs materially affect the risk faced by investors. Areas affected by these
decisions range from product innovation and production methods (business risk) and financing (financial risk) to acquisitions.
For example, acquisition or acquisition-defense decisions made by the management of such firms materially affected the risk of
the holders of their companies’ securities.

PURCHASING POWER RISK

Purchasing power risk is perhaps, more difficult to recognize than the other types of risk. It is easy to observe the decline in the
price of stock or bond, but it is often more difficult to recognize the purchasing power of the return you have earned on an
investment has declined (risen) as a result of inflation (deflation). It is important to remember that an investor expects to be
compensated for forgoing consumption today. If an individual is invested in peso-denominated assets such as bonds, Treasury
bills, or savings account during the period of inflation, the real or inflation adjusted rate of return will be less than the nominal
or stated rate of return. Thus inflation erodes the purchasing power of the peso and increases investor risk.

II. Risk Associated with Manufacturing, Trading and Service Concerns

A. Market Risk
• Product Risk
o Complexity
o Obsolescence
o Research and Development
o Packaging
o Delivery of Warranties
• Competitor Risk
o Pricing Strategy
o Market Share
o Market Strategy

B. Operation Risk
• Process Stoppage
• Health and Safety
• After Sales Service Failure
• Environmental
• Technological Obsolescence
• Integrity
o Management Fraud
o Employee Fraud
o Illegal Acts

C. Financial Risk
• Interest Volatility
• Foreign Currency
• Liquidity
• Derivative
• Viability

D. Business Risk
• Regulatory Change
• Reputation
• Political
• Regulatory and Legal
• Shareholder Relation
• Credit Rating
• Capital Availability
• Business Interruption

III. Risk Associated with Financial Institutions

Financial Non- Financial

1. Liquidity Risk 1. Operational Risk
2. Market Risk ◈ Systems
◈ Currency ◆ Information Processing
◈ Equity ◆ Technology
◈ Commodity ◈ Customer Satisfaction
3. Credit Risk ◈ Human Resources
◈ Counterparty ◈ Fraud and Illegal acts
◈ Trading ◈ Bankruptcy
 ◈ Commercial 2. Regulatory Risk
◆ Loans ◈ Capital Adequacy
◆ Guarantees ◈ Compliance
4. Market Liquidity Risk ◈ Taxation
◈ Currency Rates ◈ Changing law and policies
◈ Interest Rates 3. Environment Risk
◈ Bond Equity Prices ◈ Politics
5. Hedged Position Risk ◈ Natural Disasters
6. Portfolio Exposure Risk ◈ War
7. Derivative Risk ◈ Terrorism
8. Accounting Information Risk 4. Integrity Risk
◈ Completeness ◈ Reputation
◈ Accuracy 5. Leadership Risk
9. Financial Reporting Risk ◈ Turnover
◈ Adequacy ◈ Succession
◈ Completeness

POTENTIAL RISK TREATMENTS

ISO 3100 also suggests that once risks have been identified and assessed, techniques to manage the risks should be applied. These
techniques can fall into one or more of these categories:
• Avoidance
• Reduction
• Sharing
• Retention

1. Risk Avoidance
This includes performing an activity that could carry risk. An example would be not buying a property or business in order not
to take on the legal liability that comes with it. Avoiding risks, however, also means losing out on the potential gain that
accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of
earning profits.

2. Risk Reduction
Risk reduction or optimization involves reducing the severity of the loss or the likelihood of the loss from occurring. Optimizing
risks means finding a balance between the negative risks and benefit of the operation or activity; and between risk reduction
and effort applied. Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher capability of
managing or reducing risks.

3. Risk Sharing
Risk sharing means sharing with another party the burden of loss or the benefit of gain, from a risk, and the measures to reduce
a risk.

4. Risk Retention
Risk retention involves accepting the loss or benefit a gain from a risk when it occurs. Self Insurance falls in this category. All
risks that not avoided are transferred or retained by default. Also, any amount of potential loss over amount insured is retained
risk. This is acceptable if the Chance of a very large loss is small or if the cost to insure for greater coverage involves a
substantial amount that could hinder the goals of the organization.

AREAS OF RISK MANAGEMENT

As applied to corporate finance, risk management is the technique for measuring monitoring and controlling and financial or
operational risk on a firm’s balance sheet.

The Basel II framework breaks risks into market risk (price risk) credit risk and operational risk and also specifies methods for
calculating capital requirements for each of these components.

The most commonly encountered areas of risk management include

1. Enterprise risk management
2. Risk management activities as applied to project management
3. Risk management for megaprojects
4. Risk management of information technology
5. Risk management techniques in petroleum and natural gas

A simplified framework for an Enterprise-wide Risk Management Process follows:

Risk Management System Top Management’s Involvement

Oversight Activities:
Define goals and objectives, roles and Set management policy, establish context, set
responsibilities, common language and oversight limits and tolerance, etc.

Risk Management Process:

 Step 1: Assess Risks: Ensure that process captures all business risk.
Identify, source, measure

Step 2: Develop/Design Action Plans: Ensure that all available tools and
Reduce, avoid, retain, transfer, exploit methodologies are used

Step 3: Implement Action Plans Review effectiveness of plans, Check

capabilities

Step 4: Monitor and report risk management

performance Review and evaluate regular reports on
performance

Step 5: Continuously improve risk

Evaluate recommendations for improvement
management capabilities

SEC Requirement Relative to Enterprise Risk Management of Publicly-Listed Corporation

SEC Code of Governance Recommendations 2.11 and corresponding explanation provide the following:

“The Board should oversee that a sound enterprise risk management (ERM) framework is in place to effectively
identify, monitor, assess and manage key business risks. The risk management framework should guide the Board
in identifying units/business lines and enterprise-level risk exposures, as well as the effectiveness of risk
management strategies.

Risk management policy is part and parcel of a corporation’s corporate strategy. The Board is responsible for
defining the company’s level of risk tolerance and providing oversight over its risk management policies and
procedures.”

Principle 12 which deals with strengthening The Internal Control System and Enterprise Risk Management Framework states that

“To ensure the integrity, transparency and proper governance in the conduct of its affairs, the company should
have a strong and effective internal control system and enterprise risk management framework.”

RISK MANAGEMENT FRAMEWORK

The Board should oversee that sound enterprise risk management (ERM) framework is in place effectively identify, monitor,
assess and manage key business risks. The risk management framework should guide the Board in identifying units/business lines
and enterprise-level risk exposures, as well as the effectiveness of risk management strategies.

Subject to a corporation’s size, risk profile and complexity of operations, the Board should establish a separate Board Risk Oversight
Committee (BROC) that should be responsible for the oversight of company’s Enterprise Risk Management system to ensure its
functionality and effectiveness. The BROC should be composed of at least three members, the majority of whom should be
independent directors, including the Chairman. The Chairman should not be the Chairman of the Board or any other committee. At
least one member of the committee must have relevant thorough knowledge and experience on risk and risk management.

Subject to its size, risk profile and complexity of operations, the company should have separate risk management function to
identify, assess and monitor key risk exposures.

STEPS IN RISK MANAGEMENT PROCESS

To enhance management’s competence in their oversight role on risk management the following steps may be followed:

1. Set up a separate risk management’s committee chaired by a board member.

• Creation of a risk management committee as board level will demonstrate the firm’s commitment to adopt an integrated
company-wide risk management system

2. Ensure that a formal comprehensive risk management system is in place.

• This fully documented formal system will provide a clear vision of the board’s desire for an effective company-wide risk
management as well as awareness of the risks, internal and external, that the company faces.

3. Assess whether the formal system possesses the necessary elements.

• The key elements that the company-wide risk management system should possess are
a) Goal and objectives
b) Risk language identification
c) Organization structure and
d) The risk management process documentation.

• The risk organizational structure should include formal charters, levels of authorization reporting lines and job description.

• The risk management process shall include the following steps:

a) Assessment risks: Identification; Determination of their source,
 b) Development highlights all the significant possible risk
actions plans: identified, prioritized and measured by the
Reduce, avoid, risk management systems:
retain, transfer or • Strategies are developed to manage and resolve
exploit these identified risks. These will include the
c) Implementation process, people, management feedback
of action plans methodologies and systems.
d) Monitoring and • Strategies may include avoidance, reduction,
reporting risk transfer, exploitation and retention of risks.
management
performance. 6. Evaluate if management has designed and implemented
e) Continuous risk management capabilities.
improvement risk • Directors must continue to monitor and
management assess if management has been
capabilities. implementing designed risk management
capabilities.
4. Evaluate the effectiveness of • Risk management capabilities include
the various steps in the processes, people, reports,
assessment of the methodologies and technologies needed.
comprehensive risks faced by These components should be complete,
the business firm. and aligned for the risk management
• Risk assessment step structure to function effectively.
which includes risks
identification and 7. Assess management’s efforts to monitor over all company
determination of risk management performance and to improve
their sources and continuously the firm’s capabilities
measurement, • Risk management performance must be monitored
represents the on a continuing basis and organization must be ready
foundation for the to innovate their
rest the procedures. approaches to be in line with the changing lines.
This step is • Monitoring is done by all concerned parties such as
performed by senior managers, process owners and risk owners.
responsible • An independent reviewer can also be appointed to
managers, i.e., validate results.
finance officers,
production 8. See to it that best practices as well as mistakes are shared
managers, by all. This involves regular communication of results and
marketing managers feedbacks to all concerned.
and human resource • These should be an open communication channel to
managers. ensure that all risk management participant
• This process culminates particularly senior
in the presentation of management, are informed of risk incidents or threat
the risk profile or risk of risk incident. This will go a long way towards
map to the board of attaining the company’s risk management vision.
directors.
9. Assess regularly the level of sophistication of the firm’s risk
5. Assess if management has management system.
developed and implemented
the suitable risk management 10. Hire experts when needed.
strategies and evaluate their
effectiveness.
• The risk profile
 PRACTICAL GUIDELINES IN REDUCING AND MANAGING BUSINESS RISKS

Practical Guidelines in Managing and Reducing Enterprise-wide Risk inherent in business activity is best achieved by applying the
principles and techniques appropriate to the situation.

UNDERSTAND THE NATURE OF RISK

The willingness and readiness to take personal and financial risks is a defining characteristic of the entrepreneurial decision-maker.
In late 90’s, a study commissioned by an internationally-known accounting firm found that while in commissioned by an
internationally-known accounting firm found that while in continental Europe strategies focus on avoiding and hedging risk, Anglo-
American companies view risk as an opportunity and accept risk management as necessary to achieving their goals. In 2017, this
relative attitude to risk among European and US companies remain broadly the same, the result of long-standing cultural
experiences and history as well as recent events.

Successful businessmen and decision-makers make sure that the risks resulting from their decisions are measured, understood and
as far as possible eliminated. They also go beyond the direct financial perspective and actively manage risk as it affects the whole
organization.

Accepting that risks exist is a starting point for the other actions needed, but the most important is to create the right climate for risk
management. People need to understand why control systems are needed: this requires communication and leadership skills so
that standards and expectation are set and clearly understood.

IDENTIFY AND PRIORITIZE RISKS

Identification of significant risks both within and outside the organization is crucial and allows to make informed decisions. This
makes it easier to avoid unnecessary surprises. Example of significant risks might be the loss of a major customer, the failure of a
key supplier or the appearance of a significant competitor.

Consider the human factor into account. People behave differently and inconsistently when making decisions involving risk. They
may exuberant or diffident, over confident or overly concerned. They simply overlook the issue of risk.

Risk surrounds and continues to be with us. A former British prime minister once said “To be alive at all involves some risks.” When
identifying risks it helps to define the categories into which they fall. This allows for a more structured analysis and reduces the
chances of a risk being overlooked. Some of the most common areas of risk affecting business are shown in Table 12.1

Table 1.1 Typical Areas of Organizational Risk

Financial Commercial Strategic Technical Operational

Accounting Loss of key Marketing pricing Failure of plant or Product or design
decisions and personnel and tacit and market entry equipment failure, including
practices knowledge decisions failure to maintain
supply
Treasury risks Failure to comply Market changes Accidental or Client failure
with legal affecting negligent actions
regulations or codes commercial (such as fire,
of practice decisions (due to pollution, floods)
customers and/or
competitors)
Fraud Contract conditions Political or Breakdown in
regulatory labour relations
developments
Robustness of Poor brand Resource-building Corporate
information management or and resource malpractices (such
management handling of a crisis allocation decisions as sex
systems discrimination)
Inefficient cash Market changes Political change
management
Inadequate
insurance

CONSIDER THE ACCEPTABLE LEVEL OF RISK

As earlier mentioned, the usual first step is to determine the nature and extent of the risks the business will accept. This involves
assessing the likelihood of risks becoming reality and the effect they would have if they did. Only when this is understood can
measures be taken to minimize the incidence and impact of such risks.
There is also an opportunity cost associated with risk; avoiding a risk may mean avoiding a potentially big opportunity. People can
be too cautious and risk averse even though they are often at their best when facing the pressure of risk deciding to take a more
audacious approach. Sometimes the greatest risk is to do nothing.

UNDERSTAND WHY RISKS BECOME REALITY

Once risks are identified they can be rank according to their potential impact and the likelihood of them occurring. This helps to
highlight not only where things might go wrong and what their impact would be, but also how, why and where these catalysts might
be triggered. The five most significant types of risk catalysts are as follows:

• Technology.
New hardware, software or system configurations can trigger risks, as can new demands or existing information systems
an technology. In early 2010, Metro Manila Development Authority Chair introduced a congestion change for traffic using
the center of the city; the greatest threat to the scheme’s success (and his tenure as chair) was posed by the used of new
technology. It worked and the scheme was widely seen as a success.

• Organizational Change.
Risks are triggered by, for example, new management structures or reporting lines, new strategies and commercial
agreements (including mergers, agency or distribution agreements).

• Processes.
New products, markets and acquisitions all cause change and can trigger risks. The disastrous launch of “New Coke” by
Coca-Cola was an even bigger risk that anyone at the company had realized, it outraged American who felt angry that the
iconic US product was being changed. The Coca-Cola eventually turned the situation to its advantage shows that risk can
managed and controlled, but such success is rare.

• People.
Hiring new employees, losing key people, poor succession planning, or weak people management can all create
dislocation, but the main danger is behavior: everything from laziness to fraud, exhaustion and simple human error can
trigger this risk.

• External Factors.
Changes to regulation and political, economic or social developments can all affect strategic decisions by bringing to the
surface risks that may have lain hidden. The economic disruption caused by the sudden spread of the SARS epidemic from
China to the rest of Asia in 2003 highlight this risk.

APPLY A SIMPLE RISK MANAGEMENT PROCESS

The stages of managing the enterprise-wide risk inherent in decisions are simple.

• First, assess and analyze the risks resulting from a decision by systematically identifying and quantifying them.

• Second, consider how best to avoid or mitigate them

• Third, in parallel with the second stage, take action to manage control and monitor the risks.

A. Risk Assessment and Analysis

It is more difficult to assess the risks inherent in a business decision than to identify them. Risks that lead to frequent losses,
such as an increasing incidence of employee-related problems or difficulties with suppliers, can often be solved using past
experience. Unusual or infrequent losses are harder to qualify Risks with little likelihood of occurring in the next five years
are not important to a company focused on meeting shareholders’ shorter-term expectations. Thus, it is sensible to quantify
the potential consequences of identified risks and then define courses of action to remove or mitigate them.

Each category of risk can be mapped in terms of both likely frequency and potential impact, with the potential consequences
being ranked on scale ranging from inconvenient to catastrophic. (see Figure 12.1)

B. Risk Management and Control

Risk should be actively managed and given a high priority across the whole organization. Risk Management procedures and
techniques should be well documented, clearly communicated, regularly reviewed and monitored. To successfully manage
risks, you have to know what they are, what factors affect them and their potential impact.

If you plot the ability to control a risk against its potential impact, as shows in Figure12.1, you can decide on actions either to
exercise greater control over the risk or to mitigate its potential impact. Risk falling into the top-right require urgent action,
but those in the bottom-right quadrant (total/significant control, major/critical impact should not be ignored because
complacency, mistakes and a lack of control can turn the risk into a reality.

Table 1.1 Assessing and Mapping Risk

.
CONTROL RISK
ABILITY TO

No Control

Weak Control
 Significant Control

Total Control
Minor Significant Major Critical

POTENTIAL IMPACT

Once the inherent risks in a decision are understood, the priority is to exercise control. All employees must be aware that
unnecessary risk-taking is unacceptable. They should understand that what the risks are, where they lie and their role in
controlling them To achieve this, share information, prepare and communicate clear guidelines, and establish control
procedures and risk measurement systems.

Avoiding and Mitigating Risks

Start by reducing or eliminating those risks that result only in costs: the non-training risks. These can be thought of a the fixed
costs of risk and might include property damage risks, legal and contractual liabilities and business interruption risks. Reducing
these risks can be achieved through quality assurance programs, environmental control processes, enforcing health and safety
regulation, installing accident prevention and emergency equipment and training people to use it, and taking security measures
to prevent crime, sabotage, espionage, and threats to people and systems. Reducing a risk may also mean that the cost of
insuring it goes down.

Risks can be reduced or mitigated by sharing them. For example, acceptable agreements from vendors are essential to reducing
risk, Joint ventures, licensing and agency agreements can be also be used to mitigate risk. To reduce the chances of things going
wrong, focus on the quality of what people do – doing the right things right reduces risks and costs.

Risk management relies on accurate, timely information. Management information systems should provide details of the likely
areas of risk, and the information needed to control the risks. The information must reach the right people at the right time so
that they can investigate and take corrective action.

Create a Positive Climate for Managing Risk

Recognizing the need to management risk is not enough. The ethos of an organization should recognize and reward behavior
that manages risk. This requires a commitment by senior managers and the resources (including training) to match. Too often,
control systems are seen only as an additional overhead and not as something that can add value by ensuring the effective use of
assets, the avoidance of waste and the success of key decisions.

Overcoming the Fear of Risk

Everyone accepts that taking risk is needed to keep ahead of the competition. Consequently, employees need to understand
better what the risks are, to share responsibility for the risks being taken and to see as an opportunity, not a threat.
Understanding how organizations manage risk effectively it is important, but managing risk is only one possible strategy.
Another approach is to look for ways to use the risk to achieve success by adding value or outstripping competitors - or both. To
do this, organization need to stop taking the fun out of risk by controlling it in ways that are perceived as bureaucratic and
stifling. Risk is both desirable and necessary. It provides opportunities to learn and develop and compels people to improve and
effectively meet the challenge of change.

C. Controlling and Monitoring Enterprise-Wide Risk

The following questions when answered truthfully and positively will assist managers in deciding how to manage the risks that
confront the business enterprise.

• Where are the greatest areas of risk relating to the most significant strategic decisions?
• What level of risk is acceptable for the company to bear?
• What are the potentially, disclosing events that could inflict the greatest damage on your organization?
• What is the overall level of exposure to risk? Has this been assessed and is it being actively monitored?
• What are the cost and benefits of operating effective risk management controls?
• What review procedures are in place to monitor risks?
• Do employees resent risk, or are they encouraged to view certain risks as opportunities?

PRACTICAL CONSIDERATIONS IN MANAGING AND REDUCING FINANCIAL RISK

Finance is the lifeblood of a business, heavily influencing strategies and decisions at every level.

Managers find it difficult to get to grips with financial issues and, as the 2008 global financial crisis revealed, many lost touch with
basic financial ground rules.

Profitability, cash flow, long-term shareholders value and risk all need to be considered when setting and reviewing strategy. This
section provides practical guidance about financial decisions and explains how to:
1. improve profitability
2. avoid pitfalls in making financial decisions;
3. reduce financial risk.

• Improving Profitability
Entrepreneurial flair and financial rigour are much about attitude as skill. Nonetheless, certain skill will ensure are focused on
commercial success.

A. Variance Analysis
Interpreting the differences between actual and planned performance is crucial. Variance analysis is used to monitor and
manage the results of past decisions, assess the current situation and highlight solutions.

Common causes of variances include inefficiency, poor or flawed planning (for example, relying on historically inaccurate
information), poor communication, interdependence between departments and random factors. Every business should use
variance analysis but in a practical and pragmatic and cost-effective way.

B. Assessment of Market Entry and Exit Barriers

How easy or difficult it is to either enter or leave a market is crucial in strategic decision-making. Entry barriers include the
need to compete with businesses that enjoy economies of scale, or established differentiated products.

Other barriers include capital requirements, access to distribution channels, factors independent of scale (such as technology or
location) and regulatory requirements. When markets are difficult or costly for competitors to enter and relatively easy and
affordable to leave, firms can achieve high, stable returns, while still being able to leave for other opportunities. Consider
where the barriers to entry lie for your market sector, how vulnerable you are to new entrants, and whether you can
strengthen and entrench your market position.

C. Break-Even Analysis
The break- even point is when sales cover costs, where neither a profit nor a loss is made. It is calculated by dividing the costs
of the project by the gross profit at specific dates, making sure to allow for overhead costs. Break-even analysis (cost-volume-
profit or CVP analysis) is used to decide whether to continue developing a product, alter the price, provide or adjust a discount,
or change suppliers to reduce costs. It is also helps in managing the sales mix, cost structure and production capacity, as well as
in forecasting and budgeting.

D. Controlling Costs
To control costs:
• Focus on the big items of expenditures - Categories cost into major or peripheral items. Often, undue emphasis is given to
the 80% of activities accounting for 20% of costs.
• Be cost aware - Casualness is the enemy of cost control. While focusing on major items of expenditure it may also be
possible to cut cost of peripheral items. Costs can be reduced over the medium to long term by managers’ attitudes to cost
control and the effects of expenses on cash flow.
• Maintain a balance between cost and quality - Getting the best value means achieving a balance between the price paid
and the quality received.
• Use budgets for dynamic financial management - Budge early so financial requirements are known as soon as possible.
Consider the best time-period for the budget – normally a year but it to rolling budgets, getting managers to forecast the
next 18 months every quarter. Budgets provide a starting point for cash flow forecasts and revenue, and they also play an
essential role in monitoring costs and revenues.
• Develop a positive aṄtude to budgeting - People need to understand, accept and use the budget, feeling sense of
ownership and responsibility for developing, monitoring and controlling it.
• Eliminate waste - Japanese companies have directed much of their cost-management efforts towards waste elimination.
They achieve this by using techniques such as process analysis, mapping and re-engineering.

Practical Techniques to Improve Profitability

Some practical techniques to improve profitability

• Focus decision-making on the most profitable areas. Concentrating on products and services with the best margin will
protect or enhance profitability. This might involve redirecting sales and advertising activities.

• Decide how to treat the least profitable products. This often drift, with dwindling profitability. Turn around a poor performer
(by reducing costs, raising prices, altering discount or changing the product) or abandon it to prevent drain on resources
and reputation. The shelf-life and appeal of product must be considered when deciding to continue or discontinue it.

• Make sure new products enhance overall profitability. New product development often focuses on market need or the
production process, with insufficient regard to cost, price, sales volume and overall profitability, which are inextricably
linked.

• Manage development and production decisions. The amount spent on research, as well as priorities and methods used,
affect profitability. Too little expenditure may increase costs in the long-term

• Set the buying policy. For example, should there be a small number of preferred suppliers or a bidding system among a
wider number of potential supplier? Also, consider techniques for controlling delivery charges, monitoring exchanges rates,
improving quality control, reducing inventory and improving production lead times.

• Consider how to create greater value from existing customers and products to enhance profitability.
Ask:
➢ How can customer loyalty (and repeat purchasing) be enhanced?
➢ How can the sales proposition be made more competitive relative to the opposition?
➢ How can existing markets, sales channels, products, brand reputation and other resources be adapted to exploit new
markets and new opportunities?
➢ How can sales expenses be reduced?
➢ How can effectiveness of marketing activities be increased?
 • Consider how to increase profitability by managing people. Successful leadership is prerequisite for profitability. People
need to be motivated and supported, and this implies rewarding them fairly for their work, training and developing them,
providing clear sense of direction, and focusing on the needs of the team, the task and the individual.

There are many techniques for assessing the likely profitability of an investment. One of the most used is to apply discounted cash
flows in evaluating capital investment programs.

• Avoiding PiValls

Many manager needs have financial responsibilities and their decisions will often be influenced by or have an
impact on other parts of the business. The following principles will help avoid flawed financial decision-making.

➢ Financial expertise must be widely available

- Every manager needs to understand why successful financial management increases profits, people need to own their
part of the financial control process, to have the information and expertise needed to routinely make the best financial
decisions.

➢ Consider the impact of financial decisions

- Do not ignore or underestimate the wider impact of finance issues upon other departments and decisions.

➢ Avoid weak budgetary control

- Budgets are active tool to help make financial decisions, not merely a way to measure performance.

➢ Understand the impact of cash flow

- Non-financial managers often ignore cash flows and the time value of money. Everyone should be aware of the
importance of cash to the organization.

➢ Know where the risk lies

- Identifying risks and how to reduce them is crucial to successful financial decision-making. For example, managers need
to know not only where the break-even point is, but also how and when it will be reached.

Reduce Financial Risk Positive replies to the following questions would assist top management to manage
financial risk:

o Are the most effective and relevant performance measures in place to monitor and assess the effectiveness of financial
decisions?
o Have analyzed key business ratios recently?
o Is there a positive attitude to budgets and budgeting?
o Does decision-making focus on the most profitable products and services, or is it preoccupied with peripheral issues?
o What are the least profitable parts of the organizations? How will they improved?
o Are market and customer decisions focused on improving profitability?
o How efficiently is cash managed?