MBAFI613 Risk Management

Risk Management - Learning Diary

(Individual Assignment)

By

Uditha Wijegunawardhana (2008/MBA/WE/35)

Semester IV First Half August 2010

Lecturer: Course:

Mr. Sanath Manathunge

MBAFI613 Risk Management

Postgraduate and Mid-Career Development Unit Faculty of Management and Finance University of Colombo
1

MBAFI613 Risk Management

Table of Content
Abstract....2 1.0 Introduction to The Nielsen Company....3 1.1 2.0 Introduction to The Nielsen Company Sri Lanka....4

Session One......5 2.1 Introduction to Risk.....5 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.2 2.3 2.4 History of Risk.....5

Definition of Risk.....6 Reasons for Needing Risk Management ..6 The Dimensions of Risk .....7 Risk Factors....7

Risk Management Process .....9 Risk Management Options ....9 Risk Management Framework.....9 Two......11

3.0

Session 3.1 3.2

Risk Identification .....11 Risk Planning.....15 Three......17

4.0

Session 4.1 3.2

Risk Treatment .....17 Risk Response.....20 Four......22

5.0

Session 5.1

Ethical Risk Management ....22 5.1.1 Risk Communication.....23

6.0

References....26

MBAFI613 Risk Management

Abstract
This report is on the learning diary kept during the course of Risk Management, to refresh what was learnt during the class, as well as information that related to each days learnings. This is then applied to situations which could arise in a particular company, where applicable.

MBAFI613 Risk Management

1.0

Introduction to The Nielsen Company

The Nielsen Company, formerly known as ACNielsen, is a privately held multinational company with operations across more than 100 countries spanning the globe, with its headquarters situated in New York. Founded in 1923 by Arthur C. Nielsen, the pioneer of Retail Audit, and the coiner of the term market share, Nielsen now employs more than 42,000 associates across the Americas, Asia Pacific, Europe, Middle East and Africa. Nielsen endeavors to help businesses turn new and traditional sources of data into customer intelligence to better manage their brands, launch and grow product portfolios, optimize their media mix and establish meaningful customer relationships etc. The Nielsen Company spans across three main business activities, namely: 1. Marketing Information 2. Media Information 3. Business Information As the worlds largest market research organization, Nielsen provides services that interface with its local offices throughout the world to deliver clear, consistent information across markets. Utilizing cross-country comparable data, combined with local country information, Nielsen multi-country services provides information-based solutions to worldwide marketers with a broad international scope. From its Marketing and Media Information divisions, Nielsen provides countless of professionals around the globe with knowledge and business intelligence, through thousands of specific market data reports, 140 trade publications (such as The Hollywood Reporter and Billboard), 150 trade shows and business events, 150 'yellow pages' directories and many internet sites.
4

MBAFI613 Risk Management

Nielsen also has many syndicated research tools to tools to measure and analyze consumer behavior (Nielsen Ratings, Nielsen Online, Nielsen Mobile, Nielsen Claritas etc.)

1.1

Introduction to The Nielsen Company Sri Lanka

Established in 2001, the Sri Lankan branch consists of headquarters in Colombo, with smaller branches in Dehiwala, Galle and Kandy. The Sri Lankan operations mainly offer Retail Measurement Services, Customized Research and Media Tracking. The Customized Section is again separated into Quantitative Research, Qualitative Research and Social Research. However, all the departments work with their regional and global counterparts in providing other tools and suites of information to local clients. Along with most of the major local and multinational FMCG companies, Nielsen Sri Lanka deals with the major players in the Banking, Telecommunications, Media and Advertising industries, as well as with institution such as the United Nations, World Bank, LIRNasia, SLIM etc.

MBAFI613 Risk Management

2.0 2.1 2.1.1

Session One Introduction to Risk History of Risk

Though the term Risk can be traced to ancient Greek, according to sociologist Niklas Luhmann , the term 'risk' is a neologism that appeared with the transition from traditional to modern society. In Medieval times, the term risicum was used in highly specific contexts, above all in sea trade and its ensuing legal problems of loss and damage. In the vernacular languages of the 16th century the words rischio and riezgo were used,[1] both terms derived from the Arabic word "rizk", meaning 'to seek prosperity'. This was introduced to continental Europe, through interaction with Middle Eastern and North African Arab traders. In the English language the term Risk appeared only in the 17th century. When the terminology of Risk took ground, it replaced the older notion that thought "in terms of good and bad fortune." With the Cold War, Scenario Analysis came into its own, mainly due to the confrontations between the United States and the Soviet Union. It started to become widespread in 1970s in the Insurance industry, when several major oil tanker disasters forced a more thought into the matter. The scientific approach to Risk entered Finance in the 1960s with the introduction of the Capital Asset Pricing Model; and became increasingly important in the 1980s, with the rapid increase of financial derivatives. Later on, it reached the general professions in the 1990s, when the increasingly widespread use of personal computing allowed easy access for data collection and analysis.

MBAFI613 Risk Management

2.1.2

The Definition of Risk

The definition of Risk usually contains a combination of the probability of a particular event and its consequences. In any undertaking, there is the potential for events and consequences to happen, which would in turn lead to opportunities (for benefit an upside) or threats (downside). Some definitions of Risk tend to concentrate only on the negative scenarios, while more comprehensive definitions consider all variability as risk. The more complete definition of risk management considers both Risk Hedging and Strategic Risk Taking, with one on each extreme end. 2.1.3 Reasons for Needing Risk Management

1. To safeguard resources from unexpected losses 2. To be prepared to seize unanticipated opportunities 3. To limit uncertainties in managing businesses 4. Improved strategic and business planning 5. More efficient use/allocation of capital and resources within the organisation 6. Increased ability to deliver on time 7. Reduced costs by limiting legal action or preventing breakages 8. Improved reliability leading to an enhanced reputation 9. Fewer breakdowns, fewer shocks and fewer unwelcome surprises 10. Enhanced communication between Business Units and Departments 11. The ability to reassure key stakeholders throughout the organization 12. The promotion of continuous improvement, leading to higher quality of output 13. A more focused internal audit programme

MBAFI613 Risk Management

14.

Robust contingency planning

15. Improving decision making, planning and prioritisation by comprehensive and structured understanding of business activity, volatility and project opportunity/threat 16. Developing and supporting people and the organisations knowledge base 17. Optimising operational efficiency 2.1.4 The Dimensions of Risk

These are independent variables:

1. Direction either Positive or Negative 2. Degree of Probability High or Low 3. Magnitude of the consequences Negligible or Substantial

2.1.5

Risk Factors Probability of Likelihood of Occurrence of the Risk Event Severity of the impact of the Risk Event Duration or Exposure Time of the Risk Event Susceptibility to Changes or External Influences Degree of Inter-dependency with other Risk Factors or Risk Events

However, the Risk Drivers of a firm is likely to differ from one organization to the other. For example,

MBAFI613 Risk Management

Figure 2.1 Risk Drivers

Risk Drivers for Nielsen Sri Lanka: Environment Competition Customer Needs Innovations Strategic Structure Planning Execution of strategy Life cycle Financial Liquidity & cash flow Interest rates Credit spread Foreign exchange rates Tax Hazard Property Natural disasters Operational Security People Integration Business & Process Knowledge base Intellectual Property Over dependency on key individuals Technological Security Data integrity Data Loss High dependency on ICT Service interruptions

Legal Mergers & Acquisitions Financial Markets

Resources Timely decision making Involvement from Regional Head Offices Lack of

Energy Needs

Regulatory

proper Risk Management System

MBAFI613 Risk Management

2.2

Risk Management Process RISK ANALYSIS

RISK ANALYSIS Risk Identification Risk Description Risk Assessment Risk Tolerance RISK CONTROL RISK REPORTING

MONITORING

Fig 2.2 Risk Management Process I

2.3

Risk Management Options

10

MBAFI613 Risk Management

Risk Managment Options

Accept

Reduce

Transfer

Avoid

2.4

Risk Management Framework

This gives the comprehensive approach for an organization to identify and manage Risks. A Typical Risk Management Framework would include: The Risk Management Policy Establishment of the internal/ external context Setting Risk criteria Management committees and responsibilities Reporting requirements Risk identification methods Risk documentation Risk treatment options Risk monitoring and review

11

MBAFI613 Risk Management

3.0

Session Two

Modification

Formal Audit

Fig 3.1 Risk Management Process

Risk Analysis vs. Risk Management:

12

MBAFI613 Risk Management

Risk Analysis

Identify the Risk

Evaluate the Risk

Identify the Response

Select the Response

Risk Management

Monitor & Report

Identify the Risk Evaluate the Risk Identify Response

Plan & Resource

Select

Monitor & Report

Plan & Resource

3.1

Risk Identification

This needs an in depth knowledge of the organization, as well as the environment that it operates in. The following can be used to assess the external and internal environment: PESTEL analysis SWOT analysis Competitive Profile Matrix External Factor Evaluation (IFE) Matrix Internal Factor Evaluation (IFE) Matrix

To identify the Risks, the organization should get the involvement of its personnel into account: Brainstorming.

13

MBAFI613 Risk Management

Surveys and questioners Interviews Work groups Experiential knowledge Delphi technique Root cause identification Documented knowledge / historical information Risk lists Critical path templates The identified Risks are then documented. The documentation can vary from one organization to the other. As in the case of Nielsen, these documents can sometimes be classified confidential and not to be shared. A sample output form can be as follows: Required info Identification No Date Reported by Risk Event Category Priority Description Probability Consequences Impact Possible Areas Affected Time Sensitivity Risk Handling Plans Person Responsible Status Other info

14

MBAFI613 Risk Management

The Risks are documented in a Risk Log, classified on the Impact and Probability:

The below Risk Consequence and Likelihood Matrix was developed by the Charles Darwin University Consequence Moderate

Likelihood

Insignificant

Minor

Major

Catastrophic

1 2 3 4 5 Almost Certain 5 M S H H H Likely 4 L M S H H Possible 3 L L M S H Unlikely 2 L L L M S Rare 1 L L L L M Along with this, the organization should have thresholds where the Risk Tolerance levels can be.

3.2

Risk Planning

15

MBAFI613 Risk Management

16

MBAFI613 Risk Management

From the documentation, the organization can get a list of Risk, ranked on severity. The organization should have on hand the plans on how to deal with the most sever Risks. These should also take into account the how these Risks are related with other events. Steps: 1. Define the project. 2. Get input from others. 3. Identify the consequences of each risk. 4. Eliminate irrelevant issues. 5. List all identified risk elements. 6. Assign probability. 7. Compute the total risk 8. Develop mitigation strategies 9. Develop contingency plans. 10. Analyze the effectiveness of strategies. 11. Compute the effective risk. 12. Monitor the risks.

17

MBAFI613 Risk Management

4.0

Session Three

Although almost all Risks can be managed, these should be controlled in ways that are costeffective. 4.1 Risk Treatment

Risk Treatments are used to respond to Risk. The Risk Manager uses the Risk information from the Risk Register to set up an Action Plan and assign responsibilities to the relevant personnel. These are used to mitigate or eliminate the Risk. These will differ from one Risk to another. Even for one Risk, there could be several options to be chosen from, where the decision rests on the feasibility, effectiveness and efficiency of the Risk Treatment in relation to the case in hand. The effectiveness of the Treatment can be achieved by: 1. Risk Control This is the design of suitable preventative controls that are designed to minimize the occurrence of a loss event by reducing the likelihood and/ or severity of the potential losses. For example, the data security measures set in place in Nielsen, to reduce likelihood/ severity of security breach. 2. Risk Containment This refers to the actions taken to deal with the residual risks that remain after a Risk Management strategy such as a hedge or insurance has been implemented. For example, the measures set in place to recover whatever is not covered by insurance

18

MBAFI613 Risk Management

3. Risk Avoidance This looks at avoiding activities that are risky or by undertaking less risky activities. Risk avoidance can be : Complete avoidance. Eliminate the cause of the risk event. Eg: Nielsens decision not to set up a Retail Audit in Jaffna Protect activity from the risk event. Eg: Nielsens decision to set up a Retail Audit in East only in the safer Urban areas However, these can come at the cost of lost opportunities and alternatives 4. Risk Accumulation Individual risks that are significantly positively correlated are combined. In this context, there are no attempts to eradicate or reduce the risk exposures. However, possible losses are likely to create a considerable damage. 5. Risk Acceptance With these, the firm decides to accept the consequences if the risk event occurs. This is used for low probability and low impact risk events. 6. Risk Financing These, refer to methods of funding the cost of Risk. This focuses on Risk Acceptance. Could either transfer an uncontrollable risky event to some external party for a fixed premium or restructure the business unit to be better able to handle it. Eg: The insurance and credit protection, as well as the financial reserves kept 7. Risk Insurance
19

MBAFI613 Risk Management

Risk insurance refers to insuring against any large losses that might arise from the unwanted risk exposures. This consists of retaining the upside potential while eliminating the downside, and comes at the cost of a fee or premium. 8. Risk Mitigation These try to reduce both the frequency and severity of losses. Steps to lessen the likelihood of that a Risk event i.e. Loss prevention Steps to lessen negative impacts from a Risk event i.e. Loss reduction Eg: The Nielsen legal agreements signed with a client, with provisions on project termination etc. 9. Risk Re-allocation/ Risk Transference These transfer risk, i.e. the re-apportioning some form of risk such as interest rate risk or credit risk to those who are willing to bear the risk. Eg: Interest rate hedging , oil price hedging A risky exposure is transferred to those market players who require a smaller yield premium to be appropriately compensated to bear the additional risk. Eg: Insurance, Contracting, Warranties, Guarantees, Performance Bonds

20

MBAFI613 Risk Management

4.2

Risk Response

A risk response plan consists of the set of procedures developed to handle a likely identified risk event with respect to: Potential likelihood of the risk events. (Probability) Impact of the risk events (Severity) Duration of the risk events (Duration) Risk response plans are developed for risks that have the high likelihood and the potential to high impact. Less likely and non significant risks are usually addressed through contingency plans or workarounds.

A Risk Response Plan would have: Risk identification number (From the Risk Register) Risk name and description of its characteristics. Risk originator. Risk owner. Likelihood of occurrence. Expected impact. Expected value or risk score. Any information needed to track and monitor the risk over the risk observation period. Risk triggers.

21

MBAFI613 Risk Management

The chosen strategies for the risk response plan

Fig 4.1 Template for a Risk Response Plan

These can vary from one organization to the other. As in the case of Nielsen, these documents can sometimes be classified confidential and not to be shared.

22

MBAFI613 Risk Management

5.0 5.1

Session Four Ethical Risk Management

Ethical RM considers all of the stakeholders of a firm as a single portfolio of interested parties. The Six C's of Ethical Risk Management 1. Champions Risk management professional, a senior executive or member of the board must become the champion of the Ethical Risk Management cause. Rather than on designation, this depends on a person who is ready to embrace and carry this thinking forward. Also there should be a Central Risk Team (CRT) or an Integrated Risk Management Committee representing multiple disciplines within the organization, which in turn will be overseen by the Risk Champion 2. Commitment The Risk Champions must work towards getting the support and commitment of his colleagues from all levels of the organization. 3. Consistency The Risk Champions must monitor that Risks are managed in a consistent pattern across all departments 4. Correlations One must be able to consider the interrelationships of all Risk management strategies and how that will impact the overall goals and objectives of the firm as a whole. In addition, the correlations between the stakeholders themselves will also have an effect.

23

MBAFI613 Risk Management

5. Code of ethics This call for the self-promotion of high standards of business practices, above and beyond what the current legislation may call for. Need to develop an awareness of ethical concerns inside the company. 6. Communication The most vital of all the factors; there must also be a free flow of ideas and information among the senior decision makers - team mentality to the management of risks. There should also be communication happening across all directions, not just top to bottom.

The Nielsen Company does not assign Risk Champions. Instead, the responsibility and methods of dealing with Risk falls onto the heads of the relevant Business Units. The hierarchy, which includes the Asia Pacific regional offices, contains rules and regulations that hinder the official designation of a person as a Risk Champion.

5.1.1

Risk Communication

Risk communication consists of an interactive process, which gives an exchange of information and opinion on risk among Risk Assessors, Risk Managers, and other stakeholders.

This should ensure that all stakeholders have a thorough grasp of the logic, outcomes, significance, and limitations involved. However, different levels of reporting would be there for different sets of target audiences.

24

MBAFI613 Risk Management

Internal Board of Directors Business Units Managers Workers Internal Auditors

External Shareholders Regulators Auditors Risk Rating Agencies Customers, Suppliers, Creditors Lenders Government Society

Of these, the most vital would be:

Board or Directors They should o Know about the most significant risks faced by the organisation o Know the possible effects on shareholder value o Ensure appropriate levels of awareness throughout the organization o Know how to manage communications with the investment community where and when applicable
o

Etc

Business Units They should o Know be aware of risks which fall into their area of responsibility, the possible impacts these may have on other areas and vice versa
25

MBAFI613 Risk Management

o Report systematically and promptly to senior management any perceived new risks or failures of existing control measures
o

Etc

Individuals should o Understand their accountability for individual risks; o Understand how they can enable continuous improvement of risk management response;
o

Understand that risk management and risk awareness are a key part of the organisational culture;

o Report systematically and promptly to senior management any perceived new risks or failures of existing control measures.
o

Etc

External Reporting
o

The firm needs to report to its stakeholders on a regular basis setting out its risk management policies and the effectiveness in achieving its objectives.

o The stakeholders should be made aware of: The control methods The processes used to identify risks and how they are addressed The primary control systems in place to manage significant risks and the monitoring and review system in place.

Any significant deficiencies uncovered by the system, or in the system itself, along with the steps taken to deal with them.

26

MBAFI613 Risk Management

6.0

References

Crepin-Swift, Carla (n.d.), Risk Mitigation Planning, Retrieved on the 20th of August from http://business-project-management.suite101.com/article.cfm/risk_mitigation_planning

Manage Risk (2010), Retrieved on the 19th of August from http://www.tenstep.com/open/7.0ManageRisk.html

Quality Risk Management (2009), Retrieved on the 20th of August from http://www.fda.gov/RegulatoryInformation/Guidances/ucm128050.htm#annexI

Why Manage Risk? Retrieved on the 19th of August from http://www.irisintelligence.com/risk-management-explained/why-manage-risk.html

27