FMEL313-Risk Management

Part IOverview of Risk Management 1. Risk and Its Management: Risk: is used to describe any situation where there is uncertainty about what outcome will occur. May refer to the expected value outcome (or, sometimes, the probability of a particular outcome). In insurance markets, for example, it is common to refer to high-riskpolicy holders. In this, risk is the expected value of losses to be paid by the insurer (the expected loss) is high. exists whenever the future for absolute outcome is not known. Business Risk Management: is concerned with possible reductions in business value from any source. usiness value to shareholders, as reflected in the value of the firm!s common stock, depends fundamentally on the expected si"e, timing and risk (variability) associated with the firm!s future net cash flows (cash inflows less cash outflows). #nexpected changes in expected future net cash flows are a ma$or source of fluctuations in business value. In particular, unexpected reductions in cash inflows or increases n cash outflows can significantly reduce business value. Major Types of Business Risks: 1. Price Risk: %efers to uncertainty over the magnitude of cash flows due to possible changes in output and input prices. Output price risk refers to the risk of changes in the prices that a firm can demand for its good and services. Input price risk refers to the risk of changes in the prices that a firm must pay for labor, materials, and other inputs to its production process. &nalysis of price risk associated with the sale and production of existing and future products and services plays a central role in strategic management. pe!ifi! Types of Pri!e Risk: Commodity Price Risk &rises from fluctuations in the prices of commodities, such as coal, copper, oil, gas, and electricity, that are inputs for some firms and outputs for others. Exchange Rate Risk 'iven the globali"ation of economic activity, output and input prices for many firms also affected by fluctuations in foreign exchange rates. Interest Rate Risk (utput and input prices also can fluctuate due to changes in interest rates. )or example, increases in interest rates may alter a firm!s revenues by affecting both the terms of credit allowed and the speed with which customers pay for products purchased on credit.

Prepared by: LCBondoc, MBA

Page 1

FMEL313-Risk Management

2. Credit Risk: It is the risk that a firm!s customers and the parties to which it has lent money will fail to make promised payments. Most firms face some credit risk for account receivables. +he exposure to credit risk is particularly large for financial institutions, such as commercial banks, that routinely make loans that are sub$ect to risk of default by the borrower. ,hen firms borrow money, they in turn expose lenders to credit risk. &s a conse-uence, borrowing exposes the firm!s owners to the risk that the firm will be unable to pay its debts and thus be forced into bankruptcy, and the firm generally will have to pay more to borrow money because of credit risk. 3. Pure Risk: +he risk of reduction in value of business assets due to physical damage, theft, and expropriation (i.e., sei"ure of assets by foreign governments). +he risk of legal liability for damages for harm to customers, suppliers, shareholders, and other parties. +he risk associated with paying benefits to in$ured workers under workers! compensation laws and the risk of legal liability for in$uries or other harms to employees that are not governed by workers! compensation laws. +he risk of death, illness, and disability to employees (and sometimes family members) for which businesses have agreed to make payments under employee benefit plans, including obligations to employees under pension and other retirement saving plans. .ure risk fre-uently is managed in part by the purchase of insurance to finance losses and reduce risk. "istin!tive #eatures of Pure Risk: /osses from destruction of property, legal liability, and employee in$uries or illness often have the potential to be very large relative to a business!s resources. +he underlying causes of losses associated with pure risk, such as the destruction of a plant by explosion of a steam boiler or product liability suits from consumers in$ured by a particular product.
.rice %isk *redit %isk .ure %isk

*hanges in interest rates also affect the firm!s cost of borrowing funds to finance its operations.

(utput price risk

Input price risk

0amage to assets /egal /iability ,orker In$ury 1mployee enefits

*ommodity price risk 1xchange rate risk Interest rate risk

T$e Risk Management:

Prepared by: LCBondoc, MBA

Page

FMEL313-Risk Management

3. 4. 5. 6. 7.

%egardless of the type of risk being considered, the risk management process involves several key steps2 Identify all significant risks that can reduce business value (cause loss). 1valuate the potential fre-uency and severity of losses. 0evelop and select methods for managing risk in order to increase business value to shareholders. Implement the risk management methods chosen. Monitor the performance and suitability of the firm!s risk management methods and strategies on an ongoing basis.

Types of %osses from Pure Risk:

0irect /osses Indirect /osses

0amage to assets

/oss of normal profit (net cash flow) *ontinuing and extra operating expenses <igher cost of funds and foregone investment ankruptcy costs (legal fees)

In$ury and illness to employees /iability claims and defense costs

Risk Management Met$ods: 1. %oss &ontro'(Risk Contro ! &re actions that reduce the expected costs of losses by reducing the fre-uency of losses and8or the severity (si"e) of losses that occur. "oss pre#ention 9 actions that primarily affect the fre-uency of losses. )or example2 %outine inspection of aircraft for mechanical problems. +hese inspections help reduce the fre-uency: of crashes; they have little impact on the magnitude of losses for crashes that occur. "oss reduction 9 actions that primarily influence the severity of losses that do occur. )or example2 +he installation of heat or smoke-activated sprinkler systems that are designed to minimi"e fire damaged in the event of a fire. (enera' )pproa!$es to %oss &ontro': 1.Reducing the e#e o$ risky acti#ity. *+amp'e: *onsider a trucking firm that hauls toxic chemicals that might harm people or the environment in the case of an accident and thereby produce claims for damages. +his firm could reduce the fre-uency of liability claims by cutting back on the number of shipments that it hauls or it could avoid the risk completely by not hauling toxic chemicals and instead hauling non toxic substances. )n *+amp'e from Persona' Risk Management would be a person who flies less fre-uently to reduce the probability of dying in plane crash. +his risk could be completely avoided by never flying.

Prepared by: LCBondoc, MBA

Page 3

FMEL313-Risk Management

,.Increasing precautions ( e#e care! against oss $or acti#ities that are undertaken. Risk )voidan!e exposure to losses can be completely eliminated by reducing the level of activity to "ero; that is by not engaging in the activity at all. ,. %oss #inan!ing -Risk #inan!ing. Methods used to obtain funds to pay for or offset losses that occur. #our Met$ods: 1. Retention (%e $&insurance! & business retains the obligation to pay for part or all of the losses. 2. Insurance Insurance contracts reduce risk for the buyer by transferring some of the risk of loss to the insurer. Insurers in turn reduce risk through diversification. 3. 'edging is the practice of taking a position in one market to offset and balance against the risk adopted by assuming a position in a contrary or opposing market or investment. *+amp'e: )irms that use oil in the production processare sub$ect to loss from unexpected increases in oil prices; oil producers are sub$ect to loss from unexpected decreases in oil prices. oth types of firms can hedge their risk by entering into a !or"ard contract# (or)ard Contract * re-uires the oil producer to provide the oil user with a specified amount of oil on a specified future delivery date at a predetermined price, known as !or"ard price, regardless of the market price of oil on that date. ecause the forward price is agreed upon when the contract is written, the oil user and the oil producer both reduce their price risk. +. Other Contractua Risk ,rans$ers &llows businesses to transfer risk to another party. /ike insurance contracts and derivatives, the use of these contracts also is pervasive in risk management. /. Interna' Risk Redu!tion Two Major #orms: a) -i#ersi$ication (=not putting all of their eggs in one basket>) b) In#estment in In$ormation9 to obtain superior forecasts of expected losses to improve forecasts of expected cash flows. Risk Management Organi0ations: Most large companies have a specific department responsible for managing pure risk and is headed by Risk Manager (or 0irector o! Risk Management$# 'iven the losses can arise from numerous sources, the overall risk management process ideally reflects a coordinated effort between all of the corporation!s ma$or departments and business units, including production, marketing, finance, and human resources.

Risk
Prepared by: LCBondoc, MBA Page %

FMEL313-Risk Management

value. +echnically, the value of those results may be positive or negative. <owever, general usage tends to focus only on potential harm that may arise from a future event, which may accrue either from incurring a cost (?downside risk?) or by failing to attain some benefit (?upside risk?). T$reat is an act of coercion wherein an act is proposed to elicit a negative response. It is a communicated intent to inflict harm or loss on another person. It is a crime in many $urisdictions. /ibertarians hold that a palpable, immediate, and direct threat of aggression, embodied in the initiation of an overt act, is e-uivalent to aggression itself, and that proportionate defensive force would be $ustified in response to such a threat, if a clear and present danger exists.

concerns the deviation of one or more results of one or more future events from their expected

Opportunity a favorable $uncture of circumstances or a good chance for advancement or progress. 1n!ertainty is a term used in subtly different ways in a number of fields, including physics, philosophy, statistics, economics, finance, insurance, psychology, sociology, engineering, and information science. It applies to predictions of future events, to physical measurements already made, or to the unknown. 3. 1n!ertainty2 +he lack of certainty, & state of having limited knowledge where it is impossible to exactly describe existing state or future outcome, more than one possible outcome. 4. Measurement of 1n!ertainty2 & set of possible states or outcomes where probabilities are assigned to each possible state or outcome 9 this also includes the application of a probability density function to continuous variables 5. Risk2 & state of uncertainty where some possible outcomes have an undesired effect or significant loss. 6. Measurement of Risk2 & set of measured uncertainties where some possible outcomes are losses, and the magnitudes of those losses 9 this also includes loss functions over continuous variables. Risk Management is the identification, assessment, and prioriti"ation of risks followed by coordinated and economical application of resources to minimi"e, monitor, and control the probability and8or impact of unfortunate events or to maximi"e the reali"ation of opportunities. %isks can come from uncertainty in financial markets, pro$ect failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary. @everal risk management standards have been developed including the .ro$ect Management Institute, the Aational Institute of @cience and +echnology, actuarial societies, and I@( standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of pro$ect management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety.
Prepared by: LCBondoc, MBA Page &

FMEL313-Risk Management

trategies to Manage Risk: transferring the risk to another party avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the conse-uences of a particular risk.

Idea' Risk Management a prioriti"ation process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled. Intangi2'e Risk Management identifies a new type of a risk that has a 3BBC probability of occurring but is ignored by the organi"ation due to a lack of identification ability. #or e+amp'e: when deficient knowledge is applied to a situation, a knowledge risk materiali"es. Re'ations$ip Risk - appears when ineffective collaboration occurs. Pro!ess3*ngagement Risk - may be an issue when ineffective operational procedures are applied. +hese risks directly reduce the productivity of knowledge workers, decrease cost effectiveness, profitability, service, -uality, reputation, brand value, and earnings -uality. Intangible risk management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity.

Risk management also faces difficulties in allocating resources. +his is the idea of opportunity cost. %esources spent on risk management could have been spent on more profitable activities. &gain, ideal risk management minimi"es spending and minimi"es the negative effects of risks.

Met$od 3. 4. 5. identify, characteri"e, and assess threats assess the vulnerability of critical assets to specific threats determine the risk (i.e. the expected conse-uences of specific types of attacks on specific assets) 6. identify ways to reduce those risks 7. prioriti"e risk reduction measures based on a strategy
Prepared by: LCBondoc, MBA Page '

FMEL313-Risk Management

Prin!ip'es of Risk Management +he International (rgani"ation for @tandardi"ation (I@() identifies the following principles of risk management2 Risk management s$ou'd: create value be an integral part of organi"ational processes be part of decision making explicitly address uncertainty be systematic and structured be based on the best available information be tailored take into account human factors be transparent and inclusive be dynamic, iterative and responsive to change be capable of continual improvement and enhancement PROCE%% O( RI%. /0102E/E1,: 1. *sta2'is$ing t$e !onte+t: 1stablishing the context involves2 a. Identifi!ation of risk in a selected domain of interest b. P'anning the remainder of the process. c. Mapping out the following2 o the social scope of risk management o the identity and ob$ectives of stakeholders o the basis upon which risks will be evaluated, constraints. d. "efining a framework for the activity and an agenda for identification. e. "eve'oping an ana'ysis of risks involved in the process. f. Mitigation or o'ution of risks using available technological, human and organi"ational resources.

2.

Identifi!ation: -identify potentia' risks. %isks are about events that, when triggered, cause problems. <ence, risk identification can start with the source of problems, or with the problem itself.

our!e ana'ysis: %isk sources may be internal or external to the system that is the target of risk management. *+amp'es of risk sour!es are 2 stakeholders of a pro$ect, employees of a company or the weather over an airport. Pro2'em ana'ysis: %isks are related to identified threats. #or e+amp'e: the threat of losing money, the threat of abuse of privacy information or the threat of accidents and casualties. +he threats may exist with various entities, most important with shareholders, customers and legislative bodies such as the government. ,hen either source or problem is known, the events that a source may trigger or the events that can lead to a problem can be investigated. #or e+amp'e: stakeholders withdrawing during a pro$ect may endanger funding of the pro$ect; privacy information may be stolen by employees even within a closed network; lightning striking an aircraft during takeoff may make all people onboard immediate casualties.
Prepared by: LCBondoc, MBA Page (

FMEL313-Risk Management

+he chosen method of identifying risks may depend on culture, industry practice and compliance. +he identification methods are formed by templates or the development of templates for identifying source, problem or event.

&ommon risk identifi!ation met$ods are: a. O2je!tives32ased risk identifi!ation- (rgani"ations and pro$ect teams have ob$ectives. &ny event that may endanger achieving an ob$ective partly or completely is identified as risk. b. !enario32ased risk identifi!ation- In scenario analysis different scenarios are created. +he scenarios may be the alternative ways to achieve an ob$ective, or an analysis of the interaction of forces in, for example, a market or battle. &ny event that triggers an undesired scenario alternative is identified as risk - see )utures @tudies for methodology used by )uturists. c. Ta+onomy32ased risk identifi!ation9 it is a breakdown of possible risk sources. ased on the taxonomy and knowledge of best practices, a -uestionnaire is compiled. +he answers to the -uestions reveal risks. d. &ommon3risk !$e!kingIn several industries, lists with known risks are available. 1ach risk in the list can be checked for application to a particular situation. e. Risk !$arting 3 +his method combines the above approaches by listing resources at risk, +hreats to those resources Modifying )actors which may increase or decrease the risk and *onse-uences it is wished to avoid. *reating a matrix under these headings enables a variety of approaches. (ne can begin with resources and consider the threats they are exposed to and the conse-uences of each. &lternatively one can start with the threats and examine which resources they would affect, or one can begin with the conse-uences and determine which combination of threats and resources would be involved to bring them about.

3.

)ssessment (nce risks have been identified, they must then be assessed as to their potential severity of loss and to the probability of occurrence. +hese -uantities can be either simple to measure, in the case of the value of a lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring. +herefore, in the assessment process it is critical to make the best educated guesses possible in order to properly prioriti"e the implementation of the risk management plan. +he fundamental difficulty in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents. )urthermore, evaluating the severity of the conse-uences (impact) is often -uite difficult for immaterial assets. &sset valuation is another -uestion that needs to be addressed. +hus, best educated opinions and available statistics are the primary sources of information. Aevertheless, risk assessment should produce such information for the management of the organi"ation that the primary risks are easy to understand and that the risk management decisions may be prioriti"ed. +hus, there have been several theories and attempts to -uantify risks. Aumerous different risk formula exist, but perhaps the most widely accepted formula for risk -uantification is2 Rate of o!!urren!e multiplied by the impa!t of t$e event e-uals risk
Page )

#ormu'a:

Prepared by: LCBondoc, MBA

FMEL313-Risk Management

Composite Risk Index +he above formula can also be re-written in terms of a *omposite %isk Index, as follows2 &omposite Risk Inde+ 4 Impa!t of Risk event + Pro2a2i'ity of O!!urren!e +he impact of the risk event is assessed on a scale of B to 7, where B and 7 represent the minimum and maximum possible impact of an occurrence of a risk (usually in terms of financial losses). +he probability of occurrence is likewise assessed on a scale from B to 7, where B represents a "ero probability of the risk event actually occurring while 7 represents a 3BBC probability of occurrence. +he *omposite Index thus can take values ranging from B through 47, and this range is usually arbitrarily divided into three sub-ranges. +he overall risk assessment is then /ow, Medium or <igh, depending on the sub-range containing the calculated value of the *omposite Index. )or instance, the three sub-ranges could be defined as B to D, E to 3: and 3F to 47. Aote that the probability of risk occurrence is difficult to estimate since the past data on fre-uencies are not readily available, as mentioned above. /ikewise, the impact of the risk is not easy to estimate since it is often difficult to estimate the potential financial loss in the event of risk occurrence. )urther, both the above factors can change in magnitude depending on the ade-uacy of risk avoidance and prevention measures taken and due to changes in the external business environment. <ence, it is absolutely necessary to periodically re-assess risks and intensify8relax mitigation measures as necessary.

Prepared by: LCBondoc, MBA

Page *