Risk

Management
ASSIGNMENT# 01

SUBMITTED BY:
ABID
ROLL NO.006
MBA-SUMMER 08

REG NO=MBAW02/02-08/NOO6

1
Risk Management

►It is the process of accomplishing preset objectives;

similarly, risk management aims at fulfilling the same
specific objectives.
There are some universal components. These include:

●Risk Identification
●Risk Assessment
●Risk mitigation
●Risk monitoring
●Risk Appetite or Tolerance

◙Risk Identification

In order to achieve a common understanding of the

characteristics of each risk segment at all level in an
organization, it is necessary to spell out the danger signals.
This helps decision makers to get the best from various
activity points of the organization, allowing them to take
calculated risks and not be kept in mind.
►All type of risk (existing and potential) must be identified
and their likely effect in the short run be understood, like for
example a rise in interest rates on bank borrowing in the
next six months/one year.
►One clear way of identifying risk in an organization is to
scan both balance sheet items and off-balance sheet items
and find the risk elements.
►The geographical area covered by an organization may
determine the coverage of its risk contents. A bank that has
international operations may experience different intensity
of credit, market and operational risk in various countries
when compared with a pure domestic bank. Also , even
within a bank, risks will vary in its domestic operations and
its overseas arms.

2
◙Risk Assessment

►Once risks have been identified; they must then be

assessed as to their potential severity of loss and to the
probability of occurrence. These quantities can be either
simple to measure, in the case of the value of a lost building,
or impossible to know for sure in the case of the probability
of an unlikely event occurring. Therefore, in the assessment
process it is critical to make the best educated guesses
possible in order to properly prioritize the implementation of
the risk management plan.
►The fundamental difficulty in risk assessment is
determining the rate of occurrence since statistical
information is not available on all kinds of past incidents.
Furthermore, evaluating the severity of the consequences
(impact) is often quite difficult for immaterial assets. Asset
valuation is another question that needs to be addressed.
Thus, best educated opinions and available statistics are the
primary sources of information. Nevertheless, risk
assessment should produce such information for the
management of the organization that the primary risks are
easy to understand and that the risk management decisions
may be prioritized. Thus, there have been several theories
and attempts to quantify risks.

3
◙Risk mitigation

Risk mitigation is the systematic reduction in the extent of

exposure to a risk and/or the likelihood of its occurrence. It
also called risk reduction.

Risk mitigation measures are usually formulated according

to one or more of the following major risk options, which are:

●Design a new business process with adequate built-in risk

control and containment measures from the start.
●Periodically re-assess risks that are accepted in ongoing
processes as a normal feature of business operations and
modify mitigation measures.
●Transfer risks to an external agency (e.g. an insurance
company). ●Avoid risks altogether
(e.g. by closing down a particular high-risk business area)

Acknowledging that risks can be positive or negative,

optimizing risks means finding a balance between negative
risk and the benefit of the operation or activity; and between
risk reduction and effort applied.
Outsourcing could be an example of risk reduction if the
outsourcer can demonstrate higher capability at managing
or reducing risks

4
◙Risk monitoring

Keeping close track of risk identification assessments

activities in the light of the risk, principles and policies is a
core function in a risk management system. For the success
of the system, it is essential that the operating wing perform
their activities within the broad contours of the
organization’s risk perception. Risk monitoring activity
should thus ensure that:

►Each operation segment has clear lines of authority and

responsibility.
►Whenever the organization’s principles and policies are
breached—even if they may be to its advantage—they
should be analyzed and reported to the appropriate
authorities to aid in policy-making.
►In the course of risk monitoring, if it appear that it is in the
organization’s interests to modify existing policies and
procedure, steps to change them should be considered.
►There is an action plan to deal with major threat areas
facing the organization in the future.
►The activities of both the business and reporting wings are
monitored, striking a balance at all point in time.
►Tracking of risk migration is both upward and downward.

5
◙Risk Appetite or Tolerance

►Risk appetite is the capacity to accept or absorb risk.

Outside of financial risk appetite, at the organizational level,
is the amount of risk exposure, or potential adverse impact
from an event, that the organization is willing to
accept/retain. Once the risk appetite threshold has been
breached, risk management treatments and business
controls are implemented to bring the exposure level back
within the accepted range.
►The amount of risk an organization accepts will vary from
organization to organization depending on circumstances
unique to each Factor such as external environment,
peoples, business systems and policies will all influence an
organization’s risk appetite.
►A risk appetite varies from organization to organization so
too can risk appetites vary across business units and risk
types. For example a bank appetite from risk in mature
lending activities may be quite different from its appetite for
risk in an emerging business.
►A will-define risk appetite should have the following
characteristics.
●Reflective of strategies, include organizational objectives,
business plans and stakeholder expectations.
●Reflective of all key aspects of the business.
●Acknowledges willingness and capacity to take on risk.
●Is documented as a formal risk appetite statement.
●Is inclusive of a tolerance for loss or negative events that
can be reasonably quantified.