Total Risk Management

Total Risk Management
DONE BY: YASHVI CHITALIA (10) NIKHIL DOSHI HEENA GADIA JAY JAIN KINJAL MEHTA PRACHI MEHTA KINJAL RATHOD (11) (14) (21) (34) (36) (46)
VISHAL SANGHAVI (49) MONIL SONAIYA NIKITA TORKA (56) (59)
ACKNOWLEDGEMENT
We would like to express our gratitude to our teacher in charge Prof.Murugank Kapadia for giving us this opportunity of working on this project and guiding us throughout the course of the project.
INDEX
SR NO. 1 2 3 4 5 6 7 8 TOPIC Introduction Principles of Risk Management Potential Risk Treatments Importance of Risk Management Types of Risk Management Application of Financial Risk Management Risk Management, Corporate Governance & Public Corporation Summary & Conclusion PAGE NO. 3 5 10 13 13 18 32 40
INTRODUCTION:
Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary. Several risk management standards have been developed including the Project Management Institute, the National Institute of Science and Technology, actuarial societies, and ISO standards. Methods, definitions and goals vary widely according to whether the risk management method is in the context of project management, security, engineering, industrial processes, financial portfolios, actuarial assessments, or public health and safety. The strategies to manage risk include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk. Certain aspects of many of the risk management standards have come under criticism for having no measurable improvement on risk even though the confidence in estimates and decisions increase. In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled. Intangible risk management identifies a new type of a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability. For

example, when deficient knowledge is applied to a situation, a knowledge risk materializes. Relationship risk appears when ineffective collaboration occurs. Process-engagement risk may be an issue when ineffective operational procedures are applied. These risks directly reduce the productivity of knowledge workers, decrease cost effectiveness, profitability, service, quality, reputation, brand value, and earnings quality. Intangible risk management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity. Risk management also faces difficulties in allocating resources. This is the idea of opportunity cost. Resources spent on risk management could have been spent on more profitable activities. Again, ideal risk management minimizes spending and minimizes the negative effects of risks.
Method:
For the most part, these methods consist of the following elements, performed, more or less, in the following order:
identify, characterize, and assess threats assess the vulnerability of critical assets to specific threats determine the risk (i.e. the expected consequences of specific types of attacks on specific assets) identify ways to reduce those risks prioritize risk reduction measures based on a strategy
Principles of risk management:

The International Organization for Standardization (ISO) identifies the following principles of risk management Risk management should:

create value be an integral part of organizational processes be part of decision making explicitly address uncertainty be systematic and structured be based on the best available information be tailored take into account human factors be transparent and inclusive be dynamic, iterative and responsive to change be capable of continual improvement and enhancement
Process:
According to the standard ISO 31000 "Risk management -- Principles and guidelines on implementation," the process of risk management consists of several steps as follows:
o Establishing the context

Establishing the context involves: 1. Identification of risk in a selected domain of interest 2. Planning the remainder of the process. 3. Mapping out the following:

the social scope of risk management the identity and objectives of stakeholders the basis upon which risks will be evaluated, constraints.
4. Defining a framework for the activity and an agenda for identification. 5. Developing an analysis of risks involved in the process. 6. Mitigation or Solution of risks using available technological, human and organizational resources.
o Identification:
After establishing the context, the next step in the process of managing risk is to identify potential risks. Risks are about events that, when triggered, cause problems. Hence, risk identification can start with the source of problems, or with the problem itself.
Source analysis : Risk sources may be internal or external to the system that is the target of risk management.
Examples of risk sources are: stakeholders of a project, employees of a company or the weather over an airport.
Problem analysis: Risks are related to identified threats. For example: the threat of losing money, the threat of abuse of privacy information or the threat of accidents and casualties. The threats may exist with various entities, most important with shareholders, customers and legislative bodies such as the government.
The chosen method of identifying risks may depend on culture, industry practice and compliance. The identification methods are formed by templates or the development of templates for identifying source, problem or event. Common risk identification methods are:
Objectives-based risk identification: Organizations and project teams have objectives. Any event that may endanger achieving an objective partly or completely is identified as risk. Scenario-based risk identification scenario analysis . In different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk - see Futures Studies for methodology used by Futurists. Taxonomy-based risk identification The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks. Common-risk checking In several industries, lists with known risks are available. Each risk in the list can be checked for application to a particular situation. Risk charting This method combines the above approaches by listing resources at risk, Threats to those resources Modifying Factors which may increase or decrease the risk and Consequences it is wished to avoid. Creating a matrix under these headings enables a variety of approaches. One can begin with resources and consider the threats they are exposed to and the consequences of each. Alternatively one can start with the threats and examine which resources they would affect, or one can begin with the consequences and determine which combination of threats and resources would be involved to bring them about.
Total Risk Management o Assessment:

Once risks have been identified, they must then be assessed as to their potential severity of loss and to the probability of occurrence. These quantities can be either simple to measure, in the case of the value of a lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring. Therefore, in the assessment process it is critical to make the best educated guesses possible in order to properly prioritize the implementation of the risk management plan. The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents. Furthermore, evaluating the severity of the consequences (impact) is often quite difficult for immaterial assets. Asset valuation is another question that needs to be addressed. Thus, best educated opinions and available statistics are the primary sources of information. Nevertheless, risk assessment should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized. Thus, there have been several theories and attempts to quantify risks. Numerous different risk formulae exist, but perhaps the most widely accepted formula for risk quantification is: Rate of occurrence multiplied by the impact of the event equals risk
Composite Risk Index:

The above formula can also be re-written in terms of a Composite Risk Index, as follows: Composite Risk Index = Impact of Risk event x Probability of Occurrence The impact of the risk event is assessed on a scale of 0 to 5, where 0 and 5 represent the minimum and maximum possible impact of an occurrence of a risk (usually in terms of financial losses).

The probability of occurrence is likewise assessed on a scale from 0 to 5, where 0 represents a zero probability of the risk event actually occurring while 5 represents a 100% probability of occurrence. The Composite Index thus can take values ranging from 0 through 25, and this range is usually arbitrarily divided into three sub-ranges. The overall risk assessment is then Low, Medium or High, depending on the sub-range containing the calculated value of the Composite Index. For instance, the three sub-ranges could be defined as 0 to 8, 9 to 16 and 17 to 25.
10
Potential risk treatments:

Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories

Avoidance (eliminate, withdraw from or not become involved) Reduction (optimise - mitigate) Sharing (transfer - outsource or insure) Retention (accept and budget)
Risk avoidance:
This includes not performing an activity that could carry risk. An example would be not buying a property or business in order to not take on the legal liability that comes with it. Another would be not be flying in order to not take the risk that the airplane were to be hijacked.
Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of earning profits.
Risk reduction:
Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood of the loss from occurring. For example, sprinklers are designed to put out a fire to reduce the risk of loss by fire. This method may cause a greater loss by water damage and therefore may not be suitable. Halon fire suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy. Acknowledging that risks can be positive or negative, optimizing risks means finding a balance between negative risk and the benefit of the operation or activity; and between risk
11

reduction and effort applied. By an offshore drilling contractor effectively applying HSE Management in its organization, it can optimize risk to achieve levels of residual risk that are tolerable.[ Modern software development methodologies reduce risk by developing and delivering software incrementally. Early methodologies suffered from the fact that they only delivered software in the final phase of development; any problems encountered in earlier phases meant costly rework and often jeopardized the whole project. By developing in iterations, software projects can limit effort wasted to a single iteration. Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher capability at managing or reducing risks. For example, a company may outsource only its software development, the manufacturing of hard goods, or customer support needs to another company, while handling the business management itself. This way, the company can concentrate more on business development without having to worry as much about the manufacturing process, managing the development team, or finding a physical location for a call center.
Risk sharing:
Briefly defined as "sharing with another party the burden of loss or the benefit of gain, from a risk, and the measures to reduce a risk." The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that you can transfer a risk to a third party through insurance or outsourcing. In practice if the insurance company or contractor go bankrupt or end up in court, the original risk is likely to still revert to the first party. As such in the terminology of practitioners and scholars alike, the purchase of an insurance contract is often described as a "transfer of risk." However, technically speaking, the buyer of the contract generally retains legal responsibility for the losses "transferred", meaning that insurance may be described more accurately as a post-event compensatory mechanism.
12

For example, a personal injuries insurance policy does not transfer the risk of a car accident to the insurance company. The risk still lies with the policy holder namely the person who has been in the accident. The insurance policy simply provides that if an accident (the event) occurs involving the policy holder then some compensation may be payable to the policy holder that is commensurate to the suffering/damage. Some ways of managing risk fall into multiple categories. Risk retention pools are technically retaining the risk for the group, but spreading it over the whole group involves transfer among individual members of the group. This is different from traditional insurance, in that no premium is exchanged between members of the group up front, but instead losses are assessed to all members of the group.
Risk retention:
Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self insurance falls in this category. Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. All risks that are not avoided or transferred are retained by default. This includes risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible. War is an example since most property and risks are not insured against war, so the loss attributed by war is retained by the insured. Also any amounts of potential loss (risk) over the amount insured are retained risk. This may also be acceptable if the chance of a very large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals of the organization too much.
13
Importance of Risk Management

Risk Management is essential not only for prevention of risk but also for reduction of risks. Risk Management leads to maximum social advantages and plays a significant role in bringing about social, political and economic development in a country. The process of risk management helps focus on priorities and in decisions on deploying limited resources to deal with the highest risks.
Types of Risk Management:

There are different types of risk management and the characteristics and procedures of each type of risk management is different from the other. All these risk management processes play a significant role behind the growth of an organization in the long term. Commercial enterprises apply various forms of risk management procedures to handle different risks because they face a variety of risks while carrying out their business operations. Effective handling of risk ensures the successful growth of an organization. Various types of risk management can be categorized into the following:
Operational risk management: Operational risk management deals with technical failures and human errors
Financial risk management: Financial risk management handles non-payment of clients and increased rate of interest
Market risk management: Deals with different types of market risk, such as interest rate risk, equity risk, commodity risk, and currency risk
Credit risk management: Deals with the risk related to the probability of nonpayment from the debtors
14
Quantitative risk management: In quantitative risk management, an effort is carried out to numerically ascertain the possibilities of the different adverse financial circumstances to handle the degree of loss that might occur from those circumstances
Commodity risk management: Handles different types of commodity risks, such as price risk, political risk, quantity risk and cost risk
Bank risk management: Deals with the handling of different types of risks faced by the banks, for example, market risk, credit risk, liquidity risk, legal risk, operational risk and reputational risk
Nonprofit risk management: This is a process where risk management companies offer risk management services on a non-profit seeking basis
Currency risk management: Deals with changes in currency prices Enterprise risk management: Handles the risks faced by enterprises in accomplishing their goals
Project risk management: Deals with particular risks associated with the undertaking of a project
Integrated risk management: Integrated risk management refers to integrating risk data into the strategic decision making of a company and taking decisions, which take into account the set risk tolerance degrees of a department. In other words, it is the supervision of market, credit, and liquidity risk at the same time or on a simultaneous basis.
Technology risk management: It is the process of managing the risks associated with implementation of new technology
Software risk management: Deals with different types of risks associated with implementation of new softwares
Operational risk management is an important form of risk management. In commercial enterprises, operational risk management is the supervision of different types of operational risk occurring on a daily basis. Operational risk management is also known as ORM. With the help of operational risk management, various types of operational risks are managed that occur on a daily basis.
15
Total Risk Management Important Advantages of Operational Risk Management:

Following are the most important advantages of operational risk management:
Decrease in losses arising from operations Reduced auditing/compliance expenses Decreased vulnerability to risks in the future Early sensing of illegitimate functions
Types of Operational Risk:

According to the Basel Committee on Banking Supervision, the events, which lead to operational risks, can be categorized into the following types: External Fraud: Risk arising from fraudulent activities from a third party, for example, robbery, theft, phishing or hacking. Internal Fraud: Risk arising from fraudulent activities from internal parties. Products, Customers and Business Practices: Risk resulting from inadvertent or careless failure to satisfy a professional responsibility to particular customers (involving fiducial and appropriateness necessities) or from the characteristics of configuration of a commodity. Workplace safety and employment practices: Risk arising from non-compliance with health, employment, or safety acts or from disbursal of claims related to personal injury or from inequality/unfair treatment System failure and business interruptions: Risk resulting from interruptions of business operations or system breakdown. These include telecommunication, computer software, or computer hardware failure and equipment failure. Damages to tangible properties: Risk resulting from damages or losses of tangible properties due to natural calamity or other occurrences. Execution, supply and process management: Risk arising from failure in process management or transaction processing due to poor association with vendors and commercial service providers. These involve the following:
16

o Performance & maintenance miscommunication o Transaction seizure o Missed responsibility or deadline o Data entry, preservation or loading fault o Accounting mistake o System/Model malfunctioning o Failure in delivery o Entity assignment fault o Failure in reference data preservation o Failure from collateral management o Unsuccessful compulsory reporting liability o Reporting & monitoring failure o Client Intake & Paperwork o Erroneous external report (incurring loss) o Incomplete or misplaced legal documents o Overlooked client disclaimers/permissions o Unauthorized access offered to accounts o Client/Customer Account Management o Careless damage or loss of customer assets o Inappropriate customer records (incurring loss) o Failure on behalf of commercial partners and non-client vendors and vendor disagreements
Operational Risk Management Software:

At the present time, a number of software products have been introduced for the purpose of operational risk management according to the Sarbanes-Oxley Act. With the help of this software, financial audit can be performed at cheaper expenses. Forrester Research has recognized 115 Risk and Compliance and Governance marketers, which deal with operational risk management programs.
Financial risk management:

17
Financial risk management is a method of producing or adding value to a company through utilizing financing mediums for handling vulnerability to risk, specifically market risk and credit risk. Financial risk management is an important form of risk management. Financial risk management is a type of risk management, which tries to add value in a company through implementation of financing mediums (cash instruments and derivative instruments) to handle risk exposure, especially from market risk and credit risk. With the help of financial risk management, a number of financial risks can be handled, which include the following: Shape risk Foreign exchange risk Sector risk Volatility risk Inflation risk Liquidity risk
The process of financial risk management involves identification of financial risk, evaluating the financial risk and strategies to deal with those risks.
Financial risk management concentrates on the appropriate time and manner for hedging implementation of cash instruments and derivative instruments to address pricey risk exposures.
In the banking industry all over the world, the Basel Accords are usually chosen by multinational or global banking institutions for identifying, describing and disclosing credit risk, operational risk and market risks.
18
Total Risk Management Application of Financial Risk Management:

Theories of financial economics suggest that a company should go for a project at the time it grows shareholder value. In addition, financial theory demonstrates that the management of the company is not able to produce shareholder (who are also known as the investors of the company) value through undertaking a project, which the shareholders are able to perform for themselves at equal expenses. At the time when this concept is implemented towards financial risk management, it denotes that management of a company should not go for hedging risks, which the shareholders are able to hedge on their own at similar expenses.
This idea is corroborated by the hedging irrelevance proposition, which says that in case of a perfect market, a company is not able to perform value creation through hedging a risk while the cost of carrying the risk within the company is equal to the cost of carrying it away from the company. In reality, no financial market is a perfect market. This indicates that the management of a company has a large number of options to generate value for the shareholders utilizing financial risk management.
Market risk management:

The concept of Market risk management has gained in importance in the recent times as it has been giving the business organizations a particular risk model that becomes all the more useful when the company is opening or closing business activities. The process of market risk management comes with some essential features that help it to be more effective.
19
Total Risk Management Uses of Market Risk Management:

The process of market risk management has a number of applications in the context of today's global market. Its most basic use lies in the fact that it furnishes the business concerns with a particular risk structure. This risk structure comes in handy especially when a particular company is operating either in its closing or opening phase.
Main Characteristics of Market Risk Management:

Following are the principal characteristics of the system of market risk management:
World limit management: This process is at the base of the various trading plans that are used across the world as well as their applications. This process also makes sure that the amount of loss that may be faced by a particular company while carrying out business transactions is not more than what is being expected by that organization.
The various market risk management systems make sure that the various information related to the market are relevant as far as the parameters of input in case of the market risk calculations are concerned.
Indicators: These are applicable only in the case of banks and certain businesses. These are normally used in order to find out the problems that may be related to market risks
Credit risk management:
Credit risk management is extremely important as far as the overall financial stability of the financial institutions like the banks is concerned. The credit risk management situations in most banks are not exactly impressive and thus this process becomes all the more important. The basic aim of the system of credit risk management is to reduce the potential of credit risk that may be faced by a particular creditor.
20
Total Risk Management Importance of Credit Risk Management:

The credit risk management is of utmost importance for the banks and other financial institutions that have been the chief sources of credit for many years. It has been observed that the financial institutions that are able to manage their credit risks properly are functioning well.
Situations of Credit Risk Management:

There are a variety of problems related to credit risk management that have been important in this context. However, the most important factor in this case has been the absence of proper credit rules for the debtors. At times it has also been noticed that the companies have not been able to manage their portfolios in a proper way. The banks and other financial institutions that are dealing in credit services have not always been able to take into account the various economic factors that have contributed to a decline in the credit capabilities of the borrowers.
Aim of Credit Risk Management:

The most basic aim of the process of credit risk management is to minimize the levels of credit risk that a particular institutional creditor like a bank faces when it lends money to a particular borrower. The system of credit risk management accomplishes that by keeping the levels of the risk faced by a bank within certain acceptable standards.
Quantitative Risk Management:

Quantitative risk management is a very important process in the context of the modern day business world. It primarily deals with the concepts of risk and hazard and tries to reduce the chances of the occurrence of any form of financial loss. Risk is regarded as a combination of these three factors: Possibilities of a hazard
21

Possibilities of high losses being suffered as a consequence of the accident Possibilities of a hazard leading to an accident
Inputs of Quantitative Risk Analysis:

The inputs of the process of Quantitative Risk Analysis are as follows:

Organizational Process Assets Risk Register Project Scope Statement Project Management Plan Risk Management Plan
The organizational price assets are basically information regarding a particular project that is similar to the one that is being analyzed. This sort of information is taken from project archives. They may also be the study results of risk specialists as well as a database of proprietary risk. The project scope statement highlights the positive aspects of a particular business project. The risk management plans contain information on the risky aspects of a particular business endeavor like:

Budget Types of Risk Explanations of impact and probability Timing and Schedule of Risks Probability and Impact Matrix
The Risk Register performs a similar function to the risk management plans. It also categorizes and prioritizes the various aspects of the process of quantitative risk analysis. The project management plans are made up of the cost management plans and the schedule management plans. The former shows ways to run the project and the later deals with the financial aspects of the project.
22
Total Risk Management Functioning of Quantitative Risk Management:

The primary function of the process of quantitative risk management is to deal with the various elements of the phenomenon of risk by trying to bring down the possibilities of such mishaps. It also tries to limit the extent of loss that may take place if a hazard happens.
There are some important aspects as far as the functioning of the process of quantitative risk management is concerned:

Modeling and Simulation Interviewing Expected Monetary Value Probability Distribution Decision Tree Analysis Sensitivity Analysis
Output of Quantitative Risk Management:

The outputs of the quantitative risk management are the results of the process. Under normal circumstances the only output of a quantitative risk management process is a risk register. The risk register is made up of the following components:

Trends in quantitative risk analysis Probabilistic analysis of the project Prioritized list of quantified risks Probability of achieving cost and time objectives
Commodity risk management:

Commodity risk management is very important to provide coverage to all those groups that are related to the commodity market. These groups are exposed to maximum financial risks when there is any natural disaster or man-made disturbance.
23

Commodity market in every country faces some of the common risks. These risks are caused by natural disaster as well as external factors like wars, political instability and so on. If not covered properly, these risks can cause huge financial loss to a number of groups. Proper commodity risk management is essential to provide stability to this sector as well as to make this sector financially secured.
Types of Commodity Risk:

There are different types of commodity risk that are faced by the commodity markets across the world. These risks are as follows: Natural Risks: Natural disasters Man-Made Risks: Political risks, price risks, quantity risks and so on
Groups Facing Commodity Risk:

There are a number of groups that mostly face the commodity risk. Primarily there are the farmers, producers and plantation companies who face these risks. At the same time, the purchasers and exporters of commodities also come under the shadow of commodity risk. Last but not the least, is the national governments that are also bound to share these risks with others.
Bank risk management:

Bank Risk Management is used mostly in the financial sector. Bank Risk Management involves market risk as well as credit risk management. Bank Risk Management gives an idea of future risks and also promotes prudent risk taking behavior.
24
Need for Bank Risk Management

Repeated financial disasters faced by financial, non-financial and government bodies have created the need for bank risk management policies. Apart from regulatory requirements, bank risk management is needed by the bank managers for the following reasons: -risk ratios. Investment of capital is then directed to options with high reward risk ratios.
risk monitoring part is already put in place. Banks also learn to handle their available liquidity well.
Characteristics of Bank Risk Management Policies:

One of the characteristics of bank risk management policies is that it needs to be updated on a regular basis. Banks that are involved in trading go in for

Intra day risk management on selective areas Regular measurement of the overall risks faced by the bank
Regulators are however, more interested at knowing the overall risks as compared to the individual portfolio items. Another characteristic of bank risk management policy is that it is usually not carried out in a decentralized fashion. The economic theory of risk management states that the risk of a particular portfolio is usually not determined by a simple addition of the component risks. Bank risk management policies despite their worthiness are resource intensive. They demand considerable time and money. But violation of prescribed regulations in the capital market attracts heavy penalty. So managers do a cost benefit analysis whenever portfolio composition changes.
25
Nonprofit Risk Management:
Nonprofit risk management is carried out by non-profit organizations. It mitigates the adverse effects arising out of risk factors. Different organizations may have different goals. In order to achieve the same they must use their resources efficiently. Herein come the various management policies.
Steps of Nonprofit Risk Management:
Identification of problems: This refers to identification of areas of operation where problems might crop up due to unforeseen events. It is this uncertain event, which we refer to as risk. Normally risks adversely affect the functioning of an organization. So risk management essentially provides the organization with a back up plan.
Formulation of plans: This deals with the preparation of an action plan .It is done with a view to mitigate the difficulties arising out of risk situations.
Determination of compensation package in case of an eventuality: Here we try to determine what the ideal compensation package will be, in case of an eventuality.
Risk Management Issues Concerning Nonprofit Organizations:

Screening of the organization's volunteers Keeping a tab on the records of driving licenses of both staff and volunteer drivers Developing training and orientation modules for volunteers Developing guidelines for employees Financial negotiations at the time of taking a bank loan Purchase of property Taking insurance of liabilities
Reasons for Adoption of Nonprofit Risk Management:

For non-profit organizations risk management is essentially a preventive measure. It is put in place to avoid any unnecessary future hassle arising out of risk factors. Nonprofit risk management provides the organization with an action plan. Nonprofit risk management formulates various strategies and prescribes various techniques to be followed by the
26

organization. It is wise to plan in advance for possible future disruptions and create a back up policy for the same. This helps in the smooth running of the organization. Attainment of long term set goals also becomes easy.
Currency Risk Management:
Currency risk can be termed a sudden fall in the value of a particular currency. This happens due to unexpected shifts in the currency exchange rates. To avoid or minimize losses caused by these incidents, proper currency risk management strategy is very essential. Currency risks are related to the floating exchange rates. The currency exchanges are done for a number of reasons. Nowadays, cross border commercial activities are growing at a rapid pace. Almost everything starting from goods to technologies are exchanged between the traders of different countries. These transactions are subjected to currency risk because floating exchange rates are minimizing the chances of fixing the value of a particular currency. On the other hand, there are the forex market traders who are involved in trading of currencies of different countries. These traders participate in the activities of one of the most liquid world financial markets. A large number of banks, individuals as well as several national governments are involved in these activities. These institutions as well as the individual investors are also in need of currency risk management because the forex market rates and trends change very quickly. Two types of risks are managed by currency risk management strategies. These are the systematic risk and unsystematic risk. Systematic risks are all those risks that affect each and every kind of investments. Interest rate risk, market risk as well as inflation risk, all are considered as systematic risks. On the other hand, there are the unsystematic risks like business and financial risk.
27

Unsystematic risk affects some definite businesses and not the entire market. One of the most common currency risk management tool is the forward exchange contract. According to these contracts that are signed between the potential seller and purchaser of a particular currency, the exchange rates are fixed before the actual transaction. The transaction takes place in the future but due to the contract, if the exchange rate of that currency changes at the time of transaction, the purchaser and the seller are not affected. There should also be a definite trading strategy that can be very helpful in hedging the currency risks. These strategies should be developed after analyzing the market averages or market indexes properly. On the other hand, there are certain theories regarding the trading process in the currency market. These are also very helpful for currency risk management. All these are specialized things and one may seek professional assistance from the currency risk management firms for the purpose.
Enterprise Risk Management:

The business sector has its own risks and opportunities. Managing these risks properly and making full use of the business opportunities are termed as enterprise risk management. It helps in developing the business by adding value to the particular business. Certain amount of risk is associated with all types of business operations. At the same time, there are a number of growth opportunities that are also related to the business. For the overall development, it is essential that these risks are hedged properly so that they cannot cause any kind of loss to the business or even if it causes any harm, the effects can be minimized as much as possible.
On the other hand, it is also necessary that the provided opportunities are used in the best possible way.
28
Types of Enterprise Risk Management:

There are two types of enterprise risk management. These are the RIMS and COSO. Both these types share some common objectives like locating the hidden risk factors and providing solutions to hedge the risk. At the same time, these risk management strategies are also conscious about monitoring the development of the risk hedging strategy. The monitoring activities are also very important to take hold of the market opportunities. Application of RIMS or COSO depends on the particular situation and is subjected to the approval of the management.
Project Risk Management:

Project risk management focuses on the management of various types of risks related to a project. The process of project risk management is carried out in a number of steps. Nevertheless, there are two principal phases of project risk management and they are assessment of risk and risk control. Project risk management deals with different types of uncertainties and constraints related to a project (known as project risks). A project risk is a probable origin of variation from the plan of the project and it may have a positive or negative influence on the project. Project risks having negative characteristics are known as threats and project risks bearing positive characteristics are known as opportunities. Efforts are always on to minimize the threats and maximize the opportunities Project risks can be minimized with the help of eliminating or decreasing them. There are two main phases of project risk management and they are risk assessment and control of risk.
Assessment of risk may be carried out at any point of time within the duration of the project. However, the earlier it is performed, the better it is for the organization. Risk control is always
29

dependent on a proper risk assessment. On the other hand, if risk control measures are not undertaken, there is no use of performing a risk assessment.
Process of Project Risk Management:

The process of project risk management can be elaborated as follows:
Project Risk Assessment : The process of project risk assessment can be further categorized into the following:
Identification of risk: The project risks are identified by examining the whole project plan. Analysis of risk: Risk analysis can be quantitative or qualitative in nature. In this process, the manner in which the project risks may influence the project performance in terms of expenses, time period or satisfaction of the necessity of the customer is ascertained.
Prioritization of risk: According to this process, it is determined that which risks require total elimination, which risks require continuous supervision and monitoring and which risks are not so important to supervise.
Project Risk Control
Project risk control involves the following steps: Avoidance of risk: A plan is chalked out as to how project risks can be eliminated or avoided. Risk transfer: In this way, risk is transferred by buying insurance policies. Risk mitigation: A number of measures are taken beforehand for minimizing the impact of risk. Contingency plan: For risks that are regarded as important, a contingency plan is prepared in advance before those risks occur. Risk acceptance: Certain risks are accepted because they are regarded as small and do not influence the performance of the company to a significant degree. Measure and control: Observing the outcomes of the risks that have been detected and handling them to a favorable or productive end.
30
Total Risk Management Technology Risk Management:

The system of technology risk management is used in order to deal with the various risks that may arise in the use of technological tools. This process is especially applicable in case of the banking industry. It has been observed that the risk management strategies that are useful in other cases are generally not applicable when it comes to technology risk management.
Processes of Technology Risk Management:

As far as the process of technology risk management is concerned after the weaknesses are detected the authorities function in order to eliminate them by developing the proper strategy. The banks nowadays work as per three approaches.
These approaches are either used on their own or in combinations. The approaches may be mentioned as below:
Risk management with the help of internal processes. In such cases controls are extremely important.
Risk transfer by buying insurance coverage Risk management with the help of outsourcing. In such cases the required work is outsourced to external bodies.
Normally it has been seen that the companies that need to take technology risk management steps opt for any of the above-mentioned steps. All these choices provide the users with specific advantages as well as disadvantages. However, the choice is normally made after judging the profitability of each one of the options.
31
32
Risk Management, Corporate Governance and the Public Corporation

From Theory to Practice: Why Firms Should Manage Risk
Not until the re-emergence of corporate governance concerns about the separation of owners and managers articulated by Berle and Means in the 1930s reappeared in the modern finance literature did risk management enter the scientific world of financial economics. This re-emergence in the scholarly literature can be traced to Ross (1973) and Jensen and Meckling (1976) who introduced the term agency theory into finance. At the core of financial agency theory was the notion that in a world of informational asymmetries and self-seeking behavior, individuals would use informational and other advantages to transfer wealth to themselves from others. Although such behavior was ascribed to all stakeholders, early attention focused on conflicts on interest between shareholders and managers (a concern of Berle and Means) and shareholders and bondholders. Later, other stakeholders were brought into the scheme. Ways of solving or mitigating these conflicts are the concerns of corporate governance.
Basically, early and late financial agency theory took the seminal works of early financial theory that were developed around the notion of perfect capital markets and introduced imperfections into the analysis. The introduction or recognition of these imperfections led to many reasons for having managers manage risk (Smith and Stulz, 1985; Froot, Scharfstein and Stein, 1993), reasons that have found their way into contemporary financial management textbooks (e.g., Grinblatt and Titman, 2001). We review these reasons in order to set the stage for connecting them to more fundamental social welfare concerns about corporate governance and risk management. The usual reasons are:
1. 2. 3. 4.
Risk management can be used to lower the firms expected tax payments. Risk management can reduce the costs of financial distress and bankruptcy. Risk management can be used to encourage and protect firm specific investments. Risk management can be used to align the interests of management with those of the owners of the company. 5. Risk management can be used to design management compensation plans that hold management accountable only for the factors under their control. 6. Risk management can be used to assist firms in developing financial plans and funding programs. 7. Risk management can be used to stabilize cash dividends.
33
Total Risk Management Using Risk Management to Lower Taxes

Although not associated with informational asymmetries, taxes qualify as a market imperfection. To the extent that taxes levied on corporate income differ from those on personal income or treat some forms of income differently from others, risk management strategies can be used to arbitrage or negate tax code asymmetries.
One tax code asymmetry is the differential treatment of interest expense and cash dividends. Interest payments are tax deductible and paid from before tax dollars, cash dividend payments are paid from after tax dollars. Consequently, debt financing may reduce the overall after tax cost of capital to the company by creating an interest expense tax shield with the benefits accruing to the shareholders. To the extent that risk management enables a firm to use more debt (increase its financial leverage) risk management becomes a way of reducing taxes by letting a firm borrow more money and obtain interest expense tax shields.
Another common tax code asymmetry is the differential treatment of gains and losses. Exchange rate or commodity price gains may be taxable; however, losses may not be fully or immediately deductible. If the gains average out over a business or price cycle, the average tax paid will be lower if the firm hedges its exposures to these price changes and pays taxes on the average gain over the entire cycle. In contrast, if the firm did not hedge the exposures, the losses could not be used to offset the gains. Any such tax-coded asymmetry is exacerbated under a progressive tax code, especially if the progressivity is steep. More interesting from a corporate governance perspective, however, are reasons for risk management emanating from how the company is financed itself a governance structure issue and how the suppliers of capital monitor and control managers.
Reducing Financial Distress and Bankruptcy Costs
While fully diversified equity investors may not pay much attention to the unique risks associated with price, currency and interest rate volatility, other stakeholders take a different view of the situation. These other stakeholders include creditors, customers and suppliers and they could suffer substantial costs should a company find itself in financial difficulty.
Consider Toolco, a machine tool manufacturer that produces and sells highly specialized equipment to customers who rely on the company to honor warranties, provide on-going service and technical assistance and supply spare parts. Southeast Asia and Europe are both major markets for Toolco with 34

German and South Korean manufacturing firms being major customers. Toolco prepares bids, quotes prices and bills customers in local currency Euros and South Korean won. Toolco uses both debt and equity to finance itself.
Should the U.S. dollar appreciate substantially relative to the euro and won, the dollar value of Toolcos outstanding bids and accounts receivables will plummet. Furthermore, should the dollar remain strong for an extended period, Toolcos overall competitive position will weaken relative to its foreign competitors. This strengthening of the dollar will cause a substantial reduction in Toolcos profits and cash flows, a reduction that will affect its ability to provide service and spare parts and, ultimately, produce and deliver high quality machine tools as contracted.
Toolco can use risk management strategies to mitigate the potential financial problems associated with currency risks. It can hedge its exchange rate exposures and adopt other exchange rate exposure strategies such as currency swaps for financing its foreign operations that reduce the likelihood of Toolco experiencing severe financial problems from unexpected exchange rate movements. Managing currency risk may also lead to an increased willingness of customers to buy from Toolco because of its ability to withstand financial difficulties. In turn, the improvement in Toolcos financial position may improve the terms on which suppliers sell to Toolco. The end result for Toolco will be an increase in the market value of its common stock, an outcome desired by its shareholders.
Contemporary textbook treatments of risk management also develop the story that locking in a certain level of operating cash flows may also permit Toolco to use more debt to finance itself. The explanation offered is a reduction in financial distress costs along with the deductibility of interest expense story.
Using Risk Management to encourage and Protect Firm Specific Investments
Stakeholders of the firm include its employees, managers, suppliers and customers. These stakeholders find it very difficult to diversify away the risks they are exposed to in their relationships with the firm, especially if the stakeholders make firm specific investments (Williamson, 1985). So, to the extent that risk management is able to reduce the risks of financial distress and failure, the firm will enjoy an improved competitive position in its product and labor markets.
35

For example, employees have a considerable interest in the success of a company because they would incur substantial adjustment costs were the firm to fail. These costs go beyond the costs of looking elsewhere for employment, especially for highly skilled technical and managerial employees. These individuals typically make major commitments of time and effort to develop company specific skills and look to the continued growth and success of the company for the returns on these investments. The returns are not entirely pecuniary, but come in the form of promotions, status and job security. So, as pointed out in most textbook treatments of the subject, firms that can offer security and the prospects of financial success to their employees and managers are likely to garner greater employee loyalty and recruit and retain the better workers and managers.
But, a more fundamental relationship exists between having employees and other stakeholders make firm specific investments and the need for firm survival. We would argue that it is the firm specific skills amassed by the firms employees that make it possible for the firm to earn more than its cost of capital. Expressed in the terminology of financial management, these firm specific skills enable the firm to find and undertake positive net present value projects.
This notion of the importance of firm survival and the need to manage total risk so as to support the development of firm specific skills to make positive NPV projects fits nicely into David Durands critique of Modigliani and Millers irrelevance of capital structure given perfect capital markets. Durand (1989) notes that Modigliani and Miller did not restrict the firms investment opportunities to only perfectly competitive zero net present value projects but, instead, let firms earn excess returns due to special circumstances such as patents and other factors. Durand then argues that this rationale implies that their [MM] perfect market is not perfect enough to accord everyone, whether firm or individual investor, equal access to the better opportunities . Perhaps what MM have in mind is a two-tier market, with one tier for securities and the other for physical assets. Durand concludes that investors in security markets can earn only a zero NPV return because the investor does not have access to the monopolistic opportunities available to the firm.
We want to suggest another way of phrasing Durands critique. Instead of ascribing the excess returns to monopolistic practices, lets ascribe them to firm-specific skills and accumulated knowledge. These firm-specific skills generate the positive NPV projects, including the patents that Modigliani and Miller invoke for explaining the existence of economic rents. And, to ensure these unique, firm-specific skills are developed, the firm needs to survive as a going concern; hence, the need for managing total risks. And, also, an outcome that investors cannot duplicate on their own regardless of whether financial markets are perfect.
36

As we mentioned earlier in connection with financial distress costs, suppliers and customers also have a direct interest in the financial health and survival of the firm. Suppliers are unlikely to make firm specific investments in plant, equipment and production technology to service weak customers who may not be around next year to buy the components. Therefore, risk management actions that reduce the likelihood of a firm failing will increase the willingness of suppliers to enter into long-term contracts and make investments in equipment and product development that benefit the buying firm. These complimentary firm specific investments between suppliers and users support and produce inter-firm efforts that, in turn, generate relational rents (Dyer and Singh, 1998).
Many small and medium-sized firms are privately owned and owner managed. Usually, the owners have most of their wealth tied up in the company and cannot obtain the benefits of portfolio diversification that would eliminate the unique financial risks of the company. To exacerbate matters, the owners have their human capital tied up in the company as well. So, risk management becomes a very important way for owner-managers of closely held firms to protect themselves from commodity price and exchange rate risk.
The above reasons for risk management arise not so much out of conflicts of interest among stakeholders as out of the benefits associated with the survival of the firm. Think of it this way: The firm can be characterized as a voluntary association to create new wealth with new wealth thought of as positive NPV projects. This new wealth requires firm specific skills and investments such that, once the firms stakeholders become vested in the company with their firm specific investments, they have an interest in sustaining the firm and their association with the company. Hence, the need to manage total risk at the firm level rather than only the systematic risk at the investor level.
Using Risk Management to Monitor and Control Managers
From a public shareholders perspective (a perspective generally assumed by financial theory), the objective of management should be to maximize the price of the companys common stock. However, managers are likely to be interested in their own well being as much as the well-being of the owners of the company. Therefore, in a world of self-seeking behavior and informational asymmetries (where managers have more information than owners), conflicts of interest between managers and owners of publicly held companies are likely to arise. Managers may seek to extract perks from the company and grow the company at the expense of the shareholders by making unprofitable investments so as to keep control of corporate resources, preserve their jobs and increase their salaries. These actions create costs called agency costs and they reduce the market value of the company.
37
Students of financial economics and organizational behavior use financial agency theory to analyze and understand these costs and recommend ways to reduce them. One important application of agency theory is the design of management evaluation and compensation systems that reduce conflicts of interest between managers and owners by aligning managers interests with the shareholders.
Risk management enters into this process the following way: Unlike shareholders, managers cannot diversify away the unique risks associated with the company; managers are exposed to the total risk of the company, not just the systematic risk. Regardless of why the firm fails, the managers are out of a job. Consequently, managers are likely to make decisions based on the total risk of a venture whereas shareholders would prefer managers to consider only the systematic risk.
Now, recall that we said financial theory predicted that hedging would not improve firm values if all it did was to reduce the variance of the firms cash flows because investors could do this on their own through diversification. However, reducing the total variance of firm cash flows may be very important for managers who, unlike investors, cannot diversify away the risks associated with certain business ventures. By letting managers eliminate these risks through hedging, the shareholders need not worry about managers rejecting projects that are very profitable based on their systematic risk exposures but unlikely to be undertaken unless managers can hedge the unique risks to protect their jobs and the company in the event of a bad draw. Such hedging costs the public shareholders nothing in terms of expected returns on the hedged project and also doesnt affect the systematic risk. However, by reducing the consequences of project failure for management, a project which would have been discarded without the knowledge of public shareholders is now undertaken. Hedging has effectively reduced agency costs and increased the market value of the company even though the projects systematic risks and expected rate of return are unaffected.
Risk management strategies are used in conjunction with managerial performance evaluation and compensation systems to separate financial outcomes under management control form those not under their control. For example, suppose you are a large institutional investor who owns stock in Wadco Enterprises. Wadco manufactures circuit boards in Thailand and sells them to U.S. companies. Wadco costs are in Thai baht and its revenues in dollars. Wadco has an executive compensation program with bonuses tied to operating cash flows measured in U.S. dollars. Now, suppose the Thai baht substantially depreciates against the dollar. With costs denominated in Thai baht and revenues in dollars, Wadcos Thai division will report very high profits as a result of the Thai devaluation. However, should the mangers of Wadco be paid a bonus for this performance? What control did they have over the devaluation of the baht? Suppose the baht had appreciated instead of depreciated? Should the managers of Wadco be penalized for this outcome? 38
A widely held opinion is that Wadco management bonuses should not be affected by unexpected exchange rate movements because managers had no control over these events. Bonuses and performance evaluations should be based only on outcomes over which managers have control. So, by having Wadco managers hedge the exchange rate exposures, stockholders, like the large institutional investors, can focus management attention on things management can control, such as production, marketing and sales. Furthermore, by requiring managers to hedge the exposures, shareholders make it more difficult for management to claim that poor performance was caused by events outside of their control.
Using Risk Management to Improve Decision Making and Capital Budgeting
Substantial volatility from quarter-to-quarter and year-to-year in operating cash flows and net income makes it difficult to evaluate the fundamental performance of a company and divisions or other units within the company. The noise introduced into these measures by volatile commodity prices, exchange rates and interest rates can be removed through risk management strategies that minimize cash flow and income variability. Removing the noise improves decision making by providing higher quality information on fundamental performance, especially across divisions, product lines and geographic locations. This higher quality information makes it easier to decide how to allocate funds within the firm and may increase the trust of competing managers in the capital allocation process.
Risk management can also be used to protect against disruptions in implementing a capital budget by ensuring that substantial shortfalls in internally generated funds do not occur as a result of unexpected price movements. Normally, firms would have a capital budget in place along with a plan to finance the expenditures. By hedging commodity price, exchange rate and interest rate exposures, firms can better plan both the capital expenditures and the funding arrangements.
39
Total Risk Management Risk Management and Dividends

Do dividends (like capital structure) matter? Miller and Modigliani (1961) said no; but, of course, this claim is true only for perfect capital markets. Since then, an extensive body of literature has shown that dividends do matter especially if dividends are cut. So, by stabilizing cash flows, risk management makes it possible to maintain cash dividends and smooth out the dividend cash flow stream. To the extent that dividend policy and investment policies (capital budgeting) are not independent of each other, risk management designed to stabilize dividend payments is really stabilizing the total cash flow stream available for investment and dividend payments.
Note that while stabilizing the cash flows available for investment and distribution to owners as cash dividends is important for all firms, it is especially important for firms with public shareholders. This stabilization of dividend payments is needed to communicate information about future investment returns, dividend payments and the financial health of the company to all the firms stakeholders.
For example, the customers of companies that develop software programs for proprietary use want to be sure the developer will be around to supply second and third generation products and to service the existing systems. Consequently, these customers monitor the cash flows, stock prices and dividends of the suppliers to assess the suppliers financial health and ability to develop new products. Dividends, therefore are important for maintaining a companys competitive position in its product markets as well as for providing shareholders with an adequate return on their investment.
40
Total Risk Management Summary and Conclusions

Risk management is presented in the finance literature as a cure for market imperfections. These imperfections arise out of conflicts of interest among stakeholders seeking to advance their own interests in the presence of informational asymmetries and distortions introduced by taxes, transaction costs and legal systems. Implicitly or explicitly, the objective of risk management is stated as maximizing the wealth of the existing owners of the firm who, in a perfect world, are assumed to be efficiently diversified investors concerned only with the expected return and non-diversifiable risk of their investments. In finance, then, the existence of risk management is tied directly to the governance issues of how investors monitor, control and compensate managers so as to protect their investments in the company.
From a social welfare perspective, however, risk management makes a major contribution with respect to preserving the firm as a social welfare organism. This organization does not exist solely for the benefit for the shareholders but is part of a larger scheme designed to achieve a set of political objectives which vary from one country to the next but generally regard the corporation as serving more than the needs of its owners. The role of the shareholders is to ensure that managers do not waste economic resources within the overriding social responsibility functions of the firm. Hence, accepting a broad definition of corporate governance focused on how society is organized with economic efficiency objectives being important, but not supreme, dominates the market imperfection arguments of financial economists for risk management. Firm survival and continuity is important for societal reasons and risk management assists in this task.
This broader perspective on risk management should be the one that informs the regulation of risk management products and markets. While regulation should discourage speculative abuses, it should also recognize the economic efficiency and growth objectives that are enhanced by having risk management products.
41
42
43
44
45
46
47
48
49
50
51
52
53

Total Risk Management

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Total Risk Management

Caricato da

Copyright:

Formati disponibili

Total Risk Management

VISHAL SANGHAVI (49) MONIL SONAIYA NIKITA TORKA (56) (59)