Through countless transactions of financial nature like :

 Sales & Purchase

 Security Investments & Loans

 Legal transactions

 New projects

 M&A

 Debt financing

 The energy components of costs

 Through the activities of management, stakeholders,

competitors, government or even weather
 Risk is the basis for opportunity
 Risk arises as a result of exposure
 Risk is not always possible or desirable to be
eliminated  manage Risk
 Theory :
 Manage only systematic risk (beta risk),
 No need to manage business specific risk
 Perfect Capital Market Assumptions

 Practice :
 Capital Market is not perfect
 By managing risk variability in profitability is reduced,
portraying good management skills
 Volatile earnings higher tax rates
 Stable cost, stable pricing policy  competitive
advantage
 Stability  stable cash flow lower risk  lower COC
 Segmented
 Carried out in silos
 Tendency to compartmentalize risks into distinct,
mutually exclusive categories
 Allocate tasks within an existing organizational structure
 Assuming that the unforeseen event will be more or less
confined to one given area
 Referred as a strategic business risk management
 A response to the sense of inadequacy in using a silo-
based approach to manage increasingly interdependent
risks
 Risks are managed in a coordinated and integrated way
across an entire business
 Designed to improve business performance
 Risk management of both upside risks (opportunities)
and downside risks (threats) is at the heart of business
growth and wealth management
 A comprehensive and integrated framework for
managing company-wide risk in order to maximize
a company’s value
 Enterprise Risk
Management

Is geared to
achievement of
objectives Is a process

Protects Effected at every

management and level of an
board of directors organization

Is about risk
appetite and Is part of a strategy
opportunities

http://www.coso.org – 2008 – AS/NZS 4360:2004

 Enterprise Risk
Management
Standards
Again: Are geared
to achievement of Standards do not
objectives propose
uniformity

Standards are a Standards are

tool generic

Standards
Standards are
recognize life-
industry specific
cycles

http://www.coso.org – 2008 – AS/NZS 4360:2004

 Strategic plan
 Marketing plan
 Operational plan
 Research & Development
 Management & Organization
 Forecasts and Financial Data
 Financing
 Risk Management Processes
 Business controls
 A process to deal with the uncertainties resulting
from external as well internal factors
 Involves assessing risks facing an organization and
developing management strategies consistent with
internal priorities and policies.
 Addressing risks proactively  competitive
advantage
 Agreement on key issues of risks
 Improved business performance

 Increased organizational effectiveness

 Better risk reporting

 Align risk appetite and strategy
 Minimize operational surprises and losses
 Enhance risk response decisions
 Effective use of resources
 Identify and manage cross-enterprise risks
 Link growth, risk and return
 Rationalize capital
 Seize opportunities
A conservative company can take up significant risk, depending on
:
 Its confidence in the way assessment & measurement of
expected loss levels are done
 Accumulation of sufficient capital to protect against potential
losses
 Deployment of risk management techniques to protect against
potential losses
 Appropriate returns from the risky activities, once the cost of
risk capital & management has been taken into account
 Clear communication with stakeholders about the company’s
target risk profile
ERM Awareness and Implementation

Formal practices and policies in place to

address reputational risk?

Does the board rank risks?

Has the Board clearly defined risk

tolerance levels?
Yes
Does the board fully understand risk No
implications of current strategy?

0% 50% 100%
Does the board Has the Board Does the board Formal practices
fully understand clearly defined rank risks? and policies in
No 10.5 46 52.4 58
Yes 89.5 54 47.6 42

Conference Board Risk Management Survey 2006. N=127.

 Level 1 : Naïve

 Level 2 : Novice

 Level 3 : Normalized

 Level 4 : Natural
 Unaware of the need for risk management
 No structured approach to dealing with
uncertainties
 Management process are repetitive and
reactive
 No attempt to learn from the past to prepare
for future dealings
 Aware of potential benefits
 Experimenting with the application of risk
management
 Implemented by a nominated small group of
individuals, hence ineffective
 No formal structure
 Not gaining the full benefits
 Has build risk management into routine
business processes
 Generic risk processes are formalized and
widespread
 Benefits are understood company wide, but
may not be consistently achieved in all cases
 Company has a risk-aware culture
 Proactive approach to risk management in all
aspects of the business
 Risk information is actively used to improve
business processes and gain competitive advantage
 Risk processes are used to manage opportunities as
well as potential negative impacts