Total Risk Management

Total Risk Management

DONE BY:

YASHVI CHITALIA (10)

NIKHIL DOSHI (11)

HEENA GADIA (14)

JAY JAIN (21)

KINJAL MEHTA (34)

PRACHI MEHTA (36)

KINJAL RATHOD (46)

VISHAL SANGHAVI (49)

MONIL SONAIYA (56)

NIKITA TORKA (59)


ACKNOWLEDGEMENT

We would like to express our gratitude to our teacher in charge Prof.Murugank Kapadia for giving us this opportunity of working on this project and guiding us throughout the course of the project.

2


INDEX

SR NO. TOPIC PAGE NO.

1 Introduction 3

2 Principles of Risk Management 5

3 Potential Risk Treatments 10

4 Importance of Risk Management 13

5 Types of Risk Management 13

6 Application of Financial Risk Management 18

7 Risk Management, Corporate Governance & Public Corporation 32

8 Summary & Conclusion 40

3


INTRODUCTION: Risk management is the identification, assessment, and prioritization of risks (defined in ISO

31000 as the effect of uncertainty on objectives, whether positive or negative) followed by

coordinated and economical application of resources to minimize, monitor, and control the

probability and/or impact of unfortunate events or to maximize the realization of

opportunities.

Risks can come from uncertainty in financial markets, project failures, legal liabilities, credit

risk, accidents, natural causes and disasters as well as deliberate attacks from an adversary.

Several risk management standards have been developed including the Project

Management Institute, the National Institute of Science and Technology, actuarial societies,

and ISO standards.

Methods, definitions and goals vary widely according to whether the risk management

method is in the context of project management, security, engineering, industrial processes,

financial portfolios, actuarial assessments, or public health and safety.

The strategies to manage risk include transferring the risk to another party, avoiding the

risk, reducing the negative effect of the risk, and accepting some or all of the consequences

of a particular risk.

Certain aspects of many of the risk management standards have come under criticism for

having no measurable improvement on risk even though the confidence in estimates and

decisions increase.

In ideal risk management, a prioritization process is followed whereby the risks with the

greatest loss and the greatest probability of occurring are handled first, and risks with lower

probability of occurrence and lower loss are handled in descending order. In practice the

process can be very difficult, and balancing between risks with a high probability of

occurrence but lower loss versus a risk with high loss but lower probability of occurrence

can often be mishandled.

Intangible risk management identifies a new type of a risk that has a 100% probability of

occurring but is ignored by the organization due to a lack of identification ability. For

4


example, when deficient knowledge is applied to a situation, a knowledge risk materializes.

Relationship risk appears when ineffective collaboration occurs. Process-engagement risk

may be an issue when ineffective operational procedures are applied.

These risks directly reduce the productivity of knowledge workers, decrease cost

effectiveness, profitability, service, quality, reputation, brand value, and earnings quality.

Intangible risk management allows risk management to create immediate value from the

identification and reduction of risks that reduce productivity.

Risk management also faces difficulties in allocating resources. This is the idea

of opportunity cost. Resources spent on risk management could have been spent on more

profitable activities. Again, ideal risk management minimizes spending and minimizes the

negative effects of risks.

Method:For the most part, these methods consist of the following elements, performed, more or less, in

the following order:

identify, characterize, and assess threats

assess the vulnerability of critical assets to specific threats

determine the risk (i.e. the expected consequences of specific types of attacks on

specific assets)

identify ways to reduce those risks

prioritize risk reduction measures based on a strategy

5


Principles of risk management:

The International Organization for Standardization (ISO) identifies the following principles of

risk management

Risk management should:

create value

be an integral part of organizational processes

be part of decision making

explicitly address uncertainty

be systematic and structured

be based on the best available information

be tailored

take into account human factors

be transparent and inclusive

be dynamic, iterative and responsive to change

be capable of continual improvement and enhancement

6


Process:According to the standard ISO 31000 "Risk management -- Principles and guidelines on

implementation," the process of risk management consists of several steps as follows:

o Establishing the context Establishing the context involves:

1. Identification of risk in a selected domain of interest

2. Planning the remainder of the process.

3. Mapping out the following:

the social scope of risk management

the identity and objectives of stakeholders

the basis upon which risks will be evaluated, constraints.

4. Defining a framework for the activity and an agenda for identification.

5. Developing an analysis of risks involved in the process.

6. Mitigation or Solution of risks using available technological, human and organizational

resources.

o Identification:

After establishing the context, the next step in the process of managing risk is to identify

potential risks. Risks are about events that, when triggered, cause problems. Hence, risk

identification can start with the source of problems, or with the problem itself.

Source analysis : Risk sources may be internal or external to the system that is the target of

risk management.

Examples of risk sources are: stakeholders of a project, employees of a company or the weather

over an airport.

7


Problem analysis: Risks are related to identified threats. For example: the threat of losing

money, the threat of abuse of privacy information or the threat of accidents and casualties.

The threats may exist with various entities, most important with shareholders, customers

and legislative bodies such as the government.

The chosen method of identifying risks may depend on culture, industry practice and compliance. The identification methods are formed by templates or the development of templates for identifying source, problem or event. Common risk identification methods are:

Objectives-based risk identification: Organizations and project teams have objectives. Any event that may endanger achieving an objective partly or completely is identified as risk.

Scenario-based risk identification scenario analysis . In different scenarios are created. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk - see Futures Studies for methodology used by Futurists.

Taxonomy-based risk identification The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks.

Common-risk checking In several industries, lists with known risks are available. Each risk in the list can be checked for application to a particular situation.

Risk charting This method combines the above approaches by listing resources at risk, Threats to those resources Modifying Factors which may increase or decrease the risk and Consequences it is wished to avoid. Creating a matrix under these headings enables a variety of approaches. One can begin with resources and consider the threats they are exposed to and the consequences of each. Alternatively one can start with the threats and examine which resources they would affect, or one can begin with the consequences and determine which combination of threats and resources would be involved to bring them about.

8


o Assessment:

Once risks have been identified, they must then be assessed as to their potential severity of

loss and to the probability of occurrence.

These quantities can be either simple to measure, in the case of the value of a lost building,

or impossible to know for sure in the case of the probability of an unlikely event occurring.

Therefore, in the assessment process it is critical to make the best educated guesses

possible in order to properly prioritize the implementation of the risk management plan.

The fundamental difficulty in risk assessment is determining the rate of occurrence since

statistical information is not available on all kinds of past incidents. Furthermore, evaluating

the severity of the consequences (impact) is often quite difficult for immaterial assets.

Asset valuation is another question that needs to be addressed. Thus, best educated

opinions and available statistics are the primary sources of information. Nevertheless, risk

assessment should produce such information for the management of the organization that

the primary risks are easy to understand and that the risk management decisions may be

prioritized.

Thus, there have been several theories and attempts to quantify risks. Numerous different

risk formulae exist, but perhaps the most widely accepted formula for risk quantification is:

Rate of occurrence multiplied by the impact of the event equals risk

Composite Risk Index:

The above formula can also be re-written in terms of a Composite Risk Index, as follows: Composite Risk Index = Impact of Risk event x Probability of Occurrence The impact of the risk event is assessed on a scale of 0 to 5, where 0 and 5 represent the

minimum and maximum possible impact of an occurrence of a risk (usually in terms of financial losses).

The probability of occurrence is likewise assessed on a scale from 0 to 5, where 0 represents a zero probability of the risk event actually occurring while 5 represents a 100% probability of occurrence.

9


The Composite Index thus can take values ranging from 0 through 25, and this range is usually arbitrarily divided into three sub-ranges. The overall risk assessment is then Low, Medium or High, depending on the sub-range containing the calculated value of the Composite Index. For instance, the three sub-ranges could be defined as 0 to 8, 9 to 16 and 17 to 25.

10


Potential risk treatments:Once risks have been identified and assessed, all techniques to manage the risk fall into one or

more of these four major categories

Avoidance (eliminate, withdraw from or not become involved)

Reduction (optimise - mitigate)

Sharing (transfer - outsource or insure)

Retention (accept and budget)

Risk avoidance:

This includes not performing an activity that could carry risk. An example would be not

buying a property or business in order to not take on the legal liability that comes with it.

Another would be not be flying in order to not take the risk that the airplane were to

be hijacked.

Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the

potential gain that accepting (retaining) the risk may have allowed. Not entering a business

to avoid the risk of loss also avoids the possibility of earning profits.

Risk reduction:

Risk reduction or "optimization" involves reducing the severity of the loss or the likelihood

of the loss from occurring. For example, sprinklers are designed to put out a fire to reduce

the risk of loss by fire. This method may cause a greater loss by water damage and

therefore may not be suitable. Halon fire suppression systems may mitigate that risk, but

the cost may be prohibitive as a strategy.

Acknowledging that risks can be positive or negative, optimizing risks means finding a

balance between negative risk and the benefit of the operation or activity; and between risk

11


reduction and effort applied. By an offshore drilling contractor effectively applying HSE

Management in its organization, it can optimize risk to achieve levels of residual risk that

are tolerable.[

Modern software development methodologies reduce risk by developing and delivering

software incrementally. Early methodologies suffered from the fact that they only delivered

software in the final phase of development; any problems encountered in earlier phases

meant costly rework and often jeopardized the whole project. By developing in iterations,

software projects can limit effort wasted to a single iteration.

Outsourcing could be an example of risk reduction if the outsourcer can demonstrate higher

capability at managing or reducing risks. For example, a company may outsource only its

software development, the manufacturing of hard goods, or customer support needs to

another company, while handling the business management itself. This way, the company

can concentrate more on business development without having to worry as much about the

manufacturing process, managing the development team, or finding a physical location for a

call center.

Risk sharing:

Briefly defined as "sharing with another party the burden of loss or the benefit of gain, from

a risk, and the measures to reduce a risk."

The term of 'risk transfer' is often used in place of risk sharing in the mistaken belief that

you can transfer a risk to a third party through insurance or outsourcing.

In practice if the insurance company or contractor go bankrupt or end up in court, the

original risk is likely to still revert to the first party. As such in the terminology of

practitioners and scholars alike, the purchase of an insurance contract is often described as

a "transfer of risk." However, technically speaking, the buyer of the contract generally

retains legal responsibility for the losses "transferred", meaning that insurance may be

described more accurately as a post-event compensatory mechanism.

12


For example, a personal injuries insurance policy does not transfer the risk of a car accident

to the insurance company. The risk still lies with the policy holder namely the person who

has been in the accident. The insurance policy simply provides that if an accident (the

event) occurs involving the policy holder then some compensation may be payable to the

policy holder that is commensurate to the suffering/damage.

Some ways of managing risk fall into multiple categories. Risk retention pools are technically

retaining the risk for the group, but spreading it over the whole group involves transfer

among individual members of the group. This is different from traditional insurance, in that

no premium is exchanged between members of the group up front, but instead losses are

assessed to all members of the group.

Risk retention:

Involves accepting the loss, or benefit of gain, from a risk when it occurs. True self

insurance falls in this category.

Risk retention is a viable strategy for small risks where the cost of insuring against the risk

would be greater over time than the total losses sustained. All risks that are not avoided or

transferred are retained by default.

This includes risks that are so large or catastrophic that they either cannot be insured

against or the premiums would be infeasible.

War is an example since most property and risks are not insured against war, so the loss

attributed by war is retained by the insured. Also any amounts of potential loss (risk) over

the amount insured are retained risk.

This may also be acceptable if the chance of a very large loss is small or if the cost to insure

for greater coverage amounts is so great it would hinder the goals of the organization too

much.

13


Importance of Risk Management

• Risk Management is essential not only for prevention of risk but also for reduction of

risks.

• Risk Management leads to maximum social advantages and plays a significant role in

bringing about social, political and economic development in a country.

• The process of risk management helps focus on priorities and in decisions on deploying

limited resources to deal with the highest risks.

Types of Risk Management:There are different types of risk management and the characteristics and procedures of each

type of risk management is different from the other.

All these risk management processes play a significant role behind the growth of an

organization in the long term.

Commercial enterprises apply various forms of risk management procedures to handle different

risks because they face a variety of risks while carrying out their business operations.

Effective handling of risk ensures the successful growth of an organization.

Various types of risk management can be categorized into the following:

Operational risk management:

Operational risk management deals with technical failures and human errors

Financial risk management:

Financial risk management handles non-payment of clients and increased rate of interest

Market risk management:

Deals with different types of market risk, such as interest rate risk, equity risk, commodity

risk, and currency risk

Credit risk management:

Deals with the risk related to the probability of nonpayment from the debtors

14


Quantitative risk management: In quantitative risk management, an effort is carried out to

numerically ascertain the possibilities of the different adverse financial circumstances to

handle the degree of loss that might occur from those circumstances

Commodity risk management: Handles different types of commodity risks, such as price

risk, political risk, quantity risk and cost risk

Bank risk management: Deals with the handling of different types of risks faced by the

banks, for example, market risk, credit risk, liquidity risk, legal risk, operational risk and

reputational risk

Nonprofit risk management: This is a process where risk management companies offer risk

management services on a non-profit seeking basis

Currency risk management: Deals with changes in currency prices

Enterprise risk management: Handles the risks faced by enterprises in accomplishing their

goals

Project risk management: Deals with particular risks associated with the undertaking of a

project

Integrated risk management: Integrated risk management refers to integrating risk data

into the strategic decision making of a company and taking decisions, which take into

account the set risk tolerance degrees of a department. In other words, it is the supervision

of market, credit, and liquidity risk at the same time or on a simultaneous basis.

Technology risk management: It is the process of managing the risks associated with

implementation of new technology

Software risk management: Deals with different types of risks associated with

implementation of new softwares

Operational risk management is an important form of risk management. In commercial

enterprises, operational risk management is the supervision of different types of

operational risk occurring on a daily basis.

Operational risk management is also known as ORM.

With the help of operational risk management, various types of operational risks are

managed that occur on a daily basis.

15


Important Advantages of Operational Risk Management:Following are the most important advantages of operational risk management:

Decrease in losses arising from operations

Reduced auditing/compliance expenses

Decreased vulnerability to risks in the future

Early sensing of illegitimate functions

Types of Operational Risk:According to the Basel Committee on Banking Supervision, the events, which lead to

operational risks, can be categorized into the following types:

External Fraud: Risk arising from fraudulent activities from a third party, for example,

robbery, theft, phishing or hacking.

Internal Fraud: Risk arising from fraudulent activities from internal parties.

Products, Customers and Business Practices: Risk resulting from inadvertent or careless

failure to satisfy a professional responsibility to particular customers (involving fiducial and

appropriateness necessities) or from the characteristics of configuration of a commodity.

Workplace safety and employment practices: Risk arising from non-compliance with

health, employment, or safety acts or from disbursal of claims related to personal injury or

from inequality/unfair treatment

System failure and business interruptions: Risk resulting from interruptions of business

operations or system breakdown. These include telecommunication, computer software, or

computer hardware failure and equipment failure.

Damages to tangible properties: Risk resulting from damages or losses of tangible

properties due to natural calamity or other occurrences.

Execution, supply and process management: Risk arising from failure in process

management or transaction processing due to poor association with vendors and

commercial service providers. These involve the following:

16


o Performance & maintenance miscommunication

o Transaction seizure

o Missed responsibility or deadline

o Data entry, preservation or loading fault

o Accounting mistake

o System/Model malfunctioning

o Failure in delivery

o Entity assignment fault

o Failure in reference data preservation

o Failure from collateral management

o Unsuccessful compulsory reporting liability

o Reporting & monitoring failure

o Client Intake & Paperwork

o Erroneous external report (incurring loss)

o Incomplete or misplaced legal documents

o Overlooked client disclaimers/permissions

o Unauthorized access offered to accounts

o Client/Customer Account Management

o Careless damage or loss of customer assets

o Inappropriate customer records (incurring loss)

o Failure on behalf of commercial partners and non-client vendors and vendor

disagreements

Operational Risk Management Software:At the present time, a number of software products have been introduced for the purpose of

operational risk management according to the Sarbanes-Oxley Act. With the help of this

software, financial audit can be performed at cheaper expenses. Forrester Research has

recognized 115 Risk and Compliance and Governance marketers, which deal with operational

risk management programs.

17


Financial risk management:

Financial risk management is a method of producing or adding value to a company through

utilizing financing mediums for handling vulnerability to risk, specifically market risk and

credit risk. Financial risk management is an important form of risk management.

Financial risk management is a type of risk management, which tries to add value in a

company through implementation of financing mediums (cash instruments and derivative

instruments) to handle risk exposure, especially from market risk and credit risk.

With the help of financial risk management, a number of financial risks can be handled,

which include the following:

Shape risk

Foreign exchange risk

Sector risk

Volatility risk

Inflation risk

Liquidity risk

The process of financial risk management involves identification of financial risk, evaluating

the financial risk and strategies to deal with those risks.

Financial risk management concentrates on the appropriate time and manner for hedging

implementation of cash instruments and derivative instruments to address pricey risk

exposures.

In the banking industry all over the world, the Basel Accords are usually chosen by

multinational or global banking institutions for identifying, describing and disclosing credit

risk, operational risk and market risks.

18


Application of Financial Risk Management:

Theories of financial economics suggest that a company should go for a project at the time

it grows shareholder value.

In addition, financial theory demonstrates that the management of the company is not able

to produce shareholder (who are also known as the investors of the company) value

through undertaking a project, which the shareholders are able to perform for themselves

at equal expenses.

At the time when this concept is implemented towards financial risk management, it

denotes that management of a company should not go for hedging risks, which the

shareholders are able to hedge on their own at similar expenses.

This idea is corroborated by the hedging irrelevance proposition, which says that in case of a

perfect market, a company is not able to perform value creation through hedging a risk

while the cost of carrying the risk within the company is equal to the cost of carrying it away

from the company.

In reality, no financial market is a perfect market. This indicates that the management of a

company has a large number of options to generate value for the shareholders utilizing

financial risk management.

Market risk management:

The concept of Market risk management has gained in importance in the recent times

as it has been giving the business organizations a particular risk model that becomes all

the more useful when the company is opening or closing business activities. The process

of market risk management comes with some essential features that help it to be more

effective.

19


Uses of Market Risk Management:

The process of market risk management has a number of applications in the context of

today's global market. Its most basic use lies in the fact that it furnishes the business

concerns with a particular risk structure. This risk structure comes in handy especially when

a particular company is operating either in its closing or opening phase.

Main Characteristics of Market Risk Management:

Following are the principal characteristics of the system of market risk management:

World limit management: This process is at the base of the various trading plans that

are used across the world as well as their applications. This process also makes sure that

the amount of loss that may be faced by a particular company while carrying out

business transactions is not more than what is being expected by that organization.

The various market risk management systems make sure that the various information

related to the market are relevant as far as the parameters of input in case of the

market risk calculations are concerned.

Indicators: These are applicable only in the case of banks and certain businesses. These

are normally used in order to find out the problems that may be related to market risks

Credit risk management:

Credit risk management is extremely important as far as the overall financial stability of the

financial institutions like the banks is concerned. The credit risk management situations in most

banks are not exactly impressive and thus this process becomes all the more important. The

basic aim of the system of credit risk management is to reduce the potential of credit risk that

may be faced by a particular creditor.

20


Importance of Credit Risk Management:

The credit risk management is of utmost importance for the banks and other financial

institutions that have been the chief sources of credit for many years. It has been observed that

the financial institutions that are able to manage their credit risks properly are functioning well.

Situations of Credit Risk Management:

There are a variety of problems related to credit risk management that have been important in

this context.

However, the most important factor in this case has been the absence of proper credit rules for

the debtors. At times it has also been noticed that the companies have not been able to

manage their portfolios in a proper way.

The banks and other financial institutions that are dealing in credit services have not always

been able to take into account the various economic factors that have contributed to a decline

in the credit capabilities of the borrowers.

Aim of Credit Risk Management:

The most basic aim of the process of credit risk management is to minimize the levels of credit

risk that a particular institutional creditor like a bank faces when it lends money to a particular

borrower. The system of credit risk management accomplishes that by keeping the levels of the

risk faced by a bank within certain acceptable standards.

Quantitative Risk Management:

Quantitative risk management is a very important process in the context of the modern

day business world. It primarily deals with the concepts of risk and hazard and tries to

reduce the chances of the occurrence of any form of financial loss.

Risk is regarded as a combination of these three factors:

Possibilities of a hazard

21


Possibilities of high losses being suffered as a consequence of the accident

Possibilities of a hazard leading to an accident

Inputs of Quantitative Risk Analysis:

The inputs of the process of Quantitative Risk Analysis are as follows:

Organizational Process Assets

Risk Register

Project Scope Statement

Project Management Plan

Risk Management Plan

The organizational price assets are basically information regarding a particular project that

is similar to the one that is being analyzed. This sort of information is taken from project

archives. They may also be the study results of risk specialists as well as a database of

proprietary risk.

The project scope statement highlights the positive aspects of a particular business project.

The risk management plans contain information on the risky aspects of a particular business

endeavor like:

Budget

Types of Risk

Explanations of impact and probability

Timing and Schedule of Risks

Probability and Impact Matrix

The Risk Register performs a similar function to the risk management plans. It also

categorizes and prioritizes the various aspects of the process of quantitative risk analysis.

The project management plans are made up of the cost management plans and the

schedule management plans. The former shows ways to run the project and the later deals

with the financial aspects of the project.

22


Functioning of Quantitative Risk Management:

The primary function of the process of quantitative risk management is to deal with the

various elements of the phenomenon of risk by trying to bring down the possibilities of such

mishaps. It also tries to limit the extent of loss that may take place if a hazard happens.

There are some important aspects as far as the functioning of the process of quantitative

risk management is concerned:

Modeling and Simulation

Interviewing

Expected Monetary Value

Probability Distribution

Decision Tree Analysis

Sensitivity Analysis

Output of Quantitative Risk Management:

The outputs of the quantitative risk management are the results of the process. Under normal

circumstances the only output of a quantitative risk management process is a risk register. The

risk register is made up of the following components:

Trends in quantitative risk analysis

Probabilistic analysis of the project

Prioritized list of quantified risks

Probability of achieving cost and time objectives

Commodity risk management:

Commodity risk management is very important to provide coverage to all those groups that

are related to the commodity market. These groups are exposed to maximum financial risks

when there is any natural disaster or man-made disturbance.

23


Commodity market in every country faces some of the common risks. These risks are caused

by natural disaster as well as external factors like wars, political instability and so on. If not

covered properly, these risks can cause huge financial loss to a number of groups.

Proper commodity risk management is essential to provide stability to this sector as well as

to make this sector financially secured.

Types of Commodity Risk:

There are different types of commodity risk that are faced by the commodity markets across

the world. These risks are as follows:

Natural Risks: Natural disasters

Man-Made Risks: Political risks, price risks, quantity risks and so on

Groups Facing Commodity Risk:

There are a number of groups that mostly face the commodity risk. Primarily there are the

farmers, producers and plantation companies who face these risks. At the same time, the

purchasers and exporters of commodities also come under the shadow of commodity risk. Last

but not the least, is the national governments that are also bound to share these risks with

others.

Bank risk management:

Bank Risk Management is used mostly in the financial sector. Bank Risk Management involves

market risk as well as credit risk management. Bank Risk Management gives an idea of future

risks and also promotes prudent risk taking behavior.

24


Need for Bank Risk ManagementRepeated financial disasters faced by financial, non-financial and government bodies have

created the need for bank risk management policies. Apart from regulatory requirements, bank

risk management is needed by the bank managers for the following reasons:

Creation of benchmarks for calculation of reward-risk ratios. Investment of capital is then

directed to options with high reward risk ratios.

Estimation of the probable losses. This leads to wise risk taking decision by investors as the

risk monitoring part is already put in place. Banks also learn to handle their available liquidity

well.

Characteristics of Bank Risk Management Policies:One of the characteristics of bank risk management policies is that it needs to be updated on a

regular basis. Banks that are involved in trading go in for

Intra day risk management on selective areas

Regular measurement of the overall risks faced by the bank

Regulators are however, more interested at knowing the overall risks as compared to the

individual portfolio items. Another characteristic of bank risk management policy is that it is

usually not carried out in a decentralized fashion. The economic theory of risk management

states that the risk of a particular portfolio is usually not determined by a simple addition of the

component risks. Bank risk management policies despite their worthiness are resource

intensive. They demand considerable time and money. But violation of prescribed regulations in

the capital market attracts heavy penalty. So managers do a cost benefit analysis whenever

portfolio composition changes.

25


Nonprofit Risk Management:

Nonprofit risk management is carried out by non-profit organizations. It mitigates the adverse

effects arising out of risk factors. Different organizations may have different goals. In order to

achieve the same they must use their resources efficiently. Herein come the various

management policies.

Steps of Nonprofit Risk Management:

Identification of problems : This refers to identification of areas of operation where

problems might crop up due to unforeseen events. It is this uncertain event, which we

refer to as risk. Normally risks adversely affect the functioning of an organization. So risk

management essentially provides the organization with a back up plan.

Formulation of plans: This deals with the preparation of an action plan .It is done with a

view to mitigate the difficulties arising out of risk situations.

Determination of compensation package in case of an eventuality: Here we try to

determine what the ideal compensation package will be, in case of an eventuality.

Risk Management Issues Concerning Nonprofit Organizations: Screening of the organization's volunteers

Keeping a tab on the records of driving licenses of both staff and volunteer drivers

Developing training and orientation modules for volunteers

Developing guidelines for employees

Financial negotiations at the time of taking a bank loan

Purchase of property

Taking insurance of liabilities

Reasons for Adoption of Nonprofit Risk Management:For non-profit organizations risk management is essentially a preventive measure. It is put in

place to avoid any unnecessary future hassle arising out of risk factors. Nonprofit risk

management provides the organization with an action plan. Nonprofit risk management

formulates various strategies and prescribes various techniques to be followed by the

26


organization. It is wise to plan in advance for possible future disruptions and create a back up

policy for the same. This helps in the smooth running of the organization. Attainment of long

term set goals also becomes easy.

Currency Risk Management:

Currency risk can be termed a sudden fall in the value of a particular currency.

This happens due to unexpected shifts in the currency exchange rates. To avoid or minimize

losses caused by these incidents, proper currency risk management strategy is very

essential.

Currency risks are related to the floating exchange rates. The currency exchanges are done

for a number of reasons.

Nowadays, cross border commercial activities are growing at a rapid pace. Almost

everything starting from goods to technologies are exchanged between the traders of

different countries.

These transactions are subjected to currency risk because floating exchange rates are

minimizing the chances of fixing the value of a particular currency.

On the other hand, there are the forex market traders who are involved in trading of

currencies of different countries. These traders participate in the activities of one of the

most liquid world financial markets.

A large number of banks, individuals as well as several national governments are involved in

these activities. These institutions as well as the individual investors are also in need of

currency risk management because the forex market rates and trends change very quickly.

Two types of risks are managed by currency risk management strategies. These are the

systematic risk and unsystematic risk.

Systematic risks are all those risks that affect each and every kind of investments. Interest

rate risk, market risk as well as inflation risk, all are considered as systematic risks. On the

other hand, there are the unsystematic risks like business and financial risk.

27


Unsystematic risk affects some definite businesses and not the entire market.

One of the most common currency risk management tool is the forward exchange contract.

According to these contracts that are signed between the potential seller and purchaser of a

particular currency, the exchange rates are fixed before the actual transaction.

The transaction takes place in the future but due to the contract, if the exchange rate of

that currency changes at the time of transaction, the purchaser and the seller are not

affected.

There should also be a definite trading strategy that can be very helpful in hedging the

currency risks. These strategies should be developed after analyzing the market averages or

market indexes properly. On the other hand, there are certain theories regarding the

trading process in the currency market.

These are also very helpful for currency risk management. All these are specialized things

and one may seek professional assistance from the currency risk management firms for the

purpose.

Enterprise Risk Management:

The business sector has its own risks and opportunities. Managing these risks properly

and making full use of the business opportunities are termed as enterprise risk

management. It helps in developing the business by adding value to the particular

business.

Certain amount of risk is associated with all types of business operations. At the same

time, there are a number of growth opportunities that are also related to the business.

For the overall development, it is essential that these risks are hedged properly so that

they cannot cause any kind of loss to the business or even if it causes any harm, the

effects can be minimized as much as possible.

On the other hand, it is also necessary that the provided opportunities are used in the

best possible way.

28


Types of Enterprise Risk Management: There are two types of enterprise risk management. These are the RIMS and COSO.

Both these types share some common objectives like locating the hidden risk factors and

providing solutions to hedge the risk.

At the same time, these risk management strategies are also conscious about monitoring

the development of the risk hedging strategy. The monitoring activities are also very

important to take hold of the market opportunities. Application of RIMS or COSO depends

on the particular situation and is subjected to the approval of the management.

Project Risk Management: Project risk management focuses on the management of various types of risks related to a

project. The process of project risk management is carried out in a number of steps.

Nevertheless, there are two principal phases of project risk management and they are

assessment of risk and risk control.

Project risk management deals with different types of uncertainties and constraints related to a

project (known as project risks). A project risk is a probable origin of variation from the plan of

the project and it may have a positive or negative influence on the project. Project risks having

negative characteristics are known as threats and project risks bearing positive characteristics

are known as opportunities. Efforts are always on to minimize the threats and maximize the

opportunities

Project risks can be minimized with the help of eliminating or decreasing them. There are two

main phases of project risk management and they are risk assessment and control of risk.

Assessment of risk may be carried out at any point of time within the duration of the project.

However, the earlier it is performed, the better it is for the organization. Risk control is always

29


dependent on a proper risk assessment. On the other hand, if risk control measures are not

undertaken, there is no use of performing a risk assessment.

Process of Project Risk Management:The process of project risk management can be elaborated as follows:

Project Risk Assessment :

The process of project risk assessment can be further categorized into the following:

Identification of risk: The project risks are identified by examining the whole project plan.

Analysis of risk: Risk analysis can be quantitative or qualitative in nature. In this process, the

manner in which the project risks may influence the project performance in terms of

expenses, time period or satisfaction of the necessity of the customer is ascertained.

Prioritization of risk: According to this process, it is determined that which risks require

total elimination, which risks require continuous supervision and monitoring and which risks

are not so important to supervise.

Project Risk Control

Project risk control involves the following steps:

Avoidance of risk: A plan is chalked out as to how project risks can be eliminated or

avoided.

Risk transfer: In this way, risk is transferred by buying insurance policies.

Risk mitigation: A number of measures are taken beforehand for minimizing the impact of

risk.

Contingency plan: For risks that are regarded as important, a contingency plan is prepared

in advance before those risks occur.

Risk acceptance: Certain risks are accepted because they are regarded as small and do not

influence the performance of the company to a significant degree.

Measure and control: Observing the outcomes of the risks that have been detected and

handling them to a favorable or productive end.

30


Technology Risk Management:

The system of technology risk management is used in order to deal with the various risks that

may arise in the use of technological tools. This process is especially applicable in case of the

banking industry. It has been observed that the risk management strategies that are useful in

other cases are generally not applicable when it comes to technology risk management.

Processes of Technology Risk Management:As far as the process of technology risk management is concerned after the weaknesses are

detected the authorities function in order to eliminate them by developing the proper strategy.

The banks nowadays work as per three approaches.

These approaches are either used on their own or in combinations. The approaches may be

mentioned as below:

Risk management with the help of internal processes. In such cases controls are

extremely important.

Risk transfer by buying insurance coverage

Risk management with the help of outsourcing. In such cases the required work is

outsourced to external bodies.

Normally it has been seen that the companies that need to take technology risk management

steps opt for any of the above-mentioned steps. All these choices provide the users with

specific advantages as well as disadvantages. However, the choice is normally made after

judging the profitability of each one of the options.

31


32

FinancialRisks Operational Risk

Reputational RiskBusiness and strategic risks

Market RiskCredit Risk

Risk is multidimensional

One can “slice and dice” these multiple dimensions of risk*

PortfolioConcentration

Risk

Transaction Risk

CounterpartyRisk

Issuer Risk

Trading Risk

Gap Risk

Equity Risk

Interest Rate Risk

Currency Risk

Commodity Risk

FinancialRisks

OperationalRisk

Reputational Risk

Business and strategic risks

Market Risk

Credit Risk

“SpecificRisk

”GeneralMark

et

Risk

Issue Risk


Risk Management, Corporate Governance and the Public Corporation

From Theory to Practice: Why Firms Should Manage Risk

Not until the re-emergence of corporate governance concerns about the separation of owners and managers articulated by Berle and Means in the 1930s reappeared in the “modern” finance literature did risk management enter the “scientific” world of financial economics. This re-emergence in the scholarly literature can be traced to Ross (1973) and Jensen and Meckling (1976) who introduced the term agency theory into finance. At the core of financial agency theory was the notion that in a world of informational asymmetries and self-seeking behavior, individuals would use informational and other advantages to transfer wealth to themselves from others. Although such behavior was ascribed to all stakeholders, early attention focused on conflicts on interest between shareholders and managers (a concern of Berle and Means) and shareholders and bondholders. Later, other stakeholders were brought into the scheme. Ways of solving or mitigating these conflicts are the concerns of corporate governance.

Basically, early and late financial agency theory took the seminal works of early financial theory that were developed around the notion of perfect capital markets and introduced imperfections into the analysis. The introduction or recognition of these imperfections led to many reasons for having managers manage risk (Smith and Stulz, 1985; Froot, Scharfstein and Stein, 1993), reasons that have found their way into contemporary financial management textbooks (e.g., Grinblatt and Titman, 2001). We review these reasons in order to set the stage for connecting them to more fundamental social welfare concerns about corporate governance and risk management. The usual reasons are:

1. Risk management can be used to lower the firm’s expected tax payments.2. Risk management can reduce the costs of financial distress and bankruptcy.3. Risk management can be used to encourage and protect firm specific investments.4. Risk management can be used to align the interests of management with those of the owners of

the company.5. Risk management can be used to design management compensation plans that hold

management accountable only for the factors under their control.6. Risk management can be used to assist firms in developing financial plans and funding

programs.7. Risk management can be used to stabilize cash dividends.

33


Using Risk Management to Lower Taxes

Although not associated with informational asymmetries, taxes qualify as a market imperfection. To the extent that taxes levied on corporate income differ from those on personal income or treat some forms of income differently from others, risk management strategies can be used to arbitrage or negate tax code asymmetries.

One tax code asymmetry is the differential treatment of interest expense and cash dividends. Interest payments are tax deductible and paid from before tax dollars, cash dividend payments are paid from after tax dollars. Consequently, debt financing may reduce the overall after tax cost of capital to the company by creating an interest expense tax shield with the benefits accruing to the shareholders. To the extent that risk management enables a firm to use more debt (increase its financial leverage) risk management becomes a way of reducing taxes by letting a firm borrow more money and obtain interest expense tax shields.

Another common tax code asymmetry is the differential treatment of gains and losses. Exchange rate or commodity price gains may be taxable; however, losses may not be fully or immediately deductible. If the gains average out over a business or price cycle, the average tax paid will be lower if the firm hedges its exposures to these price changes and pays taxes on the average gain over the entire cycle. In contrast, if the firm did not hedge the exposures, the losses could not be used to offset the gains. Any such tax-coded asymmetry is exacerbated under a progressive tax code, especially if the progressivity is steep. More interesting from a corporate governance perspective, however, are reasons for risk management emanating from how the company is financed – itself a governance structure issue – and how the suppliers of capital monitor and control managers.

Reducing Financial Distress and Bankruptcy Costs

While fully diversified equity investors may not pay much attention to the unique risks associated with price, currency and interest rate volatility, other stakeholders take a different view of the situation. These other stakeholders include creditors, customers and suppliers and they could suffer substantial costs should a company find itself in financial difficulty.

34


Consider Toolco, a machine tool manufacturer that produces and sells highly specialized equipment to customers who rely on the company to honor warranties, provide on-going service and technical assistance and supply spare parts. Southeast Asia and Europe are both major markets for Toolco with German and South Korean manufacturing firms being major customers. Toolco prepares bids, quotes prices and bills customers in local currency – Euros and South Korean won. Toolco uses both debt and equity to finance itself.

Should the U.S. dollar appreciate substantially relative to the euro and won, the dollar value of Toolco’s outstanding bids and accounts receivables will plummet. Furthermore, should the dollar remain strong for an extended period, Toolco’s overall competitive position will weaken relative to its foreign competitors. This strengthening of the dollar will cause a substantial reduction in Toolco’s profits and cash flows, a reduction that will affect its ability to provide service and spare parts and, ultimately, produce and deliver high quality machine tools as contracted.

Toolco can use risk management strategies to mitigate the potential financial problems associated with currency risks. It can hedge its exchange rate exposures and adopt other exchange rate exposure strategies – such as currency swaps for financing its foreign operations – that reduce the likelihood of Toolco experiencing severe financial problems from unexpected exchange rate movements. Managing currency risk may also lead to an increased willingness of customers to buy from Toolco because of its ability to withstand financial difficulties. In turn, the improvement in Toolco’s financial position may improve the terms on which suppliers sell to Toolco. The end result for Toolco will be an increase in the market value of its common stock, an outcome desired by its shareholders.

Contemporary textbook treatments of risk management also develop the story that locking in a certain level of operating cash flows may also permit Toolco to use more debt to finance itself. The explanation offered is a reduction in financial distress costs along with the deductibility of interest expense story.

Using Risk Management to encourage and Protect Firm Specific Investments

Stakeholders of the firm include its employees, managers, suppliers and customers. These stakeholders find it very difficult to diversify away the risks they are exposed to in their relationships with the firm, especially if the stakeholders make firm specific investments (Williamson, 1985). So, to the extent that

35


risk management is able to reduce the risks of financial distress and failure, the firm will enjoy an improved competitive position in its product and labor markets.

For example, employees have a considerable interest in the success of a company because they would incur substantial adjustment costs were the firm to fail. These costs go beyond the costs of looking elsewhere for employment, especially for highly skilled technical and managerial employees. These individuals typically make major commitments of time and effort to develop company specific skills and look to the continued growth and success of the company for the returns on these investments. The returns are not entirely pecuniary, but come in the form of promotions, status and job security. So, as pointed out in most textbook treatments of the subject, firms that can offer security and the prospects of financial success to their employees and managers are likely to garner greater employee loyalty and recruit and retain the “better” workers and managers.

But, a more fundamental relationship exists between having employees and other stakeholders make firm specific investments and the need for firm survival. We would argue that it is the firm specific skills amassed by the firm’s employees that make it possible for the firm to earn more than its cost of capital. Expressed in the terminology of financial management, these firm specific skills enable the firm to find and undertake positive net present value projects.

This notion of the importance of firm survival and the need to manage total risk so as to support the development of firm specific skills to make positive NPV projects fits nicely into David Durand’s critique of Modigliani and Miller’s irrelevance of capital structure given perfect capital markets. Durand (1989) notes that Modigliani and Miller did not restrict the firm’s investment opportunities to only perfectly competitive zero net present value projects but, instead, let firms earn excess returns due to special circumstances such as patents and other factors. Durand then argues that this “rationale implies that their [MM] perfect market is not perfect enough to accord everyone, whether firm or individual investor, equal access to the better opportunities …. Perhaps what MM have in mind is a two-tier market, with one tier for securities and the other for physical assets.” Durand concludes that investors in security markets can earn only a zero NPV return because the investor does not have access to the monopolistic opportunities available to the firm.

We want to suggest another way of phrasing Durand’s critique. Instead of ascribing the excess returns to monopolistic practices, let’s ascribe them to firm-specific skills and accumulated knowledge. These firm-specific skills generate the positive NPV projects, including the patents that Modigliani and Miller invoke for explaining the existence of economic rents. And, to ensure these unique, firm-specific skills are developed, the firm needs to survive as a going concern; hence, the need for managing total risks.

36


And, also, an outcome that investors cannot duplicate on their own regardless of whether financial markets are perfect.

As we mentioned earlier in connection with financial distress costs, suppliers and customers also have a direct interest in the financial health and survival of the firm. Suppliers are unlikely to make firm specific investments in plant, equipment and production technology to service weak customers who may not be around next year to buy the components. Therefore, risk management actions that reduce the likelihood of a firm failing will increase the willingness of suppliers to enter into long-term contracts and make investments in equipment and product development that benefit the buying firm. These complimentary firm specific investments between suppliers and users support and produce inter-firm efforts that, in turn, generate relational rents (Dyer and Singh, 1998).

Many small and medium-sized firms are privately owned and owner managed. Usually, the owners have most of their wealth tied up in the company and cannot obtain the benefits of portfolio diversification that would eliminate the unique financial risks of the company. To exacerbate matters, the owners have their human capital tied up in the company as well. So, risk management becomes a very important way for owner-managers of closely held firms to protect themselves from commodity price and exchange rate risk.

The above reasons for risk management arise not so much out of conflicts of interest among stakeholders as out of the benefits associated with the survival of the firm. Think of it this way: The firm can be characterized as a voluntary association to create new wealth with new wealth thought of as positive NPV projects. This new wealth requires firm specific skills and investments such that, once the firm’s stakeholders become vested in the company with their firm specific investments, they have an interest in sustaining the firm and their association with the company. Hence, the need to manage total risk at the firm level rather than only the systematic risk at the investor level.

Using Risk Management to Monitor and Control Managers

From a public shareholder’s perspective (a perspective generally assumed by financial theory), the objective of management should be to maximize the price of the company’s common stock. However, managers are likely to be interested in their own well being as much as the well-being of the owners of the company. Therefore, in a world of self-seeking behavior and informational asymmetries (where managers have more information than owners), conflicts of interest between managers and owners of publicly held companies are likely to arise. Managers may seek to extract perks from the company and

37


grow the company at the expense of the shareholders by making unprofitable investments so as to keep control of corporate resources, preserve their jobs and increase their salaries. These actions create costs called agency costs and they reduce the market value of the company.

Students of financial economics and organizational behavior use financial agency theory to analyze and understand these costs and recommend ways to reduce them. One important application of agency theory is the design of management evaluation and compensation systems that reduce conflicts of interest between managers and owners by aligning managers’ interests with the shareholders.

Risk management enters into this process the following way: Unlike shareholders, managers cannot diversify away the unique risks associated with the company; managers are exposed to the total risk of the company, not just the systematic risk. Regardless of why the firm fails, the managers are out of a job. Consequently, managers are likely to make decisions based on the total risk of a venture whereas shareholders would prefer managers to consider only the systematic risk.

Now, recall that we said financial theory predicted that hedging would not improve firm values if all it did was to reduce the variance of the firm’s cash flows because investors could do this on their own through diversification. However, reducing the total variance of firm cash flows may be very important for managers who, unlike investors, cannot diversify away the risks associated with certain business ventures. By letting managers eliminate these risks through hedging, the shareholders need not worry about managers rejecting projects that are very profitable based on their systematic risk exposures but unlikely to be undertaken unless managers can hedge the unique risks to protect their jobs and the company in the event of a “bad draw.” Such hedging costs the public shareholders nothing in terms of expected returns on the hedged project and also doesn’t affect the systematic risk. However, by reducing the consequences of project failure for management, a project which would have been discarded without the knowledge of public shareholders is now undertaken. Hedging has effectively reduced agency costs and increased the market value of the company even though the project’s systematic risks and expected rate of return are unaffected.

Risk management strategies are used in conjunction with managerial performance evaluation and compensation systems to separate financial outcomes under management control form those not under their control. For example, suppose you are a large institutional investor who owns stock in Wadco Enterprises. Wadco manufactures circuit boards in Thailand and sells them to U.S. companies. Wadco costs are in Thai baht and its revenues in dollars. Wadco has an executive compensation program with bonuses tied to operating cash flows measured in U.S. dollars. Now, suppose the Thai baht substantially depreciates against the dollar. With costs denominated in Thai baht and revenues in dollars, Wadco’s

38


Thai division will report very high profits as a result of the Thai devaluation. However, should the mangers of Wadco be paid a bonus for this performance? What control did they have over the devaluation of the baht? Suppose the baht had appreciated instead of depreciated? Should the managers of Wadco be penalized for this outcome?

A widely held opinion is that Wadco management bonuses should not be affected by unexpected exchange rate movements because managers had no control over these events. Bonuses and performance evaluations should be based only on outcomes over which managers have control. So, by having Wadco managers hedge the exchange rate exposures, stockholders, like the large institutional investors, can focus management attention on things management can control, such as production, marketing and sales. Furthermore, by requiring managers to hedge the exposures, shareholders make it more difficult for management to claim that poor performance was caused by events outside of their control.

Using Risk Management to Improve Decision Making and Capital Budgeting

Substantial volatility from quarter-to-quarter and year-to-year in operating cash flows and net income makes it difficult to evaluate the fundamental performance of a company and divisions or other units within the company. The noise introduced into these measures by volatile commodity prices, exchange rates and interest rates can be removed through risk management strategies that minimize cash flow and income variability. Removing the noise improves decision making by providing higher quality information on fundamental performance, especially across divisions, product lines and geographic locations. This higher quality information makes it easier to decide how to allocate funds within the firm and may increase the “trust” of competing managers in the capital allocation process.

Risk management can also be used to protect against disruptions in implementing a capital budget by ensuring that substantial shortfalls in internally generated funds do not occur as a result of unexpected price movements. Normally, firms would have a capital budget in place along with a plan to finance the expenditures. By hedging commodity price, exchange rate and interest rate exposures, firms can better plan both the capital expenditures and the funding arrangements.

39


Risk Management and Dividends

Do dividends (like capital structure) matter? Miller and Modigliani (1961) said no; but, of course, this claim is true only for perfect capital markets. Since then, an extensive body of literature has shown that dividends do matter – especially if dividends are cut. So, by stabilizing cash flows, risk management makes it possible to maintain cash dividends and smooth out the dividend cash flow stream. To the extent that dividend policy and investment policies (capital budgeting) are not independent of each other, risk management designed to stabilize dividend payments is really stabilizing the total cash flow stream available for investment and dividend payments.

Note that while stabilizing the cash flows available for investment and distribution to owners as cash dividends is important for all firms, it is especially important for firms with public shareholders. This stabilization of dividend payments is needed to communicate information about future investment returns, dividend payments and the financial health of the company to all the firm’s stakeholders.

For example, the customers of companies that develop software programs for proprietary use want to be sure the developer will be around to supply second and third generation products and to service the existing systems. Consequently, these customers monitor the cash flows, stock prices and dividends of the suppliers to assess the supplier’s financial health and ability to develop new products. Dividends, therefore are important for maintaining a company’s competitive position in its product markets as well as for providing shareholders with an adequate return on their investment.

40


Summary and Conclusions

Risk management is presented in the finance literature as a cure for market imperfections. These imperfections arise out of conflicts of interest among stakeholders seeking to advance their own interests in the presence of informational asymmetries and distortions introduced by taxes, transaction costs and legal systems. Implicitly or explicitly, the objective of risk management is stated as maximizing the wealth of the existing owners of the firm who, in a perfect world, are assumed to be efficiently diversified investors concerned only with the expected return and non-diversifiable risk of their investments. In finance, then, the existence of risk management is tied directly to the governance issues of how investors monitor, control and compensate managers so as to protect their investments in the company.

From a social welfare perspective, however, risk management makes a major contribution with respect to preserving the firm as a social welfare organism. This organization does not exist solely for the benefit for the shareholders but is part of a larger scheme designed to achieve a set of political objectives which vary from one country to the next but generally regard the corporation as serving more than the needs of its owners. The role of the shareholders is to ensure that managers do not waste economic resources within the overriding social responsibility functions of the firm. Hence, accepting a broad definition of corporate governance focused on how society is organized with economic efficiency objectives being important, but not supreme, dominates the market imperfection arguments of financial economists for risk management. Firm survival and continuity is important for societal reasons and risk management assists in this task.

This broader perspective on risk management should be the one that informs the regulation of risk management products and markets. While regulation should discourage speculative abuses, it should also recognize the economic efficiency and growth objectives that are enhanced by having risk management products.

41


42


43


44


45


46


47


48


49


50


51


52


53

Total Risk Management

Documents

Transcript of Total Risk Management