Risk and Risk Management:
1).The nature of risk:
Risk is usually associated with the possibly that things might go wrong,that events turn out worse than expected or that something bad might happen.However,risk has a broarder meaning.Risk exists whenever a future outcome or future event cannot be predicted with certainity,and a range of different possible outcomes or events might occur.
Risks can be divided into two categories:
-
Pure Risks(downside Risk)
-
Speculative Risk(two-way risk)
Pure Risk(downside risk):
-
Pure risk,also called downside risk,is a risk where there is a possibility that an adverse event occur.Events might turn out to be worse than expected but they cannot be better than expected.For example,there might be a safety risk that employees could be injured by an item of machinery.This is a pure risk because the expectation is that noone will be injured but a possibility does exist.Similarly might be a risk for a company that key workers will go on strike and the company will be unable to provide its goods or services to customers.This is a pure risk because the expected outcome is no strike but the possibility of a strike does exist.
Speculative Risk(two-way risk)
Speculative risk also called two-way risk,exist when the actual future event or outcome might be either better or worse then expected.
-
An investor in shares is expected to a speculative risk,because the market price of the shares might go up or down.The investor will gain if price go up and suffer a loss if prices go down.
-
An individual might ask his bank for a loan to buy a house and the bank might offer him a 10 year at a fixed rate of interest or at a rate of interest thet varies with changes in the official bank rate.The individual takes a risk with his choice of loan.If he chooses a fixed interest loan,there is a risk that interest rates will go up in the next 10 years,in which case he will benefit from the fixed rate on his loan.On the other hand,interest rates might go down and he might find that he is paying more in interest than he would have done if he had arranged a loan at a variable rate of interest.
-
Companies face two-way risk whenever they make business investment decisions.For example a company might invest in the development of a new product on the basis of sales and profit forecasts.Actual sales and profit might turnout to be higher or lower than forecast,and the investment might provide a high return,moderate return or low return(or even a loss).
Companies face both pure risks and speculative risks.
-
Pure risks are risks that can often be controlled either by means of internal controls or by insurance.These risks might be called introl risks or operational risks.
-
Speculative risks cannot be avoided because risks must be taken in order to make profits.As a general rate,higher risks should be justified by the expectation of a higher profits(although events might turn out worse then expected) and a company needs to decide what level of speculative risks are acceptable.Speculative risks are usually called business risk,and might also be called strategic risk or enterprise risk.
2). The nature of risk management:
Risk management is the process of managing both downside risks and business risks.It can be defined as the culture,structures and processes that are focused on achieving possible opportunities yet at the same time control unwanted results.
This definition identifies the connection between risk and returns.
-
The safest strategy is to take no risks at all.However,this is an unrealistics business strategy.All business activity involves some risk.
-
Business decisions should be directed towards achieving the objectives of the company.The main objective is (usually) to increase value for shareholders over the long-term.
-
The strategies are implemented and management should try to achieve the stated objectives performance targets,but at the same time should manage the downside risks and try to limit the business risks.
3). Responsibilities for risk Management:
Risk Management is a corporate governance issue.The board of directors have a responsibility to safeguard the assets of the company and to protect the investment of the shareholders from loss of value.The board should therefore keep strategic risks within limits that shareholders would expect and to avoid or control operational risks.The cadbury report(1992) described risk management as the process by which executive management under board supervision,identifies the risk arising from business...and establishes the priorities for control and particular objectives.The UK Code states that:"the board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives" and that "the board should maintain sound risk management and internal control systems".
a). ICGN Corporate Risk Oversight Guidelines:
The international corporate governance network (ICGN) has issued guidelines on responsibilites for the oversight and management corporate risk(2010).
-
The risk oversight process begins with the board.The board is responsible for deciding the company's risk strategy and business model,and it should understand and agree the levelof risk that goes with this.It should then have oversight of the implementation by management of a strategic and operational risk management system.
-
Shareholders have responsibility for assessing the effectiveness of the board in overseeing risk.Investors are not themselves responsible for the oversight of risk in the company.
-
Management has the responsibility for developing and implementing the company's strategic and routine operational risk management system,within the strategy set by the board and subject to board oversight.
The ICGN Guidelines prove guidance on processes for the oversight for corporate risk by the board and within the company,for investor responsibility and for disclosures by a company on its risk management oversight processes.
b). Risk Management and Internal Control:
The UK Code states that"the board should,atleast annually conduct a review of the effectiveness of the company's risk management and internal control systems and should reports to shareholders that they have done so."This review is likely to be carried out by the audit committee which should then report its findings to the full board.This means that the responsibilities of the board of directors and management for risk management are the same as their responsibilities for the system of internal control.
Turnbull Guidance stated that in deciding the company's policies with regard to internal control,the board should consider:
-
the nature and extent of the risks facing the company.
-
the extent and categories of risk which it considers as acceptable for the company to bear.
-
the likelihood that the risks will materialise(and events will turn out worse than expected).
-
the company's ability to reduce the probability of an adverse event occuring or reducing the impact of an adverse event when it does occur.
4). Elements of a risk management system:
The elements of a risk management system should be similar to the elements of an internal control system:
-
There should be a culture of risk awareness within the company.Managers and employees should understand the risk appetite of the company and that excessive risks are not justified in the search for higher profits.
-
There should be a system and processes for identifying,assessing and measuring risks.When risks have been measured,they can be prioritised,and measures for controlling or containing the risk can be made.
-
There should be an efficient system of communicating information about risk and risk management to managers and the board of directors.