ACCA P1 | Governance, Risk and Ethics

Notes
ALARP
In many businesses, the focus will be on reducing risks rather than eliminating them. This
raises the issue of the extent to which managers will seek to reduce risks. The general principle
is that the higher the level of risk, the less acceptable it is.

However, many risks cannot be eliminated. Many companies undertake hazardous activities
that could result in an injury or loss of life (such as in oil rig, farm or factory). These risks cannot
be avoided but can be reduced to an acceptable level by incurring costs installing protective
shields, issuing safety equipment such as hats and protective glasses.

The fact that certain risks cannot be avoided doesnt mean that companies become
complacent; instead they ought to manage certain controls to reduce the probability of the risks
materializing.

Judgement will be involved in deciding on what risks are as low as reasonably practicable. It
could be that new control systems can reduce risks further, but may be judged as far too
expensive. This result in the risks considered as low as reasonably practicable may well be
compromised.

It is financially and operationally impracticable to avoid certain risks such as health and safety
risks in mining company or market volatility risks in a stock trading company.

Importance of accurate risk assessment

Following is the importance of accurate risk assessment

Firstly, underestimated risks may mean that inadequate risk management processes have
been employed to address them.

Secondly, exaggerated risks may mean unnecessary costs have been put in to address them.

Governments and legislator require risk assessments in number of areas (EU requires
companies to carry out risk assessments regarding health and safety, product liability and
finance)

Number of stakeholders may be concerned with the adequacy of the risk assessment. If they
are dissatisfied, then this could have an impact on the company.

Inaccurate risk assessments may bread fear and mistrust among the shareholders and
stakeholders.
 ACCA P1 | Governance, Risk and Ethics
Notes

Likelihood/Consequence Matrix (TARA Framework)

1. Accept
A risk acceptance strategy involves taking limited or no action to reduce the exposure to risk
and would be taken if the returns expected from bearing the risk were expected to be greater
than the potential liabilities. Some businesses will accept risks as they want to receive potential
returns. However others will be accepted because there is nothing that can be done about
them. In this case the organization must know the potential costs and the probability of the risk
occurring.
For example, if a profitable product has a high return rate, costing the company warranty and
refund costs, they may decide that it is worth putting up with these costs as they want to earn
the profits from the product.

2. Transfer
This means passing the risk on to another party which in practice means an insurer or business
partner such as a supplier or a customer.

3. Reduce
A risk reduction strategy involves seeking to retain a component of the risk (in order to enjoy
the return assumed to be associated with that risk) but to reduce it and thereby limit its ability
to create liability.
- Primarily through Internal controls
- Lesser of the activity which causes risk

4. Avoid
Not engage in the activity or area in which the risk is incurred. Some risks can be totally
avoided. If a business has identified that opening a subsidiary in a foreign country appears to be
high risk, then not opening the subsidiary solves the problem. However, to totally avoid a
business opportunity is often a rather extreme reaction as the company avoids the risk
and the potential returns. If no risks are taken, the chance of returns being earned is
small.