Risk Management 1

Risk Management

Student’s name

University Name

m
o
.c
ay
ss
eE
lu
Va
 Risk Management 2

Table of Contents

Executive Summary…………………………………………………………………………………………………………………1

IT technology that is Used for Risk Management…………………………………………………………………….2

Recommendations to Aztek Management System………………………………………………………………….3

m
Government and Industrial Regulation on the Financial Serving Sectors………………………………..4

o
Examples of Best Government Regulations………………………………………………………………………..…..5

.c
IT Security Policies and Procedure………………………………………………………………………………………….6

ay
Standards Set Up for the Information Control…………………………………………………………………….....7

Threats, Vulnerabilities and Consequences derived from an IT control framework……………….8

ss
Industrial Risk Recommendations for the Finance Sector………………………………………………….…..9

Risks the financial sectors have to carry for the data security……………………………………………….9
eE

References…………………………………………………………………………………………………………………………..10
lu
Va
 Risk Management 3

Executive Summary

Safety is one of the topmost priorities of any organization. Risk management is a compliance issue and

often it is solved by making the rules that the employees needs to follow. By investing the right money

in risk management the organization can safeguard from a big failure at the time of crises or disaster.

m
In this case study we are going to represent how the risks can be handled through the rule-based model

and by applying other alternative approach. By a proper strategy formation and implementation

o
process, the risks of an organization can be minimized. But there are non-preventable risk also that

.c
arises externally due to their applied strategy and operations.

Before making a risk management system, the first thing is to understand what the kind of risk the

ay
organization is facing is. After deeply researching and analyzing, we came to know that risks can be

divided into different categories:

ss
Preventable Risks: There are many internal risks that arise within the organization and they are under

the control. Let’s better understand it by taking an example. The inappropriate actions taken by the
eE

management can arise the risks between the employers. For the unauthorized, unethical and incorrect

actions, risks are need taken. The companies should have a zone of tolerance for the errors and if the

companies achieve the avoidance level, the chances of risks are very high and would be too costly for
lu

the company to bear. By taking another example, the things will be more clear and understandable.
Va

There is an employee in your company who is bribing the local official for producing short term profits

for the organization, but if we see the things for a long term, the value of company is getting degraded

by such actions.
 Risk Management 4

All these risks can be controlled by keeping a proper monitoring over the employees and by guiding the

employees with the proper norms for the behavior and decision that needs to be followed while

working in an organization.

m
Strategy Risks: The strategy risks are being adopted by the companies for getting good returns. For

example the banks take the credit risks at the time of giving loans to the customer. By applying a

o
strategy the companies takes the risks and it helps in making them gain potential. The risks are never

.c
managed through the rule-based model; instead the risk management system is being designed for

reducing the probability of risks and for making the companies gain the confidence to take higher

amount of risks.
ay
ss
External Risks: There are other risks which are out of control and are too difficult to manage. These risks

are natural, political disasters and other macroeconomic shifts. As these events are not in the hands of
eE

the company, only the companies can safeguard by focusing on the key identification and by mitigation

of the impact.
lu

With a compliance-based approach the risks can be effectively managed and can be prevented. By
Va

applying different strategies according to the categories, the risk management process can be made

more boastful. By doing distinct research we came to know that “one size doesn’t fits all” and every

risks require different risk management function.

 Risk Management 5

As the financial crises are getting high, the companies have started giving attention over the risk

management. You can see a change in the formal procedures of the companies except the financial

companies. In many cases, risk management is considered to be a responsibility of only managers and

upper staff. According to the risk governance standards, the companies are focusing on conducting the

m
audit and control functions and mainly on the risks regarding the financial conditions. But, the attention

o
of the companies must be towards both financial and non-financial risks for the streamline functioning

of the work process.

.c
IT technology that is Used for Risk Management
ay
ss
eE

The traditional business has become modernized due to the advancement in the technologies. With the

aid of these hi-tech technologies, we are able to do the work faster with much more reliability and

proficiency. With the ease of broadband and internet facilities, we are able to do all the financial work
lu

with the aid of online payment system. Also with the advancement in mobile technology, we can do the

contactless payment through the applications that has enable us to reach the customer more quickly.
Va

With the aid of modern technologies only, the companies are able to handle the big data safely. The loss

of data, attack of cybercrimes or hackers has increased nowadays because of the advance IT

technologies. If in the case, on any financial institute the hackers attack and the company has not taken

the security of risk management, then automatically the customers will distrust the company and

moreover the sharevalue of the specific company will get degraded in a period of time. The reputation
 Risk Management 6

of the company in the market will also get lost and it will be highly embarrassing as the company was

not able to secure its private and confidential data.

o m
.c
ay
ss
Recommendations to Aztek Management System
eE

As we know that Aztek is a financial company operating from Australia. The risk in the financial sectors is

the highest as compared to the other business operations. By applying these strategies the finance
lu

institutions can overcome the risk factor. Transferring risks to other participants or by simply following

the business practices, the risk can be avoided. If you can handle the risk at a firm level, then also you
Va

can lower the chances of risk. The most common risk avoiding activities are underwriting standards,

hedges or asset liability matches, reinsurance and diligence i nvestigation. The risk should be handled

only to an optimum level that can be absorbed by the system. Too much high taking risk can lead you to

total loss of the business. In the operational risks, the firm can ask for the risks facilities in the case of

fraud, lack of control, managerial limitations and oversight failure. While if any financial company
 Risk Management 7

continuously tries to avoid the risk-activities, then the profitability in the business activity will also get

lower. The financial firms can communicate the level of efforts for reducing the risks between the

shareholders and for justifying the cost.

In the financial sector the risk are divided into five categories. We will discuss each one of them in

briefly.

m
Systematic Risk: The systematic risks are the least one to get bother about. The systematic risks arise

o
when the economic condition of a country changes. It may result in an increase of interest, change in

.c
the value of asset or anything else. If there is a change in the energy prices, then the real est ate values

and stock prices changes. Large scale weather can also affect the financial sector.

ay
Credit Risk: Credit risks arise from the debtor non-performance. Due to the inability to perform in the

precommitted or contract, it can affect the lender who underwrote the agreement, lenders of creditor
ss
and debtor shareholder. The credit risk responsibility cannot be blamed to a single person, it is being

diversified. Most importantly, it is a risk that has arises only due to the systematic risk.
eE

Counterparty Risk: Due to the performance issue of the trading partner, the counterparty risk arises. The

performance issue in partner is due to the some political, social or systematic factors. Through the

diversification the non-systematic risks associated with the trading can be limited.
lu

Operational Risk: The problems that is associated with delivery of trades, settling and accuracy
Va

processing. Apart from it, due to lack of concentration in record keeping, system failures or by

complying with the various regulations, the operational risks arises. For the companies, these silly errors

can turns out into a high cost outcomes.

 Risk Management 8

Legal Risks: While signing the financial contract, there is credit, operational and counterparty risks. In

the case of bankruptcy, the legal risks have to be taken. Adjacently, through the fraud, a violation of law

and due to other harmful activities the legal risks comes into play.

To a level of extend all the financial institutions have to face all these types of risks. The agents in the

financial sectors have to face the problems of operational risks.

m
Government and Industrial Regulation on the Financial Serving Sectors

o
Government regulation has affected the financial serving sector in a number of ways. Depending upon

.c
the nature of regulation the workload for the people in the financial services increases and it takes due

time and effort that the new regulation is being correctly adapted. The government regulations can

ay
benefit the finance industry for a long-term. The Securities and Exchange Commission (SEC) regulates

the securities market and it is always ready to protect the investors from the fraud and
ss
mismanagement. The SEC takes great efforts to make the investors feel safe while doing the investment

and also it provides the stability to the financial companies. (Froot & Stein, 1992)
eE

The regulation doesn’t have a positive effect always. In many cases, it is also making the financial

condition instable. For example, the Environmental Protection Agency (EPA) assist the new companies

to buy the expensive processes and equipment that will be more eco-friendly for the environment. The
lu

companies have no other options for cutting up the cost and they make the payments from the
Va

customers by increasing the product cost. Therefore, the environmental regulations are always in

controversy. At the time of financial crises in the year 2007-2008, the troubled asset relief program run

by United States Treasury gives the authorities to inject billions of dollars into the U.S. financial system

for stabilizing the financial situation. At many times, a quick and active action is required at the extreme

crises time for preventing it from a complete financial collapse. Too many regulations can lead to

eliminate the innovation which results in driving up the cost. While, if there are only a few regulations,
 Risk Management 9

then it leads to mismanagement and corruption. The impact of a government regulation cannot be seen

in a day, it’s a long-term and far-profit reaching business strategy.

Examples of Best Government Regulations:

The Sarbanes-Oxley Act was passed by the Congress in the year 2002 in the response of multiple

m
financial scandals that involves large conglomerates such as Enron and WorldCom. Through this act, the

senior management has to provide the accurate financial statements. Internal control over the

o
companies was also established for preventing the fraud and abuse. After the implementation of this

.c
regulation, people feel safer in the financial services and it overall improve the corporate investment.

At the time of financial crises situation, the SEC has give help to the major investment bank by providing

ay
net capital requirement that makes them allow to carry the significant debt rather than what the equity

they have.
ss
IT Security Policies and Procedure

The government has made various policies and processes. These policies are important for giving
eE

assurance to the funders, auditors and regulators. There are a number of guidelines that are beneficial

to you if in case you are working on the confidential and private data.
lu

Policies and Regulations: The first policy is access control policy that gives you the access to the IT

resources. Second one is application control policy through which you can use the applications on the
Va

network. The third one is anti-virus policy. The ant-virus is mandatory to be installed in all LSE owned

computers and personal devices. For the overall safety of the data from the open online world and for

the data recovery, anti-virus is a must to be installed. There is electronic messaging policy that depicts

all the rules and considerations for the email systems which includes sending confidential data. As we

are getting digitalized, the password is a must to setup, but creating a strong password is essential so
 Risk Management 10

that the hackers are not able to crack it. In a month, do change the password also for tightening the

security. (Trippi and Turban, 1992)

There are other policies of also of monitoring, network connection, payment card, DSS information

security, users account, email address conventions, encrypted authentication, IT user account, laptop

encryption policy and many others.

m
While if we are talking about the procedures, the procedures are AV recording guidelines, virus

o
outbreaks on campus public area workstations, log duration, non-standard user account expiries and a

.c
few more for making your data secure during all the audio, video and transaction process. There is a

template transcriber non-disclosure agreement also that make the third party transcribers to sign an

agreement engaging in it.

ay
The entire financial service providers have to fill the application for using the IT facilities. Also a checklist
ss
is required to be signed by the line managers that makes ensure that all the things are correctly done.

For accessing someone else data, a separate request to access form is required to be filled by the user.
eE

Standards Set Up for the Information Control:

Unauthorized Use of Software: All the software installed in the personal computer that is being use must
lu

have licensed software which is being verified by the information security officer or they must have a

license agreement.
Va

Installed Software: All the software that are installed on the computer must have licensing agreement

and must comply with the software policies.

Virus Protection: The virus checking system which is being approved by Information Security officer

must be deployed. A multi-layer approach is required so that all the files, folders are being scanned for

the virus.
 Risk Management 11

Access Control: Through the physical and electronic access, the confidential information is being top-

notch secured. A number of security measures are being instituted by the IT department.

Data Authentication: The financial organization must be able to provide the corroboration that the

confidential information is never being misused. The digital signature, double keying, message

authentication codes are the various sources to check the authentication of data.

m
Remote Access: Confident information that is being accessed remotely must maintained the same level

o
of protection as the information is stored within the network.

.c
Emergency Access: When the owner is not able or the systems are being locked, the IT department has

set up a mechanism for the emergency access. The process of authorization, implementation and

ay
revocation are being processed on in the case of emergency.

Information Disposal: The CD ROM disks must be broken after transferring the information in the PC and
ss
the CD must be discarded into two halves.

Threats, Vulnerabilities and Consequences derived from an IT control framework

eE

The measure of an IT risk can be said as a product of the threat, vulnerability and asset values.
lu

Risk= threat * Vulnerability * Asset

Va

According to the Risk IT framework, the threats, vulnerability and consequences not only gives

negative impact on the operations but also destroy the reputation of an organization. With the aid of

advanced technologies, not only you can advance the growth of the business but overall the late

delivery or overspending can be highly reduced. RE2 risk analysis has an objective to develop useful

information that supports the decision of risk. Another one is RE1 that collects the data from the
 Risk Management 12

external environment for identifying the risk factors. The ISO/ IEC 27002: 2005 code of practice for the

information security management has to examine the security policy, asset management, human

resource security, physical and environment security, access control, business community management ,

information security incident management, regulatory compliance and others during the risk

assessment. During the risk identification, the threats, consequences, existing security measures and

m
business processes are being seen for identifying the reasons of lost. The e stimation of the risk can be

made by two types. One is the quantitative and other is qualitative. For example, in case of a theft of

o
laptop, not only the valuable laptop gets lost but also the data that was inside it also get lost. The

.c
reputation of the company is in the hands of the theft. It is a quantitative approach. The quantitative

measure is a three to five steps evaluation that is performed in a short time for meeting the

ay
requirements of a small budget. The qualitative risks are performed for a shorter time period and with

the less data.

ss
The risk estimation is being divided into the following steps:

The assessment of consequences through the valuation of assets.

eE

The assessment of the likelihood of an incident.

Assign the values of likelihood and the consequences of the risk.

lu

Industrial Risk Recommendations for the Finance Sector:

Va

Privacy of the data is very much important in today’s world. On a regular basis the financial institutes are

getting the data of personal and confidential information about the user. It includes the details of the

payment card, bank information, password, debit or credit card pin number. All these essential

information needs to be fully protected and safeguard by the financial organization such as banks. For

maintaining that the data is secure and private, the companies need to be flexible in sharing the data
 Risk Management 13

with the technological departments or with the other departments. Despite having spent millions of

dollars in buying the most expensive software and technology, still the re remains a loop-hole in the data

protection and privacy.

There are three different methods through which the data privacy can be made stronger:

m
Adopting the technology: Simplify the data and protect it. It will control the huge expenses of wasting

money on new technologies that are not much reliable. With the usage of cloud computing platform

o
also, you can secure the data, as it is a hybrid system that is built on open-source technology. With the

.c
usage of smartphones you can also provide cyber security to all your digital devices. Make use of

identification technology and access the management solutions for building the trust and reliability.

ay
Regulatory: The government should focus on the breach notification and law enforcement. There should

be harmonization of data protection standards across all the regions. Apart from it, adapt the privacy
ss
laws for the regulatory of laws.

Migrating to a New Technology of IPv6: Internet protocol version 6 is the most recent version of internet
eE

protocol. IPv6 supports the globally unique IP addresses by which any activity can be easily tracked up.

The design of IPv6 is being made so that each device in the network has an unique address that is

globally reachable from any other location of the internet. The network layer security is a plus point and
lu

all the data are within a network. The packet headers and process of packet forwarding is being
Va

simplified in the IPv6 that makes it easy for the data to travel from one router to another router.

Upgraded Applications: For the cross channel optimization and for managing the risks and regulatory

compliance, the use of upgraded applications is cost effective and secure. The applications created by

the financial sectors are integrated with the Google, so that you can see the notif ications and alerts after
 Risk Management 14

doing the payment or whenever your account is being credited. It is a much reliable thing and

trustworthy thing.

Cardless cash withdrawal: The customers can easily send the money to any location without any card, as

the technology has advanced and make the bank accounts connected with the mobile number, so that

you can easily received a secure 3D pin number that only the mobile user can see and do the

m
transactions.

o
iMobile: The customers can also use the iMobile for updating the passbook, applying for home loans,

.c
EMI schedule, instant utility payment, transactions from the PPF account or for knowing the recent

transactions.

ay
Risks the financial sectors have to carry for the data security:
ss
Security of the highly confidential data is very difficult as the online business is growing and evolving

more. The threats of getting the data leak or misuse of information are also getting more viral.
eE

Protecting the customer data is the first and primary concern of all the finance, banking and insurance

sectors. All these three sectors have very much critical data that needs to be very carefully and critically
lu

handled in a safe and secure environment. All the customers details such as bank account number,

password, username etc are saved in the large excel sheets. But, nowadays the excel sheets are also not
Va

considered as a safe place to keep such a highly important data. Any person who has the login details of

the PC can view the entire excel sheets and can also make the changes inside it. It would be too difficult

to the financial employers to find which the accurate data is if they don’t have a proper back-up over

any other thing.

 Risk Management 15

There are many technological solutions available in the market through which you can secure the

database. Not only the data will get protected from the hackers and cybercrimes, but also when the

data is at a digital platform, then it is always easy to use. Any query of the customer can be easily

resolved if you have a good and accurate database that is up to the pe rfection. Through the corporate –

wide email archive you can also secure the data. Apart from it, always use the latest technology that is

m
having the latest version for making the things flow in a correct, smooth line and on a secure way.

(Walker, 2009)

o
References:

.c
Froot, K. A., & Stein, J. C. (1998). Risk management, capital budgeting, and capital structure policy for

ay
financial institutions: an integrated approach. Journal of financial economics, 47(1), 55-82.

Froot, K. A., Scharfstein, D. S., & Stein, J. C. (1993). Risk management: Coordinating corporate
ss
investment and financing policies. the Journal of Finance, 48(5), 1629-1658.

Lyman, T. R., Pickens, M., & Porteous, D. (2008). Regulating transformational branchless banking: Mobile
eE

phones and other technology to increase access to finance.

Trippi, R. R., & Turban, E. (1992). Neural networks in finance and investing: Using artificial intelligence to
lu

improve real world performance. McGraw-Hill, Inc..

Walker, D. (2009). A review of corporate governance in UK banks and other financial industry entities.
Va
 Risk Management 16

mo
.c
ay
ss
eE
lu
Va