Академический Документы
Профессиональный Документы
Культура Документы
Risk Management
Student’s name
University Name
m
o
.c
ay
ss
eE
lu
Va
Risk Management 2
Table of Contents
Executive Summary…………………………………………………………………………………………………………………1
m
Government and Industrial Regulation on the Financial Serving Sectors………………………………..4
o
Examples of Best Government Regulations………………………………………………………………………..…..5
.c
IT Security Policies and Procedure………………………………………………………………………………………….6
ay
Standards Set Up for the Information Control…………………………………………………………………….....7
Risks the financial sectors have to carry for the data security……………………………………………….9
eE
References…………………………………………………………………………………………………………………………..10
lu
Va
Risk Management 3
Executive Summary
Safety is one of the topmost priorities of any organization. Risk management is a compliance issue and
often it is solved by making the rules that the employees needs to follow. By investing the right money
in risk management the organization can safeguard from a big failure at the time of crises or disaster.
m
In this case study we are going to represent how the risks can be handled through the rule-based model
and by applying other alternative approach. By a proper strategy formation and implementation
o
process, the risks of an organization can be minimized. But there are non-preventable risk also that
.c
arises externally due to their applied strategy and operations.
Before making a risk management system, the first thing is to understand what the kind of risk the
ay
organization is facing is. After deeply researching and analyzing, we came to know that risks can be
the control. Let’s better understand it by taking an example. The inappropriate actions taken by the
eE
management can arise the risks between the employers. For the unauthorized, unethical and incorrect
actions, risks are need taken. The companies should have a zone of tolerance for the errors and if the
companies achieve the avoidance level, the chances of risks are very high and would be too costly for
lu
the company to bear. By taking another example, the things will be more clear and understandable.
Va
There is an employee in your company who is bribing the local official for producing short term profits
for the organization, but if we see the things for a long term, the value of company is getting degraded
by such actions.
Risk Management 4
All these risks can be controlled by keeping a proper monitoring over the employees and by guiding the
employees with the proper norms for the behavior and decision that needs to be followed while
working in an organization.
m
Strategy Risks: The strategy risks are being adopted by the companies for getting good returns. For
example the banks take the credit risks at the time of giving loans to the customer. By applying a
o
strategy the companies takes the risks and it helps in making them gain potential. The risks are never
.c
managed through the rule-based model; instead the risk management system is being designed for
reducing the probability of risks and for making the companies gain the confidence to take higher
amount of risks.
ay
ss
External Risks: There are other risks which are out of control and are too difficult to manage. These risks
are natural, political disasters and other macroeconomic shifts. As these events are not in the hands of
eE
the company, only the companies can safeguard by focusing on the key identification and by mitigation
of the impact.
lu
With a compliance-based approach the risks can be effectively managed and can be prevented. By
Va
applying different strategies according to the categories, the risk management process can be made
more boastful. By doing distinct research we came to know that “one size doesn’t fits all” and every
As the financial crises are getting high, the companies have started giving attention over the risk
management. You can see a change in the formal procedures of the companies except the financial
companies. In many cases, risk management is considered to be a responsibility of only managers and
upper staff. According to the risk governance standards, the companies are focusing on conducting the
m
audit and control functions and mainly on the risks regarding the financial conditions. But, the attention
o
of the companies must be towards both financial and non-financial risks for the streamline functioning
.c
IT technology that is Used for Risk Management
ay
ss
eE
The traditional business has become modernized due to the advancement in the technologies. With the
aid of these hi-tech technologies, we are able to do the work faster with much more reliability and
proficiency. With the ease of broadband and internet facilities, we are able to do all the financial work
lu
with the aid of online payment system. Also with the advancement in mobile technology, we can do the
contactless payment through the applications that has enable us to reach the customer more quickly.
Va
With the aid of modern technologies only, the companies are able to handle the big data safely. The loss
of data, attack of cybercrimes or hackers has increased nowadays because of the advance IT
technologies. If in the case, on any financial institute the hackers attack and the company has not taken
the security of risk management, then automatically the customers will distrust the company and
moreover the sharevalue of the specific company will get degraded in a period of time. The reputation
Risk Management 6
of the company in the market will also get lost and it will be highly embarrassing as the company was
o m
.c
ay
ss
Recommendations to Aztek Management System
eE
As we know that Aztek is a financial company operating from Australia. The risk in the financial sectors is
the highest as compared to the other business operations. By applying these strategies the finance
lu
institutions can overcome the risk factor. Transferring risks to other participants or by simply following
the business practices, the risk can be avoided. If you can handle the risk at a firm level, then also you
Va
can lower the chances of risk. The most common risk avoiding activities are underwriting standards,
hedges or asset liability matches, reinsurance and diligence i nvestigation. The risk should be handled
only to an optimum level that can be absorbed by the system. Too much high taking risk can lead you to
total loss of the business. In the operational risks, the firm can ask for the risks facilities in the case of
fraud, lack of control, managerial limitations and oversight failure. While if any financial company
Risk Management 7
continuously tries to avoid the risk-activities, then the profitability in the business activity will also get
lower. The financial firms can communicate the level of efforts for reducing the risks between the
In the financial sector the risk are divided into five categories. We will discuss each one of them in
briefly.
m
Systematic Risk: The systematic risks are the least one to get bother about. The systematic risks arise
o
when the economic condition of a country changes. It may result in an increase of interest, change in
.c
the value of asset or anything else. If there is a change in the energy prices, then the real est ate values
and stock prices changes. Large scale weather can also affect the financial sector.
ay
Credit Risk: Credit risks arise from the debtor non-performance. Due to the inability to perform in the
precommitted or contract, it can affect the lender who underwrote the agreement, lenders of creditor
ss
and debtor shareholder. The credit risk responsibility cannot be blamed to a single person, it is being
diversified. Most importantly, it is a risk that has arises only due to the systematic risk.
eE
Counterparty Risk: Due to the performance issue of the trading partner, the counterparty risk arises. The
performance issue in partner is due to the some political, social or systematic factors. Through the
diversification the non-systematic risks associated with the trading can be limited.
lu
Operational Risk: The problems that is associated with delivery of trades, settling and accuracy
Va
processing. Apart from it, due to lack of concentration in record keeping, system failures or by
complying with the various regulations, the operational risks arises. For the companies, these silly errors
Legal Risks: While signing the financial contract, there is credit, operational and counterparty risks. In
the case of bankruptcy, the legal risks have to be taken. Adjacently, through the fraud, a violation of law
and due to other harmful activities the legal risks comes into play.
To a level of extend all the financial institutions have to face all these types of risks. The agents in the
m
Government and Industrial Regulation on the Financial Serving Sectors
o
Government regulation has affected the financial serving sector in a number of ways. Depending upon
.c
the nature of regulation the workload for the people in the financial services increases and it takes due
time and effort that the new regulation is being correctly adapted. The government regulations can
ay
benefit the finance industry for a long-term. The Securities and Exchange Commission (SEC) regulates
the securities market and it is always ready to protect the investors from the fraud and
ss
mismanagement. The SEC takes great efforts to make the investors feel safe while doing the investment
and also it provides the stability to the financial companies. (Froot & Stein, 1992)
eE
The regulation doesn’t have a positive effect always. In many cases, it is also making the financial
condition instable. For example, the Environmental Protection Agency (EPA) assist the new companies
to buy the expensive processes and equipment that will be more eco-friendly for the environment. The
lu
companies have no other options for cutting up the cost and they make the payments from the
Va
customers by increasing the product cost. Therefore, the environmental regulations are always in
controversy. At the time of financial crises in the year 2007-2008, the troubled asset relief program run
by United States Treasury gives the authorities to inject billions of dollars into the U.S. financial system
for stabilizing the financial situation. At many times, a quick and active action is required at the extreme
crises time for preventing it from a complete financial collapse. Too many regulations can lead to
eliminate the innovation which results in driving up the cost. While, if there are only a few regulations,
Risk Management 9
then it leads to mismanagement and corruption. The impact of a government regulation cannot be seen
The Sarbanes-Oxley Act was passed by the Congress in the year 2002 in the response of multiple
m
financial scandals that involves large conglomerates such as Enron and WorldCom. Through this act, the
senior management has to provide the accurate financial statements. Internal control over the
o
companies was also established for preventing the fraud and abuse. After the implementation of this
.c
regulation, people feel safer in the financial services and it overall improve the corporate investment.
At the time of financial crises situation, the SEC has give help to the major investment bank by providing
ay
net capital requirement that makes them allow to carry the significant debt rather than what the equity
they have.
ss
IT Security Policies and Procedure
The government has made various policies and processes. These policies are important for giving
eE
assurance to the funders, auditors and regulators. There are a number of guidelines that are beneficial
to you if in case you are working on the confidential and private data.
lu
Policies and Regulations: The first policy is access control policy that gives you the access to the IT
resources. Second one is application control policy through which you can use the applications on the
Va
network. The third one is anti-virus policy. The ant-virus is mandatory to be installed in all LSE owned
computers and personal devices. For the overall safety of the data from the open online world and for
the data recovery, anti-virus is a must to be installed. There is electronic messaging policy that depicts
all the rules and considerations for the email systems which includes sending confidential data. As we
are getting digitalized, the password is a must to setup, but creating a strong password is essential so
Risk Management 10
that the hackers are not able to crack it. In a month, do change the password also for tightening the
There are other policies of also of monitoring, network connection, payment card, DSS information
security, users account, email address conventions, encrypted authentication, IT user account, laptop
m
While if we are talking about the procedures, the procedures are AV recording guidelines, virus
o
outbreaks on campus public area workstations, log duration, non-standard user account expiries and a
.c
few more for making your data secure during all the audio, video and transaction process. There is a
template transcriber non-disclosure agreement also that make the third party transcribers to sign an
For accessing someone else data, a separate request to access form is required to be filled by the user.
eE
Unauthorized Use of Software: All the software installed in the personal computer that is being use must
lu
have licensed software which is being verified by the information security officer or they must have a
license agreement.
Va
Installed Software: All the software that are installed on the computer must have licensing agreement
Virus Protection: The virus checking system which is being approved by Information Security officer
must be deployed. A multi-layer approach is required so that all the files, folders are being scanned for
the virus.
Risk Management 11
Access Control: Through the physical and electronic access, the confidential information is being top-
notch secured. A number of security measures are being instituted by the IT department.
Data Authentication: The financial organization must be able to provide the corroboration that the
confidential information is never being misused. The digital signature, double keying, message
authentication codes are the various sources to check the authentication of data.
m
Remote Access: Confident information that is being accessed remotely must maintained the same level
o
of protection as the information is stored within the network.
.c
Emergency Access: When the owner is not able or the systems are being locked, the IT department has
set up a mechanism for the emergency access. The process of authorization, implementation and
ay
revocation are being processed on in the case of emergency.
Information Disposal: The CD ROM disks must be broken after transferring the information in the PC and
ss
the CD must be discarded into two halves.
The measure of an IT risk can be said as a product of the threat, vulnerability and asset values.
lu
According to the Risk IT framework, the threats, vulnerability and consequences not only gives
negative impact on the operations but also destroy the reputation of an organization. With the aid of
advanced technologies, not only you can advance the growth of the business but overall the late
delivery or overspending can be highly reduced. RE2 risk analysis has an objective to develop useful
information that supports the decision of risk. Another one is RE1 that collects the data from the
Risk Management 12
external environment for identifying the risk factors. The ISO/ IEC 27002: 2005 code of practice for the
information security management has to examine the security policy, asset management, human
resource security, physical and environment security, access control, business community management ,
information security incident management, regulatory compliance and others during the risk
assessment. During the risk identification, the threats, consequences, existing security measures and
m
business processes are being seen for identifying the reasons of lost. The e stimation of the risk can be
made by two types. One is the quantitative and other is qualitative. For example, in case of a theft of
o
laptop, not only the valuable laptop gets lost but also the data that was inside it also get lost. The
.c
reputation of the company is in the hands of the theft. It is a quantitative approach. The quantitative
measure is a three to five steps evaluation that is performed in a short time for meeting the
ay
requirements of a small budget. The qualitative risks are performed for a shorter time period and with
Privacy of the data is very much important in today’s world. On a regular basis the financial institutes are
getting the data of personal and confidential information about the user. It includes the details of the
payment card, bank information, password, debit or credit card pin number. All these essential
information needs to be fully protected and safeguard by the financial organization such as banks. For
maintaining that the data is secure and private, the companies need to be flexible in sharing the data
Risk Management 13
with the technological departments or with the other departments. Despite having spent millions of
dollars in buying the most expensive software and technology, still the re remains a loop-hole in the data
There are three different methods through which the data privacy can be made stronger:
m
Adopting the technology: Simplify the data and protect it. It will control the huge expenses of wasting
money on new technologies that are not much reliable. With the usage of cloud computing platform
o
also, you can secure the data, as it is a hybrid system that is built on open-source technology. With the
.c
usage of smartphones you can also provide cyber security to all your digital devices. Make use of
identification technology and access the management solutions for building the trust and reliability.
ay
Regulatory: The government should focus on the breach notification and law enforcement. There should
be harmonization of data protection standards across all the regions. Apart from it, adapt the privacy
ss
laws for the regulatory of laws.
Migrating to a New Technology of IPv6: Internet protocol version 6 is the most recent version of internet
eE
protocol. IPv6 supports the globally unique IP addresses by which any activity can be easily tracked up.
The design of IPv6 is being made so that each device in the network has an unique address that is
globally reachable from any other location of the internet. The network layer security is a plus point and
lu
all the data are within a network. The packet headers and process of packet forwarding is being
Va
simplified in the IPv6 that makes it easy for the data to travel from one router to another router.
Upgraded Applications: For the cross channel optimization and for managing the risks and regulatory
compliance, the use of upgraded applications is cost effective and secure. The applications created by
the financial sectors are integrated with the Google, so that you can see the notif ications and alerts after
Risk Management 14
doing the payment or whenever your account is being credited. It is a much reliable thing and
trustworthy thing.
Cardless cash withdrawal: The customers can easily send the money to any location without any card, as
the technology has advanced and make the bank accounts connected with the mobile number, so that
you can easily received a secure 3D pin number that only the mobile user can see and do the
m
transactions.
o
iMobile: The customers can also use the iMobile for updating the passbook, applying for home loans,
.c
EMI schedule, instant utility payment, transactions from the PPF account or for knowing the recent
transactions.
ay
Risks the financial sectors have to carry for the data security:
ss
Security of the highly confidential data is very difficult as the online business is growing and evolving
more. The threats of getting the data leak or misuse of information are also getting more viral.
eE
Protecting the customer data is the first and primary concern of all the finance, banking and insurance
sectors. All these three sectors have very much critical data that needs to be very carefully and critically
lu
handled in a safe and secure environment. All the customers details such as bank account number,
password, username etc are saved in the large excel sheets. But, nowadays the excel sheets are also not
Va
considered as a safe place to keep such a highly important data. Any person who has the login details of
the PC can view the entire excel sheets and can also make the changes inside it. It would be too difficult
to the financial employers to find which the accurate data is if they don’t have a proper back-up over
There are many technological solutions available in the market through which you can secure the
database. Not only the data will get protected from the hackers and cybercrimes, but also when the
data is at a digital platform, then it is always easy to use. Any query of the customer can be easily
resolved if you have a good and accurate database that is up to the pe rfection. Through the corporate –
wide email archive you can also secure the data. Apart from it, always use the latest technology that is
m
having the latest version for making the things flow in a correct, smooth line and on a secure way.
(Walker, 2009)
o
References:
.c
Froot, K. A., & Stein, J. C. (1998). Risk management, capital budgeting, and capital structure policy for
ay
financial institutions: an integrated approach. Journal of financial economics, 47(1), 55-82.
Froot, K. A., Scharfstein, D. S., & Stein, J. C. (1993). Risk management: Coordinating corporate
ss
investment and financing policies. the Journal of Finance, 48(5), 1629-1658.
Lyman, T. R., Pickens, M., & Porteous, D. (2008). Regulating transformational branchless banking: Mobile
eE
Trippi, R. R., & Turban, E. (1992). Neural networks in finance and investing: Using artificial intelligence to
lu
Walker, D. (2009). A review of corporate governance in UK banks and other financial industry entities.
Va
Risk Management 16
mo
.c
ay
ss
eE
lu
Va