Академический Документы
Профессиональный Документы
Культура Документы
LETTER OF TRANSMITTAL
Feb 1, 2009
Mr. Khalid Jamil Ansari
Teacher, Business Finance - II
Biztek University
Karachi.
Sir:
We herewith present our “Term Report” authorized by you as a requirement for this course.
In this report, we have tried to provide Risk Management and its essential elements.
We hope we have covered all that was required for the report.
If there be any clarification demanded, we would appreciate a call from you to our group
Members.
Sincerely,
Muhammad Bilal
Muhammad Yousuf
EXECUTIVE SUMMARY
The main purpose of this report entitled “Risk Management” is to provide the students
a clear and closer exposure of Risk Management. This report has been prepared as a
requirement of course “Business Finance - II” as a part of MBA at Biztek University. The
topic mainly deals with what is Risk Management and its essential elements.
In the preparation phase of this report we have made an attempt to present the
material in a simple and crystal way. We hope that this report will surely help the people in
order to know about risk management.
For further improvement we seek sincere advices and valuable suggestions from our
honorable teacher and colleagues.
ACKNOWLEDGMENT
We are very thankful to almighty Allah, who is most beneficent, most merciful and the
creator of all mankind. He gives us enough capabilities to learn and implement our skills. So
many thanks to Allah who has given us courage and ability to complete this exciting
assignment.
What so ever human capabilities can not be polished with-out good teacher, because
it is a teacher who groom students and make it possible to use their inner capabilities in a
better way. In this regard we are extremely thankful to our teacher Mr. Khalid Jamil
Siddiqui. Just because of his assistance, we are able to complete our report successfully.
This achievement would not have been possible without his kind guidance.
Muhammad Bilal
Muhammad Yousuf
Introduction
In ideal risk management, a prioritization process is followed whereby the risks with the
greatest loss and the greatest probability of occurring are handled first, and risks with lower
probability of occurrence and lower loss are handled in descending order. In practice the
process can be very difficult, and balancing between risks with a high probability of
occurrence but lower loss versus a risk with high loss but lower probability of occurrence can
often be mishandled.
Intangible risk management identifies a new type of risk - a risk that has a 100% probability
of occurring but is ignored by the organization due to a lack of identification ability. For
example, when deficient knowledge is applied to a situation, a knowledge risk materializes.
Relationship risk appears when ineffective collaboration occurs. Process-engagement risk
may be an issue when ineffective operational procedures are applied. These risks directly
reduce the productivity of knowledge workers, decrease cost effectiveness, profitability,
service, quality, reputation, brand value, and earnings quality. Intangible risk management
allows risk management to create immediate value from the identification and reduction of
risks that reduce productivity.
Risk management also faces difficulties allocating resources. This is the idea of opportunity
cost. Resources spent on risk management could have been spent on more profitable
activities. Again, ideal risk management minimizes spending while maximizing the reduction
of the negative effects of risks.
BACKGROUND
Risk Management is an important project and operations planning tool. It allows the
Manager to avoid possible damage to the project or the operation by identifying, in advance,
the possible areas where damaging events may take place.
Risk Management has been described as 'all the things you need to do to manage an
uncertain future'. In most cases risks are taken so as to achieve some advantage, and
managing risks is associated with making decisions.
Standards New Zealand and Standards Australia have published a joint risk management
standard (AS/NZS 4360: 1999 Risk Management). It defines risk management as "the
culture, processes and structures which are directed towards the effective management of
potential opportunities and adverse effects."
In the 90's, the traditional background for risk assessment and management was widely
criticized. It was recognized that the large uncertainties associated with the evaluation and
the disagreement between experts had negative effects on the risk management and public
risk acceptability. Facing the lack of social trust, the development of new risk management
approaches has emerged oriented towards a larger involvement of the different stakeholders
and taking into account the specific context of risk situations.
In this context, reflections started in 1997 in the TRUSTNET European concerted action
involving decision makers from public authorities, elected representatives, NGOs, decision
makers from industry, and experts. These reflections focused on situations of risk where
public confidence and social trust are affected. The following definition of risk governance
was proposed: "Risk governance is the sum of political, social, legal, ethical, scientific and
technical components that permit the operation of hazardous activities". Risk assessment and
management take place in the context of a global governance system where specific actors
are entrusted with the task of assessing and managing the risks.
Concerning the quality of risk governance, the TRUSTNET reflections stressed that the most
suitable risk governance system remains the one that the different concerned components of
society consider as reasonable, reaching concrete and applicable decisions within accepted
political processes, meeting several objectives such as to:
Risk
“To understand uncertainty and risk is to understand the key business problem – and the key
business opportunity”— David B. Hertz, 1972.
Risk has been known to man ever since he first faced adversity. It is an integral part of the
evolution of man. Risk has been encountered primarily in his physical environment,
later on in his social environment
Risk is essentially, the probability that the outcome maybe damaging or result in a loss.
With risk, the outcomes of an event are thrown open to uncertainty.
Example
Tossing a dice is at a basic level a risky endeavor, which has uncertain outcomes. If you
were to be shot depending on the outcome of a dice roll (say prime number you live, non-
prime number you die), you would have a 50% chance of survival. A risky outcome with a
level of uncertainty involved.
Risk Factor:
Companies deals with different types of market and company risks. Briefly, they are as
follows:
The effects of, and changes in, worldwide economic conditions e.g. recession, social,
political, labor conditions or government policies in which company operates etc. can
have an impact on its results.
Change in consumer preferences, introduction and timings of competitive products, changing
customer order patterns can affect the demand for products and hence can affect the
company’s revenue and profit margins.
• Developments of new products may subject to many risks and is largely dependent on
the timings of their launch and acceptance of that product in the market. There is no
guarantee that all these products will be commercially successful.
Price fluctuations, interruption in supply, shortages of raw material, changing demand,
natural disasters and other factors can have a material effect on the company’s results.
“Today's total risk manager is the person who can combine art with science to master
the challenges & opportunities of a fast changing world.”
Examples:
There is a 20% chance the server will not be delivered on time.
• There is a 40% chance the budget will not be approved for additional overtime.
• There is a 50% chance that members of the project team will request leave during July
or August.
It is the responsibility of the members of the risk management team to assess the risk for
each event that may have a damaging impact on the project or operation.
Risk management is a discipline at the core of every financial institution and encompasses all
the activities that affect its risk profile. It involves identification, measurement,
monitoring and controlling risks to ensure that
assessment ...
limits. ...
The purpose of risk management is to identify potential problems before they occur so that
risk-handling activities may be planned and invoked as needed across the life of the product
or project to mitigate adverse impacts on achieving objectives.
Effective risk management includes early and aggressive risk identification through the
collaboration and involvement of relevant stakeholders. Strong leadership across all relevant
stakeholders is needed to establish an environment for the free and open disclosure and
discussion of risk.
Although technical issues are a primary concern both early on and throughout all project
phases, risk management must consider both internal and external sources for cost, schedule,
and technical risk. Early and aggressive detection of risk is important because it is typically
easier, less costly, and less disruptive to make changes and correct work efforts during the
earlier, rather than the later, phases of the project.
Risk management can be divided into three parts: defining a risk management strategy;
identifying and analyzing risks; and handling identified risks, including the implementation
of risk mitigation plans when needed.
For the purpose of this review, please address the following points:
Risk parameters are used to provide common and consistent criteria for comparing the
various risks to be managed. Without these parameters, it would be very difficult to gauge
the severity of the unwanted change caused by the risk and to prioritize the necessary
actions required for risk mitigation planning.
The risk management strategy should be guided by a common vision of success that
describes the desired future project outcomes in terms of the product that is delivered, its
cost, and its fitness for the task. The risk management strategy is often documented in an
organizational or a project risk management plan. The risk management strategy is
reviewed with relevant stakeholders to promote commitment and understanding.
the basis for sound and successful risk management. Risks must be identified and
described in an understandable way before they can be analyzed and managed properly.
Risks are documented in a concise statement that includes the context, conditions, and
consequences of risk occurrence.
Risk identification activities focus on the identification of risks, not placement of blame.
The results of risk identification activities are not used by management to evaluate the
performance of individuals.
There are many methods for identifying risks. Typical identification methods include (1)
Examine each element of the project work breakdown structure to uncover risks; (2)
Conduct a risk assessment using a risk taxonomy. Interview subject matter experts; (3)
Review risk management efforts from similar products. Examine lessons-learned
documents or databases; (4) Examine design specifications and agreement requirements.
Options for handling risks typically include alternatives such as: (1) Risk avoidance:
Changing or lowering requirements while still meeting the user’s needs; (2) Risk control:
Taking active steps to minimize risks; (3) Risk transfer: Reallocating design requirements
to lower the risks; (4) Risk monitoring: Watching and periodically reevaluating the risk
for changes to the assigned risk parameters; (5) Risk acceptance: Acknowledgment of risk
but not taking any action. Often, especially for high risks, more than one approach to
handling a risk should be generated.
In many cases, risks will be accepted or watched. Risk acceptance is usually done when
the risk is judged too low for formal mitigation, or when there appears to be no viable
way to reduce the risk. If a risk is accepted, the rationale for this decision should be
documented. Risks are watched when there is an objectively defined, verifiable, and
documented threshold of performance, time, or risk exposure (the combination of
likelihood and consequence) that will trigger risk mitigation planning or invoke a
contingency plan if it is needed.
parameters (such as likelihood and consequence of these risks), and the status of risk
mitigation efforts.
Clearly defined risk management policies and procedures covering risk identification,
acceptance, measurement, monitoring, reporting and control.
The framework should have a mechanism to ensure an ongoing review of systems, policies
and procedures for risk management and procedure to adopt changes.
TEXTUAL DISCUSSION
Just one thing I'm not sure I agree with. It seems that the overall risk level should not be
below the highest risk factor. If the highest risk factor is something along the lines of
"death by electrocution" and the risk factor is "high," the overall risk of the job should not
be "medium" unless additional effective safety controls are considered. Did I misread the
article? If so, please accept my slightly embarrassed apologies. Thanks for your time.
This may be good for an employee that has little to do but "risk management". It is very
good for those in a school environment that wants to debate the issue, split hairs, and
totally immerse themselves in the subject. To follow the program will allow you to
complete a requirement.
However, it’s not practical for a common user. If used at all to complete a plan it most
likely would wind up as a dust collector on a shelf.
Risk Management has recently become a major managerial tool. Many institutes concerned
with standardization have adopted Risk Management as a key process in their work.
Risk Management can also be used as a planning tool in that it identifies the possible
alternatives a project or an operation may take to avoid or minimize damages.
This preliminary attempt to define a standard evaluation framework for the quality of risk
management disclosure is based on a functional approach and is grounded on five general
propositions. The data requirements are limited to mandatory, widely disseminated and
standardized data, i.e. the risk management information found in the annual report.
Obviously, this information does not satisfy the timeliness principle. Yet, we are willing to
compromise on timeliness since the framework's main objective is to provide a comparison,
both across firms and over time, of the quality of public risk management disclosure. This
standard evaluation framework for risk management disclosure is flexible. It can be
implemented despite differences in valuation methods, in holding periods and in mandatory
trading and non-trading information. To allow comparability across firms and to limit our
attention to well-defined and measurable risk factors, the current framework considers the
quality of disclosure only for market and credit risk factors. This choice is motivated by the
need for comparability of qualitative and quantitative information, since most firms have a
well-defined policy for the management of those two risk exposures.
The framework is preliminary and should be extended to other important risk factors such
as liquidity and operational risks, as the measurement methods are well defined and broadly
used. Further, the functional approach to the evaluation of risk management disclosure
should be extended to financial conglomerates. Finally, risk management is still a new and
evolving field that is far from offering structured and unified solutions to problems such as
financial and non-financial risks monitoring, risk aggregation, and risk-based capital
allocation. The professional community is still struggling with the definition of a
sound 'global' risk management policy, including its underlying principles, its evaluation
and its value-added to market participants.
There are several concrete limitations and challenges to the full risk management
disclosure. First, there have been negative market responses to enhanced disclosure. Such
responses occur in particular if market participants do not know how to analyze and
interpret risk management information meaningfully. This, in turn, leads to a negative
Finally, let us recall the primary objective of sound risk management disclosure: to enhance
the confidence of market participants in the firm's ability to identify, measure and manage
its risks appropriately. Unfortunately, this primary goal is too often lost or distorted by the
conflict between the objectives of the shareholders and the governments for risk
management. The shareholders may wish to take risks which, due to measurement
problems or externalities, the government may wish to limit. This may cause managers to
adopt strategies that shift risk to less quantifiable categories and thus manage risk less
efficiently. We hope that our proposed framework stimulates further
Recommendation
• The need for key financial processes to be carried out consistently across the
department;
• The need to establish an effective risk-based monitoring and review function with
related accountability mechanisms; and
• The need to be able to provide assurance that financial controls are in place and
operating as intended.