Risk Management Learning Diary

7/29/2019 Risk Management Learning Diary

1/27

MBAFI613 Risk Management

Risk Management - Learning Diary

(Individual Assignment)

By

Uditha Wijegunawardhana (2008/MBA/WE/35)

Semester IV First Half

August 2010

Lecturer: Mr. Sanath Manathunge

Course: MBAFI613 Risk Management

Postgraduate and Mid-Career Development Unit

Faculty of Management and Finance

University of Colombo

1


2/27


Table of Content

Abstract....2

1.0 Introduction to The Nielsen Company....3

1.1 Introduction to The Nielsen Company Sri Lanka....4

2.0 Session One......5

2.1 Introduction to Risk.....5

2.1.1 History of Risk.....5

2.1.2 Definition of Risk.....6

2.1.3 Reasons for Needing Risk Management ..6

2.1.4 The Dimensions of Risk .....7

2.1.5 Risk Factors....7

2.2 Risk Management Process .....9

2.3 Risk Management Options ....9

2.4 Risk Management Framework.....9

3.0 Session Two......11

3.1 Risk Identification .....11

3.2 Risk Planning.....15

4.0 Session Three......17

4.1 Risk Treatment .....17

3.2 Risk Response.....20

5.0 Session Four......22

5.1 Ethical Risk Management ....22

5.1.1 Risk Communication.....23

6.0 References....26

2


3/27


Abstract

This report is on the learning diary kept during the course of Risk Management, to refresh

what was learnt during the class, as well as information that related to each days learnings.

This is then applied to situations which could arise in a particular company, where applicable.

3


4/27


1.0 Introduction to The Nielsen Company

The Nielsen Company, formerly known as ACNielsen, is a privately held multinational

company with operations across more than 100 countries spanning the globe, with its

headquarters situated in New York. Founded in 1923 by Arthur C. Nielsen, the pioneer of

Retail Audit, and the coiner of the term market share, Nielsen now employs more than

42,000 associates across the Americas, Asia Pacific, Europe, Middle East and Africa.

Nielsen endeavors to help businesses turn new and traditional sources of data into customer

intelligence to better manage their brands, launch and grow product portfolios, optimize their

media mix and establish meaningful customer relationships etc.

The Nielsen Company spans across three main business activities, namely:

1. Marketing Information

2. Media Information

3. Business Information

As the worlds largest market research organization, Nielsen provides services that interface

with its local offices throughout the world to deliver clear, consistent information across

markets. Utilizing cross-country comparable data, combined with local country information,

Nielsen multi-country services provides information-based solutions to worldwide marketers

with a broad international scope.

From its Marketing and Media Information divisions, Nielsen provides countless of

professionals around the globe with knowledge and business intelligence, through thousands

of specific market data reports, 140 trade publications (such as The Hollywood Reporter and

Billboard), 150 trade shows and business events, 150 'yellow pages' directories and many

internet sites.

4


5/27


Nielsen also has many syndicated research tools to tools to measure and analyze consumer

behavior (Nielsen Ratings, Nielsen Online, Nielsen Mobile, Nielsen Claritas etc.)

1.1 Introduction to The Nielsen Company Sri Lanka

Established in 2001, the Sri Lankan branch consists of headquarters in Colombo, with smaller

branches in Dehiwala, Galle and Kandy.

The Sri Lankan operations mainly offer Retail Measurement Services, Customized Research

and Media Tracking. The Customized Section is again separated into Quantitative Research,

Qualitative Research and Social Research. However, all the departments work with their

regional and global counterparts in providing other tools and suites of information to local

clients.

Along with most of the major local and multinational FMCG companies, Nielsen Sri Lanka

deals with the major players in the Banking, Telecommunications, Media and Advertising

industries, as well as with institution such as the United Nations, World Bank, LIRNasia,

SLIM etc.

5


6/27


2.0 Session One

2.1 Introduction to Risk

2.1.1 History of Risk

Though the term Risk can be traced to ancient Greek, according to sociologist Niklas

Luhmann , the term 'risk' is a neologism that appeared with the transition from traditional to

modern society. In Medieval times, the term risicum was used in highly specific contexts,

above all in sea trade and its ensuing legal problems of loss and damage. In the vernacular

languages of the 16th century the words rischio and riezgo were used,[1] both terms derived

from the Arabic word "rizk", meaning 'to seek prosperity'. This was introduced to continental

Europe, through interaction with Middle Eastern and North African Arab traders. In the

English language the term Risk appeared only in the 17th century. When the terminology of

Risk took ground, it replaced the older notion that thought "in terms of good and bad

fortune."

With the Cold War, Scenario Analysis came into its own, mainly due to the confrontations

between the United States and the Soviet Union. It started to become widespread in 1970s in

the Insurance industry, when several major oil tanker disasters forced a more thought into the

matter.

The scientific approach to Risk entered Finance in the 1960s with the introduction of the

Capital Asset Pricing Model; and became increasingly important in the 1980s, with the rapid

increase of financial derivatives. Later on, it reached the general professions in the 1990s,

when the increasingly widespread use of personal computing allowed easy access for data

collection and analysis.

6


7/27


2.1.2 The Definition of Risk

The definition of Risk usually contains a combination of the probability of a particular event

and its consequences. In any undertaking, there is the potential for events and consequences

to happen, which would in turn lead to opportunities (for benefit an upside) or threats

(downside).

Some definitions of Risk tend to concentrate only on the negative scenarios, while more

comprehensive definitions consider all variability as risk.

The more complete definition of risk management considers both Risk Hedging and Strategic

Risk Taking, with one on each extreme end.

2.1.3 Reasons for Needing Risk Management

1. To safeguard resources from unexpected losses

2. To be prepared to seize unanticipated opportunities

3. To limit uncertainties in managing businesses

4. Improved strategic and business planning

5. More efficient use/allocation of capital and resources within the organisation

6. Increased ability to deliver on time

7. Reduced costs by limiting legal action or preventing breakages

8. Improved reliability leading to an enhanced reputation

9. Fewer breakdowns, fewer shocks and fewer unwelcome surprises

10. Enhanced communication between Business Units and Departments

11. The ability to reassure key stakeholders throughout the organization

12. The promotion of continuous improvement, leading to higher quality of output

13. A more focused internal audit programme

7


8/27


14. Robust contingency planning

15. Improving decision making, planning and prioritisation by comprehensive and

structured understanding of business activity, volatility and project opportunity/threat

16. Developing and supporting people and the organisations knowledge base

17. Optimising operational efficiency

2.1.4 The Dimensions of Risk

These are independent variables:

1.Direction either Positive or Negative

2. Degree of Probability High or Low

3. Magnitude of the consequences Negligible or Substantial

2.1.5 Risk Factors

Probability of Likelihood of Occurrence of the Risk Event

Severity of the impact of the Risk Event

Duration or Exposure Time of the Risk Event

Susceptibility to Changes or External Influences

Degree of Inter-dependency with other Risk Factors or Risk Events

However, the Risk Drivers of a firm is likely to differ from one organization to the other.

For example,

8


9/27


Figure 2.1 Risk Drivers

Risk Drivers for Nielsen Sri Lanka:

Environment Strategic Financial Hazard Operational Technological

Competition StructureLiquidity &

cash flowProperty Security Security

Customer

NeedsPlanning Interest rates

Natural

disastersPeople Data integrity

InnovationsExecution of

strategyCredit spread Integration Data Loss

Legal Life cycleForeign

exchange rates

Business &

Process

High

dependency on

ICT

Mergers &

AcquisitionsResources Tax Knowledge base

Service

interruptions

Financial

Markets

Timely

decision

making

Intellectual

Property

Energy Needs

Involvement

from Regional

Head Offices

Over dependency

on key

individuals

Regulatory

Lack of

proper Risk

Management

System

9


10/27


2.2 Risk Management Process

Fig 2.2 Risk Management Process I

2.3 Risk Management Options

10

RISK ANALYSIS

Risk Identification

Risk Description

Risk Assessment

Risk Tolerance

RISK ANALYSIS

RISK CONTROL

RISK REPORTING

MONITORING


11/27


Risk Managment Options

Accept Reduce Transfer Avoid

2.4 Risk Management Framework

This gives the comprehensive approach for an organization to identify and manage Risks.

A Typical Risk Management Framework would include:

The Risk Management Policy

Establishment of the internal/ external context

Setting Risk criteria

Management committees and responsibilities

Reporting requirements

Risk identification methods

Risk documentation

Risk treatment options

Risk monitoring and review

11


12/27


3.0 Session Two

Fig 3.1 Risk Management Process

Risk Analysis vs. Risk Management:

12

Formal

AuditModification


13/27


Identify the Risk Evaluate the Risk Identify Response Select

Plan & ResourceMonitor & Report

3.1 Risk Identification

This needs an in depth knowledge of the organization, as well as the environment that it

operates in.

The following can be used to assess the external and internal environment:

PESTEL analysis

SWOT analysis

Competitive Profile Matrix

External Factor Evaluation (IFE) Matrix

Internal Factor Evaluation (IFE) Matrix

To identify the Risks, the organization should get the involvement of its personnel into

account:

Brainstorming.

13

Risk

Analysis

Risk

Management

Identify the

Risk

Evaluate the

Risk

Identify the

Response

Select the

Response

Plan &

Resource

Monitor &

Report


14/27


Surveys and questioners

Interviews

Work groups

Experiential knowledge

Delphi technique

Root cause identification

Documented knowledge / historical information

Risk lists

Critical path templates

The identified Risks are then documented. The documentation can vary from one

organization to the other.

As in the case of Nielsen, these documents can sometimes be classified confidential and not

to be shared.

A sample output form can be as follows:

Required info

Identification No

Date

Reported by

Risk Event

Category

PriorityDescription

Probability

Consequences

Impact

Possible Areas Affected

Time Sensitivity

Risk Handling Plans

Person Responsible

Status

Other info

14


15/27


The Risks are documented in a Risk Log, classified on the Impact and Probability:

The below Risk Consequence and Likelihood Matrix was developed by the Charles Darwin

University

Likelihood

Consequence

Insignificant

1

Minor

2

Moderate

3

Major

4

Catastrophic

5

Almost Certain 5 M S H H H

Likely 4 L M S H H

Possible 3 L L M S H

Unlikely 2 L L L M S

Rare 1 L L L L M

Along with this, the organization should have thresholds where the Risk Tolerance levels can

be.

3.2 Risk Planning

15


16/27


16


17/27


From the documentation, the organization can get a list of Risk, ranked on severity. The

organization should have on hand the plans on how to deal with the most sever Risks. These

should also take into account the how these Risks are related with other events.

Steps:

1. Define the project.

2. Get input from others.

3. Identify the consequences of each risk.

4. Eliminate irrelevant issues.

5. List all identified risk elements.

6. Assign probability.

7. Compute the total risk

8. Develop mitigation strategies

9. Develop contingency plans.

10. Analyze the effectiveness of strategies.

11. Compute the effective risk.

12. Monitor the risks.

17


18/27


4.0 Session Three

Although almost all Risks can be managed, these should be controlled in ways that are cost-

effective.

4.1 Risk Treatment

Risk Treatments are used to respond to Risk. The Risk Manager uses the Risk information

from the Risk Register to set up an Action Plan and assign responsibilities to the relevant

personnel. These are used to mitigate or eliminate the Risk.

These will differ from one Risk to another. Even for one Risk, there could be several options

to be chosen from, where the decision rests on the feasibility, effectiveness and efficiency of

the Risk Treatment in relation to the case in hand.

The effectiveness of the Treatment can be achieved by:

1. Risk Control

This is the design of suitable preventative controls that are designed to

minimize the occurrence of a loss event by reducing the likelihood and/ or

severity of the potential losses.

For example, the data security measures set in place in Nielsen, to reduce

likelihood/ severity of security breach.

2. Risk Containment

This refers to the actions taken to deal with the residual risks that remain after

a Risk Management strategy such as a hedge or insurance has been

implemented.

For example, the measures set in place to recover whatever is not covered by

insurance

18


19/27


3. Risk Avoidance

This looks at avoiding activities that are risky or by undertaking less risky

activities.

Risk avoidance can be :

Complete avoidance.

Eliminate the cause of the risk event.

Eg: Nielsens decision not to set up a Retail Audit in Jaffna

Protect activity from the risk event.

Eg: Nielsens decision to set up a Retail Audit in East only in the safer

Urban areas

However, these can come at the cost of lost opportunities and alternatives

4. Risk Accumulation

Individual risks that are significantly positively correlated are combined. In

this context, there are no attempts to eradicate or reduce the risk exposures.

However, possible losses are likely to create a considerable damage.

5. Risk Acceptance

With these, the firm decides to accept the consequences if the risk event

occurs. This is used for low probability and low impact risk events.

6. Risk Financing

These, refer to methods of funding the cost of Risk. This focuses on Risk

Acceptance. Could either transfer an uncontrollable risky event to some

external party for a fixed premium or restructure the business unit to be better

able to handle it.

Eg: The insurance and credit protection, as well as the financial

reserves kept

7. Risk Insurance

19


20/27


Risk insurance refers to insuring against any large losses that might arise from

the unwanted risk exposures. This consists of retaining the upside potential

while eliminating the downside, and comes at the cost of a fee or premium.

8. Risk Mitigation

These try to reduce both the frequency and severity of losses.

Steps to lessen the likelihood of that a Risk event i.e. Loss prevention

Steps to lessen negative impacts from a Risk event i.e. Loss reduction

Eg: The Nielsen legal agreements signed with a client, with provisions

on project termination etc.

9. Risk Re-allocation/ Risk Transference

These transfer risk, i.e. the re-apportioning some form of risk such as interest

rate risk or credit risk to those who are willing to bear the risk.

Eg: Interest rate hedging , oil price hedging

A risky exposure is transferred to those market players who require a smaller

yield premium to be appropriately compensated to bear the additional risk.

Eg: Insurance, Contracting, Warranties, Guarantees, Performance

Bonds

20


21/27


4.2 Risk Response

A risk response plan consists of the set of procedures developed to handle a likely identified

risk event with respect to:

Potential likelihood of the risk events. (Probability)

Impact of the risk events (Severity)

Duration of the risk events (Duration)

Risk response plans are developed for risks that have the high likelihood and the potential to

high impact. Less likely and non significant risks are usually addressed through contingency

plans or workarounds.

A Risk Response Plan would have:

Risk identification number (From the Risk Register)

Risk name and description of its characteristics.

Risk originator.

Risk owner.

Likelihood of occurrence.

Expected impact.

Expected value or risk score.

Any information needed to track and monitor the risk over the risk observation

period.

Risk triggers.

21


22/27


The chosen strategies for the risk response plan

Fig 4.1 Template for a Risk Response Plan

These can vary from one organization to the other. As in the case of Nielsen, these documents

can sometimes be classified confidential and not to be shared.

22


23/27


5.0 Session Four

5.1 Ethical Risk Management

Ethical RM considers all of the stakeholders of a firm as a single portfolio of interested

parties.

The Six C's of Ethical Risk Management

1. Champions

Risk management professional, a senior executive or member of the board

must become the champion of the Ethical Risk Management cause. Rather

than on designation, this depends on a person who is ready to embrace and

carry this thinking forward.

Also there should be a Central Risk Team (CRT) or an Integrated Risk

Management Committee representing multiple disciplines within the

organization, which in turn will be overseen by the Risk Champion

2. Commitment

The Risk Champions must work towards getting the support and commitment

of his colleagues from all levels of the organization.

3. Consistency

The Risk Champions must monitor that Risks are managed in a consistent

pattern across all departments

4. Correlations

One must be able to consider the interrelationships of all Risk management

strategies and how that will impact the overall goals and objectives of the firm

as a whole. In addition, the correlations between the stakeholders themselves

will also have an effect.

23


24/27


5. Code of ethics

This call for the self-promotion of high standards of business practices, above

and beyond what the current legislation may call for. Need to develop an

awareness of ethical concerns inside the company.

6. Communication

The most vital of all the factors; there must also be a free flow of ideas and

information among the senior decision makers - team mentality to the

management of risks.

There should also be communication happening across all directions, not just

top to bottom.

The Nielsen Company does not assign Risk Champions. Instead, the responsibility and

methods of dealing with Risk falls onto the heads of the relevant Business Units. The

hierarchy, which includes the Asia Pacific regional offices, contains rules and regulations that

hinder the official designation of a person as a Risk Champion.

5.1.1 Risk Communication

Risk communication consists of an interactive process, which gives an exchange of

information and opinion on risk among Risk Assessors, Risk Managers, and other

stakeholders.

This should ensure that all stakeholders have a thorough grasp of the logic, outcomes,

significance, and limitations involved. However, different levels of reporting would be there

for different sets of target audiences.

24


25/27


Internal

Board of Directors

Business Units

Managers

Workers

Internal Auditors

External

Shareholders

Regulators

Auditors

Risk Rating Agencies

Customers,

Suppliers, Creditors

Lenders

Government

Society

Of these, the most vital would be:

Board or Directors They should

o Know about the most significant risks faced by the organisation

o Know the possible effects on shareholder value

o Ensure appropriate levels of awareness throughout the organization

o Know how to manage communications with the investment community where

and when applicable

o Etc

Business Units They should

o Know be aware of risks which fall into their area of responsibility, the possible

impacts these may have on other areas and vice versa

25


26/27


o Report systematically and promptly to senior management any perceived new

risks or failures of existing control measures

o Etc

Individuals should

o Understand their accountability for individual risks;

o Understand how they can enable continuous improvement of risk management

response;

o Understand that risk management and risk awareness are a key part of the

organisational culture;

o Report systematically and promptly to senior management any perceived new

risks or failures of existing control measures.

o Etc

External Reporting

o The firm needs to report to its stakeholders on a regular basis setting out its

risk management policies and the effectiveness in achieving its objectives.

o The stakeholders should be made aware of:

The control methods

The processes used to identify risks and how they are addressed

The primary control systems in place to manage significant

risks and the monitoring and review system in place.

Any significant deficiencies uncovered by the system, or in the

system itself, along with the steps taken to deal with them.

26


27/27


6.0 References

Crepin-Swift, Carla (n.d.), Risk Mitigation Planning, Retrieved on the 20th of August from

http://business-project-management.suite101.com/article.cfm/risk_mitigation_planning

Manage Risk (2010), Retrieved on the 19th of August from

http://www.tenstep.com/open/7.0ManageRisk.html

Quality Risk Management (2009), Retrieved on the 20th of August from

http://www.fda.gov/RegulatoryInformation/Guidances/ucm128050.htm#annexI

Why Manage Risk? Retrieved on the 19th of August from

http://www.irisintelligence.com/risk-management-explained/why-manage-risk.html
http://business-project-management.suite101.com/article.cfm/risk_mitigation_planninghttp://www.tenstep.com/open/7.0ManageRisk.htmlhttp://www.fda.gov/RegulatoryInformation/Guidances/ucm128050.htm#annexIhttp://www.fda.gov/RegulatoryInformation/Guidances/ucm128050.htm#annexIhttp://www.irisintelligence.com/risk-management-explained/why-manage-risk.htmlhttp://business-project-management.suite101.com/article.cfm/risk_mitigation_planninghttp://www.tenstep.com/open/7.0ManageRisk.htmlhttp://www.fda.gov/RegulatoryInformation/Guidances/ucm128050.htm#annexIhttp://www.irisintelligence.com/risk-management-explained/why-manage-risk.html

Documents

Risk Management Learning Diary