Upload
ubed-ahmed
View
218
Download
0
Embed Size (px)
Citation preview
7/29/2019 Risk Management Learning Diary
1/27
MBAFI613 Risk Management
Risk Management - Learning Diary
(Individual Assignment)
By
Uditha Wijegunawardhana (2008/MBA/WE/35)
Semester IV First Half
August 2010
Lecturer: Mr. Sanath Manathunge
Course: MBAFI613 Risk Management
Postgraduate and Mid-Career Development Unit
Faculty of Management and Finance
University of Colombo
1
7/29/2019 Risk Management Learning Diary
2/27
MBAFI613 Risk Management
Table of Content
Abstract....2
1.0 Introduction to The Nielsen Company....3
1.1 Introduction to The Nielsen Company Sri Lanka....4
2.0 Session One......5
2.1 Introduction to Risk.....5
2.1.1 History of Risk.....5
2.1.2 Definition of Risk.....6
2.1.3 Reasons for Needing Risk Management ..6
2.1.4 The Dimensions of Risk .....7
2.1.5 Risk Factors....7
2.2 Risk Management Process .....9
2.3 Risk Management Options ....9
2.4 Risk Management Framework.....9
3.0 Session Two......11
3.1 Risk Identification .....11
3.2 Risk Planning.....15
4.0 Session Three......17
4.1 Risk Treatment .....17
3.2 Risk Response.....20
5.0 Session Four......22
5.1 Ethical Risk Management ....22
5.1.1 Risk Communication.....23
6.0 References....26
2
7/29/2019 Risk Management Learning Diary
3/27
MBAFI613 Risk Management
Abstract
This report is on the learning diary kept during the course of Risk Management, to refresh
what was learnt during the class, as well as information that related to each days learnings.
This is then applied to situations which could arise in a particular company, where applicable.
3
7/29/2019 Risk Management Learning Diary
4/27
MBAFI613 Risk Management
1.0 Introduction to The Nielsen Company
The Nielsen Company, formerly known as ACNielsen, is a privately held multinational
company with operations across more than 100 countries spanning the globe, with its
headquarters situated in New York. Founded in 1923 by Arthur C. Nielsen, the pioneer of
Retail Audit, and the coiner of the term market share, Nielsen now employs more than
42,000 associates across the Americas, Asia Pacific, Europe, Middle East and Africa.
Nielsen endeavors to help businesses turn new and traditional sources of data into customer
intelligence to better manage their brands, launch and grow product portfolios, optimize their
media mix and establish meaningful customer relationships etc.
The Nielsen Company spans across three main business activities, namely:
1. Marketing Information
2. Media Information
3. Business Information
As the worlds largest market research organization, Nielsen provides services that interface
with its local offices throughout the world to deliver clear, consistent information across
markets. Utilizing cross-country comparable data, combined with local country information,
Nielsen multi-country services provides information-based solutions to worldwide marketers
with a broad international scope.
From its Marketing and Media Information divisions, Nielsen provides countless of
professionals around the globe with knowledge and business intelligence, through thousands
of specific market data reports, 140 trade publications (such as The Hollywood Reporter and
Billboard), 150 trade shows and business events, 150 'yellow pages' directories and many
internet sites.
4
7/29/2019 Risk Management Learning Diary
5/27
MBAFI613 Risk Management
Nielsen also has many syndicated research tools to tools to measure and analyze consumer
behavior (Nielsen Ratings, Nielsen Online, Nielsen Mobile, Nielsen Claritas etc.)
1.1 Introduction to The Nielsen Company Sri Lanka
Established in 2001, the Sri Lankan branch consists of headquarters in Colombo, with smaller
branches in Dehiwala, Galle and Kandy.
The Sri Lankan operations mainly offer Retail Measurement Services, Customized Research
and Media Tracking. The Customized Section is again separated into Quantitative Research,
Qualitative Research and Social Research. However, all the departments work with their
regional and global counterparts in providing other tools and suites of information to local
clients.
Along with most of the major local and multinational FMCG companies, Nielsen Sri Lanka
deals with the major players in the Banking, Telecommunications, Media and Advertising
industries, as well as with institution such as the United Nations, World Bank, LIRNasia,
SLIM etc.
5
7/29/2019 Risk Management Learning Diary
6/27
MBAFI613 Risk Management
2.0 Session One
2.1 Introduction to Risk
2.1.1 History of Risk
Though the term Risk can be traced to ancient Greek, according to sociologist Niklas
Luhmann , the term 'risk' is a neologism that appeared with the transition from traditional to
modern society. In Medieval times, the term risicum was used in highly specific contexts,
above all in sea trade and its ensuing legal problems of loss and damage. In the vernacular
languages of the 16th century the words rischio and riezgo were used,[1] both terms derived
from the Arabic word "rizk", meaning 'to seek prosperity'. This was introduced to continental
Europe, through interaction with Middle Eastern and North African Arab traders. In the
English language the term Risk appeared only in the 17th century. When the terminology of
Risk took ground, it replaced the older notion that thought "in terms of good and bad
fortune."
With the Cold War, Scenario Analysis came into its own, mainly due to the confrontations
between the United States and the Soviet Union. It started to become widespread in 1970s in
the Insurance industry, when several major oil tanker disasters forced a more thought into the
matter.
The scientific approach to Risk entered Finance in the 1960s with the introduction of the
Capital Asset Pricing Model; and became increasingly important in the 1980s, with the rapid
increase of financial derivatives. Later on, it reached the general professions in the 1990s,
when the increasingly widespread use of personal computing allowed easy access for data
collection and analysis.
6
7/29/2019 Risk Management Learning Diary
7/27
MBAFI613 Risk Management
2.1.2 The Definition of Risk
The definition of Risk usually contains a combination of the probability of a particular event
and its consequences. In any undertaking, there is the potential for events and consequences
to happen, which would in turn lead to opportunities (for benefit an upside) or threats
(downside).
Some definitions of Risk tend to concentrate only on the negative scenarios, while more
comprehensive definitions consider all variability as risk.
The more complete definition of risk management considers both Risk Hedging and Strategic
Risk Taking, with one on each extreme end.
2.1.3 Reasons for Needing Risk Management
1. To safeguard resources from unexpected losses
2. To be prepared to seize unanticipated opportunities
3. To limit uncertainties in managing businesses
4. Improved strategic and business planning
5. More efficient use/allocation of capital and resources within the organisation
6. Increased ability to deliver on time
7. Reduced costs by limiting legal action or preventing breakages
8. Improved reliability leading to an enhanced reputation
9. Fewer breakdowns, fewer shocks and fewer unwelcome surprises
10. Enhanced communication between Business Units and Departments
11. The ability to reassure key stakeholders throughout the organization
12. The promotion of continuous improvement, leading to higher quality of output
13. A more focused internal audit programme
7
7/29/2019 Risk Management Learning Diary
8/27
MBAFI613 Risk Management
14. Robust contingency planning
15. Improving decision making, planning and prioritisation by comprehensive and
structured understanding of business activity, volatility and project opportunity/threat
16. Developing and supporting people and the organisations knowledge base
17. Optimising operational efficiency
2.1.4 The Dimensions of Risk
These are independent variables:
1.Direction either Positive or Negative
2. Degree of Probability High or Low
3. Magnitude of the consequences Negligible or Substantial
2.1.5 Risk Factors
Probability of Likelihood of Occurrence of the Risk Event
Severity of the impact of the Risk Event
Duration or Exposure Time of the Risk Event
Susceptibility to Changes or External Influences
Degree of Inter-dependency with other Risk Factors or Risk Events
However, the Risk Drivers of a firm is likely to differ from one organization to the other.
For example,
8
7/29/2019 Risk Management Learning Diary
9/27
MBAFI613 Risk Management
Figure 2.1 Risk Drivers
Risk Drivers for Nielsen Sri Lanka:
Environment Strategic Financial Hazard Operational Technological
Competition StructureLiquidity &
cash flowProperty Security Security
Customer
NeedsPlanning Interest rates
Natural
disastersPeople Data integrity
InnovationsExecution of
strategyCredit spread Integration Data Loss
Legal Life cycleForeign
exchange rates
Business &
Process
High
dependency on
ICT
Mergers &
AcquisitionsResources Tax Knowledge base
Service
interruptions
Financial
Markets
Timely
decision
making
Intellectual
Property
Energy Needs
Involvement
from Regional
Head Offices
Over dependency
on key
individuals
Regulatory
Lack of
proper Risk
Management
System
9
7/29/2019 Risk Management Learning Diary
10/27
MBAFI613 Risk Management
2.2 Risk Management Process
Fig 2.2 Risk Management Process I
2.3 Risk Management Options
10
RISK ANALYSIS
Risk Identification
Risk Description
Risk Assessment
Risk Tolerance
RISK ANALYSIS
RISK CONTROL
RISK REPORTING
MONITORING
7/29/2019 Risk Management Learning Diary
11/27
MBAFI613 Risk Management
Risk Managment Options
Accept Reduce Transfer Avoid
2.4 Risk Management Framework
This gives the comprehensive approach for an organization to identify and manage Risks.
A Typical Risk Management Framework would include:
The Risk Management Policy
Establishment of the internal/ external context
Setting Risk criteria
Management committees and responsibilities
Reporting requirements
Risk identification methods
Risk documentation
Risk treatment options
Risk monitoring and review
11
7/29/2019 Risk Management Learning Diary
12/27
MBAFI613 Risk Management
3.0 Session Two
Fig 3.1 Risk Management Process
Risk Analysis vs. Risk Management:
12
Formal
AuditModification
7/29/2019 Risk Management Learning Diary
13/27
MBAFI613 Risk Management
Identify the Risk Evaluate the Risk Identify Response Select
Plan & ResourceMonitor & Report
3.1 Risk Identification
This needs an in depth knowledge of the organization, as well as the environment that it
operates in.
The following can be used to assess the external and internal environment:
PESTEL analysis
SWOT analysis
Competitive Profile Matrix
External Factor Evaluation (IFE) Matrix
Internal Factor Evaluation (IFE) Matrix
To identify the Risks, the organization should get the involvement of its personnel into
account:
Brainstorming.
13
Risk
Analysis
Risk
Management
Identify the
Risk
Evaluate the
Risk
Identify the
Response
Select the
Response
Plan &
Resource
Monitor &
Report
7/29/2019 Risk Management Learning Diary
14/27
MBAFI613 Risk Management
Surveys and questioners
Interviews
Work groups
Experiential knowledge
Delphi technique
Root cause identification
Documented knowledge / historical information
Risk lists
Critical path templates
The identified Risks are then documented. The documentation can vary from one
organization to the other.
As in the case of Nielsen, these documents can sometimes be classified confidential and not
to be shared.
A sample output form can be as follows:
Required info
Identification No
Date
Reported by
Risk Event
Category
PriorityDescription
Probability
Consequences
Impact
Possible Areas Affected
Time Sensitivity
Risk Handling Plans
Person Responsible
Status
Other info
14
7/29/2019 Risk Management Learning Diary
15/27
MBAFI613 Risk Management
The Risks are documented in a Risk Log, classified on the Impact and Probability:
The below Risk Consequence and Likelihood Matrix was developed by the Charles Darwin
University
Likelihood
Consequence
Insignificant
1
Minor
2
Moderate
3
Major
4
Catastrophic
5
Almost Certain 5 M S H H H
Likely 4 L M S H H
Possible 3 L L M S H
Unlikely 2 L L L M S
Rare 1 L L L L M
Along with this, the organization should have thresholds where the Risk Tolerance levels can
be.
3.2 Risk Planning
15
7/29/2019 Risk Management Learning Diary
16/27
MBAFI613 Risk Management
16
7/29/2019 Risk Management Learning Diary
17/27
MBAFI613 Risk Management
From the documentation, the organization can get a list of Risk, ranked on severity. The
organization should have on hand the plans on how to deal with the most sever Risks. These
should also take into account the how these Risks are related with other events.
Steps:
1. Define the project.
2. Get input from others.
3. Identify the consequences of each risk.
4. Eliminate irrelevant issues.
5. List all identified risk elements.
6. Assign probability.
7. Compute the total risk
8. Develop mitigation strategies
9. Develop contingency plans.
10. Analyze the effectiveness of strategies.
11. Compute the effective risk.
12. Monitor the risks.
17
7/29/2019 Risk Management Learning Diary
18/27
MBAFI613 Risk Management
4.0 Session Three
Although almost all Risks can be managed, these should be controlled in ways that are cost-
effective.
4.1 Risk Treatment
Risk Treatments are used to respond to Risk. The Risk Manager uses the Risk information
from the Risk Register to set up an Action Plan and assign responsibilities to the relevant
personnel. These are used to mitigate or eliminate the Risk.
These will differ from one Risk to another. Even for one Risk, there could be several options
to be chosen from, where the decision rests on the feasibility, effectiveness and efficiency of
the Risk Treatment in relation to the case in hand.
The effectiveness of the Treatment can be achieved by:
1. Risk Control
This is the design of suitable preventative controls that are designed to
minimize the occurrence of a loss event by reducing the likelihood and/ or
severity of the potential losses.
For example, the data security measures set in place in Nielsen, to reduce
likelihood/ severity of security breach.
2. Risk Containment
This refers to the actions taken to deal with the residual risks that remain after
a Risk Management strategy such as a hedge or insurance has been
implemented.
For example, the measures set in place to recover whatever is not covered by
insurance
18
7/29/2019 Risk Management Learning Diary
19/27
MBAFI613 Risk Management
3. Risk Avoidance
This looks at avoiding activities that are risky or by undertaking less risky
activities.
Risk avoidance can be :
Complete avoidance.
Eliminate the cause of the risk event.
Eg: Nielsens decision not to set up a Retail Audit in Jaffna
Protect activity from the risk event.
Eg: Nielsens decision to set up a Retail Audit in East only in the safer
Urban areas
However, these can come at the cost of lost opportunities and alternatives
4. Risk Accumulation
Individual risks that are significantly positively correlated are combined. In
this context, there are no attempts to eradicate or reduce the risk exposures.
However, possible losses are likely to create a considerable damage.
5. Risk Acceptance
With these, the firm decides to accept the consequences if the risk event
occurs. This is used for low probability and low impact risk events.
6. Risk Financing
These, refer to methods of funding the cost of Risk. This focuses on Risk
Acceptance. Could either transfer an uncontrollable risky event to some
external party for a fixed premium or restructure the business unit to be better
able to handle it.
Eg: The insurance and credit protection, as well as the financial
reserves kept
7. Risk Insurance
19
7/29/2019 Risk Management Learning Diary
20/27
MBAFI613 Risk Management
Risk insurance refers to insuring against any large losses that might arise from
the unwanted risk exposures. This consists of retaining the upside potential
while eliminating the downside, and comes at the cost of a fee or premium.
8. Risk Mitigation
These try to reduce both the frequency and severity of losses.
Steps to lessen the likelihood of that a Risk event i.e. Loss prevention
Steps to lessen negative impacts from a Risk event i.e. Loss reduction
Eg: The Nielsen legal agreements signed with a client, with provisions
on project termination etc.
9. Risk Re-allocation/ Risk Transference
These transfer risk, i.e. the re-apportioning some form of risk such as interest
rate risk or credit risk to those who are willing to bear the risk.
Eg: Interest rate hedging , oil price hedging
A risky exposure is transferred to those market players who require a smaller
yield premium to be appropriately compensated to bear the additional risk.
Eg: Insurance, Contracting, Warranties, Guarantees, Performance
Bonds
20
7/29/2019 Risk Management Learning Diary
21/27
MBAFI613 Risk Management
4.2 Risk Response
A risk response plan consists of the set of procedures developed to handle a likely identified
risk event with respect to:
Potential likelihood of the risk events. (Probability)
Impact of the risk events (Severity)
Duration of the risk events (Duration)
Risk response plans are developed for risks that have the high likelihood and the potential to
high impact. Less likely and non significant risks are usually addressed through contingency
plans or workarounds.
A Risk Response Plan would have:
Risk identification number (From the Risk Register)
Risk name and description of its characteristics.
Risk originator.
Risk owner.
Likelihood of occurrence.
Expected impact.
Expected value or risk score.
Any information needed to track and monitor the risk over the risk observation
period.
Risk triggers.
21
7/29/2019 Risk Management Learning Diary
22/27
MBAFI613 Risk Management
The chosen strategies for the risk response plan
Fig 4.1 Template for a Risk Response Plan
These can vary from one organization to the other. As in the case of Nielsen, these documents
can sometimes be classified confidential and not to be shared.
22
7/29/2019 Risk Management Learning Diary
23/27
MBAFI613 Risk Management
5.0 Session Four
5.1 Ethical Risk Management
Ethical RM considers all of the stakeholders of a firm as a single portfolio of interested
parties.
The Six C's of Ethical Risk Management
1. Champions
Risk management professional, a senior executive or member of the board
must become the champion of the Ethical Risk Management cause. Rather
than on designation, this depends on a person who is ready to embrace and
carry this thinking forward.
Also there should be a Central Risk Team (CRT) or an Integrated Risk
Management Committee representing multiple disciplines within the
organization, which in turn will be overseen by the Risk Champion
2. Commitment
The Risk Champions must work towards getting the support and commitment
of his colleagues from all levels of the organization.
3. Consistency
The Risk Champions must monitor that Risks are managed in a consistent
pattern across all departments
4. Correlations
One must be able to consider the interrelationships of all Risk management
strategies and how that will impact the overall goals and objectives of the firm
as a whole. In addition, the correlations between the stakeholders themselves
will also have an effect.
23
7/29/2019 Risk Management Learning Diary
24/27
MBAFI613 Risk Management
5. Code of ethics
This call for the self-promotion of high standards of business practices, above
and beyond what the current legislation may call for. Need to develop an
awareness of ethical concerns inside the company.
6. Communication
The most vital of all the factors; there must also be a free flow of ideas and
information among the senior decision makers - team mentality to the
management of risks.
There should also be communication happening across all directions, not just
top to bottom.
The Nielsen Company does not assign Risk Champions. Instead, the responsibility and
methods of dealing with Risk falls onto the heads of the relevant Business Units. The
hierarchy, which includes the Asia Pacific regional offices, contains rules and regulations that
hinder the official designation of a person as a Risk Champion.
5.1.1 Risk Communication
Risk communication consists of an interactive process, which gives an exchange of
information and opinion on risk among Risk Assessors, Risk Managers, and other
stakeholders.
This should ensure that all stakeholders have a thorough grasp of the logic, outcomes,
significance, and limitations involved. However, different levels of reporting would be there
for different sets of target audiences.
24
7/29/2019 Risk Management Learning Diary
25/27
MBAFI613 Risk Management
Internal
Board of Directors
Business Units
Managers
Workers
Internal Auditors
External
Shareholders
Regulators
Auditors
Risk Rating Agencies
Customers,
Suppliers, Creditors
Lenders
Government
Society
Of these, the most vital would be:
Board or Directors They should
o Know about the most significant risks faced by the organisation
o Know the possible effects on shareholder value
o Ensure appropriate levels of awareness throughout the organization
o Know how to manage communications with the investment community where
and when applicable
o Etc
Business Units They should
o Know be aware of risks which fall into their area of responsibility, the possible
impacts these may have on other areas and vice versa
25
7/29/2019 Risk Management Learning Diary
26/27
MBAFI613 Risk Management
o Report systematically and promptly to senior management any perceived new
risks or failures of existing control measures
o Etc
Individuals should
o Understand their accountability for individual risks;
o Understand how they can enable continuous improvement of risk management
response;
o Understand that risk management and risk awareness are a key part of the
organisational culture;
o Report systematically and promptly to senior management any perceived new
risks or failures of existing control measures.
o Etc
External Reporting
o The firm needs to report to its stakeholders on a regular basis setting out its
risk management policies and the effectiveness in achieving its objectives.
o The stakeholders should be made aware of:
The control methods
The processes used to identify risks and how they are addressed
The primary control systems in place to manage significant
risks and the monitoring and review system in place.
Any significant deficiencies uncovered by the system, or in the
system itself, along with the steps taken to deal with them.
26
7/29/2019 Risk Management Learning Diary
27/27
MBAFI613 Risk Management
6.0 References
Crepin-Swift, Carla (n.d.), Risk Mitigation Planning, Retrieved on the 20th of August from
http://business-project-management.suite101.com/article.cfm/risk_mitigation_planning
Manage Risk (2010), Retrieved on the 19th of August from
http://www.tenstep.com/open/7.0ManageRisk.html
Quality Risk Management (2009), Retrieved on the 20th of August from
http://www.fda.gov/RegulatoryInformation/Guidances/ucm128050.htm#annexI
Why Manage Risk? Retrieved on the 19th of August from
http://www.irisintelligence.com/risk-management-explained/why-manage-risk.html
http://business-project-management.suite101.com/article.cfm/risk_mitigation_planninghttp://www.tenstep.com/open/7.0ManageRisk.htmlhttp://www.fda.gov/RegulatoryInformation/Guidances/ucm128050.htm#annexIhttp://www.fda.gov/RegulatoryInformation/Guidances/ucm128050.htm#annexIhttp://www.irisintelligence.com/risk-management-explained/why-manage-risk.htmlhttp://business-project-management.suite101.com/article.cfm/risk_mitigation_planninghttp://www.tenstep.com/open/7.0ManageRisk.htmlhttp://www.fda.gov/RegulatoryInformation/Guidances/ucm128050.htm#annexIhttp://www.irisintelligence.com/risk-management-explained/why-manage-risk.html