Risk refers to the uncertainty that surrounds future events and outcomes. It is the expression of the likelihood and impact of an event with the potential to influence the achievement of an organization’s objectives. Risk management is a systematic approach to setting the best course of action under uncertainty by identifying, assessing, understanding, acting on and communicating risk issues. The Corporate Risk Management framework is a systematic, integrated approach with a focus on managing financial risks to enhance shareholder value.
The Corporate Risk Management processes are indentification of the risk, measurement , policy, process and execution. Those processes are utilised by corporate enterprises to manage the risk of fortuitous loss. Once corporate risks have been identified and their impact on the firm measured, risk management attempts to control the size and frequency of loss, and to finance those fortuitous losses which do occur. Those are the main definition about the subject, which are to be discussed in this document.
Risk Management is an ongoing activity and should be carried out as a part of day-to-day business. The management of risk can only take place within an organisational framework that is inclusive of all parts of the corporate infrastructure. Without this framework, risks cannot be efectivelly discussed, communicated, compared and managed in a coherent way across the whole organisation. Risk should be a feature of any management discussion of any uncertain circumstances including new initiatives of any kind and the implementation of significant projects
Risk management deals with insurable and with uninsurable risks and is an approach which involves a formal orderly process for systematically identyfying, analysing and responding to risk events throughout the life of a project to obtain the optimum or acceptable degree of risk elimination or control. Risk management is an essential part of the project and business planning cycle which requires acceptance that uncertainty exists, generates a structured response to risk in terms of alternative plans, solutions and contingencies ,is a thinking process requiring imagination and ingenuity and generates a realistic attitude in an investment for staff by preparing them for risk events rather than being taken by surprise when they arrive.
Risk management involves identifying risks, predicting how probable they are and how serious they might become, deciding what to do about them and implementing these decisions. Corporates finance is the specific area dealing the financial decisions corporations make and the tools and techniques used to make the decisions. Categories of corporate financial decision making are : objectives of investment decision, financial decision and financial techniques. Corporates need a more advanced risk management approach in order to benefit from a competitive advantage from strategic risk management. They should manage risks proactively via an integrated approach with a focus on measurable financial risks.
Quantitative techniques, such as cash flow-at-risk and earnings-at-risk, are necessary to look at the combined effect of risks on the formulated business objectives. Identification of risks, analysis of implications, response to minimise the risk and allocation of the contigencies are part of the process of managing the corporate risk. The objective to managing the corporate risk is to understand the risk that is known to be associated with the corporate strategy plan.
This corporate risk management plan will enable the communication of the risks and risk treatments to be passed down to the strategic business units that may be impacted by the risk and maintenance of the corporate risk register. Altough risks are evaluated at the corporate level, the power they maintain over governments and consumers is phenomenal. Corporate risk startegy often implies planned actions to respond to identified risks. A typical corporate risk strategy includes the following: * accountabilities for managing the corporate risk.
* A corporate risk register will be maintained as a record of the known risks to the corporate strategy plan; the types of mitigating action recorded. * Treatment plans are identified that form part of the corporate strategy and will be communicated to the SBUs, so they in turn may manage the risk which may affect them. A first estimate of potential effects can be determined using assumption analysis, decision tree analysis and the range method. These models can then be used to evaluate the effectiveness of potential mitigating actions and hence select the optimum response. Mitigating actions can be grouped into four categories and potential action :
* Risk avoidance
* Risk reduction
* Risk transfer
* Risk retention
Corporate management, often referred to as corporate strategy, is concerned with ensuring corporate survival and increasing its value not just in financial terms but also by variables such as market share, reputation and brand perceptions. Thus the scope of corporate risk management is wide ranged to support the corporate strategy. A senior corporate manager owns the process and has the staff to resource the analysis and administrative activities. A board member champions the process ensuring access to information and resources. A core group of corporate broad members and strategic business unit executives can draw additional input from stakeholders such as shareholder representatives, representatives from major customers, partners and suppliers and external experts. At the corporate level a corporate strategy plan is often produced. The plan objectives are:
* Create and maintain a strategy that achieves the corporate intent, corporate commitments and expectations of the customers, shareholders and other stakeholders. * Incorporate and maintain the commitments and the requirements of business sectors, specifically strategic business units and process owners that support the strategic direction. * Communicate the strategic direction and relevant objectives and target to each strategic business unit. * Manage strategic change to maintain or gain competitive advantage.
The risk management process can be viewed as the application of traditional management techniques to a particular problem. Risk management is a continous loop rather than a linear process so that, as an investment or project processes, a cycle of identification, analysis, control and reporting of risks is continuously undertaken. Steps in the risk management process include:
* setting risk-return goals,
* identification and evaluation of the causes of potential expense or revenue fluctuation,
* choice and balance of loss control and loss finance tools, and * implementation, monitoring and review.
There are many opinions about those processes.
For example Chapman and Ward believe that there are eight phases in the risk management process. Each phases is associated with broadly defined deliverabe, and each deliverable is discussed in terms of its purpose and the tasks required to produce it. Phases and deliverable structures:
* Define : the purpose of this phase is to consolidate any relevant existing information about the project, and to fill in any gaps uncovered in the consolidation process. * Focus : the purpose of this phase is to look for and develop a strategic plan for the risk management process, and to plan the risk management process at an operational level. * Identify : the purpose of this phase is to identify where risk may arise, to identify what might be done about the risk in proactive and reactive terms, and to identify what might go wrong with the responses. Here, all the risks and responses should be identified, with threats and opportunitiess classified, characterised, documented, veified and reported. * Structure : the purpose of this phase is to test the simplified assumptions, and to provide a more complex structure when appropriate.
Benefits here include a clear understanding of the implications of any important simplifying assumptions about relationships between risks, responses and base plan activities. * Ownership : at this phase client/contractor allocation of ownership and management of risk and responses occur, such as the allocation of client risks to named individuals, and the approval of contractor allocations. Here, clear ownership and allocations arise; the allocations are effectively and efficiently defined and legally enforceable in practice where appropriate. * Estimate : this phase identifies areas of clear significant uncertainty and areas of possible significant uncertainty.
This acts as a basis for understanding which risks and responses are important. * Evaluate : at this stage synthesis and evaluation of the results of the estimation phase occurs. Diagnosis of all important difficulties and comparative analysis of the implication of responses to these difficulties should take place, together with specific deliverables like a prioritised list of risks or a comparison of the base plan and contingency plans with possible difficulties and revised plans. * Plan : at this pase the project plan is ready for implementation. The main processes involved in project risk management are: * risk identification, risk quantification and analysis, * risk response, selection of risk response options,
* outputs from the risk response process,
* outputs from the risk response process,
* risk management within the project life cycle,
* the tasks and benefits of risk management,
* the beneficiares of risk management.
Risk identification consists of determining which risks are likely to affect the project and documenting the characteristics of each one. Risk identification should adress both the internal and the external risks. The primary sources of risk which have the potential to cause a major effect on the project should also be determined and classified according to their impact on project cost, time schedules and project objectives. Inputs and outputs of the Risk Identification Process .
Inputs to risk identification are given as product or service description; other planning outputs (work breakdown structure, cost and time estimates, specification requirements) historical information.
Outputs to risk identification are sources of risk; potential risk events; risk symptoms; imputs to other processes. After identification risks should be ’validated’, for instance, the information on which they are based and the accuracy of the description of their characteristics should be checked. The purpose of risk identification is to identify and the project or service components, the inherent risks in the project or service, to capture the most significant participants in risk management and to provide the basis for subsequent management, to stabilise the groundwork by providing all the necessary information to conduct risk analysis.
Risk quantification and analysis involves evaluating risks and risk interactions to assess the range of possible outcomes. It is primarily concerned with determing which risk events warrant a response. A number of tools and techniques are available for the use of risk analysis and quantification and the analysis process.
Risk response involves defining enhancement steps for opportunities and responses to threats. Risk avoidance involves the removal of a particular threat. This may be either by eliminating the source of the risk within a project or by avoiding projects or business entities which have exposure to the risk.
Since the significance of a risk is related to both its probability of occurence and its effect on the project outcome if it does occur, risk reduction may involve either lowering its probability or lessening its impact ( or both ).
Projects may be seen as investment packages with associated risks and returns. Since a typical project or business involves numerous stakeholders, it follows that each should ’own’ a proportion of the risk available in order to elicit a return.
Basically, risk transfer is the process of transferring risk to another participant in the project. Transferring risk does not eliminate or reduce the criticality of the risk, but merely leaves it for others to bear the risk. Risk Retention .Risks may be retained intentionally or unintentionally. The latter occurs as a result of failure of either or both of the first two phases of the risk management process, these being risk identification and risk analysis. If a risk is not identified or if its potential consequences are underestimated, then the organisation is unlikely to avoid or reduce it consciously or transfer it adequately.
Corporate risk refers to the liabilities and dangers that a corporation faces. Risk management is a set of procedures that minimizes risks and costs for businesses. The job of a corporate risk management department is to identify potential sources of trouble, analyze them, and take the necessary steps to prevent losses There are several steps in any risk management process. The department must identify and measure the exposure to loss, select alternatives to that loss, implement a solution, and monitor the results of their solution. The goal of a risk management team is to protect and ultimately enhance the value of a company. With corporations, financial risks are the biggest concern. Just as with standard insurance policies for physical damage, some financial risks can be transferred to other parties.
Derivatives are the primary way that corporate risk is transferred. A derivative is a financial contract that has a value based on, or derived from, something else. These other things can be stocks and commodities, interest and exchange rates or even the weather when applicable. The three main types of derivatives that corporate riskmanagers use are futures, options, and swaps. Corporate risk is especially prominent during difficult times in the economy. Risk management teams will take less chances when the economy is less forgiving. They will do everything necessary to avoid additional risks, which in some cases can contribute to a decrease in credit availability and less overall spending.
* Corporate Risk Management ,second edition, Tony Merna & Faisal Thani 2008 * Analysis & Evaluation,second edition, Neil Cowan 2005 *
http://www.decs.sa.gov.au/docs/documents/1/DecsRiskManagementFramewo.pdf * http://www.wisegeek.com/what-is-corporate-risk.htm