Risk and Uncertainty

Questions and Answers

How does uncertainty primarily influence decision-making, according to the information provided?

• By introducing elements of surprise and unpredictability. (correct)
• By allowing individuals to make choices free of any emotional response.
• By providing precise probabilities for future events.
• By streamlining the analysis of past events only.

How is risk defined in relation to uncertainty?

• Risk is the subjective interpretation of uncertainty.
• Risk is the chance or probability of harm from a hazard, while uncertainty encompasses events with less predictable outcomes. (correct)
• Risk is the state of human mind, while uncertainty is the state of nature.
• Risk and uncertainty are interchangeable and have the same defintion.

What differentiates internal risks from external risks in a business context?

• Internal risks are always less impactful than external risks.
• External risk can be effectively mitigated by insurance, while internal risks cannot.
• External risks are easier to control as their sources are easily identifiable.
• Internal risks are easier to predict and manage because they arise from within the company's operations. (correct)

If a manufacturing company faces a risk related to obsolescence of their primary production technology, how would this risk be categorized based on 'Risk Based on Nature'?

Controllable Risk (A)

What does 'Risk Based on Status' consider when classifying risks?

Whether any risk treatment or mitigation actions have been applied. (B)

Why are internal risks generally considered more manageable than external risks?

Their occurrence can be quantified with greater precision due to dependence on internal factors. (D)

What is the primary difference between controllable and uncontrollable risks?

Controllable risks can be influenced by management actions, affecting either the probability or impact, whereas uncontrollable risks cannot. (A)

An employee who sabotages production machinery would be an example of what type of risk?

Uncontrollable, internal risk. (D)

What is the main strategy to manage external risks based on the information?

Lobbying for favorable legislation and against unfavorable laws. (A)

What is the definition of 'Inherent Risk'?

The risk in 'raw form' before any risk treatment or mitigation activity has been applied. (A)

What is the definition of 'Residual Risk'?

The risk which we either accept reluctantly or consciously decide to assume it's presence due to a reason such as high cost of treatment. (C)

Which of the following is the best example of Strategic Risks?

Changing political dynamics impacting the long-term objectives of a company. (C)

A company facing serious quality deterioration of their primary raw material would be facing which type of risk?

Operational Risk (A)

A well-known company experiences an incident that tarnishes the public image. What type of risk is this?

Brand/Reputation Risks (A)

A regulatory body penalizes a company due to non-compliance with environmental laws. Which category of risk does this primarily fall under?

Laws and Regulations (Compliance) Risks (B)

What type of risk involves the theft of intellectual property that results in damage to a company's competitive advantage?

Knowledge Risk (D)

Which type of risk is concerned with shortcomings in a company's understanding and use of high technology?

Technology risks (D)

What is the best example of a Management and Employees (HR/People) Risk?

The sudden departure of key management personnel with critical information or skills. (B)

What is the primary aim of risk control?

To minimize the total cost of risk to an organization while ensuring long-term economic survival. (D)

A company decides not to launch a product due to concerns about potential losses. According to risk mitigation strategy, which approach does it reflect?

Avoidance (C)

Flashcards

What is Risk?

The chance of loss; variation of actual outcome from expected outcome.

What is Uncertainty?

A state of human mind where the outcome is not known.

What are Internal Risks?

Risks originating within the enterprise, easier to anticipate and manage.

What are External Risks?

Risks arising from outside the organization, harder to predict and manage.

What are Controllable Risks?

Risks influenced by management to a great extent.

What are Uncontrollable Risks?

Risks that cannot be influenced to a reasonable extent by management.

What is Inherent Risk?

Risk in 'raw form' before any treatment or mitigation.

What is Residual Risk?

Risk remaining after treatments or mitigations.

What are Strategic Risks?

Risks impacting the fundamentals, long-term objectives or viability of the enterprise.

What are Operational Risks?

Risks impacting how the organisation prepares and delivers its product or service.

What are Financial Risks?

Risks that impact the manner in which all financial information is shared and reported publicly.

What is Risk Avoidance?

Avoiding the risk, by not performing the risk prone activity

What is Risk Retention?

Accepting the loss when it occurs.

What is Risk Transfer?

Causes another party to accept the risk.

What is Risk Hedging?

Systematically reducing risk associated with an investment proposal.

What does a Chief Risk Officer do?

Setting risk strategies, building awareness, developing processes, and reporting.

What is the purpose of Risk Control?

Minimising the total cost of risk to an organisation.

Study Notes

Introduction to Risk & Uncertainty

• Risk and uncertainty are often used interchangeably, but risk is the probability of harm from a hazard, potentially involving loss.
• Uncertainty is divided into calculable probabilities based on past events and immeasurable probabilities with no discernible pattern or unique events.
• Frank Night differentiates the calculable group as risks and the latter as uncertainties in his book "Risk, Uncertainty and Profit".
• John Maynard Keynes believed surprise is an important element of uncertainty and affects decision-making across individuals, businesses, and society.
• Risk is a state of nature, while uncertainty is a state of mind.
• A situation is risky when there are multiple possible outcomes, but the actual result is unknown in advance.
• Risk is the relative variation of the actual outcome from the anticipated or expected outcome.
• The development of a new product for a manufacturing firm is risky due to profits being uncertain before actual sales.
• Similarly, developing a new drug has risk because of the range of market reception outcomes.

Classification & Types of Risks

• Risks are classified in four ways
• based on source, nature, status, and consequences.
• Risk based on Source can be internal or external in origination.
• Risk based on Nature can be controllable or uncontrollable.
• Risk based on Status can be inherent or residual depending on mitigatory actions.
• Risk based on Consequences can be strategic, operational, or financial based on business functions.

Risk Based on Source – Internal and External Risks

• Internal risks originate within the enterprise during normal business, making them easier to anticipate and manage.
• Production, people, technical, physical, and process factors can result in internal issues.
• External risks come from outside the organization and are harder to predict and manage.
• Economic, political, nature, environment, market or industry factors.
• Management can quantify the possibility of internal risks with greater precision and influence their outcome.
• External risks are studied more to improve organizational ability to deal with them, as enterprises employ economists to monitor businesses.

Risk Based on Nature – Controllable and Uncontrollable Risks

• Controllable risks can be influenced to a great extent by management with there being various ways to exert influence over outcomes.
• Uncontrollable Risks cannot be influenced to a reasonable extent.
• Controllable risks: Safety precautions, technology deployment, and employee awareness.
• Uncontrollable Risks: Sabotage, flooding, and terrorist attacks.
• Controllable risks are easier to predict, allowing preventable measures, whereas uncontrollable risks require reactive measures to minimize impact.

Relationship between Source and Nature of Risk

• A relationship exists between the source of risks (internal/external) and the nature of the risk (controllable/uncontrollable)
• The possibility exists of any combination or situation somewhere in between.
• Internal risks are usually more controllable, while external risks are more uncontrollable.
• Risk is highest for external uncontrollable factors and lowest for internal controllable factors.
• To manage risks, move them from the higher to the lower region.
• Example: Lobbying for favorable legislation is a way of controlling external Risk.

Risk Based on Status – Inherent and Residual Risk

• Risks are all pervasive and inherent in all business activity due to their inherent uncertainty.
• An "Inherent Risk" acknowledges the presence of risk in 'raw form' before any risk treatment.
• Residual Risk remains untreated after mitigation, either accepted reluctantly or consciously as the treatment can cost too much.

Risk Based on Consequences – Outcome of Event

• Risks are classified based on how they unfold and impact various business aspects/functions.
• Strategic, operations, brand/reputation, customer, finance, law and regulations, knowledge, technology, management and employees, and location/geography are typical areas of consequence.
• This is not a complete list with one risk capable of being assigned in more than one category.
• Strategic Risks, are very significant and affect the company's fundamental business or long-term objectives, concerning changes to the business environment, industry, or political and economic conditions.
• Operational Risks impact how the organization prepares and delivers its product/service to customers and are more internal in nature
• Brand/Reputation Risks can tarnish the company's image due to poor perceptions from customers or stakeholders, stemming from events that shake the company's core values.
• Customer Satisfaction Risks affect the quality of product or service, but not severely enough to impact the brand, slower in nature, and stem from experiences.
• Financial Risks deal with the company's financial matters, including financial viability and how information is shared by the company with capital availability and investments.
• Laws and Regulations Risks result from legal non-compliance resulting in penalties or lawsuits as well as compliance to internal policies including Risks to intellectual property.
• Knowledge Risks involve information of a confidential nature with a bearing on the achievement of objectives, where corruption to or loss/theft of information could result in damage to business viability.
• Technology Risks rise because of dependence on the use, ownership and operation of technology or from not keeping pace with changes, including a poor understanding of nuances.
• Management and Employees (HR/People) Risks affect the employees and management due to dependence on individuals as well as optimum utilization of people to achieve objectives.
• Location/Geography Risks include dependence on a particular geography or location to achieve company-wide objectives.
• Fraud Risk includes misstatement of information or misappropriation of assets
• Audit Risk: Audit risk is related mainly to the external and internal audit efforts designed to provide audit assurance to the area subject to audit as well as the risk of incorrect audit conclusions by flawed evidence.

Risk Classification Linkages

• Risk classification seeks a type of benefit linking all the classification effort together to achieve clarity, appreciation of risk dynamics, and a better road map.
• Internal and external environments are a source for all inherent risks to develop a risk response and classify them to either transfer or terminate them.
• Controllable risks are subject to internal mitigations to reduce their impact, resulting in residual risks.

Importance of Risk Management

• Governance functions include planning, budgeting, performance measurement, assurance and auditing, procurement, hiring, assessing staff, and control over day-to-day operations.
• Coordination is involved to both direct and control an organization and to direct and control an organization with regard to risk.
• Risk Management is the key pillar of Governance and only tool to deal with business uncertainty.
• Fortune 500 and other large companies use Risk Management to sustain & grow businesses.
• Risk management is an integral component including as an iterative process undertaken in sequence.

Objectives of Risk Management

• Risk management protects property, earnings, and personnel (prevents losses and legal liabilities).
• It minimizes costs and maximizes profitability by taking measures to reduce the possibility of a ‘risk event’.
• Corporate sector recognizes the importance of independent risk managers whose purpose is to control pure risks, analysis and control of all risks arising out of business.

Overview of Mitigation & Controls

• Identifying potential risks involved is the first step in managing Risk.
• Risks are assessed for potential loss severity, occurrence probability, and are a measure of inability to achieve objectives within cost and time constraints possessing two components: probability of failing to achieve outcome and overall consequences.
• There may be ready-made solutions to manage risk involving a risk decision not to perform an activity which is called Avoidance.
• There may be a need to accept the loss by taking a risky proposal where there are no alternatives to reduce Risk.
• Transferring risk causes another party to accept it, typically by contract.
• Risk hedging is a systematic process of reducing risk associated with an investment proposal where some risk is inevitable.

Risk Control

• Risk Control is selected to reduce loss frequency and severity requiring a cost-benefit exercise to evaluate benefits and costs.
• No cost benefit exercise is required when there is no option or it is imposed by law.
• Risk Control covers measures to avoid/eliminate/reduce loss chances to minimize cost, while ensuring long-term survival.

Opportunities in RM for CAs

• A Chartered Accountant can play a role in RM as a Manager, Auditor or Consultant.
• A chief executive officer is responsible for implementing RM and can be a member of the board of directors or CEO
• Companies form committees regarding RM where a CA can play a role.
• As a Chief Risk Officer (CRO), CAs set policy and strategy for risk management, are primary champions, build culture, implement internal policy, development risk response processes, and prepare reports.

CA as an auditor and consultant

• Auditors aware of RM can understand and use features
• As internal auditors, CAs assist management and risk management committees
• As internal or external auditors, CAs examine, evaluate report and provide recommendations from risk assessments.
• CAs are a huge number of consultants and can provide detailed advice on the business.