ch7风险评估应对

Ch7

Risk

assessmentandresponseOverviewRisk

ResponseRisk

assessmentRisk

quantificationRisk

profilingControl

proceduresRisk

consolidationCh7

inERMRisk

assessmentEffect

of

risksAnalysis

of

effects:FinancialNon-financialPage

215,

case

studyRisk

assessment

and

dynamics

(11Jun2a)Risk

assessment

is

a

dynamic

management

activitybecause

of

changes

in

the

organisational

environment

and

because

of

changes

in

the

activities

and

operations

ofthe

organisation

which

interact

with

that

environment.Changes

in

the

environment

might

include

changes

in

anyof

the

PEST

(political,

economic,

social,

technological)orany

industry

level

change

such

as

a

change

in

thecompetitive

behaviour

of

suppliers,

buyers

orcompetitors.

In

either

case,

new

risks

can

be

introduced,existing

ones

can e

more

likely

or

have

a

higher

impact,or

the

opposite

(they

may

disappear

or e

lessimportant).Risk

quantificationRisks

that

require

more

analysis

will

be

quantified,

wherepossible

results

and

losses

areconsidered.Techniques

for

carrying

out

risk

quantification

includesensitivity

analysis

and

accountingratios.Risk

rating(10Jun1)Possibility

&

ImpactsImpact

of

a

risk

materialising

is

potentiallycatastrophic,but

the

probability

of

ithappening

is

low.On

HN’s

50th

anniversary

last

year,

NNN

published

what

it

called

a

‘riskassessment’

for

the

HN

power

station.

It

said

it

had

calculated

theprobabilities

(P)and

impacts

(I)

of

threeprominentrisks.Risk

of

major

radioactive

leakover

the

next

10

years:

P

=

10%,

I

=

20Risk

of

nuclear

explosion

over

the

next

50

years:

P

=

20%,

I

=

100Risk

of

major

terrorist

attack

over

next

10

years:

P

=

10%,

I

=80Impacts

were

on

an

arbitrary

scale

of

1–100

where

100

was

defined

by

NNNas

‘totalnuclear

annihilation

of

the

area

and

thousands

ofdeaths’.Sensitivity

analysisHow

sensitive e

is

to

changing

conditionsPay

attention

to

controlling

critical

variables

(mostsensitive)WeaknessChanges

need

to

be

isolated

whereas

mgmt

maybeinterested

in

combination

of

the

effects

of

changesInterdependent

factorsNot

examine

probability

of

a

loss

incostNot

provide

a

decision

ruleExample

1Calcit

is

a

company

hoping

to

launch

a

new

product.The

initial

investment

of

$6m

will

generate

revenuesof

$5m

in

each

of

the

next

two

years. The

variablecosts

are

expected

to

be

$1.5m

per

annum

in

thenext

two

years. Calcit’s

cost

ofcapital

is

8%.RequiredAssess

whether

the

project

is

more

sensitive

to

therisks

associated

with

variable

costs

or

selling

price.AnswerSelling

priceSensitivity

=

241

/

8,915

=

3%Variable

costsSensitivity

=

241

/

2,675

=

9%Changes

in

the

selling

price

of

this

product

are

a

higher

riskthan

changes

in

the

variable

costs,

as

the

selling

price

onlyneeds

to

fall

by

3%

(the

equivalent

of

$241,000)

to

make

theproject

only

break-even.

Variable

costs

would

need

to

rise

bynearly

10%

for

the

project

to

only

break-even.Expected

valueAverage

eTake

other

concerns

into

consideration,

such

asrisk

appetite

of

managementrisk

attitude

of

shareholders

and

stakeholderspotential

threat

to

the

business

if

the

worst

possible

eoccursAccounting

ratiosDebt

ratioGearingInterest

coverCash

flowratioCurrent

ratioQuick

ratioChanges

in

revenues,

costs,

short-term

creditors,

loanfinanceLikelihood/Consequences

matrixHighLowLikelihoodLowHighImpactRisk

profilingThe

risk

tolerance

boundary

reflects

the

company’s

riskappetite.The

risk

profile

allows

the

company

to

prioritise

itstreatment

of

different

risks. It

may

choose

to

spend

lesson

managing

one

risk

in

order

to

release

funds

to

manageanother

moreeffectively.Risk

consolidationRisk

that

has

been

analyzed

and

quantified

at

thedivisional

or

subsidiary

level

needs

to

be

aggregated

tothe

corporate

level

and

grouped

into

categoriesRisks

are

not

independent

of

each

otherRelationship

between

business

andfinancial

riskBusiness

risk borne

by

both

firm’s

equity

holders

andproviders

of

debt.Avoidance

of

BR:

withdrawn

from

the

investment

in

firmFinancialrisk

borne

by

entirely

equity

holders

forthepayment

to

debt

holders

takes

precedence

over

dividendsto

shareholders.Importance

of

accurate

risk

assessment(10Jun1d(i))Resources

are

allocated

in

part

on

the

basis

of

RA.a

risk

assessed

as

probable

and

of

high

impact

would

attract

asignificant

resource

allocation

and

to

have

incorrect

informationcould

conceivably

lead

to

the

misallocation

of

company

resources.RM

also

depend

upon

the

assessment.Once

a

risk

is

identified

and

assessed,

the

company

pursues

astrategy

for

managing

that

risk,

typically

to

transfer

or

share

the

risk,avoid

the

risk,

reduce

it

or

accept

it.Owe

to

the

local

community,

employees

and

others

to

ensurethat

all

risks

are

fully

but

accurately

understood.Stakeholders

expect

us

to

be

a

responsible

company

in

all

mattersbut

especially

in

matters

of

safety

and

the

environment.Inaccurate

assessments

can

breed

fear,

distrust

andunnecessary

panic.Risk

responsestrategiesRisk

portfolio

managementVarious

ways

that

organisations

trying

to

mitigate

risks

orconsidering

to

acceptrisks.RM

strategies

(TARA)AcceptTransferReduceAvoidLowConsequencesHighLowHighLikelihoodT-ATransfer:passing

the

risk

on

toanother

party

which,

inpractice

means

an

insureror

a

business

partner

inanother

part

of

the

supplychain

(such

as

a

supplier

ora

customer)Avoid:asking

whether

or

not

theorganisation

needs

toengage

in

the

activity

orarea

in

which

the

risk

isincurred.R-AReduce:finding

a

party

that

iswilling

to

enter

into

apartnership

so

that

therisks

of

a

venture

might

bespread

between

the

twoparties.For

example

an

investormight

be

found

to

providepartial

funding

for

anoverseasinvestment

inexchange

for

a

share

of

thereturns.Accept:retaining

the

risk,

believingthere

to

be

no

otherfeasible

option.Controllable

or

uncontrollable

risksControllable:Risk

reduction

ortransferenceUncontrollable:Accept

the

risk

or

avoidthe

riskDealing

with

risk:

twoerrorsStop

errors-

stop

activities

that

would

have

produced

returns

thatwere

higher

than

the

costs

incurred.Go

errors-

go

ahead

with

activities

that

costs

are

incurred

that

aregreater

than

expected

revenuesRisk

appetiteRM

strategies

also

depend

on

managers’

risk

appetite.Eg,

charities

or

public

sector

organizations

may

avoid

certainrisks

while

others

may

choose

to

reduce

them.ALARPprinciple(2011Dec1c(iv))ALARP

principle

(as

low

asreasonably

practicable)-

There

is

an

inverserelationship

between

a

riskand

the

acceptability

of

thatrisk

or,

in

other

words,

a

riskis

more

acceptable

whenitis

low

and

lessacceptablewhen

it

ishigh.ALARPFora

risk

to

be

ALARP

it

mustbe

possible

todemonstratethat

the

cost

involved

in

reducing

the

risk

further

wouldbe

grossly

disproportionate

to

the

benefit

gained.The

ALARP

principle

arises

from

the

fact

that

infinite

time,effort

and

money

could

be

spent

on

the

attempt

ofreducing

a

risk

to

zero.It

should

not

be

understood

as

simply

aquantitivemeasure

of

benefit

against

detriment.

It

is

more

a

bestcommon

practice

of

judgement

of

the

balance

of

riskandsocietal

benefit.Impact

of

dynamic

environmentFrequent

risk

assessments

of

changing

risksReporting

of

high-impact

likelihood

risksQuick

response

to

higher-level

strategic

risksAppropriate

combination

of

short

and

long

termstrategiesChanging

policies

for

dealing

with

specific

risksFlexible

risk

assessment

and

management

systemsResidual

riskResidual

risk

is

the

risk

remaining

after

protectivemeasures

have

been

taken.运用了所有的控制和风险管理技术以后而留下来，未被管理的风险.If

residual

risk

is

not

reported

then

management

cannotknow

how

much

riskis

beingaccepted.RR=IR×CR

(audit

risk)AvoidanceofriskWhether

risk

can

beavoidedWhether

avoidance

is

desirableExtremely,

termination

of

operation-

eg,

in

politically

volatile

countryReduction

of

riskRiskpoliciesRisk

mitigation

techniquesContingency

planningLoss

controlPolicies

and

techniquesRisk

policiesAgreed

at

senior

levelsBy

BOD,

risk

committee

orrisk

managerRisk

mitigation

techniquesApplied

at

various

levelsBy

operational

managersand

staffGuided

by

RM

functionContingency

planningContingency

planning

involvesidentifying

post-loss

needsdrawing

up

plans

in

advancereviewing

regularly

to

take

account

of

changeBasic

constituentsInformationEnsuring

all

the

information

that

will

be

needed

is

available

during

andafter

the

event

should

be

gathered

in

advanceNames,

address,

machine

and

supplier

details,

waste

disposal

firms,

etc.ResponsibilityThe

plan

should

lay

down

what

is

to

be

done

by

whom.

Appropriatedelegation.

Those

who

hold

duties

should

be

awarePracticeSimulations

should

be

as

realistic

as

possible

and

should

be

takenseriously

by

all

involved.Loss

controlPhysical-

Install

physical

device,

and

inspect

and

maintainregularlyPsychologicalawareness:

losses

are

possible

and

they

can

becontrolledcommitment:

make

individual

managers

accountablefor

the

losses

under

their

controlDiversification

of

risks

(12Dec1b)Diversification

of

risk

means

adjusting

the

balance

ofactivities

so

that

the

company

is

less

exposed

to

the

riskyactivities

and

has

a

wider

range

of

activities

over

which

tospread

risk

and

return.Risks

can

be

diversified

by

discontinuing

risky

activities

or reducing

exposure

by,

for

example,

disposing

of

assets

or selling

shares

associated

with

the

risk

exposure.Creating

a

portfolio

of

different

risks,

avoiding

all

its

riskspositively

correlated.Diversification

may

be

difficult

for

specialised

business

or business

lackof

resources

to

adjust

its

portfolioAcceptance

of

riskOrganisation

bears

risk

itselfRisk

retention

is

inevitable

to

some

extent,

becauseThere

will

always

be

some

unexpected

risk

however

good

therisk

identification

and

assessment

process

isRisk

is

considered

to

be

insignificant

or

either

cost

of

avoidingrisk

is

too

greatWhether

to

retain

or

transfer

riskswhether

there

is

anyone

to

transfer

a

risk

to.Self-insurance:

gritting

one’s

teeth

and

hoping

for

thebest, setting

asides

fundsCaptive

insurance(专业自保公司)Transfer

of

riskTo

other

internal

departments

or

externally

to

suppliers,customers

or

insurers,

even

can

be

to

the

state.Hold

harmless

agreementA

hold

harmless

agreement

is

a

legally

binding

contractdesigned

to

release

one

or

more

parties

from

legal

liability.

In

astandard

agreement,

one

of

the

parties

essentially

agrees

notto

sue

the

other

party

for

certain

kinds

of

expenses,

losses,

ordamages

that

may

result

from

a

particular

transaction.Hold

harmless

agreements

can

be

unilateral,

or

they

can

applyto

both

of

the

contracting

parties.Limitation

of

liabilityLegal

and

other

restrictions

on

transferring

risksRisksharing:

insuranceCommunication

of

riskTo

shareholders

and

other

stakeholdersParticularly

those

risks

that

cannot

be

avoidedStock

market

may

react

badlyOnce

successfully

communicated,

organisation

will

betrusted

by

recipientsFormal

reportingControl

methods,

particularly

mgmt

responsibilitiesProcesses

identifying

risksPrimary

control

systems

to

manage

significant

risksMonitoring

and

review

systemsFinancial

riskmanagementRole of

treasury

functionTreasury

management

资金管理‘the

corporate

handlingof

all

financial

matters,

thegeneration

of

external

and

internal

funds

for

business,themgmt

of

currencies

and

cash

flows,

and

the

complexstrategies,

policies

and

procedures

of

corporate

finance.’Specialist

treasury

departments

to

handle

financial

risksHowcanfinancial

riskbemanagedRisk

diversificationRisk

hedgingInternal

strategiesRisk

sharingRisk

transferDiversificationHavinga

mix

of

equity

and

debt

financeHaving

a

mix

of

short

andlong-term

debtHaving

a

mix

of

fixed

and

variableInvesting

in

a

variety

of

geographical

locations

andmarketsHedging对冲/套期保值Control

interest

rate

and

exchange

rate

risksForwardcontracts交易双方约定在未来的某一确定时间，以确定的价格买卖一定数量的某种金融资产的合约。合约中要规定交易的标的物、有效期和交割时的执行价格等项内容。FuturesOptionsSwaps指交易双方约定在未来某一期限相互交换各自持有的资产或现金流的交易形式。较为常见的是外汇掉期交易和利率掉期交易。Natural

hedgeA

natural

hedge

is

an

investment

that

reduces

the

undesiredrisk

by

matching

cash

flows

(i.e.

revenues

and

expenses).An

example

is

a

company

that

opens

a

subsidiary

in

anothercountry

and

borrows

in

the

foreign

currency

to

finance

itsoperations,

even

though

the

foreign

interest

rate

may

be

moreexpensive

than

in

its

home

country:

by

matching

the

debtpayments

to

expected

revenues

in

the

foreign

currency,

theparent

company

has

reduced

its

foreign

currency

exposure.Similarly,

an

oil

producer

may

expect

to

receive

its

revenues

inU.S.

dollars,

but

faces

costs

in

a

different

currency;

it

would

beapplying

a

natural

hedge

if

it

agreed

to,

for

example,

paybonuses

to

employees

in

U.S.

dollars.Internal

strategiesWorking

capital

managementMaintaining

reserves

of

easily

liquidated

assetsRisk

sharingCredit

guarantees信用担保Credit

default

swaps

信用违约保险当借款人向贷款人(银行或其他金融机构)申请贷款时，贷款人为 了保障贷款安全，以支付保费为前提向保险人(多为保险公司)投 保。若借款人违约，由保险人代为偿还。Totalreturn

swaps总收益互换总收益互换是指信用保障的卖方在协议期间将参照资产的总收益转移给信用保障的买方，总收益可以包括本金、利息、预付费用以及因资产价格的有利变化带来的资本利得；作为交换，保障买方则承诺向对方交付协议资产增殖的特定比例，通常是LIBOR加一个差额，以及因资产价格不利变化带来的资本亏损。Credit-linked

note信用联系票据是普通的固定收益证券与信用违约互换相结合的信用衍生产品。 信用联系票据的购买者提供信用保护。一旦信用联系票据的标的 资产出现违约问题，信用联系票据的购买者就要承担违约所造成 的损失。Risk

transferInsuranceSecuritizationTransferring

foreign

currency

risk

on

a

future

transaction:Invoicing

in

home

currencyControl

activitiesControl

proceduresControl

procedures

are

those

policies

and

procedureswhich

are

established

to

achieve

the

entity’s

specificobjectives

(SAS300)Classification

of

control

proceduresCorporate,

management,

business

process

and

transactioncontrolFrom

top

to

day-to-dayactivityAdministrative

and

accounting

controls Accounting:

provide

accurate

accounting

records

and

toachieve

accountabilityPrevent,

detect

and

correct

controlsClassification

of

control

proceduresDiscretionary

and

non-discretionary

controlsVoluntary

and

mandated

controlsGeneral

and

application

controlsFinancial

and

non-financial

controlsTypes

of

procedures

(UKSAS

300)Reporting,

reviewing

and

approving

reconciliations.Checking

the

arithmeti