Risk Management

By
Dr Safdar A Butt

1
 What is Risk?
 Risk arises from uncertainty; but all uncertainties
do not carry risk.
 Possibility of an unfavorable outcome of an
uncertainty is risk.
 Outcome of an uncertainty may even be
favorable. Is that a risk? In certain cases, yes.

2
 Why take risks?
 Because you have to.
 Because it brings rewards.
 Risk Aversion

3
 Risk Management Process
 Risk Identification / Exposure
 Risk Assessment
 Selection of risk management techniques
 Implementation
 Review

4
 Risk Identification
 Risk profile of a company
 Formal listing of all potential risks.
 External professional help
 Risk is inevitable; however unfavorable
consequences of risk can be controlled.
 Degree of risk to be assumed

5
 Classification of Risk
 Production risk
 Price risk of inputs / outputs
 Reputational risk
 Project risk
 Environmental risk (weather)
 Political risk
 Economic conditions risk

6
 Risk Assessment
Having listed all the potential risks, ask:
 How likely is it for any of these risks to actually
materialize?
 What is the maximum possible loss that can
arise from each of the listed situations?
 Can you stand that loss?

7
 Risk Management Techniques
 Risk avoidance
 Loss prevention and control
 Internal controls
 Risk retention
 Risk transfer

8
 Risk Transfer Modes
 Hedging
 Options
 Insurance
 Diversification

9
 Implementing the Plan
 Get quotes, find the best provider and create a
contract.
 Keep reviewing the situation.
 Keep revising your risk profile.
 Keep a record of cost of risk transfer against
benefits of risk transfer.
 Amend plans as necessary.

10
 Is risk management a
Corporate Governance issue?
 Board is responsible for protection of company
assets.
 Board must work to improve shareholders’
value, which is not possible without taking some
risks.
 Not taking risks may be the biggest risk.

11
 Risk Management Reporting
CC of CG requires:
 Audit Committee’s Report

 Board’s Statement on Internal Controls

12
 Audit Committee’s Report
 List significance risks; how they are being
identified, assessed and managed.
 Report on effectiveness of the systems put in
place to manage these risks
 List of actions being taken to remedy significant
failings or weaknesses
 Comment on need for greater monitoring of
procedures

13
 Board’s Statement on
Internal Control
Essentially it is about status of internal controls, e.g.
 There is an ongoing process for identifying, evaluating
and managing significant risks.
 That the process was there during the year under
report.
 It is being regularly reviewed by the Board.

 It is in accordance with Turnbull Guidance

14
 Turnbull Report
 Risk Assessment
 Control Environment
 Control Activities
 Information and Communication
 Monitoring

15
 Risk Assessment
 Clear objectives, clearly communicated to all
concerned.
 Significant risks assessed regularly
 Market risks
 Technological risks (H&S, Environment)
 Credit and liquidity risks
 Reputational risks, legal risks

 Clear understanding of risks being retained

16
 Disaster Recovery Plans
 Disasters happen, or are made to happen.
 What plans does a company have to ensure that:
 Its operations are restored quickly
 Its data is not lost

 Most important for financial institutions

17
Thank you

Dr Safdar A Butt

18