Risk Management Approach for Financial Restructuring in Integration with ISO 31000
-
Upload
independent -
Category
Documents
-
view
6 -
download
0
Transcript of Risk Management Approach for Financial Restructuring in Integration with ISO 31000
IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 1027
Risk Management Approach for Financial Restructuring in Integration
with ISO 31000
Ms Rachna Yadav
Asst.Professor, MLNE (Delhi University)
Shahid Ali
Asst.Professor, MLNE(Delhi University)
Abstract
With the growth of trade and financial collaborations between nations, there were increased
chances of risk among many facets of firms. There was need felt by experts to make some
international recognized procedures who can holistically deal with risk and risk management
process. Here we mainly elaborate Australian / Newzealand standard ISO 31000: 2007 –
principles and guidelines (AS / NZS, ISO 31000). It is expected that application of ISO
31000 will lead to agencies improving their risk management capability, resulting in risk
being more effectively and efficiently managed in all types of institutions and firms and in
their different walks of life eg. Operation, financial, strategic etc.
Key Words: Risk, Risk Management, ISO 31000, Risk Analysis, Business environment
IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 1028
Introduction
Risk is an indispensable part of business. Risk management means avoiding shocks on one
hand and on the other implementing change to control the outcome. The purpose of this paper
is to briefly introduce key concepts of risk management and guidelines on how the risk
management process can be practically applied in different walks of life of institutions and
firms. This article will definitely assist concerned departments to prepare documents and
procedures for dealing with risk. These procedures can be fine tuned with respect to
particular sector. These procedures are also helpful for educating newcomers of firms so that
they can remain aligned to firm risk management policies.
The Concept of Risk Management
Risk aspects include both possible threats and opportunities and potential impact these may
have on the ability of firm to attain their well defined objectives. So risk is related to both
challenge and opportunities for the agency. Risk management embodies an organizational
culture of prudent risk taking within an agency. It is the process of identifying and responding
to risk. There are few important aspects of managing risk –
Improve efficiency and performance.
Allocation of resources
Significantly improve planning process keeping key focus on core business.
Improvement in accountability, responsibility, transparency and governance in
relation to both decision making and output.
Risk Management Model
Figure 1 below provides an example of a risk management model. In this model, one can
assess where a particular risk falls in terms of likelihood and impact and accordingly establish
the organizational strategy/response to manage the risk.
IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 1029
Source: http://www.tbs-sct.gc.ca
Figure 1
These are some key factors which are necessary for meaningful implementation of risk
management policies and taking desired outcome from them.
Risk management requires supportive organizational culture and awareness of risk at
all level of hierarchy.
Risk management requires continuous programming of education, training
development for employee at all level at regular interval.
Effective risk management require good record keeping of all historical data so that
we have idea how risk were dealt in past and how risk were dealt in past and how
effectively we can deal them in future.
Effective risk management requires clearly defined ownership to deal with risks at
organizational structure level in terms of responsibility, duties and actions.
Emphasis should be given for greater awareness and understanding of risk
management framework at all level so that staff people can own and apply the risk
management principles promoted by the agency and incorporate them in their day to
day activities.
It should be noted that there is no standardized risk format or ready to use framework for all
types of firms, rather they need to develop their own risk framework which suit them most. A
IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 1030
firm may need to manage credit risks and another firm may need to manage the market risk.
Figure 2 below describes the types of risk management frameworks.
Source: http://www.indiaeducation.net
Figure 2
Below are few tips which can be helpful for developing a robust framework for risk
management.
Operation of a particular business
Manpower skills and capabilities
Allocation of resources
Reporting system in the firm
Delegation of authorities, protocol etc.
There is need to review risk management policies consistently because of dynamically
changing operating business environment, risk profile, operating system, legislation etc. So
there is need for regular audit so that risk related policies can be reviewed and updated.
Risk Management Process
The risk management process as a holistic approach includes the external and internal risks to
be addressed in the corporate strategy in integration with corporate culture prevalent in the
company.
IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 1031
Source : http://legacy.bentley.edu/erm
Figure 3
As per ISO 31000 international standard, risk management process consist of 7 steps, these
are as follows –
1. Establishing the context – The purpose is to define the limit or boundary with in which
the risk management framework will operate. It should note the boundary of the
framework and the capacity of the agency to successfully address the risk that can be
identified in the assessment phase of risk management process – in establishing the
context , an agency should consider –
The external and internal environment
The risk profile
Risk appetite and tolerance level
A risk matrix and responsibility
The business continuity plan
Establishing external and internal environment is the first step regarding risk management
process. It sets the parameters within which risk are identified, assessed and managed.
Agencies will need to collect information at both strategic and operational level and include
both external and internal risks facing the firm. Also external environment relate to the social
, culture , political , legal, regulating , financial , technological and economic environment
within which firm operates. It should be noted that there is a significant relationship between
IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 1032
risk profile and planning process. So there is need to address the risk during each phase of
planning so that risk can be addressed managed properly. Every organization has a limit in
which risk can be tolerated depending upon its operating business environment. In this phase
of risk management firms decide its tolerance limit of risk. Limit of tolerance risk will differ
as per new information, new operating business environment. Risk matrix is concerned with
occurrence of risk event and its consequences; here we make a chart which depicts degree of
risk and degree of consequences. In this chart for each level of risk we clearly define who
will deal what and how. Beside all above there are certain types of risk which are
unavoidable and firms cannot manage them as per tolerance limit of any firm. Eg – natural
disasters due to flood, earthquake etc. In such situations firms can make contingency plans
and decide how to operate business, it also includes crisis management plans that can be
activated as required.
2. Risk identification – In this step of risk management we generate list of all those
possible risk which develop or indirectly affect firm and their consequences. Proper
identification of risk which is not properly identified cannot be dealt properly. This is
mainly done through environment scanning. Through this we try to scan operating
business environment and identify those elemental risk which can affect the firm today
or tomorrow, key consideration of environment scanning are as follows –
Type of risk -- economic, political, legal, technological etc.
Source of risk - external (political, economical, natural disasters etc.), internal
(reputation, security, knowledge etc.)
Causes and impact of risk
How to control risk
Also frequency and scope of environment scanning should be different for different firms
depending upon their context / degree of impact etc There are many other methods that can
be adopted by agencies to identify risk include Agency documents , media report , law
making agencies, internal brain storming activities, survey and questionnaire , SWOT
analysis.
3. Risk analysis – This calculate degree of impact of potential risk. Here we try to find
threat and opportunities existed while managing a particular type of risk. There are 2 parts
of risk – Inherent risk and residual risk. Inherent risk is that part of risk which exist prior
IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 1033
to any internal control being implemented to manage the risk. Residual risk is the risk
which remains after action has been taken to manage the risk. Advantage of using the
approach are, Assisting management with identification of excessive or ineffective
controls and ensuring that management is aware of the agency’s exposure if the control
fails. Inherent and residual risk need to be assessed whenever controls are adjusted or
environmental scanning indicates that circumstances may have changed.
4. Risk evaluation -- In the part of risk management we prioritize which risk to be dealt and
at what manner. Following points should be kept in mind while dealing with risk
evaluation –
Operating business environment of the firm and its direction to attain strategic goals.
Tolerance limit of risk of the firm. Here we clearly define up to what limit risk should
be tolerated depends upon type of business firm is doing. If firm deals with
speculative trading then high risk activity may not always require priority treatment.
We should define acceptable risk limit to firm’s stakeholders too, because it is
possible that degree of risk tolerance of firm and its stakeholders can vary.
We must do cost-benefit analysis simultaneously with any legal or regulatory agency
involvement eg if risk could involve in legal action against agency, then risk may be
high priority if the probability of occurrence is high.
5. Risk treatment – After proper risk analysis and evaluation now we are in the phase of
risk treatment. There are many ways for dealing with risk, these are as follows –
Preventive measure – Here main emphasis is to prevent particular activity which can
avoid undesirable outcome. Eg – use of contract term to enable recovery of
overpayment or to safeguard against potential breaches of contracted project
milestone.
Corrective control – Here main emphasis is to correct or update to avoid undesirable
outcome e.g. – internal audit review of preventive and detective controls or change in
procedures of doing particular activity.
Directive control – Here authoritative means are used to achieve a particular outcome.
They are particularly important when it is critical that an undesirable event is avoided.
E.g. – To assure that all staff wears particular clothing so that accident by fire can be
avoided.
IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 1034
Risk transfer is very important in risk treatment where we take those steps so that loss due to
occurrence of risk can be transferred or recovered from third party. E.g. – insurance against
fire, health, medical treatment etc. Also forward contracts, hedging, option etc used to avoid
any future financial volatility. But sometime it is not appropriate to deal with risk but to
accept it. A risk may be accepted because ---
Probability of occurrence of risk is quite low.
Cost of dealing with risk is more than accrual of benefit.
Level of risk is within tolerance limit of firm
Risk due to natural disaster e.g.—earthquake, flood etc. In such situation firm do not
have any control over risk.
While we deal with risk then following points must be considered –
Trade off between cost and benefit while dealing with risk.
We must take into account political, environmental, social cost etc along with
financial cost.
We must remember that the value system and perception of stakeholder also.
Risk treatment should not introduce new type of risk while dealing with risk, in that
situation introduction of secondary risk should also be assessed, evaluated and treated.
6. Communication and consultation – It would be helpful if communication and
consultation took place at all stages of risk management. This will provide opportunity to
inform and took better suggestion or input from stakeholders. Risk management can be
collectively done when it is strongly embedded into the culture of company. Continuous
communication and consultation help to inculcate risk management culture in the firm
and its stakeholders. The stakeholders can be the Staff people of the firm, Formal risk
management committee of the firm, Interest group like – suppliers, traders, industries
group, union etc.
7. Monitoring and review --- Primary purpose of monitoring and review is to assure and
reassure whether risk still exist or not, what is the profile and degree of strength in risk
etc. Monitoring and review can be done on periodic basis, learn from success or failure
while dealing with risk monitoring. It is important that monitoring and reporting are
IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 1035
clearly defined and those results are documented and shared with all stakeholders. This
also includes sharing experience with stakeholders.
Reporting plays an important role in a well defined risk management model. For effective
implementation of risk management consideration should be given to establishing an
appropriate reporting structure within an agency, eg—internal audit officer may be required
to report to the risk committee or the accountable officer regarding the status of the risk
currently on the risk register or incorporated into the strategic and operational plans.
Reporting processes should be timely and address the following points –
The adequacy and effectiveness of the internal controls in place to treat risk.
Identification and recording of any new type of risk.
Implementation of new controls to address key risks.
Conclusion
Compliance with laws and regulations is not an option but legal, moral and ethical duty of the
organization. An organization must understand the applicable laws and must implement a
system of controls that achieves compliance. One such method for obtaining risk protection is
following the guidelines of ISO 31000, the international standard for risk management. We
have tried to gain deeper insights into the guidelines of ISO 31000. A robust procedure is
always helpful in better dealing with the risk which can be harmful to the firm. We have tried
to disarm and elaborate important points which are essential parts of risk management
procedures.
References
1. Bruder B., Hereil P. and Roncalli T. (2011), Managing Sovereign Credit Risk, Journal of
Indexes Europe, 1(4), pp. 20-27.
2. COSO Enterprise Risk Management – Integrated Framework, AIRMIC 2005.
3. Hagan P.S., Kumar D., Lesniewski A.S. and Woodward D.E. (2002), Managing Smile
Risk, Wilmott Magazine, July, pp. 84-108.
4. Hilscher J. and Nosbusch Y. (2010), Determinants of Sovereign Risk: Macroeconomic
Fundamentals and the Pricing of Sovereign Debt, Review of Finance, 14, pp. 235–262.
5. Meucci A. (2005), Risk and Asset Allocation, Springer.
IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959
International Research Journal of Management Science & Technology http:www.irjmst.com Page 1036
6. Spinard W. 2006, Enterprise-Wide-Risk Managment: A Holistic Approach, Marsh Risk
Consulting.
Books
1. G. Bradley ―A guide to risk management‖ July 2011
2. AS/NZS ―ISO 31000 : 2009 Risk management – principles and guidelines, standards‖
Nov 2009
Websites:
1. http : // www.saiglobal.com
2. http://www.theirm.org/ISO31000guide.htm
3. http://www.praxiom.com/iso-31000.htm
4. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1957050
5. www.bizresearchpapers.com/Paper18.pdf