Risk Management Approach for Financial Restructuring in Integration with ISO 31000

IRJMST Volume 4 Issue 2 Online ISSN 2250 - 1959

International Research Journal of Management Science & Technology http:www.irjmst.com 027

Risk Management Approach for Financial Restructuring in Integration

with ISO 31000

Ms Rachna Yadav

Asst.Professor, MLNE (Delhi University)

Shahid Ali

Asst.Professor, MLNE(Delhi University)

Abstract

With the growth of trade and financial collaborations between nations, there were increased

chances of risk among many facets of firms. There was need felt by experts to make some

international recognized procedures who can holistically deal with risk and risk management

process. Here we mainly elaborate Australian / Newzealand standard ISO 31000: 2007 –

principles and guidelines (AS / NZS, ISO 31000). It is expected that application of ISO

31000 will lead to agencies improving their risk management capability, resulting in risk

being more effectively and efficiently managed in all types of institutions and firms and in

their different walks of life eg. Operation, financial, strategic etc.

Key Words: Risk, Risk Management, ISO 31000, Risk Analysis, Business environment


International Research Journal of Management Science & Technology http:www.irjmst.com Page 1028

Introduction

Risk is an indispensable part of business. Risk management means avoiding shocks on one

hand and on the other implementing change to control the outcome. The purpose of this paper

is to briefly introduce key concepts of risk management and guidelines on how the risk

management process can be practically applied in different walks of life of institutions and

firms. This article will definitely assist concerned departments to prepare documents and

procedures for dealing with risk. These procedures can be fine tuned with respect to

particular sector. These procedures are also helpful for educating newcomers of firms so that

they can remain aligned to firm risk management policies.

The Concept of Risk Management

Risk aspects include both possible threats and opportunities and potential impact these may

have on the ability of firm to attain their well defined objectives. So risk is related to both

challenge and opportunities for the agency. Risk management embodies an organizational

culture of prudent risk taking within an agency. It is the process of identifying and responding

to risk. There are few important aspects of managing risk –

Improve efficiency and performance.

Allocation of resources

Significantly improve planning process keeping key focus on core business.

Improvement in accountability, responsibility, transparency and governance in

relation to both decision making and output.

Risk Management Model

Figure 1 below provides an example of a risk management model. In this model, one can

assess where a particular risk falls in terms of likelihood and impact and accordingly establish

the organizational strategy/response to manage the risk.



Source: http://www.tbs-sct.gc.ca

Figure 1

These are some key factors which are necessary for meaningful implementation of risk

management policies and taking desired outcome from them.

Risk management requires supportive organizational culture and awareness of risk at

all level of hierarchy.

Risk management requires continuous programming of education, training

development for employee at all level at regular interval.

Effective risk management require good record keeping of all historical data so that

we have idea how risk were dealt in past and how risk were dealt in past and how

effectively we can deal them in future.

Effective risk management requires clearly defined ownership to deal with risks at

organizational structure level in terms of responsibility, duties and actions.

Emphasis should be given for greater awareness and understanding of risk

management framework at all level so that staff people can own and apply the risk

management principles promoted by the agency and incorporate them in their day to

day activities.

It should be noted that there is no standardized risk format or ready to use framework for all

types of firms, rather they need to develop their own risk framework which suit them most. A

http://www.tbs-sct.gc.ca/



firm may need to manage credit risks and another firm may need to manage the market risk.

Figure 2 below describes the types of risk management frameworks.

Source: http://www.indiaeducation.net

Figure 2

Below are few tips which can be helpful for developing a robust framework for risk

management.

Operation of a particular business

Manpower skills and capabilities

Allocation of resources

Reporting system in the firm

Delegation of authorities, protocol etc.

There is need to review risk management policies consistently because of dynamically

changing operating business environment, risk profile, operating system, legislation etc. So

there is need for regular audit so that risk related policies can be reviewed and updated.

Risk Management Process

The risk management process as a holistic approach includes the external and internal risks to

be addressed in the corporate strategy in integration with corporate culture prevalent in the

company.



Source : http://legacy.bentley.edu/erm

Figure 3

As per ISO 31000 international standard, risk management process consist of 7 steps, these

are as follows –

1. Establishing the context – The purpose is to define the limit or boundary with in which

the risk management framework will operate. It should note the boundary of the

framework and the capacity of the agency to successfully address the risk that can be

identified in the assessment phase of risk management process – in establishing the

context , an agency should consider –

The external and internal environment

The risk profile

Risk appetite and tolerance level

A risk matrix and responsibility

The business continuity plan

Establishing external and internal environment is the first step regarding risk management

process. It sets the parameters within which risk are identified, assessed and managed.

Agencies will need to collect information at both strategic and operational level and include

both external and internal risks facing the firm. Also external environment relate to the social

, culture , political , legal, regulating , financial , technological and economic environment

within which firm operates. It should be noted that there is a significant relationship between

http://legacy.bentley.edu/erm



risk profile and planning process. So there is need to address the risk during each phase of

planning so that risk can be addressed managed properly. Every organization has a limit in

which risk can be tolerated depending upon its operating business environment. In this phase

of risk management firms decide its tolerance limit of risk. Limit of tolerance risk will differ

as per new information, new operating business environment. Risk matrix is concerned with

occurrence of risk event and its consequences; here we make a chart which depicts degree of

risk and degree of consequences. In this chart for each level of risk we clearly define who

will deal what and how. Beside all above there are certain types of risk which are

unavoidable and firms cannot manage them as per tolerance limit of any firm. Eg – natural

disasters due to flood, earthquake etc. In such situations firms can make contingency plans

and decide how to operate business, it also includes crisis management plans that can be

activated as required.

2. Risk identification – In this step of risk management we generate list of all those

possible risk which develop or indirectly affect firm and their consequences. Proper

identification of risk which is not properly identified cannot be dealt properly. This is

mainly done through environment scanning. Through this we try to scan operating

business environment and identify those elemental risk which can affect the firm today

or tomorrow, key consideration of environment scanning are as follows –

Type of risk -- economic, political, legal, technological etc.

Source of risk - external (political, economical, natural disasters etc.), internal

(reputation, security, knowledge etc.)

Causes and impact of risk

How to control risk

Also frequency and scope of environment scanning should be different for different firms

depending upon their context / degree of impact etc There are many other methods that can

be adopted by agencies to identify risk include Agency documents , media report , law

making agencies, internal brain storming activities, survey and questionnaire , SWOT

analysis.

3. Risk analysis – This calculate degree of impact of potential risk. Here we try to find

threat and opportunities existed while managing a particular type of risk. There are 2 parts

of risk – Inherent risk and residual risk. Inherent risk is that part of risk which exist prior



to any internal control being implemented to manage the risk. Residual risk is the risk

which remains after action has been taken to manage the risk. Advantage of using the

approach are, Assisting management with identification of excessive or ineffective

controls and ensuring that management is aware of the agency’s exposure if the control

fails. Inherent and residual risk need to be assessed whenever controls are adjusted or

environmental scanning indicates that circumstances may have changed.

4. Risk evaluation -- In the part of risk management we prioritize which risk to be dealt and

at what manner. Following points should be kept in mind while dealing with risk

evaluation –

Operating business environment of the firm and its direction to attain strategic goals.

Tolerance limit of risk of the firm. Here we clearly define up to what limit risk should

be tolerated depends upon type of business firm is doing. If firm deals with

speculative trading then high risk activity may not always require priority treatment.

We should define acceptable risk limit to firm’s stakeholders too, because it is

possible that degree of risk tolerance of firm and its stakeholders can vary.

We must do cost-benefit analysis simultaneously with any legal or regulatory agency

involvement eg if risk could involve in legal action against agency, then risk may be

high priority if the probability of occurrence is high.

5. Risk treatment – After proper risk analysis and evaluation now we are in the phase of

risk treatment. There are many ways for dealing with risk, these are as follows –

Preventive measure – Here main emphasis is to prevent particular activity which can

avoid undesirable outcome. Eg – use of contract term to enable recovery of

overpayment or to safeguard against potential breaches of contracted project

milestone.

Corrective control – Here main emphasis is to correct or update to avoid undesirable

outcome e.g. – internal audit review of preventive and detective controls or change in

procedures of doing particular activity.

Directive control – Here authoritative means are used to achieve a particular outcome.

They are particularly important when it is critical that an undesirable event is avoided.

E.g. – To assure that all staff wears particular clothing so that accident by fire can be

avoided.



Risk transfer is very important in risk treatment where we take those steps so that loss due to

occurrence of risk can be transferred or recovered from third party. E.g. – insurance against

fire, health, medical treatment etc. Also forward contracts, hedging, option etc used to avoid

any future financial volatility. But sometime it is not appropriate to deal with risk but to

accept it. A risk may be accepted because ---

Probability of occurrence of risk is quite low.

Cost of dealing with risk is more than accrual of benefit.

Level of risk is within tolerance limit of firm

Risk due to natural disaster e.g.—earthquake, flood etc. In such situation firm do not

have any control over risk.

While we deal with risk then following points must be considered –

Trade off between cost and benefit while dealing with risk.

We must take into account political, environmental, social cost etc along with

financial cost.

We must remember that the value system and perception of stakeholder also.

Risk treatment should not introduce new type of risk while dealing with risk, in that

situation introduction of secondary risk should also be assessed, evaluated and treated.

6. Communication and consultation – It would be helpful if communication and

consultation took place at all stages of risk management. This will provide opportunity to

inform and took better suggestion or input from stakeholders. Risk management can be

collectively done when it is strongly embedded into the culture of company. Continuous

communication and consultation help to inculcate risk management culture in the firm

and its stakeholders. The stakeholders can be the Staff people of the firm, Formal risk

management committee of the firm, Interest group like – suppliers, traders, industries

group, union etc.

7. Monitoring and review --- Primary purpose of monitoring and review is to assure and

reassure whether risk still exist or not, what is the profile and degree of strength in risk

etc. Monitoring and review can be done on periodic basis, learn from success or failure

while dealing with risk monitoring. It is important that monitoring and reporting are



clearly defined and those results are documented and shared with all stakeholders. This

also includes sharing experience with stakeholders.

Reporting plays an important role in a well defined risk management model. For effective

implementation of risk management consideration should be given to establishing an

appropriate reporting structure within an agency, eg—internal audit officer may be required

to report to the risk committee or the accountable officer regarding the status of the risk

currently on the risk register or incorporated into the strategic and operational plans.

Reporting processes should be timely and address the following points –

The adequacy and effectiveness of the internal controls in place to treat risk.

Identification and recording of any new type of risk.

Implementation of new controls to address key risks.

Conclusion

Compliance with laws and regulations is not an option but legal, moral and ethical duty of the

organization. An organization must understand the applicable laws and must implement a

system of controls that achieves compliance. One such method for obtaining risk protection is

following the guidelines of ISO 31000, the international standard for risk management. We

have tried to gain deeper insights into the guidelines of ISO 31000. A robust procedure is

always helpful in better dealing with the risk which can be harmful to the firm. We have tried

to disarm and elaborate important points which are essential parts of risk management

procedures.

References

1. Bruder B., Hereil P. and Roncalli T. (2011), Managing Sovereign Credit Risk, Journal of

Indexes Europe, 1(4), pp. 20-27.

2. COSO Enterprise Risk Management – Integrated Framework, AIRMIC 2005.

3. Hagan P.S., Kumar D., Lesniewski A.S. and Woodward D.E. (2002), Managing Smile

Risk, Wilmott Magazine, July, pp. 84-108.

4. Hilscher J. and Nosbusch Y. (2010), Determinants of Sovereign Risk: Macroeconomic

Fundamentals and the Pricing of Sovereign Debt, Review of Finance, 14, pp. 235–262.

5. Meucci A. (2005), Risk and Asset Allocation, Springer.


International Research Journal of Management Science & Technology http:www.irjmst.com 36

6. Spinard W. 2006, Enterprise-Wide-Risk Managment: A Holistic Approach, Marsh Risk

Consulting.

Books

1. G. Bradley ―A guide to risk management‖ July 2011

2. AS/NZS ―ISO 31000 : 2009 Risk management – principles and guidelines, standards‖

Nov 2009

Websites:

1. http : // www.saiglobal.com

2. http://www.theirm.org/ISO31000guide.htm

3. http://www.praxiom.com/iso-31000.htm

4. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1957050

5. www.bizresearchpapers.com/Paper18.pdf

http://www.praxiom.com/iso-31000.htm

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1957050

Risk Management Approach for Financial Restructuring in Integration with ISO 31000

Documents

Transcript of Risk Management Approach for Financial Restructuring in Integration with ISO 31000