Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Overview of Risk Breakdown Frameworks

Published byKaden Withrow Modified over 9 years ago

Similar presentations

Presentation on theme: "An Overview of Risk Breakdown Frameworks"— Presentation transcript:

1 An Overview of Risk Breakdown Frameworks

2 Establishing your Risk Categories
The Risk Categories will be used by you and your team as a “memory jogger” to surface risk related situations. There are a number of Risk Category lists – the goal of this step is to find the framework that works best for your organization.

3 Corporate Risk vs. Regulatory Risks
Duration: The time horizon for a corporate risk profile should typically be in the range of three to five years, whereas regulatory filings are usually for a much longer term or in perpetuity. For example, matters for which lawsuits could be brought by investors in the future. Types of Risks: Regulatory filings are usually restricted to those areas that would be of interest to an investors, customers, employees and other stakeholders. By contrast “corporate” (internal) risks also include issues that will impact the organization’s performance success and viability. Purpose: Corporate risk profiles are prepared to assist in better managing the company. Regulatory filings are usually prepared with both promotional and legal protection motives. Although these two types of risk descriptions can and should be reconciled, they have different purposes. Yet arguably, they should remain mutually exclusive. Paraphrased form: Fraser, J.R.S., How to Prepare a Risk Profile , p 171, Chapter 11, Enterprise Risk Management, John Wiley & Son, 2010

4 Establishing your Risk Categories
In this session we will use the COSO* categories used in the CMA MAG “Identifying, Measuring and Managing Organizational Risk for Improved Performance”. * Committee of Sponsoring Organizations of the Treadway Commission

5 COSO Risk Categories Identifying, Measuring, and Managing Organizational Risks for Improved Performance, Marc J. Epstein, and Adriana Rejc Buhovac, Published by The Society of Management Accountants of Canada, the American Institute of Certified Public Accountants and the Chartered Institute of Management Accountants, Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2004)

6 Strategic Risk Strategic Risk Type Risks Definition Example
Economic Risks Risks related to macroeconomicpolicies and economic cycles. Government’s monetary and fiscalpolicy Industry Risks Risks related to competitive positioning, industry profit margins, market structure, and competition laws Changes in supply and demand,industry concentration, or competitive structure; introduction ofnew products and services Strategic Transaction Risks Risks related to activities undertaken to initiate significant change in strategic direction Asset reallocation via mergers and acquisitions, spin-offs, alliances, and joint ventures Social Risks Risks related to changing demographics and social mores Child labor; changes in family structures and work/life priorities(human resource issues that could alter demand for products/services or change buying venues) Technological Risks Risks related to technological progress and technology-driven disruptive forces Engineering success/failure; technological obsolescence of product or product assembly (issues that could give a competitor an advantage) Political Risks Risks related to changes ingovernment, public policy, andfederal oversight, and global risksrelated to political instability Management of government relations; terrorist activities Organizational Risks Risks related to control systems,business policies, and businessculture Alignment between performance measurement and reward systems Identifying, Measuring, and Managing Organizational Risks for Improved Performance, Marc J. Epstein, and Adriana Rejc Buhovac, Published by The Society of Management Accountants of Canada, the American Institute of Certified Public Accountants and the Chartered Institute of Management Accountants, Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2004)

7 Operational Risk Risk Type Risks Definition Example
Environmental Risks Risks related to the natural environment that could result in damage to buildings, restricted access to raw materials, or loss of human capital Weather conditions, such as earthquake, fire, or flood; environmental pollution Financial Risks Risks related to credit, interest rates, the stock market, currency, and collateral Foreign exchange rates; strategic equity; asset liquidity; employee stock option program; commodity risks Business Continuity Risks Risks related to conditions that could result in work stoppage or adversely affect production, delivery, marketing, supplier and customer management, outsourcing, or compliance with industry and other standards and codes Reliability within the supply chain; supplier integrity; quality of goods; price of external supply Innovation Risks Risks related to the transformation of some aspect of the business in an effort to improve operating performance Under performance in new product development and in Research &Development (R&D) investment Commercial Risks Risks related to the expected performance of products or services Quality of engineering, marketing, communication, and sales; product liability in the event of failure Project Risks Risks related to the completion of a project Technical difficulties; commercial obstacles Human Resource Risks Risks related to the adequacy and execution of human resource standards, policies, and practices Ethical/unethical conduct by management and employees; availability of assistance to employees for career planning and personal development; issues that could result in work stoppage, loss of personnel, or monetary or reputational damage Health and Safety Risks Risks related to employee health and safety in the workplace Unsafe equipment or environment; workplace stress; potential for injury from repetitive strain or falls from heights Property Risks Risks related to the security of both tangible and intangible assets Inventory protection against spoilage or theft; intellectual property rights; potential for enforcement action Reputational Risks Risks related to the perception of the organization by its stakeholders, the media, and the general public that could impact liquidity, capital, or credit rating Publicity regarding production methods, business practices, or internal controls Identifying, Measuring, and Managing Organizational Risks for Improved Performance, Marc J. Epstein, and Adriana Rejc Buhovac, Published by The Society of Management Accountants of Canada, the American Institute of Certified Public Accountants and the Chartered Institute of Management Accountants, Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2004)

8 Reporting Risks Risk Type Definition Example Information Risks
Risks related to the quality and accessibility of information Data accuracy, relevance, reliability, and completeness; security of information; integration of information systems Reporting Risks Risks related to the process of capturing, analyzing, and submitting data in a meaningful format to managers and external stakeholders for decision- making purposes Reliability and completeness of financial information; efficiency of the process for internal decision-making and for external reporting Identifying, Measuring, and Managing Organizational Risks for Improved Performance, Marc J. Epstein, and Adriana Rejc Buhovac, Published by The Society of Management Accountants of Canada, the American Institute of Certified Public Accountants and the Chartered Institute of Management Accountants, Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2004)

9 Compliance Risks Risk Type Definition Example
Legal and Regulatory Risks Risks related to meeting legal and regulatory requirements with respect to corporate governance, labor relations, industry standards, the environment, etc. Employee compliance with the organization's code of conduct and Non- Governmental Organization standards; human rights violations(e.g., child labor) Control Risks Risks related to the internal control systems and security policies that could result in system downtime, backlogs, fraud, and the inability to continue business operations Data integrity; data and system availability; potential for malpractice by employees or outsiders (e.g., theft, deception, forgery, false accounting);potential for operational errors (e.g. Clerical, record-keeping, and those resulting from faulty IT systems) Professional Risks Risks related to organizational liability and the personal liability of directors and managers Misrepresentation; defamation; corporate insolvency Identifying, Measuring, and Managing Organizational Risks for Improved Performance, Marc J. Epstein, and Adriana Rejc Buhovac, Published by The Society of Management Accountants of Canada, the American Institute of Certified Public Accountants and the Chartered Institute of Management Accountants, Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO, 2004)

10 Simpler, process based framework

11 OPERATIONAL - INTERNALLY CONTROLLED
RISKS OPERATIONAL - INTERNALLY CONTROLLED CUSTOMER RELATED ENVIRONMENTAL FINANCIAL RISKS Human Capital Facilities & Machine Methods & Systems Materials & Suppliers Demand Relationship Customer's Success Regulatory & Political Natural Costs Financing External Financial Risks 13 categories vs. COSO’s 22 categories

12 OPERATIONAL - INTERNALLY CONTROLLED
RISKS OPERATIONAL - INTERNALLY CONTROLLED CUSTOMER RELATED ENVIRONMENTAL FINANCIAL RISKS Human Capital Facilities & Machine Methods & Systems Materials & Suppliers Demand Relationship Customer's Success Regulatory & Political Natural Costs Financing External Financial Risks 13 categories vs. COSO’s 22 categories

13 Process Based Risk Category
OPERATIONAL - INTERNALLY CONTROLLED Human Capital Employee Engagement, skills, retention, capacity, agility Facilities & Machine Capacity, capabilities, quality Methods & Systems Value Chain, Fraud, unauthorized, illegal, unethical, incorrect, or inappropriate actions Materials & Suppliers Supply Chain, material quality issues, quality of supply, CUSTOMER RELATED Demand Market Risk - not enough volume at the price we must charge Relationship Relationship Risk - We are not able to build or maintain our target relationships Customer's Success Customer Risk - customer's profitability, viability, growth ENVIRON-MENTAL Regulatory & Political Changes in our regulatory , legal and liability environment, political disasters and major macroeconomic shifts Natural Weather, floods, acts of God. FINANCIAL RISKS Costs Unanticipated / planned cost shifts Financing Investor Risk, Insufficient Funding, Rate Issues, External Financial Risks Valuation Risk

14 The Institute of Risk Management’s Risk Categories
Strategic/commercial Under-performance to specification Management will under-performance to expectations Collapse of contractors Insolvency of promoter Failure of suppliers to meet contractual commitments (e.g. quality, quantity, timescales or own risk exposure) Insufficient capital revenues Market fluctuations Fraud/theft Partnerships failing to deliver the desired outcome Situation non-insurable (or cost of insurance outweighs the benefit) Lack of capital investment availability. Economic/financial/market Exchange rate fluctuation Interest rate instability Inflation Shortage of working capital Failure to meet projected revenue targets Market developments adversely affect plans. Legal and regulatory New or changed legislation invalidates assumptions upon which the activity is based Failure to obtain appropriate approval (e.g. planning, consent) Unforeseen inclusion of contingent liabilities Loss of intellectual property rights Failure to achieve satisfactory contractual arrangements Unexpected regulatory controls or licensing requirements Changes in tax or tariff structure. Environmental Natural disasters Storms, flooding, tempests Pollution incidents Transport problems, including aircraft/vehicle collisions. Organizational /management/human factors Management incompetence Inadequate corporate policies Inadequate adoption of management practices Poor leadership Inadequate authority of key personnel to fulfill roles Poor staff selection procedures Lack of clarity over roles and responsibilities Vested interests creating conflict and compromising the overall aims Individual or group interests given unwarranted priority Personality clashes Indecision or inappropriate decision making Lack of operational support Inadequate or inaccurate information Health and safety constraints. Political Change of government policy, national or international (e.g. approach to nationalization) Change of government War and disorder Adverse public opinion/media intervention. Technical/operational/infrastructure Inadequate design Professional negligence Human error/incompetence Infrastructure failure Operation lifetime lower than expected Residual value of assets lower than expected Increased dismantling/decommissioning costs Safety being compromised Performance failure Residual maintenance problems Scope 'creep' Unclear expectations Breaches in security/information security Lack or inadequacy of business continuity. The Institute of Risk Management, 6 Lloyd’s Avenue, London EC3N 3AX,

15 Common Types of Risk The Institute of Risk Management, 6 Lloyd’s Avenue, London EC3N 3AX,

16 INERNALLY DRIVEN RISKS
Common Types of Risk EXTERNAL DRIVEN RISKS FINANCIAL RISKS INTEREST RATES FOREIGN EXCHANGE CREDIT STRATEGIC RISKS COMPETITION CUSTOMER CHANGES INDUSTRY DEMAND INERNALLY DRIVEN RISKS RESEARCH & DEVELOPMENT INTELECTUAL CAPITAL M & A INTGRATION LIQUIDITY & CASH FLOW CULTURE BOARD COMPOSITION REGULATIONS OPERATIONAL RISKS NATURAL EVENTS SUPPLIERS CONTRACTS ENVIRONMENT HAZARD RISKS ACCOUNTING & CONTROLS INFORMATION SYSTEMS RECRUITMENT SUPPLY CHAIN PUBLIC ACESS EMPLOYEES PROPERTIES PRODUCTS & SERVICES

17 Kaplan & Mikes Framework
Managing Risks: A New Framework, Robert S. Kaplan, Anette Mikes, Harvard Business Review, June 2012

18 Kaplan & Mikes Framework
Managing Risks: A New Framework, Robert S. Kaplan, Anette Mikes, Harvard Business Review, June 2012

19 3 types of risk Category I: Preventable risks. These are internal risks, arising from within the organization, that are controllable and ought to be eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, illegal, unethical, incorrect, or inappropriate actions and the risks from breakdowns in routine operational processes. This risk category is best managed through active prevention: monitoring operational processes and guiding people’s behaviors and decisions toward desired norms. Category II: Strategy risks. A company voluntarily accepts some risk in order to generate superior returns from its strategy. A bank assumes credit risk, for example, when it lends money; many companies take on risks through their research and development activities. Strategy risks are quite different from preventable risks because they are not inherently undesirable. A strategy with high expected returns generally requires the company to take on significant risks, and managing those risks is a key driver in capturing the potential gains. Strategy risks cannot be managed through a rules-based control model. Instead, you need a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain the risk events should they occur. Such a system would not stop companies from undertaking risky ventures; to the contrary, it would enable companies to take on higher-risk, higher-reward ventures than could competitors with less effective risk management. Category III: External risks. Some risks arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters and major macroeconomic shifts. External risks require yet another approach. Because companies cannot prevent such events from occurring, their management must focus on identification (they tend to be obvious in hindsight) and mitigation of their impact. Managing Risks: A New Framework, Robert S. Kaplan, Anette Mikes, Harvard Business Review, June 2012

20

21

22 To learn more, join us at RiskScorecard.net

Download ppt "An Overview of Risk Breakdown Frameworks"

Similar presentations

Operational Risk Questionnaire

Operational Risk Questionnaire
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
Chapter 6 Entrepreneurship and Business Planning.

Chapter 6 Entrepreneurship and Business Planning.
Supply Chain Management

Supply Chain Management
IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,

IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,
8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.

8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
Financial Management I

Financial Management I
Introduction to Derivatives and Risk Management Corporate Finance Dr. A. DeMaskey.

Introduction to Derivatives and Risk Management Corporate Finance Dr. A. DeMaskey.
Enterprise Risk with Local Government. Enterprise Risk a process, effected by an entity's board of directors, management and other personnel, applied.

Enterprise Risk with Local Government. Enterprise Risk a process, effected by an entity's board of directors, management and other personnel, applied.
© The McGraw-Hill Companies, Inc., 2008 McGraw-Hill/Irwin 1-1 Financial Accounting THIRTEENTH EDITION Williams Haka Bettner Carcello.

© The McGraw-Hill Companies, Inc., 2008 McGraw-Hill/Irwin 1-1 Financial Accounting THIRTEENTH EDITION Williams Haka Bettner Carcello.
The Financial Statements

The Financial Statements
© 2006 Prentice Hall Leadership in Organizations 12-1 Chapter 12 Strategic Leadership by Executives.

© 2006 Prentice Hall Leadership in Organizations 12-1 Chapter 12 Strategic Leadership by Executives.
Copyright  2009 McGraw-Hill Australia Pty Ltd PPTs t/a International Marketing by Cateora Slides prepared by Kate Mizerski, Edith Cowan University 5-1.

Copyright  2009 McGraw-Hill Australia Pty Ltd PPTs t/a International Marketing by Cateora Slides prepared by Kate Mizerski, Edith Cowan University 5-1.
1 Multinational Corporation (MNC)Foreign Exchange MarketsProduct MarketsSubsidiaries International Financial Markets Dividend Remittance & Financing Exporting.

1 Multinational Corporation (MNC)Foreign Exchange MarketsProduct MarketsSubsidiaries International Financial Markets Dividend Remittance & Financing Exporting.
Chapter 5: Supply Chain Performance Measurement and Financial Analysis

Chapter 5: Supply Chain Performance Measurement and Financial Analysis
Lloyd’s Strategy 2011-2013 January 2011. © Lloyd’s2 Lloyd’s vision Key Characteristics A subscription market backed by mutual security A broker market;

Lloyd’s Strategy January © Lloyd’s2 Lloyd’s vision Key Characteristics A subscription market backed by mutual security A broker market;
How To Set Up Your Own Business By Faith Wilkinson.

How To Set Up Your Own Business By Faith Wilkinson.
Joint Business Plan Madhurjya K. Dutta 1mk_dutta Sept 2010.

Joint Business Plan Madhurjya K. Dutta 1mk_dutta Sept 2010.
INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.

INTRODUCTION TO PUBLIC FINANCE MANAGEMENT Module 3.2 -Internal Control & Audit.

Similar presentations

Ads by Google