Envelope-It Ltd. is a UK-based supplier of envelopes made from recycled materials. They receive used paper from across Europ
Please answer the question and use some theory Envelope-It Ltd. is a UK-based supplier of envelopes made from recycled materials. They receive used paper from across Europe (which they have to purchase), process it into envelopes, and sell their products across the globe, although the vast majority of their sales are to European customers because of the (tariff) free movement of goods afforded by membership of the EU. On a whim, the Sales Director made a tender via the UK Government’s ‘Contracts Finder to supply all central Government departments with all of their envelopes. It came as a surprise to the managers at Envelope-It Ltd. when they won the contract. They have yet to sign any contract and so have a few weeks to decide whether they want to proceed. They can either proceed with the contractor if they wish, withdraw without any penalty. If they proceed, this would increase sales by 20% but Envelope-It Ltd. would have to cut ties with all existing customers – the UK Government would become the sole customer of Envelope-It Ltd. It may be possible, in time, to scale-up operations to sell to others but this would require new premises, new staff, etc. and so isn’t a short-term possibility. Envelope-It Ltd. has a ‘moderate’ risk appetite. The management has approached you as the Risk Manager of the company to write a memo identifying and critically analyzing the (adverse and beneficial) risks, and proposing risk responses, in respect of the two options. The options are to proceed with the contract, and not to proceed (retain the status quo). Whilst you are expected to discuss BREXIT, management wants a comprehensive analysis that explores themes well beyond BREXIT. You are required to include risk heat maps as/where appropriate.
BM7037-15: Corporate Governance, Ethics & Risk Management Risk Management
(There are internet links in this presentation that you should explore.)
Learning outcomes
At the end of the lecture, you’ll be able to:
Critically define ‘risk’ and distinguish it from other things
Critically explore a given organisation’s risk appetite
Evaluate an organisation’s risk management processes against best practice
Critically explore interrelationships between risk management and corporate governance
What is risk?
“Uncertainty of outcome, whether positive opportunity or negative threat, of actions and events”
(HM Treasury, ‘The Orange Book’, 2004, p.9)
“An uncertain event or set of events that, should it occur, will have an effect on the achievement of objectives.”
(PRINCE2 2017, p.120)
“An unrealised future loss arising from a present action or inaction”
(Kaplan)
1️⃣
3
What is risk?
Is:
Uncertain – not, then, known (known as ‘dis-benefits’ in PRINCE2)
Uncertain – in that we might never realise it as a risk! (Particularly if we don’t even try)
Uncertain – and we might try to measure its probability
Impactful – whether that’s minimal, moderate, or severe
Impactful – in one or several respects: Strategic, operational, etc.
Possibly beneficial, known as ‘upside risk’ (if we ignore Kaplan def.)
As it can be terminal (think Carillion; also here) but can also give a competitive advantage, it should not be overlooked by management.
4
Risk ‘appetite’
You go to a casino. Would you rather:
Wager £10 to possibly win £100?
or
Wager £100 to possibly win £10,000?
or
Do neither, and keep your money?
2️⃣
5
Risk ‘appetite’
Investments often are expressed in terms of risk-reward
Organisations are also on this risk-seeking to risk-adverse continuum.
6
Risk ‘appetite’
All organisations have a risk appetite, however:
They may not be consciously aware of it
It may not be expressed/articulated anywhere
It may not be known across the organisation
It may not inform decision-making (consistently, across the organisation)
See COSO Report (2014)
7
Risk ‘appetite’
Q
Try to think of 2 types of firm:
One which is high-risk-taking and one which is low-risk-taking.
Why do they take this approach?
8
Risk management
There are lots of risk management models. They all broadly include the same elements:
Risk…
Identification
Assessment (probability/impact)
Planning (responses)
Monitoring (responsibilities)
This process is cyclical.
Risk-related activities should be recorded, including lessons.
3️⃣
9
Risk management: 1/4 Identification
‘Risk workshop’: Brainstorming.
Also: Previous lessons, checklists, prompt-lists, breakdown structures
External auditing can help – a fresh view
(Can be compulsory; think SOX)
10
Risk management: 1/4 Identification
Risks can be classified:
Business or operational: relating to activities carried out within an entity, arising from structure, systems, people, products or processes.
Country: associated with undertaking transactions with, or holding assets in, a particular country. Risk might be political, economic or stem from regulatory instability. The latter might be caused by overseas taxation, repatriation of profits, nationalisation or currency instability.
Environmental: these risks may occur due to political, economic, socio-cultural, technological, environmental and legal changes.
11
Risk management: 1/4 Identification
Risks can be classified…continued:
Financial: relating to the financial operations of an entity and includes:
credit risk: a loss may occur from the failure of another party to perform according to the terms of a contract
currency risk: the value of a financial instrument could fluctuate due to changes in foreign exchange rates
interest rate risk: interest rate changes could affect the financial well being of an entity
liquidity (or funding) risk: an entity may encounter difficulty in realising assets or otherwise raising funds to meet financial commitments.
Reputational: this is damage to an entity's reputation as a result of failure to manage other risks.
Strategic risk: these are risks stemming from the entity's strategy and pose the greatest threat to the achievement of the strategy.
12
Risk management: 2/4 Assessment
Needs to be assessed against the firm’s risk appetite
Often, a ‘heat map’ is used…see HBR article
BUT these have received criticism for:
Subjectivity
Error of symmetry
Risk aversion
Category prioritization reversal
Take your time to get your understanding of these right
13
Risk management: 3/4 Planning
Answers the question: How do we respond to this risk?
– Can be a response now or if/when it happens
– Might involve a cost
– Also includes who is responsible for monitoring response (if not a ‘now’ response) and who implements it (which might be someone different)
14
Risk management: 3/4 Planning
(Back to risk management models…)
Responses can include:
Avoid/exploit
Reduce/enhance
Transfer
Share
Accept
Prepare contingency plans…see also ‘TARA’
For explanations of these, see p.132 of PRINCE2 manual
15
Risk management: 4/4 Implement
Simply the matter of putting the plans into practice
Might be based on an organisation-, entity-, department-
or project-wide strategy/standard/approach/plan
Most organisations of any size will have, as a minimum, a strategy, identified persons responsible, and a risk register to record all that
…insurance providers may also insist on such things, of course
16
Risk and Governance
Boards are ultimately responsible for organisations, and so are responsible for risk:
Including clarifying/setting/‘enforcing’ the ‘appetite’; and
Controlling risks within tolerances
Often there is a ‘risk committee’ of the board, but sometimes combined with audit (e.g. BT PLC). Main roles:
Raising risk Awareness
Establishing policies for risk management
Processes for identifying, reporting and monitoring risk
Reporting to the Board, recommending changes to the risk appetite as appropriate
4️⃣
17
Risk and Governance
Risk managers:
Usually a member of the Risk Committee
Focuses on implementation of Risk Management policies
Reports to, and is supported and monitored by the risk management committee
Have an operational emphasis
Risk management only works in organisations if it’s part of the culture/day-to-day – included in JDs, proper internal control, embraced and supported by senior management/the board,
Part 4 of UKCGC is titled ‘Audit, Risk and Internal Control’
18
Other things to explore
ERM – Enterprise Risk Management
ALARP
19
Questions?
20
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
