Enterprise Risk - Identification & Mitigation | All Modules

Description: This course has been designed to introduce external and internal drivers that can result in a range of operational, financial, and strategic risks manifesting in organisations. This course examines the role of corporate governance and compliance, introducing relevant standards, and suggests methods of developing and implementing appropriate risk management strategies.

This course features dynamic and engaging video with audio narration, infographics and short quizzes to test your knowledge.

Background: The world we inhabit is hugely complex. This is true of the principles that govern our physical environment, and of the way in which we interact with each other and with the other intelligent creatures and complex organisms with which we have co-evolved. Yet somehow we have not merely evolved, but flourished. Our endowment of cognitive, emotional and behavioural capacities has enabled us to find our way around a less than perfectly predictable world and succeed in getting enough of what we want.

Risk is regarded as a central concern in many policy debates.

How can risks be identified and measured?
How can they be managed?
When should they be accepted or rejected?
And most commonly how are they likely to be interpreted or perceived by different people?

These questions arise in areas as diverse as health and lifestyle, hazardous industries, pensions and investments, transport, climate change and environmental protection, and in many other less obvious contexts. An internet search engine recently took 0.18 seconds to find “about 30,400,000” uses of the word risk. This tells us that the term is pervasive. But it would be amazing if it were being used in the same way in each of these 30 million instances.

Different societies, using cultural norms and collective knowledge, have developed national systems to manage events and activities identified as having a risk potential. More recently, organisations such as the United Nations, World Economic Forum, World Bank and the International Institute for Economics have broadened this perspective by making concerted efforts to identify global risks and in some instances make recommendations on treatment. Governments are increasingly adopting the view that national risk management systems need to be framed by the global context within which they operate.

Description: This course has been designed to introduce external and internal drivers that can result in a range of operational, financial, and strategic risks manifesting in organisations. This course examines the role of corporate governance and compliance, introducing relevant standards, and suggests methods of developing and implementing appropriate risk management strategies.

This course features dynamic and engaging video with audio narration, infographics and short quizzes to test your knowledge.

Background: If you ask investors what risk they assume when buying stocks, they likely will respond, “Losing Money”. Modern portfolio theorists do not, however, define risk as a likelihood of loss, but as volatility, which is determined using statistical measures of variance such as standard deviation and beta. While standard deviation is a measure of absolute volatility that shows how much an investment’s return varies from its average return over time, beta is a measure of relative volatility that indicates the price variance of an investment compared to the market as a whole. The higher the standard deviation or beta, the higher the risk, according to the theory. In a rising market, however, high volatility can boost the return potential of an investment. Volatility, in other words, is essentially a double-edged sword, and does not measure what an investor intuitively perceives as risk.

Suppose the price of a stock goes up 10 percent in one month, 5 percent the next, and 15 percent in the third month. The standard deviation would be five with a return of 32.8 percent. Compare this to a stock that declines 15 percent three months in a row. The standard deviation would be zero with a loss of 38.6 percent. An investor holding the falling stock might find solace knowing that the loss was incurred completely “risk-free.”

Typically the square root of the variance, called the standard deviation, is volatility. The modern portfolio theorists immediately recognized that the volatilities were changing over time. They found different answers for different time periods. A simple approach, sometimes called historical volatility, was and remains widely used. In this method, the volatility is estimated by the sample standard deviation of returns over a short period. But, what is the right period to use? If it is too long, then it will not be so relevant for today and if it is too short, it will be very noisy. Furthermore, it is really the volatility over a future period that should be considered the risk; hence a forecast of volatility is needed as well as a measure for today. This raises the possibility that the forecast of the average volatility over the next week might be different from the forecast over a year or a decade.
Risk – exposure to the chance of injury or loss; a hazard or dangerous chance. The degree of probability of such loss.

Volatility – Tending to fluctuate sharply and regularly.
The volatility of a stock or bond does not necessarily have to equate with its risk.
Consider this “volatile” stock chart compared to a less volatile one:
More Volatile – multiple 20-30% swings over this period.
Less Volatile – much less dramatic price action, slightly more than a 10% swing.
The more volatile stock goes up and down much more violently. But it makes billions of dollars every year, and has billions of dollars of cash on hand to weather hard economic times.

Description: This course has been designed to introduce external and internal drivers that can result in a range of operational, financial, and strategic risks manifesting in organisations. This course examines the role of corporate governance and compliance, introducing relevant standards, and suggests methods of developing and implementing appropriate risk management strategies.

This course features dynamic and engaging video with audio narration, infographics and short quizzes to test your knowledge.

Background: If you accept the argument that risk matters and that it affects how managers and investors make decisions, it follows logically that measuring risk is a critical first step towards managing it. Quantitative measures of risk must combine in some form an expression of the two quantitative components of risk, namely some measure of the probability of the risk occurring; and the size of the impact should that risk occur.

Measure Of Impact
The selected measure or measures of impact will reflect what the risk manager cares about. It could be a case of human illness or of death, but the cases of illness could be further stratified into various levels of illness if the decision-maker values the distinction. There may also be a translation from an illness into an economic impact, or into some social impact measure, like quality adjusted life years (QALY).

Description: This course has been designed to introduce external and internal drivers that can result in a range of operational, financial, and strategic risks manifesting in organisations. This course examines the role of corporate governance and compliance, introducing relevant standards, and suggests methods of developing and implementing appropriate risk management strategies.

This course features dynamic and engaging video with audio narration, infographics and short quizzes to test your knowledge.

Background: Enterprise risk management deals with risks and opportunities affecting value creation or preservation, defined as follows:

Enterprise Risk Management
Is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

The definition reflects certain fundamental concepts. Enterprise risk management is:

• A process, ongoing and flowing through an entity
• Effected by people at every level of an organization
• Applied in the strategy setting
• Applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk
• Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite
• Able to provide reasonable assurance to an entity’s management and board of directors
• Geared to the achievement of objectives in one or more separate but overlapping categories.

Achievement Of Objectives
Within the context of an entity’s established mission or vision, management establishes strategic objectives, selects strategy, and sets aligned objectives cascading through the enterprise. This enterprise risk management framework is geared to achieving an entity’s objectives, set forth in four categories:

• Strategic – high-level goals, aligned with and supporting its mission
• Operations – effective and efficient use of its resources
• Reporting – reliability of reporting
• Compliance – compliance with applicable laws and regulations.

Description: This course has been designed to introduce external and internal drivers that can result in a range of operational, financial, and strategic risks manifesting in organisations. This course examines the role of corporate governance and compliance, introducing relevant standards, and suggests methods of developing and implementing appropriate risk management strategies.

This course features dynamic and engaging video with audio narration, infographics and short quizzes to test your knowledge.

Background: The notion of VUCA was introduced by the U.S. Army War College to describe the more volatile, uncertain, complex, and ambiguous, multilateral world which resulted from the end of the Cold War. The acronym itself was not created until the late 1990s, and it was not until the terrorist attacks of September 11, 2001, that notion and acronym really took hold. VUCA was subsequently adopted by strategic business leaders to describe the chaotic, turbulent, and rapidly changing business environment that has become the “new normal.”

VUCA Defined
The “V” in the VUCA acronym stands for volatility. It means the nature, speed, volume, and magnitude of change that is not in a predictable pattern. Volatility is turbulence, a phenomenon that is occurring more frequently than in the past. Other drivers of turbulence in business today include digitization, connectivity, trade liberalization, global competition, and business model innovation.

If we take volatility first, it is clear that consumer preferences and trends are ever changing and the rapid turnover in brands, products, and companies is proof that business leaders cannot take their leadership position for granted anymore. For example, the Finnish Mobile maker, Nokia that used to be the market leader a few years ago is now nowhere in the reckoning because astute and agile players like Samsung and Apple saw the emerging trend of Smartphones and quickly launched their products. As many people who watch cricket attest, one has to see the ball early and only then, one can hope to succeed. Similarly, the business landscape that is characterized by extreme volatility means that business leaders have to focus on getting there early and staying there for the future. In other words, business leaders have to channelize their energies so that they know the future to compete in the present.

The “U” in the VUCA acronym stands for uncertainty, or the lack of predictability in issues and events. These volatile times make it difficult for leaders to use past issues and events as predictors of future outcomes, making forecasting extremely difficult and decision-making challenging.

The “C” in VUCA stands for complexity. As HR thought leader John Sullivan notes (2012), there are often numerous and difficult-to-understand causes and mitigating factors (both inside and outside the organization) involved in a problem. This layer of complexity, added to the turbulence of change and the absence of past predictors, adds to the difficulty of decision making. It also leads to confusion, which can cause ambiguity, the last letter in the acronym.