BUSINESS RISK - WHAT IS IT
Threats to achieving
organization’s business objectives
EXAMPLES OF BUSINESS RISK
• Shortsighted goals
• Ineffective processes
• Financial fraud
• Failure to comply with government
regulations
• Tarnishing reputation
BUSINESS RISK INCREASES
AS ENVIRONMENT CHANGES
• Fierce competition
• Pressure for increased productivity,
responsiveness and responsibility, while
reducing costs
• Powerful new technologies
• Increased external scrutiny
• More decentralized accountability
WHAT CAN YOU DO ABOUT RISK
• Eliminate
• Accept
• Transfer - insure,
outsource
• Mitigate
HOW DO YOU MITIGATE RISK?
• Brainstorm ways to reduce
or remove risk
• Research best practices
• Select the best alternative
(cost-effective)
CO
M
M
UN
IC
AT
I
M
CO
&
&
M
N
IO
AT
IC
UN
ON
CONTROL
ACTIVITIES:
processes,
procedures,
safeguards, access
security, authorization
RISK ASSESSMENT:
identify, prioritize, mitigate risks;
ongoing;
wide participation
ON
AT
I
I
AT
M
IN
FO
RM
MONITORING:
throughout
R
FO
IN
ON
INTEGRATED INTERNAL CONTROL FRAMEWORK
CONTROL ENVIRONMENT:
tone at the top, infrastructure,
compliance;
culture: integrity and competence of
people
Adapted from Committee of Sponsoring Organizations of the Treadway Commission (COSO) />
CONTROL ENVIRONMENT
• Established by the organization’s administration
• Foundation for all components of Internal
Control
• Provides discipline and structure
Includes:
Integrity and Ethical Values
Competence of People
Leadership philosophy/ operating style
Assignment of authority and responsibility,
organization and development of people
RISK ASSESSMENT
• Develop/ Re-affirm organizations
goals
• Identify internal and external
factors that must be addressed
• Evaluate potential impact of the risk
• Determine method of managing the
risk
CONTROL ACTIVITIES
Policies (guidelines) and procedures (how
work is to be performed) help ensure that
management directives are carried out.
•
Ensure necessary action is taken to
address risk
Include:
Approvals & Authorizations
Top level performance reviews (actual vs.
budget/ forecast/ prior period).
Track major initiatives.
Physical Controls (inventories/ equipment/
cash/ other assets)
Information Processing
Segregation of Duties
•
INFORMATION & COMMUNICATION
• Identify, capture and communicate the right
information to the right people at the right time
• Information must flow down, up and across the
organization
Includes:
Quality of Information Systems
– Necessary Resources (human/ financial)
– Must be sufficient in detail
– Must be accurate and relative
Quality of Communication Systems
– Duties & Control responsibilities effectively communicated
– Channels of communication must exist
– Management must be receptive to employee suggestions
– Must be effective communication across the organization
– Must be timely / appropriate follow-up
MONITORING
Assesses the quality of the organizations
performance over time
•
Ongoing Monitoring Activities
– Reports review
– Planning Sessions
– Routine assessment on internal controls
– Investigation of information received that may indicate
problems
•
Separate Evaluations
– Self assessment/ internal or external audit/ specialized
group
•
Reporting Deficiencies
– Providing monitoring reports to the right person/
people
• Good management practice
• Process steps that enable
improvement in decision making
• A logical and systematic approach
• Identifying opportunities
• Avoiding or minimise losses
• Risk Management is the name
given to a logical and
systematic method of
identifying, analysing,
treating and monitoring the
risks involved in any activity
or process.
• Risk Management is
now an integral part of
business planning in
Vietnam.
Process Steps in Risk Management
• Evaluate the Context
• Identify the Risks
• Analyse the Risks
• Evaluate the Risks
• Treat the Risks
• Monitor and Evaluate
• Communicate and Consult
• Example of Business
Risk in Exports
E x p o rte r
F o r e ig n B u y e r
F o r e ig n B r o k e r
or
tr a d in g c o m p a n y
D o m e s tic a g e n t
b ro k e r o r
tr a d in g h o u s e
M a il o r d e r
d is tr ib u to r
O n lin e
s a le s c o m p a n y
In te r n e t b a s e d
F o r e ig n B u y e r
F o r e ig n B r o k e r
or
tr a d in g c o m p a n y
F o r e ig n b u y e r
F o r e ig n b u y e r
F o re ig n b u y e r
Corruption Perception Index
Host Country Political and Legal
Environment
• A manager needs to understand the following
issue regarding a foreign country/market
▪ Political risk – the risk that politics in the
host country will develop in a way which
makes it difficult for businesses to operate
profitably
▪ Economic risk ▪ How to manage the risk
▪ The influence of politics and law
Political Action and Risk
• Ownership risk – danger to
property and life
• Operating risk – interference
with operations of a business
• Transfer risk – interference
with the transfer of funds
Ownership Risk
•
•
•
•
Terrorism
Kidnappings
Coup d’etat
Example:
– According to a 1999 report by the Hiscox Group, a London insurer,
1,789 kidnappings occurred for ransom
– There are some estimates that approximately 3000 kidnappings occur
yearly in Colombia
– Colombia, Mexico, former Soviet Union, Brazil, Nigeria, Phillipines,
India, Ecuador, Venezuela and South Africa are among the most
dangerous countries
Operating Risk
• Confiscation – host government
transfers foreign-owned assets to a
domestic company without
compensation
• Expropriation – host government
transfers foreign-owned assets to a
domestic company and
compensates the foreign owners
• Nationalization – host government
transfers all assets of an industry
that are foreign-owned to domestic
companies
Transfer Risk
• Currency repatriation – risk
related to not being able to
transfer money out of the host
country
• Currency inconvertibility – risk
related to not being able to
change the host country’s currency
into any other currency
Intellectual Property Rights
• Intellectual property rights (IPR)
and the protection of those
rights are an important
consideration for businesses
• The important issues to consider
are:
– the unwanted transfer of those rights
– the failure in some countries to protect those rights, resulting in the unauthorized
copying and use of intellectual property