Monday, 4th February 2024

Summary 1/ 2nd meetings

Introduction to risk and Enterprise Risk Management Concept

A. Risk
1. As Peter Drucker explained as far back as the 1970s, economic
activity by definition commits present resources to an uncertain
future. The one thing that is certain about the future is its
uncertainty, its risks
2. Risk management (Knight and Petty, 2001): controlling risk as
far as possible to enable a business to maximise its
opportunities. Development of a risk policy should be a creative
initiative, exposing exciting opportunities for value growth and
innovative handling of risk, not a depressing task, full of
reticence, warning and pessimism
3. Types of risk:
1. Hazard risk: risks that present a high level of threat to life,
health, or property.
2. Financial risk: risk that directly related to money
 They include financial consequences like an increase
in costs or a decline in revenues
3. Strategic risks: risk that affect or are created by strategic
business decisions
4. Operational risk: risk that materially affect an organization
B. Enterprise Risk Management
1. Enterprise Risk Management (ERM): a comprehensive and
integrated framework for managing company-wide risk in order
to maximise a company’s value (managing opportunity and risk)
 ERM is about protecting and enhancing share value to
satisfy the primary business objective of shareholder
wealth maximisation
  It must be multifaceted, addressing all aspects of the
business plan from the strategic plan through to the
business controls: Strategic plan, marketing plan,
operations plan, research and development,
management and organisation, forecasts and financial
data, financing, risk management processes, and
business controls
2. Benefits and importance of ERM:
1. Increase the likelihood of a business realising its objectives
2. Build confidence in stakeholders and the investment
community
3. Comply with relevant legal and regulatory requirements
4. Align risk appetite and strategy
5. Improve organisational resilience
6. Enhance corporate governance
7. Embed the risk process throughout the organisation
8. Minimise operational surprises and losses
9. Enhance risk response decisions
10. Optimise allocation of resources
11. Identify and manage cross-enterprise risks
12. Link growth, risk and return
13. Rationalise capital
14. Seize opportunities
15. Improve organisational learning
3. The relationship between ERM, corporate governance and
internal control
 The primary objective of a business is to maximise the
wealth of its shareholders (owners)
1. Corporate governance is required to ensure that the
board of directors and management have established the
appropriate organisational processes and corporate
 controls to measure and manage risk across the
business
2. The creation and maintenance of a sound system of
internal control is required to safeguard shareholders’
investment and the business’s assets
3. A specific resource must be identified to implement the
internal controls with sufficient knowledge and experience
to derive the maximum benefit from the process
4. A risk management framework is required that will
provide the foundations and arrangements for embedding
risk management throughout the organisation at all levels
5. A policy should be prepared describing the importance of
risk management to the achievement of the
organisation’s corporate goals
6. A clear risk management process is required which sets
out the individual processes, their inputs, outputs,
constraints and enablers
7. The value of a risk management process is reduced
without a clear understanding of the sources of risk and
how they should be responded to. The framework breaks
the source of risk down into two key elements labelled
internal processes and the business operating
environment