RISK ADMINISTRATION
RISK ADMINISTRATION
In this space, we will contextualize and deepen into a factor of great importance nowadays, such as business risks, the inherent existence of them in any organization with a vision of expansion, due to the existence and proper management of risks. These are framed as a limitation or barrier with positive or negative results, which can be included in the word Business Challenges.
APPETITE AT RISK
As the name implies, the "appetite" for risk is the measurement that can be translated into a weight of how much level or to what degree of risk are willing to accept the administration and the board for the fulfillment of its objectives, goals and vision to achieve.
In accordance with the above, it is important that the administration and the board have clear how much or to what extent the company can tolerate the risks assumed to determine what level of risk acceptance the company could have for the fulfillment of a goal.
Policies?
Policies are general execution criteria that complement the achievement of objectives and facilitate the implementation of strategies, therefore, policies are general guidelines that must be taken into account for decision making, about a problem that is repeated over and over again. once within an organization.
It will be imposed from the highest hierarchical level of the company. Therefore, there are different types of policies that seek to minimize business risks and provide an organizational order
RISK ADMINISTRATION POLICY
What is?
Control Standard that allows structuring guiding criteria for decision making, and definition of the strategy regarding the treatment of risks and their effects within the public institution. It establishes guidelines or courses of actions, necessary by the highest authority and the management level of the institution to adequately manage those events that may inhibit the achievement of its institutional objectives.
Identify the options for dealing with and managing risks, which based on valuation allow you to make appropriate decisions about whether to accept, avoid, reduce, share a risk, or simply transfer the impact legally. They translate the position of the managerial level regarding the management of risks, establish guidelines on the concepts of risk rating, priorities in the response, how to administer them and the protection of resources.
Accepting a risk means assuming it, because its frequency is very low and does not represent any danger to the institution. Reducing risk implies taking measures aimed at reducing both the frequency (prevention measures) and severity (protection measures).
Share risk reduces its effect, through the transfer of losses to other institutions as in the case of insurance contracts, or through other means that allow distributing a portion of the risk with another institution, as in contracts at risk shared.
Objetives?
The Scope - Definition The organization must be part of the scope of the Risk Management activities, and how it can be found at different levels of the organization, such as strategic, operational, projects, etc. The scope definition involves considering the following elements:
The context of the organization, to which we have already referred in many of our texts, is the environment in which the organization moves and in which it works to reach Context, rather than being defined or delimited, it is understood. And to understand it, it is important to know the factors that affect the activities of the organization, inside its facilities, but also abroad.
Why is it important to understand the context of the organization?
Because Risk Management occurs precisely within that environment in which the organization develops its activity. Because the factors that make up the Context can be a source of risks. relationship between the factors that make up the internal or external context and the objectives of the organization, so it is necessary to analyze them as a whole as a whole.
Risk Criteria - Definition
The definition of the Risk Criteria, which is required to prepare the Policy of Risk of the Organization. Defining the Risk Criteria implies specifying each of them, and establishing which can be tolerated by the organization and at what level. The Risk Criteria must be aligned with the Risk Management framework and must reflect the values, objectives and resources of the Risk Management Framework. the organization. Also, be consistent with the policy and the statement on Risk Management made by the organization. Although the Risk Criteria must be defined at the beginning of the evaluation process, this is a dynamic activity that must be reviewed and modified continuously. To establish the Risk Criteria, the following aspects should be considered:
Fuente: https://www.theirm.org/about/professional-standards
APPETITE AT RISK
As the name implies, the "appetite" for risk is the measurement that can be translated into a weight of how much level or to what degree of risk are willing to accept the administration and the board for the fulfillment of its objectives, goals and vision to achieve.
Fuente: https://www.theirm.org/about/professional-standards
Policies?
Policies are general execution criteria that complement the achievement of objectives and facilitate the implementation of strategies, therefore, policies are general guidelines that must be taken into account for decision making, about a problem that is repeated over and over again. once within an organization.
It will be imposed from the highest hierarchical level of the company. Therefore, there are different types of policies that seek to minimize business risks and provide an organizational order
Fuente: https://www.theirm.org/about/professional-standards
RISK ADMINISTRATION POLICY
What is?
Control Standard that allows structuring guiding criteria for decision making, and definition of the strategy regarding the treatment of risks and their effects within the public institution. It establishes guidelines or courses of actions, necessary by the highest authority and the management level of the institution to adequately manage those events that may inhibit the achievement of its institutional objectives.
Identify the options for dealing with and managing risks, which based on valuation allow you to make appropriate decisions about whether to accept, avoid, reduce, share a risk, or simply transfer the impact legally. They translate the position of the managerial level regarding the management of risks, establish guidelines on the concepts of risk rating, priorities in the response, how to administer them and the protection of resources.
Accepting a risk means assuming it, because its frequency is very low and does not represent any danger to the institution. Reducing risk implies taking measures aimed at reducing both the frequency (prevention measures) and severity (protection measures).
Share risk reduces its effect, through the transfer of losses to other institutions as in the case of insurance contracts, or through other means that allow distributing a portion of the risk with another institution, as in contracts at risk shared.
Objetives?
- To direct the actions of the public institution towards the fulfillment of its function and mission in terms of its efficiency, effectiveness and effectiveness of the State's function.
- Establish the guidelines to be followed in the institution towards the protection of resources and their efficient use.
- Clearly define the prevention measures, to achieve the protection of Public Heritage to serve society, thereby strengthening public confidence.
- Implement the most convenient actions that enable technical, legal and financial viability in risk management.
The Scope - Definition The organization must be part of the scope of the Risk Management activities, and how it can be found at different levels of the organization, such as strategic, operational, projects, etc. The scope definition involves considering the following elements:
- Decisions to be taken and objectives to be achieved.
- Results expected from Risk Management.
- Locations, time, inclusions and exclusions.
- Tools available for risk assessment.
- Available resources, assigned tasks and records that will be maintained.
- Relationship of Risk Management with other systems, processes, projects or activities.
The context of the organization, to which we have already referred in many of our texts, is the environment in which the organization moves and in which it works to reach Context, rather than being defined or delimited, it is understood. And to understand it, it is important to know the factors that affect the activities of the organization, inside its facilities, but also abroad.
Why is it important to understand the context of the organization?
Because Risk Management occurs precisely within that environment in which the organization develops its activity. Because the factors that make up the Context can be a source of risks. relationship between the factors that make up the internal or external context and the objectives of the organization, so it is necessary to analyze them as a whole as a whole.
Risk Criteria - Definition
The definition of the Risk Criteria, which is required to prepare the Policy of Risk of the Organization. Defining the Risk Criteria implies specifying each of them, and establishing which can be tolerated by the organization and at what level. The Risk Criteria must be aligned with the Risk Management framework and must reflect the values, objectives and resources of the Risk Management Framework. the organization. Also, be consistent with the policy and the statement on Risk Management made by the organization. Although the Risk Criteria must be defined at the beginning of the evaluation process, this is a dynamic activity that must be reviewed and modified continuously. To establish the Risk Criteria, the following aspects should be considered:
- The nature and type of risk, whether tangible or intangible.
- How should the probability and impact of risks be measured.
- Time and location.
- The way in which the level of risk is determined.
- The capacity of the organization.
Risk Categories
The four most relevant categories of an investor's perspective are:
1. Strategic risks - risks for both strategic objectives and strategic objectives. Top management (C-suite) identifies the most important risks through the planning process and approval of the Board.
2. Operational Risks - large risks that affect the ability of the organization to achieve the strategic plan.
3. Financial Risks - Financial information, valuation, coverage, market and liquidity risks and credit risks in financial institutions.
4. Risks of Compliance - uncompensated risks, generally the main focus for business risk management activities
Monitoring of early alerts - attention to the correct metrics
• Key risk indicators represent measures that indicate the potential presence, status or trend of a risk condition
• When designed and used correctly, risk metrics have a predictive value and can act as early warnings to allow anticipated actions
Fuente: Evaluacion riesgos COSO-Deloitte
Strategic risks: It is not what you are thinking Strategic risks may lack historical precedent and / or originate outside an industry. The signals related to the emerging strategic risks are often weak or intermittent, which can make them difficult to detect, easy to discard, and difficult to interpret. Traditional tools can not be reliably located and analyzed.
In addition, the strategic risks can be:
• Unique for the organization because the strategy, the culture, the governance structure, and the business and operation models are unique to the organization.
• Harmful to the entire organization because a risk that involves, say, the reputation or the supply chain in one part of the company may affect other parties.
• Easy to ignore because they often seem irrelevant, non-threatening, or highly unlikely - and management may consider that they are being monitored and managed when in fact they are not.
• Difficult to deal with the usual methods of risk management.
Strategic risks can arise from low-probability / high-impact events, also called "black swans." Those events can quickly escalate and cause those who have not anticipated them to become confused, paralyzed, or prone to errors. While they may take the form of financial, operational, technological, political, or other familiar risks, strategic risks tend to be difficult to quantify and track. For example, industries
All of them, ranging from retailers, travel, advertising and entertainment, have seen that their strategies are essentially discarded by the disruption of technology and the business model. In particular, emerging technologies require continuous monitoring as potential sources of strategic risks - which new or existing competitors must take advantage of - and a source of opportunities. However, such technologies defy conventional methods of risk management when their distribution is not controlled and their uses are not anticipated.
Essentially, strategic risks can stall, de-link, or erode value counselors. If they are ignored, they can become what Deloitte has described as "value destructures".
Fuente: Riesgos estrategicos - Deloitte
On the flip side, strategic risks may present new value counselors, suggest modifications to current counselors, or indicate the need to abandon existing counselors.
What is operational risk?
Operational risk is a type of risk that can be a cause due to human errors, inadequate internal processes or systems failures, among others.
operational risk
This operational risk goes hand in hand with all the activities, products and processes of the company. In addition, to evaluate this risk, two variables are taken into account:
Probability of an event that involves a risk in the company and that can be done in future occasions in the function of the number of times it happens. What is the probability of breaking a machine in the production process?
In addition, the operational risk is directly related to the company's assets, depending on the severity of the event.
In short, the definition of operational risk is the following: the possibility of occurrence of financial losses, failures caused by failures or inadequacies of processes, people, internal systems and technology.
What are the operational risk factors?
There are different categories of operational risk, responses of people who are related. Next, we detail the main factors of operational risk:
Human Resources
There is a risk that the company will suffer the losses caused by negligence, human error, fraud, theft, unfavorable work environment, among many other situations. It can also be included in this factor of operational risk, the fact that it has been the lack of personnel or that there are staff but do not have the necessary skills and abilities to meet the company's demand.
Internal processes
Probability that there will be losses of a process design of internal processes or that inadequate policies have been corrected for the development of operations and prevent offering a quality product or service.
As examples of operational risk of internal processes, we have: inadequate evaluation of contracts, product complexity, errors in accounting information, insufficient resources, failure to meet deadlines and planned budgets, among others.
Information technology
Type of operational risk where losses are derived from the use of information systems and technologies inherent in the company's processes. Among the operational risks that we can find: facts that threaten the confidentiality, integrity, availability and timeliness of the information, for example.
External events
Losses of events outside the control of the company and that may alter the development of their activity. As examples of operational risk refers to external events, we find: legal contingencies, failures in public services, natural disasters, attacks and criminal acts, etc.
Operational risk measurements
Operational risk can be calculated in three different ways:
1. Basic indicator method
To calculate the operational risk through this method, an average of the last years is performed.
2. Standard method
The revenues of each line of business are calculated and multiplied by one factor, the calculation of the capital condition for each line of business.
3. Advanced measurement methods.
Through this method, the operational risk is calculated by means of probability distribution functions.
It is essential to carry out an operations plan in which all the strategy and decisions are developed to obtain the ideal production process. Know all the information about the operations plan and how to do for your business.
The reputational risk of a physical or moral person is defined as the danger that a negative public opinion will impede or diminish their ability to do business.
In general, we conceive the concept of "risk" as the controllable uncertainty of a damaging event. If this were beneficial or the damage were inevitable, there would be no point in studying or trying to manage the risk.
However, a company runs the risk that, due to some negative event, whether internal or external, the public will punish it by not using or buying its products. It is clear that such punishment translates into lower sales or higher remediation costs, or both.
Of course, the financial impact of a risk like the previous one depends on the turn of the business, the sales cycle, the competitiveness in the market and the fluidity of the customers, among other factors.
For example, a publicly traded company may suffer an immediate loss in the price of its shares after a relevant negative news.
Some of the most successful companies in the world have managed to position their brands and their products thanks to its "good reputation", which originates in the high quality of its products, in its good service or guarantee of satisfaction to its customers.
That good reputation or reputation has allowed some of the greatest creations of value in business history, to the point that current market research has included the "degree of loyalty" of consumers, as a variable to measure that explains the success or failure of companies.
Of course, many times this creation of reputational value is induced and assisted by the same companies through advertising or marketing strategies.
One of the most powerful strategies is, without a doubt, the word-of-mouth publicity, which consists of the clients communicating their satisfaction directly to other potential clients, thus extending the "good news" and generating an impact of greater confidence in future users.
In small companies it is normal that the appeal for the public comes from the personal qualities of those who serve the clientele. Kindness, efficiency and human warmth generate satisfied customers.
The expert mechanic of a car workshop or the owner of a coffee shop that offers free desserts, are examples of the propensity to create a good image.
However, for the satisfaction effect to multiply and sustain, transcend and replicate many times, it is necessary for these positive characteristics to be institutionalized and turned into company policies.
In a global business environment increasingly interconnected and competitive, with an exponential growth in communication systems and greater public access to information, it becomes more important every day to take care of the opinion of consumers.
Not only is it necessary to meet the objectives of the organization and deliver products and services that fulfill their function correctly, but it must take into account the way in which these objectives are achieved.
Normally, the public will prefer a company that conducts itself in an ethical way, responsible with the environment, human and professional. A company that treats its employees well, that does not contaminate, that faces its responsibility in the case of producing damage, that listens to its clients and that cooperates with its surroundings and with the communities.
Liquidity risk arises from the possibility of incurring losses due to the inability to meet payment commitments, even temporarily, due to the lack of liquid assets or the inability to access the markets to obtain refinancing at a reasonable price. . This risk may arise due to systemic or particular reasons of the entity.
Bibliography
https://www2.deloitte.com/content/dam/Deloitte/co/Documents/risk/Riesgo%20estrat%C3%A9gico.pdf
https://www2.deloitte.com/content/dam/Deloitte/mx/Documents/risk/Evaluacion-Riesgos-COSO.pdf
https://www.emprendepyme.net/riesgo-operacional.html
https://www.expoknews.com/riesgo-reputacional/
https://www.grupbancsabadell.com/memoria2016/pdf/es/gestion-riesgo/riesgos-liquidez.pdf
Comentarios
Publicar un comentario