CIMA P3 Course Notes
www.astranti.com
CIMA P3 Performance Strategy Course Notes
By Nick Best
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
1
CIMA P3 Course Notes
www.astranti.com
Chapter 1 ................ ................................. ................................... ................................... ............................5 ...........5 isk .............. ............................... .................................... ................................... ................................. ....................5 ...5 1. 2. 3. 4. #. 6. &. ,. ".
Risk ........ ................ ................. ................. ................ ................. .................. ................. ................ ................ ................. ........... .. 6 Types of risk ......... ................. ................ ................ ................. .................. ................. ................ ................ ................ ........ 6 Strategic Business risks....... risks................ ................. ................. ................. ................. ................. ................ ............. ..... 6 Operationa !usiness risks ........ ................ ................ ................. ................. ................. ................. ................ .......... " $inancia risk risk........ ................. ................. ................ ................. ................. ................. ................. ................ ...............1% .......1% Internationa risk risk......... ................. ................ .................. .................. ................ ................ ................. ................. .......... 11 'ig( Reia!iity Organi)ations *'ROs+ ....... ................ .................. ................. ................ ................. ........... ..12 12 Attitu-es to risk ........ ................. ................. ................ ................. .................. ................. ................ ................ ........... ...12 12 'uan -ecision aking an- risk ........ ................ ................. .................. ................. ................ ................13 ........13
Chapter ! ................ ................................. ................................... ................................... .......................... ......... 15 isk Managemen Managementt ............... ............................... ................................... ................................... .................. 15 1. 2. 3. 4.
Risk Manageent.............. Manageent...................... ................. .................. ................. ................. ................. ................ ............16 ....16 Risk Manageent /rocess......... /rocess................. ................ ................. ................. ................. ................. ................1& ........1& 0nterprise risk anageent COSO 1 .....................................................23 /ro!es of risk anageent ........ ................. .................. ................. ................ ................ ................. ........... ..2# 2#
Chapter 3 ................ ................................. ................................... ................................... .......................... ......... !" #o$ernance ................ ................................ ................................... .................................... ....................... ...... !" 1. 2. 3. 4.
oernance ........ ................ ................ ................. .................. ................. ................ ................. ................. ................2" ........2" /rincipes of corporate goernance goernance........ ................ ................. ................. ................. ................. .............3% .....3% 1 T(e 5 Co-e of Corporate oernance .................................................31 Corporate goernance Internationay................ Internationay........................ ................ ................. ................. .......... 34
Chapter % ................ ................................. ................................... ................................... .......................... ......... 3" Interna& Contro& ................ ................................. ................................... ................................... ................... 3" 1. 2. 3. 4. #. 6. &. ,. ".
Interna Contro ........ ................. ................. ................ ................. .................. ................. ................ ................ ........... ...3" 3" # coponents of interna contro systes *COSO+ ........ ................. ................. ................ ............ ....4% 4% oernance an- contros ......... ................. ................ ................. ................. ................. ................. ................41 ........41 Contro o!ecties ........ ................. ................. ................. ................. ................ ................. ................. ................43 ........43 Contro actiities or proce-ures proce-ures........ ................ ................. ................. ................ ................. ................. .......... 44 Contro precision ........ ................ ................ ................ ................. .................. ................. ................ ................ ........... ...44 44 Interna contro an- $rau- ........ ................ ................ .................. .................. ................ ................ ...............4# .......4# Interna contros an- !usiness iproeent ........ ................. ................. ................ ................. ........... ..4# 4# 7iitations of interna contro........... contro................... ................. ................. ................. ................. ................4# ........4#
Chapter 5 ................ ................................. ................................... ................................... .......................... ......... %" Management Manageme nt Contro& Systems ................. ................................... .................................. .................. %" 1. 2. 3. 4. #.
Manageent contro systes ........ ................ ................ ................. .................. ................. ................ ............ ....4" 4" Toos of anageent contro.............. contro...................... ................. ................. ................ ................ ...............4" .......4" Manageent accounting contro systes ........ ................. ................. ................ ................ ...............#3 .......#3 Controing 0t(ics ........ ................ ................. .................. ................. ................ ................ ................. ................. .......... ## Contro t(eory ........ ................ ................ ................. .................. ................. ................ ................ ................. ..............#, .....#,
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
2
CIMA P3 Course Notes
www.astranti.com
Chapter ' ............................................................................. '1 isk an( contro& in information systems ....................................... '1 1. 2. 3. 4.
Inforation....................................................................................62 7ees of anageent8 inforation an- contro .......................................63 Inforation systes an- contro ..........................................................6# IS strategy .....................................................................................6"
Chapter ) ............................................................................. )% *he I* (epartment an( contro& of systems (e$e&opment ................... )% 1.
2. 3. 4. #. 6.
Managing t(e IS -epartent ............................................................... Centraisation s -ecentraisation ........................................................ Outsourcing ...................................................................................&6 Accounting for t(e IS 9epartent ........................................................&, Steering coittee..........................................................................,1 Systes -eeopent .......................................................................,2
Chapter " ............................................................................. "' Contro& an( security of I* ......................................................... "' 1. 2.
5ey risks .......................................................................................,& IT contros .....................................................................................,&
Chapter + ............................................................................. +! Interna& Au(iting .................................................................... +! 1. 2. 3. 4. #. 6. &. ,.
Interna au-iting ............................................................................."3 9eeoping t(e pan of au-it engageents.............................................. "# n-ertaking an interna au-it ............................................................."# Measuring t(e interna au-it function .................................................... "& Roe in corporate goernance.............................................................. ", Reations(ip :it( t(e e;terna au-itor..................................................."" Au-itor et(ics................................................................................."" Coputer
Chapter 1, ......................................................................... 1,3 -inancia& isk ...................................................................... 1,3 1. 2. 3. 4. #.
>(at is financia risk? ..................................................................... 1%4 Inestents risks ........................................................................... 1%4 $inancia risks associate- :it( !usiness an- tra-ing oerseas..................... 1%# @uantifying risk............................................................................. 1%& 9iersification .............................................................................. 1%"
Chapter 11 ......................................................................... 11! Currency isk ...................................................................... 11! 1. 2. 3. 4. #. 6.
Currency risk ................................................................................ 113 Transation risk ............................................................................. 113 Transaction risk ............................................................................ 113 0;c(ange rates terinoogy.............................................................. 114 /urc(asing po:er parity t(eory ......................................................... 11# Interest rate parity t(eory ............................................................... 116
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
3
CIMA P3 Course Notes
www.astranti.com
Chapter 1! ......................................................................... 11+ Currency he(ging techniues .................................................. 11+ 1. 2. 3. 4.
'e-ging ...................................................................................... 12% $or:ar-s ..................................................................................... 12% Currency futures ........................................................................... 124 Currency options ........................................................................... 126
Chapter 13 ......................................................................... 13, Interest rate risk .................................................................. 13, 1. 2. 3. 4. #.
Interest rate risk ........................................................................... 131 'e-ging interest rate risk ................................................................ 131 Interest rate S>A/S ....................................................................... 133 Caps8 $oors an- Coars .................................................................. 13# $inancia reporting an- risks of -eriaties ........................................... 136
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
4
CIMA P3 Course Notes
www.astranti.com
CIMA P3 Course Notes c
Chapter 1 isk
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
5
CIMA P3 Course Notes
1.
www.astranti.com
isk
/hat is risk0 isk is t(e potentia t(at a c(osen action :i ea- to an un-esira!e outcoe. tiatey coercia risks resut in a negatie outcoe in ters of soe !usiness goa an increase in costs8 fa in reenues8 oss of custoer8 ega ia!iity8 -rop in orae of staff an- so on.
!.
*ypes of risk
T(e ain categories of risk to consi-er are
Strategic reating to t(e !usiness an- its strategic position8 for e;ape a ne: copetitor entering t(e arket8 c(aenging t(e copanys copetitie position an- affecting t(eir a!iity to earn reenues an- profits. Comp&iance :it( a: an- reguation8 for e;ape (eat( an- safety egisation -inancia& risks reating to financing t(e !usiness *suc( as c(anging interest rates+ an- un-ertaking financia transactions *suc( as e;c(ange rate risk or non
3.
Strategic Business risks
Strategic risk reates reating to t(e !usiness an- its strategic position. A goo- starting point is to consi-er risks arising un-er t(e /0ST07 factors1
Po&itica& risk /oitica factors are (o: an- to :(at -egree a goernent interenes in t(e :orkings of organisations. /oitica factors incu-e areas suc( as ta; poicy8
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
6
CIMA P3 Course Notes
www.astranti.com
epoyent egisation8 enironenta a:s8 tra-e restrictions8 tariffs8 anpoitica sta!iity. oernent inestent *or ack of+ can aso pay a significant roe in t(e aaia!iity of contracts an- :ork for organisations. oernents (ae great infuence on t(e (eat(8 e-ucation8 an- infrastructure of a nation :(ic( can aso ipact t(e organisations :it(in t(at country e.g. t(e aaia!iity of skie- a!our. /oitica c(anges t(erefore create significant risks for organisations :it(in t(at country.
conomic risk 0conoic factors incu-e econoic gro:t(8 interest rates8 e;c(ange rates an- t(e infation rate. T(ese factors (ae aor ipacts on (o: !usinesses operate an- ake -ecisions. $or e;ape8 interest rates affect a firs cost of capita an- t(erefore to :(at e;tent a !usiness gro:s an- e;pan-s. 0;c(ange rates affect t(e costs of e;porting goo-s an- t(e suppy an- price of iporte- goo-s in an econoy. 0conoic c(ange t(erefore creates risk for organisations :it(in t(at econoy.
Socia& risk Socia factors incu-e t(e cutura aspects an- incu-e (eat( consciousness8 popuation gro:t( rate8 age -istri!ution8 career attitu-es an- ep(asis on safety. Tren-s in socia factors affect t(e -ean- for a copanys pro-ucts an- (o: t(at copany operates. Socia c(ange can t(erefore create risk8 for e;ape t(e re-uction in -ean- for un(eat(y pro-ucts as (eat( consciousness increases.
*echno&ogica& risk Tec(noogica factors incu-e tec(noogica aspects suc( as RD9 actiity8 autoation8 tec(noogy incenties an- t(e rate of tec(noogica c(ange. Organisations nee- to stay a:are of t(e key tec(noogies in t(eir in-ustry in or-er to anage risks t(at t(ey -o not fuy a-apt to or appy ne: tec(noogies.
n$ironmenta& risk
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
7
CIMA P3 Course Notes
www.astranti.com
0nironenta factors incu-e ecoogica an- enironenta aspects suc( as :eat(er8 ciate8 an- ciate c(ange8 :(ic( ay especiay affect in-ustries suc( as touris8 faring8 an- insurance. $urt(erore8 gro:ing a:areness of t(e potentia ipacts of ciate c(ange is affecting (o: copanies operate an- t(e pro-ucts t(ey offer8 !ot( creating ne: arkets an- -iinis(ing or -estroying e;isting ones. 0nironenta risks can appy to onger ter c(anges t(at affect arkets *e.g. ciate c(ange+ or s(ort ter actiities suc( as a one
4ega& risk C(anges in a: can incu-e ipacts on pro-ucts8 custoers8 staff8 pro-ct -ean- an- so on. Copanies ust continue to keep a:are of ega c(ange to aoi- t(e risk t(at t(ey -o not a!i-e !y t(e a: an- (ae to pay fines an-aage t(eir reputation.
Our ne;t set of risks to consi-er can !e reate- to eeents of /orters # forces
Competiti$e risks T(ese factors reate to c(anges cause- !y copetitors in t(e arket. T(ey incu-e ne: or c(anging pro-ucts8 price c(anges8 ne: entrants8 ne: -istri!ution c(annes8 !ran-ing an- arket positioning.
Supp&ier risk Suppier factors incu-e c(anging prices8 aaia!iity an- reia!iity of suppy8 -eays in -eiery8 =uaity issues. As :e as increases in costs ipose- !y c(anges in suppy8 suppy factors create risk of poor custoer serice an- utiatey affect t(e copanys reputation an- profita!iity.
Customer risk Custoers ay oe to ot(er copetitors or e;ert po:er to re-uce prices. 5ey custoers ay aso cease to e;ist8 for instance :(en a !usiness goes into i=ui-ation. Oer-epen-ence on a sa nu!er of key custoers is a aor risk of any !usinesses.
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
8
CIMA P3 Course Notes
%.
www.astranti.com
2perationa& usiness risks
6ey operationa& risks Operationa risks are interna risks8 reating to t(e -ay to -ay functioning of t(e !usiness. T(ese can incu-e • • • • • • • • • •
IT systes !reak-o:n8 error or faiure 7oss or corruption of -ata 7ega an- reguatory copiance 'eat( an- safety issues 7oss of key staff Increasing :ages S(ortages of skie- staff $rau'uan error 9aage8 oss or t(eft of assets
isk an( &arge pro7ects 9ue to t(e ery :i-e ariety of opportunities for pro!es in arge proects suc( as arge construction proects or IT -eeopents t(ese are often (ig(y risky. Suc( entures typicay (ae (ig( cost oerruns8 !enefit s(ortfas8 an- sc(e-ue -eays8 pus negatie an- unanticipate- socia anenironenta ipacts. Researc( suggests t(at cost oerruns of #%E are coon on arge proects8 :(ie actua -ean- for t(e en- serices t(ey are panne- to proi-e is coony 2#E ess t(an anticipate-. 7arge proects t(erefore nee- ery cear8 -etaie- feasi!iity anaysis at t(e proect inception8 an- strong proect anageent t(roug(out t(e proect.
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
9
CIMA P3 Course Notes
5.
www.astranti.com
-inancia& risk
8efinition $inancia risks reate to •
•
•
financing t(e !usiness *suc( as c(anging interest rates or non< aaia!iity of finance+ un-ertaking financia transactions *suc( as e;c(ange rate risk or non< payent !y a custoer+ t(e possi!iity t(at an inestents actua return :i !e -ifferent t(an e;pecte-. T(is incu-es t(e possi!iity of osing soe or a of t(e origina inestent.
$inancia risk ay !e arket<-epen-ent8 -eterine- !y nuerous arket factors8 or operationa8 resuting fro error or frau-uent !e(aiour.
Measuring financia& risk of in$estments $inancia risk often incu-es not ony F-o:nsi-e riskF !ut aso Fupsi-e riskF *returns t(at e;cee- e;pectations+. Stan(ar( (e$iation is t(e cacuation of t(e aria!iity of returns aroun- t(e ean8 an- proi-es a easure of financia risk. *Gou :i not !e re=uire- to un-ertake a stan-ar- -eiation cacuation for t(e e;a :(ere =uestions ten- to focus on t(e -o:nsi-e rat(er t(an t(e upsi-e risk.+
isk an( return A fun-aenta i-ea in finance is t(e reations(ip !et:een risk an- return. T(e greater t(e potentia return one ig(t seek8 t(e greater t(e risk t(at one generay assues. $or e;ape8 a goernent !on- is consi-ere- to !e one of t(e safest inestents an-8 :(en copare- to a corporate !on-8 proi-es a o:er rate of return. T(e reason for t(is is t(at a corporation is uc( ore ikey to go !ankrupt t(an a goernent. Because t(e risk of inesting in a corporate !on- is (ig(er8 inestors are offere- a (ig(er rate of return.
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
10
CIMA P3 Course Notes
'.
www.astranti.com
Internationa& risk
Risks ten- to :i-en :(en organisations are operating internationay. Again t(e /0ST07 factors are a goo- starting point to assess risk.
Po&itica& Internationa poitics8 uncertainty an- :ar. T(e poitica situation in eac( arket operate- nee-s to !e consi-ere-. conomic >or- econoy. an- econoies of countries in :(ic( you are operating e.g. ees of :eat(. 0;c(ange rates :i ary8 as :i oca ta;es an- tariffs. It ay !e aso (ar-er to c(ase cre-itors *cre-it risk+. Socia& Cutura an- -eograp(ic -ifferences !et:een countries :(ic( nee- to !e a-apte- to arket !y arket. 0-ucation an- ski ees ay -iffer aso :(ic( ay affect staffing. *echnica& Tec(noogica -ifferences. n$ironmenta& Countries :it( a -ifferent attitu-e an- a: in reation to enironenta issues. 4ega& 0ac( country (as its o:n a: an- reguation :(ic( ust !e a!i-e!y in eac( ne: arket entereHe;t :e can consi-er t(e key strategic risks fro /orters # forces
Customers >i (ae -ifferent nee-s in eac( ne: arket. T(ey ay (ae oyaty to e;isting pro-ucts or !ran-s. Supp&iers He: reations(ips :i nee- to !e !uit :it( ne: suppiers. Suppy ay not !e aaia!e in a ne: arkets Competitors He: oca copetition ay !e in eac( ne: arket an- :i nee- to anayse- an- t(reats consi-ere-.
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
11
CIMA P3 Course Notes
).
www.astranti.com
9igh e&iai&ity 2rganisations :92s;
/hat is an 920 A 'ig( reia!iity organisation *'RO+ is an organi)ation t(at (as succee-ein aoi-ing catastrop(es in an enironent :(ere nora acci-ents can !e e;pecte- -ue to risk factors an- cope;ity. Organi)ations suc( as t(ese s(are in coon t(e a!iity to consistenty operate safey in cope;8 interconnecte- enironents :(ere a singe faiure in one coponent cou- ea- to catastrop(e. 0ssentiay8 t(ey are organi)ations :(ic( appear to operate in spite of an enorous range of risks.
9ow 92s manage risk Many of t(ese in-ustries anage risk in a (ig(y =uantifie- an- enuerate:ay. T(e risks are ceary appe- out *often using tree -iagras+. >(ere t(e risks are foun- to !e (ig( t(ey are eauate- against t(e costs of re-ucing t(e risks an- easures ipeente- :(ere it is cost !eneficia.
".
Attitu(es to risk
isk appetite T(e ters attitu-e8 appetite an- toerance are often use- siiary to -escri!e an organi)ations or in-ii-uas attitu-e to:ar-s risk ta king.
isk a$erse8 risk neutra& an- risk seeking are e;apes of t(e ters t(at ay !e use- to -escri!e a risk attitu-e. Risk appetite ooks at (o: uc( risk one is :iing to accept. In organisations t(e ee of risk appetite is often affecte- !y attitu-es of s(are(o-ers8 -irectors an- staff often ingraine- in t(e corporate cuture.
isk to&erance Risk toerance is t(e ee of -eiation fro t(e nor t(at :i !e accepte-. T(e o:er t(e risk toerance8 t(e o:er t(e risks t(at can !e un-ertaken ant(e greater t(e ee of contro t(at nee-s to !e e;erte- to stay :it(in t (e e;pecte- toerance ees.
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
12
CIMA P3 Course Notes
+.
www.astranti.com
9uman (ecision making an( risk
Psycho&ogy an( risk taking Most -ecisions are a-e !e peope an- t(erefore affecte- !y peopes !eiefs8 aues8 fears8 -esires an- so on.
4ink to go$ernance One of t(e ais of corporate goernance is to preent !ias !y in-ii-ua -irectors or groupt(ink !y !oar-s !y ipeentation of easures suc( as scrutiny !y in-epen-ent non
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
13
CIMA P3 Course Notes
www.astranti.com
Strategic Mock
-u&& marking an( (etai&e( fee(ack $u ock arking 9etaie- an- personaise- fee-!ack to focus on (eping to pass t(e e;as
Persona& coaching on your mock e
Strategic an( -inancia& ana&ysis of the Pre>seen Strategic ana&ysis < a key !usiness strategy o-es in 03 -inancia& ana&ysis !ase- aroun- t(e $3 sya!us isk ana&ysis !ase- aroun- t(e /3 sya!us 3% page strategic report $u i-eo anaysis of (o: a key o-es appy to t(e unseen Ji-eo intro-uction to a t(e key o-es
Persona& Coaching Courses /ersona coac(ing to get you t(roug( t(e e;a
*uition Course /ersonaise- tuition to gie you t(e re=uire- sya!us kno:e-ge taiore- to your nee-s e$ision Course < /ractise past e;a =uestions :it( persona fee-!ack on your tec(nica :eaknesses an- e;a approac( an- tec(ni=ue esit Course I-entifying :eaknesses fro past attepts an- proi-ing personaise- gui-ance an- stu-y gui-es to get you t(roug( t(e e;a
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
14
CIMA P3 Course Notes
www.astranti.com
CIMA P3 Course Notes c
Chapter ! isk Management
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
15
CIMA P3 Course Notes
1.
www.astranti.com
isk Management
8efinition Risk anageent is t(e i-entification8 assessent8 an- prioriti)ation of risks foo:e- !y coor-inate- an- econoica appication of resources to inii)e8 onitor8 an- contro t(e pro!a!iity an-Kor ipact o f unfortunate eents or to a;ii)e t(e reai)ation of opportunities. A process to anage risks In i-ea risk anageent8 a prioriti)ation process is foo:e- :(ere!y t(e risks :it( t(e greatest oss *or ipact+ an- t(e greatest pro!a!iity of occurring are (an-e- first8 an- risks :it( o:er pro!a!iity of occurrence an- o:er oss are (an-e- in -escen-ing or-er. In practice t(e process of assessing oera risk can !e -ifficut8 an!aancing resources use- to itigate !et:een risks :it( a (ig( pro!a!iity of occurrence !ut o:er oss ersus a risk :it( (ig( oss !ut o:er pro!a!iity of occurrence can often !e is(an-e-.
Ba&ancing spen(ing on risk management with enefits gaine( Resources spent on risk anageent cou- (ae !een spent on ore profita!e actiities. I-ea risk anageent inii)es spen-ing on t(e anageent of risk :(ie aso iniising t(e negatie effects of t(e risks t(esees.
Princip&es of goo( risk management T(e Internationa Organi)ation for Stan-ar-i)ation *ISO+ i-entifies t(e foo:ing principes of risk anageent Risk anageent s(ou- •
• • • • • • •
create aue resources e;pen-e- to itigate risk s(ou- !e ess t(an t(e conse=uence of inaction8 or *as in aue engineering+8 t(e gain s(ou- e;cee- t(e pain !e an integra part of organisationa processes !e part of -ecision aking e;picity a--ress uncertainty an- assuptions !e systeatic an- structure!e !ase- on t(e !est aaia!e inforation !e taiora!e take into account (uan factors
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
16
CIMA P3 Course Notes • • • •
www.astranti.com
!e transparent an- incusie !e -ynaic8 iteratie an- responsie to c(ange !e capa!e of continua iproeent an- en(anceent !e continuay or perio-icay re
In t(e e;a you can copare t(ese principes to t(ose use- in t(e scenario to eauate an organisations risk anageent process.
!.
isk Management Process
T(ere are a range of risk anageent approac(es8 :(ic( for t(e ost part8 consist of t(e foo:ing eeents8 perfore-8 ore or ess8 in t(e foo:ing or-er 1+ I-entify t(reats 2+ Assess t(e risk < t(e e;pecte- ikei(oo- an- conse=uences of specific types of t(reats on specific assets 3+ Risk treatent < I-entify :ays to re-uce or anage t(ose risks 4+ Ipeent risk anageent easures #+ Reie: an- contro
Step 1 I(entify threats Risks are a!out eents t(at8 :(en triggere-8 cause pro!es. 'ence8 risk i-entification can start :it( t(e source of pro!es8 or :it( t(e pro!e itsef. 0;apes of risk sources are stake(o-ers of a proect8 epoyees of a copany or t(e :eat(er oer an airport. Risks are reate- to i-entifie- t(reats. $or e;ape t(e t(reat of osing oney8 t(e t(reat of a!use of confi-entia inforation or t(e t(reat of acci-ents an- casuaties. T(e t(reats ay e;ist :it( arious entities8 ost iportant :it( s(are(o-ers8 custoers an- egisatie !o-ies suc( as t (e goernent. Once a t(reat is i-entifie-8 t(e eents t(at ay !e triggere- can !e inestigate-. $or e;ape stake(o-ers :it(-ra:ing -uring a proect ay en-anger fun-ing of t(e proectL confi-entia inforation ay !e stoen !y epoyees een :it(in a cose- net:orkL ig(tning striking an aircraft -uring takeoff ay ake a peope on !oar- ie-iate casuaties. T(e c(osen et(o- of i-entifying risks ay -epen- on cuture8 in-ustry practice an- copiance. T(e i-entification et(o-s are fore- !y
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
17
CIMA P3 Course Notes
www.astranti.com
tepates or t(e -eeopent of tepates for i-entifying source8 pro!e or eent. Coon risk i-entification et(o-s are
27ecti$es>ase( risk i(entification Organi)ations an- proect teas (ae o!ecties. Any eent t(at ay en-anger ac(ieing an o!ectie party or copetey is i-entifie- as risk.
Scenario>ase( risk i(entification In scenario anaysis -ifferent scenarios are create-. T(e scenarios ay !e t(e aternatie :ays to ac(iee an o!ectie8 or an anaysis of t(e interaction of forces in8 for e;ape8 a arket or !atte. Any eent t(at triggers an un-esire- scenario aternatie is i-entifie- as risk.
*aase( risk i(entification Ta;onoy
Common>risk checking In seera in-ustries8 ists :it( typica kno:n risks are aaia!e. 0ac( risk in t(e ist can !e c(ecke- for appication to t(e organisation
isk charting Risks are copie- into a c(art isting out • • • •
resources at risk t(reats to t(ose resources o-ifying factors :(ic( ay increase or -ecrease t(e risk conse=uences it is :is(e- to aoi-.
Step ! Assess the risks Once risks (ae !een i-entifie-8 t(ey ust t(en !e assesse- as to t(eir •
•
potentia seerity of ipact *generay a negatie ipact8 suc( as -aage or oss+ t(e pro!a!iity of occurrence.
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
18
CIMA P3 Course Notes
www.astranti.com
T(ese =uantities can !e eit(er sipe to easure8 in t(e case of t(e aue of a ost !ui-ing8 or ipossi!e to kno: for sure in t(e case of t(e pro!a!iity of an unikey eent occurring. T(erefore8 in t(e assessent process it is critica to ake t(e !est e-ucate- -ecisions in or-er to propery prioriti)e t(e ipeentation of t(e risk anageent pan. T(ese can t(en !e potte- on a risk ap.
?uantifying risk T(us8 t(ere (ae !een seera t(eories an- attepts to =uantify risks. Huerous -ifferent risk foruae e;ist8 !ut per(aps t(e ost :i-ey accepte- forua for risk =uantification is Coposite Risk In-e; Ipact of Risk eent ; /ro!a!iity of Occurrence T(e ipact of t(e risk eent is coony assesse- on a scae of 1 to #8 :(ere 1 an- # represent t(e iniu an- a;iu possi!e ipact of an occurrence of a risk *usuay in ters of financia osses+. 'o:eer8 t(e 1 to # scae can !e ar!itrary an- nee- not !e on a inear scae. T(e pro!a!iity of occurrence is ike:ise coony assesse- on a scae fro 1 to #8 :(ere 1 represents a ery o: pro!a!iity of t(e risk eent actuay occurring :(ie # represents a ery (ig( pro!a!iity of occurrence.
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
19
CIMA P3 Course Notes
www.astranti.com
T(e Coposite In-e; t(us can take aues ranging *typicay+ fro 1 t(roug( 2#8 an- t(is range is usuay ar!itrariy -ii-e- into t(ree su!
8ifficu&ties in assessment T(e fun-aenta -ifficuty in risk assessent is -eterining t(e pro!a!iity *or rate+ of occurrence since statistica inforation is not aaia!e on a kin-s of past inci-ents. $urt(erore8 eauating t(e seerity of t(e conse=uences *ipact+ is often =uite -ifficut for intangi!e assets. Asset auation is anot(er =uestion t(at nee-s to !e a--resse-. T(us8 !est e-ucate- opinions an- aaia!e statistics are t(e priary sources of inforation. Heert(eess8 risk assessent s(ou- pro-uce suc( inforation for t(e anageent of t(e organi)ation t(at t(e priary risks are easy to un-erstan- an- t(at t(e risk anageent -ecisions ay !e prioriti)e-.
Step 3 isk *reatment@Management Once risks (ae !een i-entifie- an- assesse-8 tec(ni=ues to anage t(e risk fa into one or ore of t(e four aor *TARA+ categories Transfer Aoi-ance Re-uction Accept
< S(aring :it( anot(er party e.g. Outsource or insure+ < 0iinate8 :it(-ra: fro or not !ecoe inoe< Contro an- itigate < Accept t(e risk an- !u-get for its possi!e occurance
isk transfer 9efine- as Fs(aring :it( anot(er party t(e !ur-en of oss or t(e !enefit of gain8 fro a risk8 an- t(e easures to re-uce a risk.F T(is is usuay -one on one of t:o :ays 1. Insuring t(e risk an- (ence passing t(e financia risk on to t(e insurance copany 2. Outsourcing so t(at t(e risk is passe- to t(e out sourcer as part of t(e contract. Hote t(at soe eeent of t(e risk is often retaine- !y t(e copany. In t(e eent of a fire8 t(e !usiness ay !e a!e to recai t(e financia osses8 !ut t(ere ay !e reputationa risk or risk of oss of custo t(at t(e !usiness retains. © Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
20
CIMA P3 Course Notes
www.astranti.com
isk a$oi(ance T(is incu-es not perforing an actiity t(at cou- carry risk. An e;ape :ou- !e not !uying a property or !usiness in or-er to not take on t(e ega ia!iity t(at coes :it( it. Anot(er :ou- !e not fying in or-er not to take t(e risk t(at t(e airpane :ere to !e (iacke-. Aoi-ance ay see t(e ans:er to a risks8 !ut aoi-ing risks aso eans osing out on t(e potentia gain t(at accepting *retaining+ t(e risk ay (ae ao:e-. Hot entering a !usiness to aoi- t(e risk of oss aso aoi-s t(e possi!iity of earning profits.
isk re(uction Risk re-uction inoes re-ucing t(e seerity of t(e oss or t(e ikei(oo- of t(e oss fro occurring. $or e;ape8 sprinkers are -esigne- to put out a fire to re-uce t(e risk of oss !y fire8 :(ie ocks on -oors re-uce t(e risk of t(eft8 as -o security guar-s. Mo-ern soft:are -eeopent et(o-oogies re-uce risk !y -eeoping an-eiering soft:are increentay. 0ary et(o-oogies suffere- fro t(e fact t(at t(ey ony -eiere- soft:are in t(e fina p(ase of -eeopentL any pro!es encountere- in earier p(ases eant costy re:ork an- often eopar-i)e- t(e :(oe proect. By -eeoping in iterations8 soft:are proects can iit effort :aste- to a singe iteration.
isk retention@acceptance Retention inoes accepting t(e oss8 or !enefit of gain8 fro a risk :(en it occurs. True sef insurance fas in t(is category. Risk retention is a ia!e strategy for sa risks :(ere t(e cost of insuring against t(e risk :ou- !e greater oer tie t(an t(e tota osses sustaine-. A risks t(at are not aoi-e- or transferre- are retaine- !y -efaut. T(is incu-es risks t(at are so arge or catastrop(ic t(at t(ey eit(er cannot !e insure- against or t(e preius :ou- !e infeasi!e. >ar is an e;ape since ost property an- risks are not insure- against :ar8 so t(e oss attri!ute- !y :ar is retaine- !y t(e insure-. Aso any aounts of potentia oss *risk+ oer t(e aount insure- is retaine( risk. T(is ay aso !e accepta!e if t(e c(ance of a ery arge oss is sa or if t(e cost to insure for greater coerage aounts is so great it :ou- (in-er t(e goas of t(e organisation too uc(.
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
21
CIMA P3 Course Notes
www.astranti.com
Create a risk management@treatment p&an $or eac( risk i-entifie-8 appropriate contros or countereasures s(ou- !e seecte- $or e;ape8 an o!sere- (ig( risk of coputer iruses cou- !e itigate- !y ac=uiring an- ipeenting antiirus soft:are. A goo- risk anageent pan s(ou- contain a sc(e-ue for contro ipeentation anresponsi!e persons for t(ose actions. 0ac( approac( ust !e approe- !y t(e appropriate ee of anageent. $or instance8 a risk concerning t(e iage of t(e organi)ation s(ou- (ae top anageent -ecision !e(in- it :(ereas IT anageent :ou- (ae t(e aut(ority to -eci-e on coputer irus risks. T(e risks an- agree- et(o-s of anaging t(ese risks are suarise- in a Risk ManageentKTreatent /an8 :(ic( -ocuents t(e -ecisions a!out (o: eac( of t(e i-entifie- risks s(ou- !e (an-e-. T(e risk re-uction easures ay !e prioritise- !ase- on t(e iportance to t(e !usiness an- t(e cost.
Step % > Imp&ementation Ipeentation foo:s a of t(e panne- et(o-s for itigating t(e effect of t(e risks. /urc(ase insurance poicies for t(e risks t(at (ae !een -eci-eto !e transferre- to an insurer8 aoi- a risks t(at can !e aoi-e- :it(out sacrificing t(e entitys goas8 re-uce ot(ers8 an- retain t(e rest.
Step 5 > e$iew an( contro& Initia risk anageent pans :i neer !e perfect. /ractice8 e;perience8 an- actua oss resuts :i necessitate c(anges in t(e pan an- contri!ute inforation to ao: -ifferent -ecisions to !e a-e in -eaing :it( t(e risks !eing face-. Risk anaysis resuts an- anageent pans s(ou- !e up-ate- perio-icay. T(ere are t:o priary reasons for t(is •
•
to eauate :(et(er t(e preiousy seecte- contros are sti appica!e an- effectie to eauate t(e possi!e risk ee c(anges in t(e !usiness enironent. C(anges in proce-ures8 tec(noogy8 sc(e-ues8 !u-gets8 arket con-itions8 poitica enironent8 or ot(er factors typicay re=uire re
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
22
CIMA P3 Course Notes
3.
www.astranti.com
nterprise risk management :M; C2S2
8efinition Enterprise risk management (ERM) is a risk-based approach to managing an enterprise, and is one of the world’s most common methodologies used to manage risk in an organisation. It aims to help organisations understand the risks facing organisations and develop control strategies to ensure they are effectively managed. It was developed in 2004 by COSO (the Committee of Sponsoring Organisations of the Treadway Commission).
T(e 0RM cu!e represents (o: 0RM :orks t(roug(out t(e organisation. T(e four 0RM o!ecties are s(o:n on t(e top of t(e cu!e. T(e eig(t processes :(ic( you (ae to go t(roug( to un-etake 0RM are s(o:n on t(e front face8 :(ie t(e eeents on t(e rig(t face ai to s(o: t(at t(ese s(ou- !e foo:e- in eery part of t(e organisation i.e. in eac( su!si-iary8 !usiness unit8 -iision an- in-ee- t(e organisation as a :(oe.
27ecti$es of enterprise risk management This enterprise risk management framework is geared to achieving the following four key objectives:
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
23
CIMA P3 Course Notes •
•
• •
www.astranti.com
Strategic: high-level strategic goals, aligned with and supporting its mission Operations: effective and efficient use of its resources at an operational level in the business Reporting: reliability of reporting (e.g. financial reports) Compliance: compliance with applicable laws and regulations
ight framework components The eight components of enterprise risk management are:
Interna& en$ironment The internal environment encompasses the tone of an organisation, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. 27ecti$e setting Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite. $ent i(entification Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channelled back to management’s strategy or objective-setting processes. isk assessment Risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis. isk response Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite. Contro& acti$ities Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out. Information an( communication Relevant information is identified, captured, and communicated in a form and time frame that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity. Monitoring The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
24
CIMA P3 Course Notes
%.
www.astranti.com
CIMAs isk Management Cyc&e
T(e CIMA risk anageent cyce is anot(er risk anageent o-e8 siiar in nature to t(e COSO o-e of risk anageent. It outines t(e foo:ing steps for risk anageent 1. 0sta!is( a risk anageent group an- set goas. 2. I-entif y risk areas. 3. n-erstan- an- assess t(e scae of risk. 4. 9eeop a risk response strategy. #. Ipeent t(e strategy an- aocate responsi!iities. 6. Ipeent an- onitor t(e suggeste- contros. &. Reie: an- refine t(e process an- -o it again.
While not as commonly used in practise as the COSO model, it has been specifically examined in the P3 exam, and so must be learnt.
5.
Pro&ems of risk management
Managing an- organisations risks effectiey can !e a -ifficut process. 'ere are soe of t(e key reasons
Su7ecti$e /ro!a!iity an- ipact can often !e su!ectie8 aking t(e -egree of risk (ar- to assess. T(e !est approac( to anaging t(e risk is aso often su!ectie.
#i$ing too high a priority to risk management /rioritising t(e risk anageent processes too (ig(y can ake t(e organistaion or proect oery !ureaucratic :it( eery processes re=uiring -etaie- contros. It can aso ean t(at soe proects neer get starte- or are -eaye- starte-8 as t(e risks are assesse- or are perceie- as unkno:n or e;cessiey (ig(. T(is ay resut in a ack of innoation an- osing copetitie e-ge to faster oing copetitors. Spen-ing too uc( tie assessing an- anaging unikey risks can aso -iert resources t(at cou- !e use- ore profita!y.
9uman error 'uan faiures suc( as sipe errors or istakes can ea- to ina-e=uate responses to risk.
Contro&s can e circum$ente(
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
25
CIMA P3 Course Notes
www.astranti.com
Contros can !e circuente- !y cousion of t:o or ore peope or !y an IT iterate epoyee8 an- anageent (as t(e a!iity to oerri-e risk anageent -ecisions. /eope are often otiate- !y persona gain an- not anaging risk8 an- so ay circuent contros for t(ose reasons. 0.g. Neroe 5erie at Societe enerae ost #!n t(roug( circuenting t(e !anks contros oer tra-ing.
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
26
CIMA P3 Course Notes
www.astranti.com
Strategic Mock
-u&& marking an( (etai&e( fee(ack $u ock arking 9etaie- an- personaise- fee-!ack to focus on (eping to pass t(e e;as
Persona& coaching on your mock e
Strategic an( -inancia& ana&ysis of the Pre>seen Strategic ana&ysis < a key !usiness strategy o-es in 03 -inancia& ana&ysis !ase- aroun- t(e $3 sya!us isk ana&ysis !ase- aroun- t(e /3 sya!us 3% page strategic report $u i-eo anaysis of (o: a key o-es appy to t(e unseen Ji-eo intro-uction to a t(e key o-es
Persona& Coaching Courses /ersona coac(ing to get you t(roug( t(e e;a
*uition Course /ersonaise- tuition to gie you t(e re=uire- sya!us kno:e-ge taiore- to your nee-s e$ision Course < /ractise past e;a =uestions :it( persona fee-!ack on your tec(nica :eaknesses an- e;a approac( an- tec(ni=ue esit Course I-entifying :eaknesses fro past attepts an- proi-ing personaise- gui-ance an- stu-y gui-es to get you t(roug( t(e e;a
© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses
27