CIMA P3 Notes - Chapters 1 and 2

CIMA P3 Course Notes

www.astranti.com

CIMA P3 Performance Strategy Course Notes

By Nick Best

© Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses

1


www.astranti.com

Chapter 1 ................ ................................. ................................... ................................... ............................5 ...........5 isk .............. ............................... .................................... ................................... ................................. ....................5 ...5 1. 2. 3. 4. #. 6. &. ,. ".

Risk ........ ................ ................. ................. ................ ................. .................. ................. ................ ................ ................. ........... .. 6 Types of risk ......... ................. ................ ................ ................. .................. ................. ................ ................ ................ ........ 6 Strategic Business risks....... risks................ ................. ................. ................. ................. ................. ................ ............. ..... 6 Operationa !usiness risks ........ ................ ................ ................. ................. ................. ................. ................ .......... " $inancia risk risk........ ................. ................. ................ ................. ................. ................. ................. ................ ...............1% .......1% Internationa risk risk......... ................. ................ .................. .................. ................ ................ ................. ................. .......... 11 'ig( Reia!iity Organi)ations *'ROs+ ....... ................ .................. ................. ................ ................. ........... ..12 12 Attitu-es to risk ........ ................. ................. ................ ................. .................. ................. ................ ................ ........... ...12 12 'uan -ecision aking an- risk ........ ................ ................. .................. ................. ................ ................13 ........13

Chapter ! ................ ................................. ................................... ................................... .......................... ......... 15 isk Managemen Managementt ............... ............................... ................................... ................................... .................. 15 1. 2. 3. 4.

Risk Manageent.............. Manageent...................... ................. .................. ................. ................. ................. ................ ............16 ....16 Risk Manageent /rocess......... /rocess................. ................ ................. ................. ................. ................. ................1& ........1& 0nterprise risk anageent  COSO 1 .....................................................23 /ro!es of risk anageent ........ ................. .................. ................. ................ ................ ................. ........... ..2# 2#

Chapter 3 ................ ................................. ................................... ................................... .......................... ......... !" #o$ernance ................ ................................ ................................... .................................... ....................... ...... !" 1. 2. 3. 4.

oernance ........ ................ ................ ................. .................. ................. ................ ................. ................. ................2" ........2" /rincipes of corporate goernance goernance........ ................ ................. ................. ................. ................. .............3% .....3% 1 T(e 5 Co-e of Corporate oernance .................................................31 Corporate goernance  Internationay................ Internationay........................ ................ ................. ................. .......... 34

Chapter % ................ ................................. ................................... ................................... .......................... ......... 3" Interna& Contro& ................ ................................. ................................... ................................... ................... 3" 1. 2. 3. 4. #. 6. &. ,. ".

Interna Contro ........ ................. ................. ................ ................. .................. ................. ................ ................ ........... ...3" 3" # coponents of interna contro systes *COSO+ ........ ................. ................. ................ ............ ....4% 4% oernance an- contros ......... ................. ................ ................. ................. ................. ................. ................41 ........41 Contro o!ecties ........ ................. ................. ................. ................. ................ ................. ................. ................43 ........43 Contro actiities or proce-ures proce-ures........ ................ ................. ................. ................ ................. ................. .......... 44 Contro precision ........ ................ ................ ................ ................. .................. ................. ................ ................ ........... ...44 44 Interna contro an- $rau- ........ ................ ................ .................. .................. ................ ................ ...............4# .......4# Interna contros an- !usiness iproeent ........ ................. ................. ................ ................. ........... ..4# 4# 7iitations of interna contro........... contro................... ................. ................. ................. ................. ................4# ........4#

Chapter 5 ................ ................................. ................................... ................................... .......................... ......... %" Management Manageme nt Contro& Systems ................. ................................... .................................. .................. %" 1. 2. 3. 4. #.

Manageent contro systes ........ ................ ................ ................. .................. ................. ................ ............ ....4" 4" Toos of anageent contro.............. contro...................... ................. ................. ................ ................ ...............4" .......4" Manageent accounting contro systes ........ ................. ................. ................ ................ ...............#3 .......#3 Controing 0t(ics ........ ................ ................. .................. ................. ................ ................ ................. ................. .......... ## Contro t(eory ........ ................ ................ ................. .................. ................. ................ ................ ................. ..............#, .....#,


2


www.astranti.com

Chapter ' ............................................................................. '1 isk an( contro& in information systems ....................................... '1 1. 2. 3. 4.

Inforation....................................................................................62 7ees of anageent8 inforation an- contro .......................................63 Inforation systes an- contro ..........................................................6# IS strategy .....................................................................................6"

Chapter ) ............................................................................. )% *he I* (epartment an( contro& of systems (e$e&opment ................... )% 1.

2. 3. 4. #. 6.

Managing t(e IS -epartent ...............................................................&# Centraisation s -ecentraisation ........................................................&# Outsourcing ...................................................................................&6 Accounting for t(e IS 9epartent ........................................................&, Steering coittee..........................................................................,1 Systes -eeopent .......................................................................,2

Chapter " ............................................................................. "' Contro& an( security of I* ......................................................... "' 1. 2.

5ey risks .......................................................................................,& IT contros .....................................................................................,&

Chapter + ............................................................................. +! Interna& Au(iting .................................................................... +! 1. 2. 3. 4. #. 6. &. ,.

Interna au-iting ............................................................................."3 9eeoping t(e pan of au-it engageents.............................................. "# n-ertaking an interna au-it ............................................................."# Measuring t(e interna au-it function .................................................... "& Roe in corporate goernance.............................................................. ", Reations(ip :it( t(e e;terna au-itor..................................................."" Au-itor et(ics................................................................................."" Coputer
Chapter 1, ......................................................................... 1,3 -inancia& isk ...................................................................... 1,3 1. 2. 3. 4. #.

>(at is financia risk? ..................................................................... 1%4 Inestents risks ........................................................................... 1%4 $inancia risks associate- :it( !usiness an- tra-ing oerseas..................... 1%# @uantifying risk............................................................................. 1%& 9iersification .............................................................................. 1%"

Chapter 11 ......................................................................... 11! Currency isk ...................................................................... 11! 1. 2. 3. 4. #. 6.

Currency risk ................................................................................ 113 Transation risk ............................................................................. 113 Transaction risk ............................................................................ 113 0;c(ange rates terinoogy.............................................................. 114 /urc(asing po:er parity t(eory ......................................................... 11# Interest rate parity t(eory ............................................................... 116


3


www.astranti.com

Chapter 1! ......................................................................... 11+ Currency he(ging techniues .................................................. 11+ 1. 2. 3. 4.

'e-ging ...................................................................................... 12% $or:ar-s ..................................................................................... 12% Currency futures ........................................................................... 124 Currency options ........................................................................... 126

Chapter 13 ......................................................................... 13, Interest rate risk .................................................................. 13, 1. 2. 3. 4. #.

Interest rate risk ........................................................................... 131 'e-ging interest rate risk ................................................................ 131 Interest rate S>A/S ....................................................................... 133 Caps8 $oors an- Coars .................................................................. 13# $inancia reporting an- risks of -eriaties ........................................... 136


4


www.astranti.com

CIMA P3 Course Notes c

Chapter 1 isk


5


1.

www.astranti.com

isk

/hat is risk0 isk is t(e potentia t(at a c(osen action :i ea- to an un-esira!e outcoe. tiatey coercia risks resut in a negatie outcoe in ters of soe !usiness goa  an increase in costs8 fa in reenues8 oss of custoer8 ega ia!iity8 -rop in orae of staff an- so on.

!.

*ypes of risk

T(e ain categories of risk to consi-er are

Strategic  reating to t(e !usiness an- its strategic position8 for e;ape a ne: copetitor entering t(e arket8 c(aenging t(e copanys copetitie position an- affecting t(eir a!iity to earn reenues an- profits. Comp&iance  :it( a: an- reguation8 for e;ape (eat( an- safety egisation -inancia&  risks reating to financing t(e !usiness *suc( as c(anging interest rates+ an- un-ertaking financia transactions *suc( as e;c(ange rate risk or non
3.

Strategic Business risks

Strategic risk reates reating to t(e !usiness an- its strategic position. A goo- starting point is to consi-er risks arising un-er t(e /0ST07 factors1

Po&itica& risk /oitica factors are (o: an- to :(at -egree a goernent interenes in t(e :orkings of organisations. /oitica factors incu-e areas suc( as ta; poicy8


6


www.astranti.com

epoyent egisation8 enironenta a:s8 tra-e restrictions8 tariffs8 anpoitica sta!iity. oernent inestent *or ack of+ can aso pay a significant roe in t(e aaia!iity of contracts an- :ork for organisations. oernents (ae great infuence on t(e (eat(8 e-ucation8 an- infrastructure of a nation :(ic( can aso ipact t(e organisations :it(in t(at country e.g. t(e aaia!iity of skie- a!our. /oitica c(anges t(erefore create significant risks for organisations :it(in t(at country.

conomic risk 0conoic factors incu-e econoic gro:t(8 interest rates8 e;c(ange rates an- t(e infation rate. T(ese factors (ae aor ipacts on (o: !usinesses operate an- ake -ecisions. $or e;ape8 interest rates affect a firs cost of capita an- t(erefore to :(at e;tent a !usiness gro:s an- e;pan-s. 0;c(ange rates affect t(e costs of e;porting goo-s an- t(e suppy an- price of iporte- goo-s in an econoy. 0conoic c(ange t(erefore creates risk for organisations :it(in t(at econoy.

Socia& risk Socia factors incu-e t(e cutura aspects an- incu-e (eat( consciousness8 popuation gro:t( rate8 age -istri!ution8 career attitu-es an- ep(asis on safety. Tren-s in socia factors affect t(e -ean- for a copanys pro-ucts an- (o: t(at copany operates. Socia c(ange can t(erefore create risk8 for e;ape t(e re-uction in -ean- for un(eat(y pro-ucts as (eat( consciousness increases.

*echno&ogica& risk Tec(noogica factors incu-e tec(noogica aspects suc( as RD9 actiity8 autoation8 tec(noogy incenties an- t(e rate of tec(noogica c(ange. Organisations nee- to stay a:are of t(e key tec(noogies in t(eir in-ustry in or-er to anage risks t(at t(ey -o not fuy a-apt to or appy ne: tec(noogies.

n$ironmenta& risk


7


www.astranti.com

0nironenta factors incu-e ecoogica anenironenta aspects suc( as :eat(er8 ciate8 an- ciate c(ange8 :(ic( ay especiay affect in-ustries suc( as touris8 faring8 an- insurance. $urt(erore8 gro:ing a:areness of t(e potentia ipacts of ciate c(ange is affecting (o: copanies operate an- t(e pro-ucts t(ey offer8 !ot( creating ne: arkets an- -iinis(ing or -estroying e;isting ones. 0nironenta risks can appy to onger ter c(anges t(at affect arkets *e.g. ciate c(ange+ or s(ort ter actiities suc( as a one
4ega& risk C(anges in a: can incu-e ipacts on pro-ucts8 custoers8 staff8 pro-ct -ean- an- so on. Copanies ust continue to keep a:are of ega c(ange to aoi- t(e risk t(at t(ey -o not a!i-e !y t(e a: an- (ae to pay fines an-aage t(eir reputation.

Our ne;t set of risks to consi-er can !e reate- to eeents of /orters # forces

Competiti$e risks T(ese factors reate to c(anges cause- !y copetitors in t(e arket. T(ey incu-e ne: or c(anging pro-ucts8 price c(anges8 ne: entrants8 ne: -istri!ution c(annes8 !ran-ing an- arket positioning.

Supp&ier risk Suppier factors incu-e c(anging prices8 aaia!iity an- reia!iity of suppy8 -eays in -eiery8 =uaity issues. As :e as increases in costs ipose- !y c(anges in suppy8 suppy factors create risk of poor custoer serice an- utiatey affect t(e copanys reputation an- profita!iity.

Customer risk Custoers ay oe to ot(er copetitors or e;ert po:er to re-uce prices. 5ey custoers ay aso cease to e;ist8 for instance :(en a !usiness goes into i=ui-ation. Oer-epen-ence on a sa nu!er of key custoers is a aor risk of any !usinesses.


8


%.

www.astranti.com

2perationa& usiness risks

6ey operationa& risks Operationa risks are interna risks8 reating to t(e -ay to -ay functioning of t(e !usiness. T(ese can incu-e • • • • • • • • • •

IT systes !reak-o:n8 error or faiure 7oss or corruption of -ata 7ega an- reguatory copiance 'eat( an- safety issues 7oss of key staff Increasing :ages S(ortages of skie- staff $rau'uan error 9aage8 oss or t(eft of assets

isk an( &arge pro7ects 9ue to t(e ery :i-e ariety of opportunities for pro!es in arge proects suc( as arge construction proects or IT -eeopents t(ese are often (ig(y risky. Suc( entures typicay (ae (ig( cost oerruns8 !enefit s(ortfas8 an- sc(e-ue -eays8 pus negatie an- unanticipate- socia anenironenta ipacts. Researc( suggests t(at cost oerruns of #%E are coon on arge proects8 :(ie actua -ean- for t(e en- serices t(ey are panne- to proi-e is coony 2#E ess t(an anticipate-. 7arge proects t(erefore nee- ery cear8 -etaie- feasi!iity anaysis at t(e proect inception8 an- strong proect anageent t(roug(out t(e proect.


9


5.

www.astranti.com

-inancia& risk

8efinition $inancia risks reate to •

•

•

financing t(e !usiness *suc( as c(anging interest rates or non< aaia!iity of finance+ un-ertaking financia transactions *suc( as e;c(ange rate risk or non< payent !y a custoer+ t(e possi!iity t(at an inestents actua return :i !e -ifferent t(an e;pecte-. T(is incu-es t(e possi!iity of osing soe or a of t(e origina inestent.

$inancia risk ay !e arket<-epen-ent8 -eterine- !y nuerous arket factors8 or operationa8 resuting fro error or frau-uent !e(aiour.

Measuring financia& risk of in$estments $inancia risk often incu-es not ony F-o:nsi-e riskF !ut aso Fupsi-e riskF *returns t(at e;cee- e;pectations+. Stan(ar( (e$iation is t(e cacuation of t(e aria!iity of returns aroun- t(e ean8 an- proi-es a easure of financia risk. *Gou :i not !e re=uire- to un-ertake a stan-ar- -eiation cacuation for t(e e;a :(ere =uestions ten- to focus on t(e -o:nsi-e rat(er t(an t(e upsi-e risk.+

isk an( return A fun-aenta i-ea in finance is t(e reations(ip !et:een risk an- return. T(e greater t(e potentia return one ig(t seek8 t(e greater t(e risk t(at one generay assues. $or e;ape8 a goernent !on- is consi-ere- to !e one of t(e safest inestents an-8 :(en copare- to a corporate !on-8 proi-es a o:er rate of return. T(e reason for t(is is t(at a corporation is uc( ore ikey to go !ankrupt t(an a goernent. Because t(e risk of inesting in a corporate !on- is (ig(er8 inestors are offere- a (ig(er rate of return.


10


'.

www.astranti.com

Internationa& risk

Risks ten- to :i-en :(en organisations are operating internationay. Again t(e /0ST07 factors are a goo- starting point to assess risk.

Po&itica&  Internationa poitics8 uncertainty an- :ar. T(e poitica situation in eac( arket operate- nee-s to !e consi-ere-. conomic  >or- econoy. an- econoies of countries in :(ic( you are operating e.g. ees of :eat(. 0;c(ange rates :i ary8 as :i oca ta;es an- tariffs. It ay !e aso (ar-er to c(ase cre-itors *cre-it risk+. Socia&  Cutura an- -eograp(ic -ifferences !et:een countries :(ic( nee- to !e a-apte- to arket !y arket. 0-ucation an- ski ees ay -iffer aso :(ic( ay affect staffing. *echnica&  Tec(noogica -ifferences. n$ironmenta&  Countries :it( a -ifferent attitu-e an- a: in reation to enironenta issues. 4ega&  0ac( country (as its o:n a: an- reguation :(ic( ust !e a!i-e!y in eac( ne: arket entereHe;t :e can consi-er t(e key strategic risks fro /orters # forces

Customers  >i (ae -ifferent nee-s in eac( ne: arket. T(ey ay (ae oyaty to e;isting pro-ucts or !ran-s. Supp&iers  He: reations(ips :i nee- to !e !uit :it( ne: suppiers. Suppy ay not !e aaia!e in a ne: arkets Competitors  He: oca copetition ay !e in eac( ne: arket an- :i nee- to anayse- an- t(reats consi-ere-.


11


).

www.astranti.com

9igh e&iai&ity 2rganisations :92s;

/hat is an 920 A 'ig( reia!iity organisation *'RO+ is an organi)ation t(at (as succee-ein aoi-ing catastrop(es in an enironent :(ere nora acci-ents can !e e;pecte- -ue to risk factors an- cope;ity. Organi)ations suc( as t(ese s(are in coon t(e a!iity to consistenty operate safey in cope;8 interconnecte- enironents :(ere a singe faiure in one coponent cou- ea- to catastrop(e. 0ssentiay8 t(ey are organi)ations :(ic( appear to operate in spite of an enorous range of risks.

9ow 92s manage risk Many of t(ese in-ustries anage risk in a (ig(y =uantifie- an- enuerate:ay. T(e risks are ceary appe- out *often using tree -iagras+. >(ere t(e risks are foun- to !e (ig( t(ey are eauate- against t(e costs of re-ucing t(e risks an- easures ipeente- :(ere it is cost !eneficia.

".

Attitu(es to risk

isk appetite T(e ters attitu-e8 appetite an- toerance are often use- siiary to -escri!e an organi)ations or in-ii-uas attitu-e to:ar-s risk ta king.

isk a$erse8 risk neutra& an- risk seeking are e;apes of t(e ters t(at ay !e use- to -escri!e a risk attitu-e. Risk appetite ooks at (o: uc( risk one is :iing to accept. In organisations t(e ee of risk appetite is often affecte- !y attitu-es of s(are(o-ers8 -irectors an- staff  often ingraine- in t(e corporate cuture.

isk to&erance Risk toerance is t(e ee of -eiation fro t(e nor t(at :i !e accepte-. T(e o:er t(e risk toerance8 t(e o:er t(e risks t(at can !e un-ertaken ant(e greater t(e ee of contro t(at nee-s to !e e;erte- to stay :it(in t (e e;pecte- toerance ees.


12


+.

www.astranti.com

9uman (ecision making an( risk

Psycho&ogy an( risk taking Most -ecisions are a-e !e peope an- t(erefore affecte- !y peopes !eiefs8 aues8 fears8 -esires an- so on.

4ink to go$ernance One of t(e ais of corporate goernance is to preent !ias !y in-ii-ua -irectors or groupt(ink !y !oar-s !y ipeentation of easures suc( as scrutiny !y in-epen-ent non

13


www.astranti.com

Strategic Mock 
-u&& marking an( (etai&e( fee(ack $u ock arking 9etaie- an- personaise- fee-!ack to focus on (eping to pass t(e e;as

Persona& coaching on your mock e
Strategic an( -inancia& ana&ysis of the Pre>seen Strategic ana&ysis < a key !usiness strategy o-es in 03 -inancia& ana&ysis  !ase- aroun- t(e $3 sya!us isk ana&ysis  !ase- aroun- t(e /3 sya!us 3% page strategic report $u i-eo anaysis of (o: a key o-es appy to t(e unseen Ji-eo intro-uction to a t(e key o-es

Persona& Coaching Courses /ersona coac(ing to get you t(roug( t(e e;a

*uition Course  /ersonaise- tuition to gie you t(e re=uire- sya!us kno:e-ge  taiore- to your nee-s e$ision Course < /ractise past e;a =uestions :it( persona fee-!ack on your tec(nica :eaknesses an- e;a approac( an- tec(ni=ue esit Course  I-entifying :eaknesses fro past attepts an- proi-ing personaise- gui-ance an- stu-y gui-es to get you t(roug( t(e e;a


14


www.astranti.com

CIMA P3 Course Notes c

Chapter ! isk Management


15


1.

www.astranti.com

isk Management

8efinition Risk anageent is t(e i-entification8 assessent8 an- prioriti)ation of risks foo:e- !y coor-inate- an- econoica appication of resources to inii)e8 onitor8 an- contro t(e pro!a!iity an-Kor ipact o f unfortunate eents or to a;ii)e t(e reai)ation of opportunities. A process to anage risks In i-ea risk anageent8 a prioriti)ation process is foo:e- :(ere!y t(e risks :it( t(e greatest oss *or ipact+ an- t(e greatest pro!a!iity of occurring are (an-e- first8 an- risks :it( o:er pro!a!iity of occurrence an- o:er oss are (an-e- in -escen-ing or-er. In practice t(e process of assessing oera risk can !e -ifficut8 an!aancing resources use- to itigate !et:een risks :it( a (ig( pro!a!iity of occurrence !ut o:er oss ersus a risk :it( (ig( oss !ut o:er pro!a!iity of occurrence can often !e is(an-e-.

Ba&ancing spen(ing on risk management with enefits gaine( Resources spent on risk anageent cou- (ae !een spent on ore profita!e actiities. I-ea risk anageent inii)es spen-ing on t(e anageent of risk :(ie aso iniising t(e negatie effects of t(e risks t(esees.

Princip&es of goo( risk management T(e Internationa Organi)ation for Stan-ar-i)ation *ISO+ i-entifies t(e foo:ing principes of risk anageent Risk anageent s(ou- •

• • • • • • •

create aue  resources e;pen-e- to itigate risk s(ou- !e ess t(an t(e conse=uence of inaction8 or *as in aue engineering+8 t(e gain s(ou- e;cee- t(e pain !e an integra part of organisationa processes !e part of -ecision aking e;picity a--ress uncertainty an- assuptions !e systeatic an- structure!e !ase- on t(e !est aaia!e inforation !e taiora!e take into account (uan factors


16

CIMA P3 Course Notes • • • •

www.astranti.com

!e transparent an- incusie !e -ynaic8 iteratie anresponsie to c(ange !e capa!e of continua iproeent anen(anceent !e continuay or perio-icay re
In t(e e;a you can copare t(ese principes to t(ose use- in t(e scenario to eauate an organisations risk anageent process.

!.

isk Management Process

T(ere are a range of risk anageent approac(es8 :(ic( for t(e ost part8 consist of t(e foo:ing eeents8 perfore-8 ore or ess8 in t(e foo:ing or-er 1+ I-entify t(reats 2+ Assess t(e risk < t(e e;pecte- ikei(oo- an- conse=uences of specific types of t(reats on specific assets 3+ Risk treatent < I-entify :ays to re-uce or anage t(ose risks 4+ Ipeent risk anageent easures #+ Reie: an- contro

Step 1  I(entify threats Risks are a!out eents t(at8 :(en triggere-8 cause pro!es. 'ence8 risk i-entification can start :it( t(e source of pro!es8 or :it( t(e pro!e itsef. 0;apes of risk sources are stake(o-ers of a proect8 epoyees of a copany or t(e :eat(er oer an airport. Risks are reate- to i-entifie- t(reats. $or e;ape t(e t(reat of osing oney8 t(e t(reat of a!use of confi-entia inforation or t(e t(reat of acci-ents an- casuaties. T(e t(reats ay e;ist :it( arious entities8 ost iportant :it( s(are(o-ers8 custoers an- egisatie !o-ies suc( as t (e goernent. Once a t(reat is i-entifie-8 t(e eents t(at ay !e triggere- can !e inestigate-. $or e;ape stake(o-ers :it(-ra:ing -uring a proect ay en-anger fun-ing of t(e proectL confi-entia inforation ay !e stoen !y epoyees een :it(in a cose- net:orkL ig(tning striking an aircraft -uring takeoff ay ake a peope on !oar- ie-iate casuaties. T(e c(osen et(o- of i-entifying risks ay -epen- on cuture8 in-ustry practice an- copiance. T(e i-entification et(o-s are fore- !y


17


www.astranti.com

tepates or t(e -eeopent of tepates for i-entifying source8 pro!e or eent. Coon risk i-entification et(o-s are

27ecti$es>ase( risk i(entification Organi)ations an- proect teas (ae o!ecties. Any eent t(at ay en-anger ac(ieing an o!ectie party or copetey is i-entifie- as risk.

Scenario>ase( risk i(entification In scenario anaysis -ifferent scenarios are create-. T(e scenarios ay !e t(e aternatie :ays to ac(iee an o!ectie8 or an anaysis of t(e interaction of forces in8 for e;ape8 a arket or !atte. Any eent t(at triggers an un-esire- scenario aternatie is i-entifie- as risk.

*aase( risk i(entification Ta;onoy
Common>risk checking In seera in-ustries8 ists :it( typica kno:n risks are aaia!e. 0ac( risk in t(e ist can !e c(ecke- for appication to t(e organisation

isk charting Risks are copie- into a c(art isting out • • • •

resources at risk t(reats to t(ose resources o-ifying factors :(ic( ay increase or -ecrease t(e risk conse=uences it is :is(e- to aoi-.

Step !  Assess the risks Once risks (ae !een i-entifie-8 t(ey ust t(en !e assesse- as to t(eir •

•

potentia seerity of ipact *generay a negatie ipact8 suc( as -aage or oss+ t(e pro!a!iity of occurrence.


18


www.astranti.com

T(ese =uantities can !e eit(er sipe to easure8 in t(e case of t(e aue of a ost !ui-ing8 or ipossi!e to kno: for sure in t(e case of t(e pro!a!iity of an unikey eent occurring. T(erefore8 in t(e assessent process it is critica to ake t(e !est e-ucate- -ecisions in or-er to propery prioriti)e t(e ipeentation of t(e risk anageent pan. T(ese can t(en !e potte- on a risk ap.

?uantifying risk T(us8 t(ere (ae !een seera t(eories an- attepts to =uantify risks. Huerous -ifferent risk foruae e;ist8 !ut per(aps t(e ost :i-ey accepte- forua for risk =uantification is Coposite Risk In-e;  Ipact of Risk eent ; /ro!a!iity of Occurrence T(e ipact of t(e risk eent is coony assesse- on a scae of 1 to #8 :(ere 1 an- # represent t(e iniu an- a;iu possi!e ipact of an occurrence of a risk *usuay in ters of financia osses+. 'o:eer8 t(e 1 to # scae can !e ar!itrary an- nee- not !e on a inear scae. T(e pro!a!iity of occurrence is ike:ise coony assesse- on a scae fro 1 to #8 :(ere 1 represents a ery o: pro!a!iity of t(e risk eent actuay occurring :(ie # represents a ery (ig( pro!a!iity of occurrence.


19


www.astranti.com

T(e Coposite In-e; t(us can take aues ranging *typicay+ fro 1 t(roug( 2#8 an- t(is range is usuay ar!itrariy -ii-e- into t(ree su!
8ifficu&ties in assessment T(e fun-aenta -ifficuty in risk assessent is -eterining t(e pro!a!iity *or rate+ of occurrence since statistica inforation is not aaia!e on a kin-s of past inci-ents. $urt(erore8 eauating t(e seerity of t(e conse=uences *ipact+ is often =uite -ifficut for intangi!e assets. Asset auation is anot(er =uestion t(at nee-s to !e a--resse-. T(us8 !est e-ucate- opinions an- aaia!e statistics are t(e priary sources of inforation. Heert(eess8 risk assessent s(ou- pro-uce suc( inforation for t(e anageent of t(e organi)ation t(at t(e priary risks are easy to un-erstan- an- t(at t(e risk anageent -ecisions ay !e prioriti)e-.

Step 3  isk *reatment@Management Once risks (ae !een i-entifie- an- assesse-8 tec(ni=ues to anage t(e risk fa into one or ore of t(e four aor *TARA+ categories Transfer Aoi-ance Re-uction Accept

< S(aring :it( anot(er party e.g. Outsource or insure+ < 0iinate8 :it(-ra: fro or not !ecoe inoe< Contro an- itigate < Accept t(e risk an- !u-get for its possi!e occurance

isk transfer 9efine- as Fs(aring :it( anot(er party t(e !ur-en of oss or t(e !enefit of gain8 fro a risk8 an- t(e easures to re-uce a risk.F T(is is usuay -one on one of t:o :ays 1. Insuring t(e risk an- (ence passing t(e financia risk on to t(e insurance copany 2. Outsourcing  so t(at t(e risk is passe- to t(e out sourcer as part of t(e contract. Hote t(at soe eeent of t(e risk is often retaine- !y t(e copany. In t(e eent of a fire8 t(e !usiness ay !e a!e to recai t(e financia osses8 !ut t(ere ay !e reputationa risk or risk of oss of custo t(at t(e !usiness retains. © Strategic Business Coaching Ltd 2013 Personal use only - not licensed for use on courses

20


www.astranti.com

isk a$oi(ance T(is incu-es not perforing an actiity t(at cou- carry risk. An e;ape :ou- !e not !uying a property or !usiness in or-er to not take on t(e ega ia!iity t(at coes :it( it. Anot(er :ou- !e not fying in or-er not to take t(e risk t(at t(e airpane :ere to !e (iacke-. Aoi-ance ay see t(e ans:er to a risks8 !ut aoi-ing risks aso eans osing out on t(e potentia gain t(at accepting *retaining+ t(e risk ay (ae ao:e-. Hot entering a !usiness to aoi- t(e risk of oss aso aoi-s t(e possi!iity of earning profits.

isk re(uction Risk re-uction inoes re-ucing t(e seerity of t(e oss or t(e ikei(oo- of t(e oss fro occurring. $or e;ape8 sprinkers are -esigne- to put out a fire to re-uce t(e risk of oss !y fire8 :(ie ocks on -oors re-uce t(e risk of t(eft8 as -o security guar-s. Mo-ern soft:are -eeopent et(o-oogies re-uce risk !y -eeoping an-eiering soft:are increentay. 0ary et(o-oogies suffere- fro t(e fact t(at t(ey ony -eiere- soft:are in t(e fina p(ase of -eeopentL any pro!es encountere- in earier p(ases eant costy re:ork an- often eopar-i)e- t(e :(oe proect. By -eeoping in iterations8 soft:are proects can iit effort :aste- to a singe iteration.

isk retention@acceptance Retention inoes accepting t(e oss8 or !enefit of gain8 fro a risk :(en it occurs. True sef insurance fas in t(is category. Risk retention is a ia!e strategy for sa risks :(ere t(e cost of insuring against t(e risk :ou- !e greater oer tie t(an t(e tota osses sustaine-. A risks t(at are not aoi-e- or transferre- are retaine- !y -efaut. T(is incu-es risks t(at are so arge or catastrop(ic t(at t(ey eit(er cannot !e insure- against or t(e preius :ou- !e infeasi!e. >ar is an e;ape since ost property an- risks are not insure- against :ar8 so t(e oss attri!ute- !y :ar is retaine- !y t(e insure-. Aso any aounts of potentia oss *risk+ oer t(e aount insure- is retaine( risk. T(is ay aso !e accepta!e if t(e c(ance of a ery arge oss is sa or if t(e cost to insure for greater coerage aounts is so great it :ou- (in-er t(e goas of t(e organisation too uc(.


21


www.astranti.com

Create a risk management@treatment p&an $or eac( risk i-entifie-8 appropriate contros or countereasures s(ou- !e seecte- $or e;ape8 an o!sere- (ig( risk of coputer iruses cou- !e itigate- !y ac=uiring an- ipeenting antiirus soft:are. A goo- risk anageent pan s(ou- contain a sc(e-ue for contro ipeentation anresponsi!e persons for t(ose actions. 0ac( approac( ust !e approe- !y t(e appropriate ee of anageent. $or instance8 a risk concerning t(e iage of t(e organi)ation s(ou- (ae top anageent -ecision !e(in- it :(ereas IT anageent :ou- (ae t(e aut(ority to -eci-e on coputer irus risks. T(e risks an- agree- et(o-s of anaging t(ese risks are suarise- in a Risk ManageentKTreatent /an8 :(ic( -ocuents t(e -ecisions a!out (o: eac( of t(e i-entifie- risks s(ou- !e (an-e-. T(e risk re-uction easures ay !e prioritise- !ase- on t(e iportance to t(e !usiness an- t(e cost.

Step % > Imp&ementation Ipeentation foo:s a of t(e panne- et(o-s for itigating t(e effect of t(e risks. /urc(ase insurance poicies for t(e risks t(at (ae !een -eci-eto !e transferre- to an insurer8 aoi- a risks t(at can !e aoi-e- :it(out sacrificing t(e entitys goas8 re-uce ot(ers8 an- retain t(e rest.

Step 5 > e$iew an( contro& Initia risk anageent pans :i neer !e perfect. /ractice8 e;perience8 an- actua oss resuts :i necessitate c(anges in t(e pan an- contri!ute inforation to ao: -ifferent -ecisions to !e a-e in -eaing :it( t(e risks !eing face-. Risk anaysis resuts an- anageent pans s(ou- !e up-ate- perio-icay. T(ere are t:o priary reasons for t(is •

•

to eauate :(et(er t(e preiousy seecte- contros are sti appica!e an- effectie to eauate t(e possi!e risk ee c(anges in t(e !usiness enironent. C(anges in proce-ures8 tec(noogy8 sc(e-ues8 !u-gets8 arket con-itions8 poitica enironent8 or ot(er factors typicay re=uire re

22


3.

www.astranti.com

nterprise risk management :M;  C2S2

8efinition Enterprise risk management (ERM) is a risk-based approach to managing an enterprise, and is one of the world’s most common methodologies used to manage risk in an organisation. It aims to help organisations understand the risks facing organisations and develop control strategies to ensure they are effectively managed. It was developed in 2004 by COSO (the Committee of Sponsoring Organisations of the Treadway Commission).

T(e 0RM cu!e represents (o: 0RM :orks t(roug(out t(e organisation. T(e four 0RM o!ecties are s(o:n on t(e top of t(e cu!e. T(e eig(t processes :(ic( you (ae to go t(roug( to un-etake 0RM are s(o:n on t(e front face8 :(ie t(e eeents on t(e rig(t face ai to s(o: t(at t(ese s(ou- !e foo:e- in eery part of t(e organisation i.e. in eac( su!si-iary8 !usiness unit8 -iision an- in-ee- t(e organisation as a :(oe.

27ecti$es of enterprise risk management This enterprise risk management framework is geared to achieving the following four key objectives:


23

CIMA P3 Course Notes •

•

• •

www.astranti.com

Strategic: high-level strategic goals, aligned with and supporting its mission Operations: effective and efficient use of its resources at an operational level in the business Reporting: reliability of reporting (e.g. financial reports) Compliance: compliance with applicable laws and regulations

ight framework components The eight components of enterprise risk management are:

Interna& en$ironment The internal environment encompasses the tone of an organisation, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. 27ecti$e setting Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite. $ent i(entification Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channelled back to management’s strategy or objective-setting processes. isk assessment Risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis. isk response Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite. Contro& acti$ities Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out. Information an( communication Relevant information is identified, captured, and communicated in a form and time frame that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity. Monitoring The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.


24


%.

www.astranti.com

CIMAs isk Management Cyc&e

T(e CIMA risk anageent cyce is anot(er risk anageent o-e8 siiar in nature to t(e COSO o-e of risk anageent. It outines t(e foo:ing steps for risk anageent 1. 0sta!is( a risk anageent group an- set goas. 2. I-entif y risk areas. 3. n-erstan- an- assess t(e scae of risk. 4. 9eeop a risk response strategy. #. Ipeent t(e strategy an- aocate responsi!iities. 6. Ipeent an- onitor t(e suggeste- contros. &. Reie: an- refine t(e process an- -o it again.

While not as commonly used in practise as the COSO model, it has been specifically examined in the P3 exam, and so must be learnt.

5.

Pro&ems of risk management

Managing an- organisations risks effectiey can !e a -ifficut process. 'ere are soe of t(e key reasons

Su7ecti$e /ro!a!iity an- ipact can often !e su!ectie8 aking t(e -egree of risk (ar- to assess. T(e !est approac( to anaging t(e risk is aso often su!ectie.

#i$ing too high a priority to risk management /rioritising t(e risk anageent processes too (ig(y can ake t(e organistaion or proect oery !ureaucratic :it( eery processes re=uiring -etaie- contros. It can aso ean t(at soe proects neer get starte- or are -eaye- starte-8 as t(e risks are assesse- or are perceie- as unkno:n or e;cessiey (ig(. T(is ay resut in a ack of innoation an- osing copetitie e-ge to faster oing copetitors. Spen-ing too uc( tie assessing an- anaging unikey risks can aso -iert resources t(at cou- !e use- ore profita!y.

9uman error 'uan faiures suc( as sipe errors or istakes can ea- to ina-e=uate responses to risk.

Contro&s can e circum$ente(


25


www.astranti.com

Contros can !e circuente- !y cousion of t:o or ore peope or !y an IT iterate epoyee8 an- anageent (as t(e a!iity to oerri-e risk anageent -ecisions. /eope are often otiate- !y persona gain an- not anaging risk8 an- so ay circuent contros for t(ose reasons. 0.g. Neroe 5erie at Societe enerae ost #!n t(roug( circuenting t(e !anks contros oer tra-ing.


26


www.astranti.com

Strategic Mock 
-u&& marking an( (etai&e( fee(ack $u ock arking 9etaie- an- personaise- fee-!ack to focus on (eping to pass t(e e;as

Persona& coaching on your mock e
Strategic an( -inancia& ana&ysis of the Pre>seen Strategic ana&ysis < a key !usiness strategy o-es in 03 -inancia& ana&ysis  !ase- aroun- t(e $3 sya!us isk ana&ysis  !ase- aroun- t(e /3 sya!us 3% page strategic report $u i-eo anaysis of (o: a key o-es appy to t(e unseen Ji-eo intro-uction to a t(e key o-es

Persona& Coaching Courses /ersona coac(ing to get you t(roug( t(e e;a

*uition Course  /ersonaise- tuition to gie you t(e re=uire- sya!us kno:e-ge  taiore- to your nee-s e$ision Course < /ractise past e;a =uestions :it( persona fee-!ack on your tec(nica :eaknesses an- e;a approac( an- tec(ni=ue esit Course  I-entifying :eaknesses fro past attepts an- proi-ing personaise- gui-ance an- stu-y gui-es to get you t(roug( t(e e;a


27

CIMA P3 Notes - Chapters 1 and 2

Recommend Documents