MZUMBE UNIVERSITY

MBEYA CAMPUS COLLEGE

DEPARTMENT OF BUSINESS STUDIES
BACHELOR OF ACCOUNTING AND FINANCE-BAF BS III
RISK MANAGEMENT
RISK AND RISK MANAGEMENT
The future is always wrapped with uncertainty. Had the future outcomes been known, the decision-making
would have been simple! The business decisions are needed to be made against the backdrop of
uncertainty. The uncertain future could unfold with surprises; pleasant at times or unpleasant most of the
times. The unpleasant side of uncertainty is the Risk. Risks, thus, may bring in opportunities for benefit
(Upside) or threats to success (Downside).

RISK

Risk is a combination of the probability of an event and its consequences.

Risk is an ever present part of life since the environment of business is uncertain and decision-making is
subject to uncertainty. Every action or decision involves a risk that things will not turn out as we expect.
Sometimes there is an upside risk that things will turn out better than we expect. Sometimes there is a
downside risk that things will turn out worse than we expect. In most situations both upside and downside
risks are present at the same time. Some events arise because of our actions some events arise from
outside because of the actions of others or because of natural events.

Definition

Risk is the possibility that actual outcomes may be different from those expected.

Risk events are those which may or may not occur, and where the probability of their occurrence will be
assigned based on past records.

Risk is a measure of uncertainty. However, some authors make a difference between risk and uncertainty.

Uncertain events are those where different possible outcomes cannot be identified and whose probabilities
of occurrence cannot be assigned using past records.
Business risk

Business risk refers to the possibility of an organization not achieving its desired amount of profit or
targeted rate of return on investment. Factors like sudden fall in sales, industrial strikes, entry of new
competitors, government regulations, etc. contribute to the risk element associated with conducting
business.

When a business is faced with risk it needs to understand both the probability of events happening and
also the consequences. Probability tells us how likely the future events would be and the consequences tell
us the seriousness of the outcome. Both probability and consequences may be uncertain.

Internal and external risks On the basis of their place of origin, business risks can be broadly classified as
internal risks and external risks.

The business environment is constantly affected by changes that take place to the factors which affect the
organization. The factors may be either external or internal.

1. Internal risks

Internal risks can be associated with events occurring within an organization. These risks can be seen
arising during the ordinary course of a business. It is possible for an organization to forecast such risks by
determining the probability of their occurrence. Internal risks include factors like man, material, money,
machinery and management that are, to an appreciable extent, within the control of business.

Following are some of the factors that are responsible for internal risks in an organization:

(a) Technological factors: unforeseen changes in the technical know-how used by an organization may
lead to the obsolescence of its products / production and distribution processes. In such a situation, the
organization may lose some of its market share to its competitors.

(b) Human causes: internal risks can arise in an organization due to conscious or unconscious activities of
its personnel. Such activities can include acts of negligence and dishonesty, theft, industrial strikes,
management incompetence and inefficiencies, etc.

(c) Data integrity: since products / services of an organization pass through multiple levels before reaching
the final consumers, maintaining data integrity is absolutely important at all levels. If this integrity is not
maintained, it can pose great risk to the business. For example, if details relating to a particular product of a
firm, like bills relating to raw materials, overhead costs, supplier codes, invoices from customers, etc. are
not maintained in a proper way, the entire system can be a failure.

(d) Physical factors: such factors include failure of plant and equipment, theft, leakages and fire in the
warehouse or factory area, damages in the transportation of raw materials or finished goods and any other
form of damage caused to any property of the business.

2. External risks

External risks can be associated with events occurring outside an organization. It is not possible for the
organization to forecast such risks by determining the probability of their occurrence, and thus, is beyond
the control of the management.

External risks arise from external environmental factors like political, legal, economic, suppliers distributors,
employees that are not within the control of business. Some of the factors are discussed below:

(a) Competitors

In order to remain in competition, an organization needs to continuously monitor the

activities of its competitors. This is because competitors’ actions affect the ability of the business to
make profits by influencing the prices, levels of sales etc. Competitors continuously seek to gain
market share and profit of another competitor by differentiating their products and services. An
organization has to formulate its strategies in such a way that the competitor cannot gain an
advantage over it.

(b) Suppliers

Suppliers’ policies also have an impact on the business of an organization. The costs of
production, quality of the product etc. depend on the suppliers’ policies.

Nowadays, the customer is king. If customers do not get good service or competitive prices they
will easily switch over to a competing organization. In a market situation where there is perfect
competition, the challenge is not to gain a customer but to retain a customer. The organization
should continuously study the changes in taste and preferences of their customers and formulate
their strategies accordingly.
(d) Political

Political factors are caused by the role that the government plays in influencing the
environment in which the organization operates. The stability of the government influences
the national economy. If the government changes frequently, it cannot provide a stable
framework for an organization to work within.

(e) Economic environment

This refers to the macro economic factors that have a bearing on the economic
environment within which the organization works. They represent certain financial
variables influencing the environment. The organization should concentrate on those
factors which have a bearing on its strategies and performance. The economic factors
include:

(i) Inflation

Inflation corresponds to an increase in the costs of raw materials, wage rates etc. and
ultimately results in an increase in the cost of production. This results in an increase in the
price for the product.

(ii) Exchange rates

For organizations which have business connections beyond the boundaries of a country,
exchange rates are also a key factor which they need to consider. An organization has to
frame its strategies to avoid losses on account of fluctuations in exchange rates e.g.
hedges, forward contracts etc.

(iii) Interest rates

Interest rates are a key monetary influence for businesses since they affect the borrowing
power of an organization. Higher interest rates increase business costs and therefore
adversely affect the performance of the organization.

(iv) Fisal policies

 Fiscal policies refer to government policies on taxation and spending, to influence
employment and economic activity.

(v) Monetary policies

These policies are concerned with the volume of money in circulation and the cost of
borrowing i.e. the interest rate. Impact of monetary policies on funding environment:
monetary policies i.e. money supply, the level of interest rates and the conditions for the
availability of credit etc. regulate the economy.

Categories of Risks and how can they affect the organization’s objectives.

1. Financial Market risk

Better known as financial market risk, is the risk that the market prices of shares, bonds, currency holdings,
options, derivatives or other asset values and commodities that are used by a company as
instruments of working capital or short-term finance will change adversely and impact profitability, working
capital liquidity and availability of finance.

Many companies hold financial assets, either to maintain liquidity, to generate returns on working capital
reserves, to speculate for gains, to build up investment funds or to act as hedges against other financial
risks or as components in a portfolio of short-term financial investments. The impact of the market risks can
also be on the management of other risks and can hence lead to the creation of liabilities.

2. Credit risk

Businesses are generally operated on a credit basis. Credit risk is the risk that accounts receivables will
not meet their obligations on time. Credit risk impacts the business on a day-to-day basis since the
recovery of dues from customers is affected. Management of credit risk is carried out using techniques
such as discounting bills of exchange, export credit insurance, export factoring and documentary credits.
Credit risk has a particularly strong impact affects when the company exports products and does not
receive payments on time.

The credit risk faced by an entity also depends upon factors such as the volume of credit sales made, the
terms of credit offered to customers, the credit limits offered to various customers and the credit
assessment procedures followed by the company to decide the credit limit and terms of credit to be offered
to a particular customer. These are the internal measures that the company has control over and hence, if
managed properly, may reduce the credit risk.

3. Liquidity risk

Liquidity refers to the non-availability of cash or cash equivalents in the business. The liquidity risk refers to
the risk that the business will not have enough liquidity to fulfil its current liabilities. In other words there is a
mismatch between the inflows and the outflows and the cash flow statements may be at a risk of showing a
negative cash flow. This risk is the result of having insufficient cash or bank balance. Instead, the business
may have illiquid assets that cannot be converted into cash quickly. Assets at times might not realise the
expected value due to a lack of demand or the need to obtain funds quickly. Liquidity risk also arises due to
the unavailability of easy loans in the market.

4. Technological risk

Technological risk is the risk that technology will change and will adversely affect the organization.
Technological risk also creates opportunities for a business in that it gives the business the opportunity to
innovate and advance its systems in line with changes in the market. Technological risk is associated with
the various hardware and software technologies which the business uses.

5. Legal risk

Legal risk arises when new laws, standards, codes and regulations are introduced or the existing ones are
changed. The failure to adhere to the laws, regulations and codes may attract fines, penalties and damage
to public reputation.

Businesses face this risk since they operate within the legal and regulatory parameters as responsible
corporate citizens. They have a responsibility towards promoting lawful behaviour. The legal issues might
involve employment issues, environmental legislation, health and safety and many more key areas.
Corporate governance codes are a part of the reporting regulations that a company needs to follow. Legal
risk is largely associated with the risk of the regulatory and political environment in which an organization
operates.

6. Business probity risk (Dishonesty, integrity risk)

Probity is about honesty and integrity and ultimately the risk here is the risk of fraud. Lack of integrity or
perceived lack of integrity in business dealings can lead to damage to reputation. Fraud may have many
consequences depending on the nature of the fraud.

The following are some examples of fraud that may lead to a risk to business probity:

 Theft by customers or staff

 Theft by management
 Illegal transactions
 Bribes deception aggressive earnings management and window dressing
 Misleading statements to auditors and regulators
 False accounting

Risk management processes

1. Risk awareness at all levels

Risk awareness in an organization is best spread through the existence of a risk committee and a
risk manager / officer. Risk awareness is important at all organizational levels and hence risk
awareness should be spread across the strategic, tactical and operational levels of the
organization. All employees operating at various levels need to be aware of the risks facing the
company so that risk management systems can operate effectively and efficiently.

2. Embedding risk in an organization’s systems, procedures, culture and values

Risk embedding refers to the ways by which the systems and procedures of an entity include risk
awareness as well as risk management. For example, the policies of an entity relating to non-
current assets specify that all non-current assets which are procured need to be immediately
insured. Therefore whenever a non-current asset is procured, the administrative manager intimates
its details to the insurance company.

3. Spreading and diversifying risk

Diversification of risk is the mitigation of the impact of risk so that even if the risk materializes, the
organization will not suffer significant losses. Organizations face risk as a part of business. Some
risks can be mitigated and managed while others cannot. Risks that cannot be managed are the
residual risk that organizations must bear to remain in business. The impact of these residual risks
may, however, be mitigated by diversifying and spreading those risks across the organization or
amongst the various products manufactured by the company.

Methods of diversifying risks are as follows:

A. Diversifying risks through financial management techniques

B. Diversification of risks through organic and other forms of business growth
C. Risk transfer

(a) Diversification / spreading risks through financial management techniques

Hedging techniques

Hedging techniques generally involve the use of financial instruments known as derivatives. Two of
the most common derivatives are options and futures. With derivatives, you can develop trading
strategies where a loss in one investment is offset by a gain in a derivative. Diversification of risk
through hedging is the most common form of risk diversification. Hedging involves taking opposite
positions on two different securities. The losing position on one hedge is often offset by a gaining
position on another thereby nullifying the loss. However hedges not only reduce the risk of losses
but also the possibility of gains. This is because, as in the case above, the gain from the purchase
of securities will be minimized by having to sell an equal number of securities. Hedging techniques
are also used to minimize loss by entering into contracts that are a combination of a fixed price and
a variable factor.

(b) Diversification of risks through organic and other forms of business growth

Risks may be diversified by dividing the total amount invested between different business options
or in the same business operating in between different geographical locations. Diversification /
spreading of risks in this manner leads to risk and possible losses being spread over a larger
area or number of businesses so that each area bears less risk.
Companies such as oil, natural gas, construction and clothes manufacturing. This will give him a
wide range of industries in which he has invested and the risk of loss in one may be mitigated by
the possibility of gain in another. It is unlikely that all the industries will face losses at the same time
and that the investor will lose all his money. If the construction industry faces recession, the clothes
manufacturing, oil or natural gas industries may perform well and so the loss will be mitigated.

(c) Risk transfer

Risk can be transferred to other parties if it cannot be mitigated through diversification. This can be
done by conducting business in partnership and through corporations where each shareholder
bears a risk equal to the value of shares held.

Joint ventures are also a method of sharing / transferring risks to other parties.

Insurance is an example of risks being transferred to an insurance company by paying an annual

premium. Risk sharing in such cases is preferable when the potential losses are huge and the
probability of those losses occurring is low.

Joint ventures are entered into when companies want to enter markets in other countries. Joint
ventures help companies to enter into contractual arrangements with local companies to obtain
joint control over certain activities. In this way, the companies can enter into foreign markets more
easily by utilising local companies’ expertise

4. Risk avoidance, reduction, acceptance and transference

(a) Risk avoidance

For a given activity and risk type, risk avoidance, can be defined as the elimination of exposure to
that risk type for that activity. Loosely speaking, it is the elimination of exposure.

Risk avoidance is usually achieved by:

Not undertaking the ‘risk’ activity; for example, not entering into a business venture to avoid the
risk of loss (however, this also rules out the possibility of earning profits).

Undertaking the ‘risk’ activity and at the same time undertaking an additional activity to ‘reverse’ or
otherwise mitigate the risk
(b) Risk retention / acceptance

For a given activity and risk type, risk retention, can be defined as the retention of exposure to that
risk type for that activity. Loosely speaking, it is not eliminating exposure.

It is important to note that often an organization may undertake the ‘risk’ activity and at the same
time undertake additional activity to reduce the risk (risk reduction). As long as some exposure to
the risk remains, it is still considered a case of risk retention. There is usually a cost (a.k.a.
premium) associated with risk reduction activities, proportional to the reduction.

(d) Risk transference

Risk is mitigated by transferring it to another party to accept the risk or share the risk. Risk
transference occurs through legislation, contract, insurance or other means. For example, risk is
transferred from the entity to the insurance company when assets are insured. Joint ventures are
also a method of sharing / transferring risks to other parties. Banks and financial companies
generally provide loans to customers against collaterals. In this way, the risk of non-recovery of
debts is transferred.

Stakeholders and risk

Businesses face risks (both inherent and residual) and the stakeholders have an important impact
on the risk strategy of a company. The risks that the company faces affect the stakeholders
because they affect their interests and the returns they receive from the company.

1. Directors and managers

The directors and managers are the key personnel responsible for decision-making and the
development of strategy. In addition, they are responsible for the implementation and success of
the planned strategy. If the strategy of the business fails or particular strategic objectives are not
achieved due to the directors’ poor risk assessment or management then the directors will face the
risk of losing out on performance related pay, share options or other rewards. Directors also face
being forced out if objectives are not met or if the business fails.
Directors and managers as internal stakeholders have some control over their destiny. Directors
and managers will receive reward for good performance. There may be an argument for the
inclusion of risk management objectives in director’s scorecards.

2. Employees

The biggest risk that employees face is the risk of losing their jobs. Employees also face the risk of
dangerous working conditions (a health and safety risk) and the risk that incentive plans might not
be followed and therefore they might not receive enough incentives etc. Certain risks are
associated with the decisions taken by the company. If these decisions go wrong, the employees
may be adversely affected. Employees may lose their jobs if the strategy of the company goes
wrong and it faces losses.

3. Shareholders

Shareholders are one of the most important stakeholders in the organization. The directors need
to align their risk appetites with those of the shareholders in order to provide them with the desired
growth and returns on investments. Investors / shareholders are generally diverse and scattered.
They are a mix of small individual investors and larger institutional investors.

The attitudes of different shareholder groups towards risks are also different. Whereas small
investors tend to invest in the company for a longer term, institutional investors tend to minimise
the risks by diversifying their portfolios. In order to minimise its risks, the company should
communicate with the shareholders via a transparent reporting procedure regarding the risks that
the company faces

4. Accounts payables

The major risks that accounts payables face from a company are that the company will not pay its
dues on time and that it will stop buying products from them. Conversely the risk that the company
faces in relation to suppliers is that they will not continue to supply materials may push up prices or
may not meet requirements.

5. Customers
 The customers of a company face the risk that they will not be supplied with products of the
required quality due to the various operational and strategic risks that the company may face.
Delays in supply may affect customers adversely since their businesses might be affected. As a
result, a delay in supply has a ripple effect on all the processes that are dependent on the supply.
Other risks are in relation to product safety. If the products are not manufactured according to
customers’ specifications, the customers may have to suffer losses.

6. Communities and general public

This is a broad category of stakeholders that are affected by the manner in which the company
conducts its business. These include the environment, the society at large and the local residents
of the area in which the company operates. A company may give rise to the following risks:

If a company decides to discontinue the operations of one of its plants located in a rural area (in
which it is one of the major employers) then the employment rate in the area will drastically reduce.
The pollution caused by a factory may give rise to health hazards if the waste created during the
production process is not disposed of properly.

7. Governments

Governments are mainly interested in companies because they earn tax revenues from them. The
major risk in this case is the risk that the companies will move their operations abroad and hence
the government will lose revenue. In many western countries, companies have moved or
outsourced many of their operations to countries such as India and China since they can obtain
cheap, skilled labour in these countries. In addition to this risk, governments also face the risk of
reduced revenues if the companies don’t make enough profits.