AD 610 MIDTERM REVIEW

Are upside and strategic risks synonymous to each other?

I. ORGANIZATIONAL SURVIVAL

a. Response & Resilience

i. Risk management  

ii. Business continuity

iii. Emergency management

iv. Change management

b. Strategic Efficacy

i. Market responsiveness

ii. Competitive efficacy

c. System contributors

i. Economic conditions

ii. Political developments

II. TOTAL EXPOSURE MANAGEMENT

a. Risk Management Shield – the goal is to deflect the various threats that are posed by internal and external factors b. Organizational Resilience buffer – goal is to absorb and withstand those shots

What two key notions are observed when it comes to risk types?

c. Change Management – internal to the organization; how the organization chooses to change how it operates;  organizational restructuring, deployment of new systems, etc.

d. Overall goal = protect assets: people, physical facilities, financial assets, intellectual property i. Knowledge; you have to have learned how to do it

ii. Agility; flexibility to make necessary changes to functions

iii. Communication; without communication you cannot do anything

III. ORGANIZATION EXPOSURES

a. Known Risks: management goal = impact minimization;  

b. Unknown Threats: management goal = vulnerability reduction; If you want to learn more check out What is the ultimate goal of anarchy?

c. Self-Transformation: goal = management benefit maximization;

What is the scope of the coso framework?

IV. THREATS

a. Non-Speculative = prescribed; laws say if you do X, this will be the consequence. Black and white. i. Liability

b. Speculative = we do not know what the consequences will be

i. Risk = estimable

ii. Uncertainty = non-estimable

V. RISK AS OPPORTUNITY OR AS THREAT

a. Upside Risk – beneficial outcome; maximize the potential for growth

i. Upside/strategic risk are synonymous; risk associated with the choices we make for the purpose of  realizing gains

AD 610 MIDTERM REVIEW

b. Downside Risk – no potential to gain anything; minimizing the likelihood of loss-generating event i. INTERNAL – managerially controlled (compliance, operational, reputational)

ii. EXTERNAL

1. Controllable (regulatory, professional, supply chain)

2. Not controllable (financial, market, political, economic, natural, socio-cultural, environmental,  technological)

c. Competitive Advantage

VI. KEY RISK NOTIONS

a. Risk type – any risk has to be expressed in terms of these two key notions in order for us to estimate the exposure;  one without the other results in an undefined/indeterminate exposure. The two are independent of each other i. Likelihood = chance of occurrence We also discuss several other topics like .which school of jurisprudence is incorrectly matched?

ii. Severity = relative impact

VII. RISK ASSESSMENT

a. Identification – clearly defined risk

b. Estimation – analysis of risk on earnings

c. Mapping – matrix of individual risks categorized in the context of estimated likelihood and severity d. Response

i. Accept – do nothing (based on cost and/or options)

ii. Reduce – mitigation; reduces likelihood and/or severity of specific risk types

iii. Avoid – exiting out of activities that give rise to risks  

iv. Transfer – insuring, sharing, or otherwise outsourcing specific risks; market transaction – makes sense for  whoever is passing it off, and for whomever is receiving it.  

e. Capitalization – virtually all non-zero likelihood risk have capital implications

VIII. AGENCY DILEMMA – do you trust what they do? Force managers to provide more information in more detail more  frequently  

a. Principal hires an agent; agent performs the task on behalf of the principal; principals need to ensure that the  agent is going to make good decisions in terms of the tasks their responsible for We also discuss several other topics like What do these objects tell us about human culture?

IX. Call for ERM We also discuss several other topics like What will the water look like if the container is tilted?

a. Securities (1933) / Securities Exchange (1934) – created transparency in financial statements so investors could  make informed decisions about investments, and established laws against misrepresentation and fraudulent  activities in securities markets Don't forget about the age old question of Which type of attachment reflect the healthiest caregiver-child relationship?

b. Sarbanes-Oxley Act of 2002 Section 404 – companies are required to publish information in their annual reports  concerning the scope and adequacy of internal control structure and procedures for financial reporting c. Creditworthiness scoring – credit ratings for corporate debt; S&P, Moody’s, FitchDon't forget about the age old question of How would you differentiate conditioned stimulus from conditioned response?

AD 610 MIDTERM REVIEW

d. Risk management as a source of firm’s competitive advantage – viewed as an expense that was to be minimized;  provide better coverage at a lower cost and maximize your opportunities associated with the upside risk you’ll be  better off than your competitors

X. ERM FRAMEWORKS

a. COSO Framework – North American regulatory demands; the composition of it, what goes into it in a very  reductive manner in which it breaks everything down into small pieces and one to evaluate piece by piece based  on NA regulations

b. ISO 31000 – created to be a worldwide standard; in order for it to be applicable in all 200+ countries in the world it  has to be general and vague.  

i. Building Blocks:

1. Risk Architecture – specify roles, responsibilities and risk communication

2. Risk Strategy – define risk appetite and philosophy, and develop risk policy

3. Risk Protocol – spell out operational risk guideline to include rules, procedures, tools and  

methodologies

c. Limitations to ERM – it is still very early in its maturity as an academic body of knowledge and applied practice i. Although the term ‘enterprise’ suggests an all-inclusive scope, substantive ERM research has focused  predominately on risks with well-defined statistical properties (e.g., accidents, credit risk), which means  that ‘soft’ risks (e.g., cultural, innovation) and those that do not lend themselves to mathematical analyses  have been overlooked…

ii. Reliance on mathematically complex, obscure methods diminished the utility of risk estimation tools…The  Great Recession, credit default swaps and the Gaussian copula function…

iii. ERM acceptance by an organization is not a panacea – for example, the Institute of Internal Auditors  praised Countrywide Mortgage as an exemplar of ERM adaption, but a year later Countrywide was in  bankruptcy…  

d. RISK ESTIMATION: ERM Framework ???? Risk Assessment Approach ???? Knowledge Creation ???? Risk-specific  Estimation

e. Facts (past) versus Estimates (future)

f. The Notion of Volatility – dispersion or variability about the average (e.g., mean); degree to which we expect the  outcome going forward based on previous facts/events

i. Upside Variance; outcome tends to be above the mean

ii. Downside Variance; outcome tends to be below the mean

g. Probability estimation - an expression of historical (i.e., past) volatility applied to expectations regarding the  future (probability and likelihood are synonymous); univariate vs. multivariate

i. Frequentist: historical data is a good representation of events going forward; adequate amounts of data  to calculate probability, based strictly on projecting past occurrences into the future

ii. Bayesian: not much historical data available; combines prior events/beliefs with expert opinion to project an estimate of how likely something is to happen into the future

AD 610 MIDTERM REVIEW

XI. RISK PROFILING

a. An organization’s risk profile can be viewed as a bundle of characteristics, some of which represent traits that the  organization shares with high risk prototype, while others represent traits that the organization shares with low  risk prototype.  

b. Competitive advantage: to manage risk is to exploit downside threats as well as upside opportunities in a  manner that makes positive contribution to the firm’s competitiveness. 

c. Good risk taker – firm’s value increases as a result of its risk management

d. Poor Risk Taker – firm’s value decreases as a result of its risk management

e. Estimate individual risks and then evaluate the exposure in terms of those individual risks by relating them to a  meaningful benchmark

XII. THREAT EXPOSURE

a. From the standpoint of competition, an organization-specific exposure to individual threats needs to be evaluated  in relation to that organization’s peers.

XIII. LOGIC OF RISK ANALYTICS

a. Estimable risk – meaningful way of estimating the likelihood and severity of the event so we can analyze it

XIV. RISK MAPPING: ERM Framework ???? Risk Assessment Approach ???? Knowledge Creation ???? Risk-Specific Estimation ???? Risk Mapping

a. managing the totality of an organization’s risk exposures

i. SEVERITY (impact) – low/high

ii. RISK (probability) – low/high

iii. Risk Indexing combines