Risk Assessment, Interrelated Risks, and Management of Financial Risk in Large Organizations

Meaning of Risk Assessment

‘As finance minister, however, I also believe that banks have a vital role in supporting the economic strength of this country. They hold cash deposits and make short and long-term loans, which are vital to other businesses. Taking risks is a normal part of all business operations and our banks need to accept this risk when it comes to lending.’

Ron Ng, the chief executive of BigBank, Dubland’s largest bank, said that continuous and ongoing risk assessment was necessary. He said that despite the finance minister’s call for higher lending, his only duty was to BigBank’s shareholders and it was this duty that guided BigBank’s reduced lending.

Required:

(a) Explain the meaning of ‘risk assessment’ as used by Ron Ng and discuss, in the context of the case, the need for risk assessment to be ‘continuous and ongoing’.
 
(b) Ron Ng believed that his ‘only duty’ as BigBank’s CEO was to the BigBank shareholders.

Explain “interrelated risks” and critically evaluate the issues raised by Ron Ng’s belief.

(c) Explain the term ‘financial risk’ and discuss how management of these risks can be embedded in a large organisation such as BigBank. (10 marks)

Answer

(a)Risk assessment is the process of evaluating the importance of a risk by making an estimate of two variables: the probability of the risk event being realised and the impact that the risk would have if it were realised. Probability refers to the likelihood of the risk materialising and is expressed either as a percentage or as a proportion of one (e.g. a 0·5 risk is considered to be 50% likely). The impact refers to the value of the loss if the risk event were to materialise. The estimated values of these two variables can be plotted on a risk assessment ‘map’, where the two axes are impact and probability. Then, different risk management strategies can be assigned depending upon the area of the map the risk is plotted in.

Risks assessed at low probability and low impact can be accepted or tolerated, those with high impact but low probability are often transferred or shared, risks with low impact but high probability are typically reduced and those with high impact and high probability are typically avoided. Risks that are known to be more likely to occur in the near future (‘proximate’ risks) may be assessed as higher probability and have more urgent strategies applied for managing them.
Continuous and ongoing

The first reason why there needs to be a continuous and ongoing risk assessment is because of the strategic importance of many risks and because of the dynamic nature of those risks being assessed. Some risks reduce over time and others increase, depending upon changes in the business environment that organisations exist in. Accordingly, it should not be seen as a ‘once and for all’ activity. If there is a risk that companies who borrow money become less able to repay their loans than previously, this is a negative change in the business environment (thereby affecting liquidity risk). When business recovers and bank customers’ ability to repay large loans improves, the liquidity risk for the banks is reduced.

Second, it is necessary to always have accurately assessed risks because of the need to adjust risk management strategies accordingly. The probabilities of risk occurring and the impacts involved can change over time as environmental changes take effect. In choosing, for example, between accepting or reducing a risk, how that risk is managed will be very important. In reducing their lending, the banks have apparently decided to reduce their exposure to liquidity risk. This strategy could change to an ‘accept’ strategy when the economy recovers.

Second, technical accounting and monitoring systems need to be implemented that measure and report (to management) on agreed targets, measures and compliance with those. These might involve regular reports against key targets (perhaps monthly) and ‘alerts’ if one or more of the measures strays out of its specified range.

Third, human resource systems can be designed to provide incentives for monitoring and alerting management about the risks. Rather than encouraging risk taking in BigBank, staff appraisals and the reward structures could be designed to reward behaviour more likely to control and mitigate the financial risks.

Fourth, awareness of financial risks, and those things that can increase them, can be normalised as a part of BigBank’s culture. This would mean that it became a normal thing to discuss, tell stories about, create rituals around, etc. In the same way that health and safety risks have become a part of the culture in many organisations, financial risks could be more firmly embedded by achieving this.