TOPIC 1 Types of risks

The Oxford English Dictionary definition of risk Risks are divided into four categories:
is as follows: ‘a chance or possibility of danger,
loss, injury or other adverse consequences’, and  Compliance (or mandatory) risks;
the definition of at risk is ‘exposed to danger’.  hazard (or pure) risks;
 control (or uncertainty) risk
Risk is used to signify negative consequences.  opportunity (or speculative) risks
However, taking a risk can also result in a
positive outcome. 1. Organizations will seek to
minimize compliance risks, mitigate hazard
A third possibility is that risk is related to risks, manage control risks and embrace
uncertainty of outcome. opportunity risks.

DEFINITIONS OF RISK: However, it is important to note that there is no

‘right’ or ‘wrong’ subdivision of risks.
ISO GUIDE 73 Effect of uncertainty
ISO 31000 on objectives. Note More common to find risks described as two
that an effect may be types, pure or speculative.
positive, negative, or
a deviation from the Pure risk refers to risks that are beyond human
expected. Also, risk is control and result in a loss or no loss with no
often described by an possibility of financial gain. Fires, floods and
event, a change in other natural disasters are categorized as pure
circumstances or a risk, as are unforeseen incidents, such as acts of
consequence. terrorism or untimely deaths. ( reference :
Institute of Risk Risk is the https://www.google.com/)
Management combination of the
Speculative risk is a category of risk that, when
probability of
undertaken, results in an uncertain degree of
an event and its
gain or loss. In particular, speculative risk is the
consequence.
possibility that an investment will not
Consequences can
appreciate in value. Speculative risks are made
range from positive to
as conscious choices and are not just a result of
negative.
uncontrollable circumstances.
Orange Book from HM Uncertainty of
Treasury outcome, within a 2. There are certain risk events that can only
range of result in negative outcomes. These risks
exposure, arising from are hazard risks or pure risks, and these may be
a combination of the thought of as operational or insurable risks. In
impact and the general, organizations will have a tolerance of
probability of hazard risks, and these need to be managed
potential events. within the levels that the organization can
Institute of Internal The uncertainty of an tolerate.
Auditors event occurring that
could have an impact
on the achievement of
the objectives. Risk is A good example of a hazard risk faced by many
measured in terms of organizations is that of theft.
consequences and
likelihood.
3. There are other risks that give rise There are two main aspects associated with
to uncertainty about the outcome of a opportunity risks:
situation. These can be described as control
risks and are frequently associated with project a. There are risks/ dangers associated with
management. taking an opportunity, but there are also risks
associated with not taking the opportunity.
In general, organizations will have an aversion
to control risks. Uncertainties can be associated b. Opportunity risks may not be visible or
with the benefits that the project produces, as physically apparent, and they are often financial
well as uncertainty about the delivery of the in nature. Although opportunity risks are
project on time, within budget and to taken with the intention of obtaining a positive
specification. The management of control risks outcome, this is not guaranteed.
will often be undertaken in order to ensure that
Risk likelihood and magnitude
the outcome from the business activities falls
within the desired range. Risk likelihood and magnitude are best
demonstrated using a risk matrix. Risk matrices
4. Organizations deliberately take risks,
can be produced in many formats.
especially marketplace or
commercial risks, in order to achieve a positive A simple risk matrix, also referred to as a risk
return. These can be considered as opportunity map or heat map. This is a commonly used
or speculative risks, and an organization will method of illustrating risk likelihood and the
have a specific appetite for investment in such magnitude (or severity) of the event should the
risks. risk materialize.
Opportunity risks relate to the relationship The risk matrix can be used to plot the nature of
between risk and return. The purpose is to take individual risk, so that the organization can
action that involves risk to achieve positive decide whether the risk is acceptable and within
gains. The focus of opportunity risks will be the risk appetite and/or risk capacity of the
towards investment. organization.
Hazard risks are associated with a source of The horizontal axis is used to represent
potential harm or a situation with the potential likelihood. The term likelihood
to undermine objectives in a negative way and is used rather than frequency, because the
hazard risk management is concerned with word frequency implies that events will
mitigating the potential impact. definitely occur and the risk matrix is registering
how often these events take place.
Hazard risks are the most common risks
associated with operational risk management,
Likelihood is a broader word that includes
including occupational health and safety
frequency, but also refers to the chances of an
programmes.
unlikely event happening.
Control risks are associated with unknown and The vertical axis is used to indicate magnitude.
unexpected events. They are sometimes The word magnitude is used rather than
referred to as uncertainty risks and they can be severity, so that the same style of risk matrix
extremely difficult to quantify. can be used to illustrate compliance, hazard,
control and opportunity risks.
Control risks are often associated with project
management and the implementation of Severity implies that the event is undesirable
tactics. and is, therefore, related to compliance and
hazard risks. The magnitude of the risk may be
considered to be its gross or inherent level
before controls are applied.
 Topic 2
Figure 1.1 plots likelihood against the
magnitude of an event. However, the more What is Risk?
important consideration for risk managers is not
In finance, risk is the probability that actual
the magnitude of the event, but the impact of
the event and the consequences that follow. results will differ from expected results. In
the Capital Asset Pricing Model (CAPM), risk is
For example, a large fire could occur that defined as the volatility of returns. The concept
completely destroys a warehouse of a of “risk and return” is that riskier assets should
distribution and logistics company. Although
have higher expected returns to compensate
the magnitude of the event may be large, if
sufficient insurance is in place, investors for the higher volatility and increased
the impact in terms of financial costs for the risk.
company could be minimal, and if the company
has produced plans to cope with such an event, Types of Risk
the consequences for the overall business may
Broadly speaking, there are two main categories
be much less than would otherwise be
anticipated. of risk: systematic and unsystematic. Systematic
risk is the market uncertainty of an investment,
The magnitude of an event may be considered meaning that it represents external factors that
to be the inherent level of the event and the
impact all (or many) companies in an industry
impact can be considered to be the risk-
managed level. Because the impact (and the or group. Unsystematic risk represents the
associated consequences) of an event is usually asset-specific uncertainties that can affect the
more important than its magnitude (or performance of an investment.
severity), every risk matrix used will plot impact
against likelihood, rather than magnitude Below is a list of the most important types of
against likelihood. risk for a financial analyst to consider when
evaluating investment opportunities:
Low likelihood High likelihood
High magnitude High magnitude Systematic Risk – The overall impact of the
Low likelihood High likelihood market
Low magnitude Low magnitude
Unsystematic Risk – Asset-specific or company-
specific uncertainty
The risk matrix is used to provide a visual
representation of risks. Political/Regulatory Risk – The impact of
political decisions and changes in regulation
It can also be used to indicate the likely risk
control mechanisms that can be applied. Financial Risk – The capital structure of a
The risk matrix can also be used to record the company (degree of financial leverage or debt
inherent, current (or residual) and target levels burden)
of the risk.
Interest Rate Risk – The impact of changing
interest rates

Country Risk – Uncertainties that are specific to

a country
Social Risk – The impact of changes in social Below, we will look at two different methods of
norms, movements, and unrest adjusting for uncertainty that is both a function
Environmental Risk – Uncertainty about of time.
environmental liabilities or the impact of
changes in the environment Risk Adjustment
Operational Risk – Uncertainty about a
company’s operations, including its supply chain Since different investments have different
and the delivery of its products or services degrees of uncertainty or volatility, financial
Management Risk – The impact that the analysts will “adjust” for the level of uncertainty
decisions of a management team have on a
involved. Generally speaking, there are two
company
Legal Risk – Uncertainty related to lawsuits or common ways of adjusting: the discount rate
the freedom to operate method and the direct cash flow method.
Competition – The degree of competition in an
industry and the impact choices of competitors
will have on a company.

Discount Rate Method - The discount rate

method of risk-adjusting an investment is the
most common approach, as it’s fairly simple to
Time vs. Risk use and is widely accepted by academics. The
concept is that the expected future cash flows
The farther away into the future a cash flow or from an investment will need to be discounted
an expected payoff is, the riskier (or more for the time value of money and the additional
uncertain) it is. There is a strong positive risk premium of the investment.
correlation between time and uncertainty.
Direct Cash Flow Method - The direct cash flow
method is more challenging to perform but
offers a more detailed and more insightful
analysis. In this method, an analyst will directly
adjust future cash flows by applying a certainty
factor to them. The certainty factor is an
estimate of how likely it is that the cash flows
will actually be received. From there, the
analyst simply has to discount the cash flows at
the time value of money in order to get the net
present value (NPV) of the investment. Warren
Buffett is famous for using this approach to
valuing companies.
Risk Management Deleveraging - Companies can lower the
uncertainty of expected future financial
There are several approaches that investors and performance by reducing the amount of debt
managers of businesses can use to manage they have. Companies with lower leverage have
uncertainty. Below is a breakdown of the most more flexibility and a lower risk of bankruptcy
common risk management strategies: or ceasing to operate.
Diversification - Diversification is a method of It’s important to point out that since risk is two-
reducing unsystematic (specific) risk by
sided (meaning that unexpected outcome can
investing in a number of different assets. The be both better or worse than expected), the
concept is that if one investment goes through above strategies may result in lower expected
a specific incident that causes it to under returns (i.e., upside becomes limited).
perform, the other investments will balance it
out.

Hedging - Hedging is the process of eliminating

uncertainty by entering into an agreement with
a counter party. Examples include forwards,
options, futures, swaps, and other derivatives
that provide a degree of certainty about what
an investment can be bought or sold for in the
future. Hedging is commonly used by investors
to reduce market risk, and by business
managers to manage costs or lock-in revenues.

Insurance - There is a wide range of insurance

products that can be used to protect investors
and operators from catastrophic events. Spreads and Risk-Free Investments
The concept of uncertainty in financial
Examples include key person insurance, general
investments is based on the relative risk of an
liability insurance, property insurance, etc. investment compared to a risk-free rate, which
While there is an ongoing cost to maintaining is a government-issued bond. Below is an
insurance, it pays off by providing certainty example of how the additional uncertainty or
against certain negative outcomes. repayment translates into more expense
(higher returning) investments.
Operating Practices - There are countless
operating practices that managers can use to
reduce the riskiness of their business. Examples
include reviewing, analyzing, and improving
their safety practices; using outside consultants
to audit operational efficiencies; using robust
financial planning methods; and diversifying the
operations of the business.
As the chart above illustrates, there are higher fails to maintain balance between the two, it
expected returns (and greater uncertainty) over could effect cash flows and earnings. Therefore
time of investments based on their spread to a the risk arises from the sub-optimal level of the
risk-free rate of return. debt equity mix.

Systematic risk refers to the risk inherent to the 3. Operational Risk - Operational Risk arises
entire market or market segment. Systematic due to negligence or unforeseen events, such as
risk, also known as undiversifiable risk, volatility supply chain problems, breakdown of
machinery, data breaches etc. Operational risk
risk, or market risk, affects the overall market,
includes risk from day to day operations and
not just a particular stock or industry. companies take up preventive measures
regularly to avoid equipment related issues.
What are the factors of systematic risk?

Systematic risk is the overall, day-to-day, 4. Strategic Risk - The risk involves
ongoing risk that can be caused by a management’s failure to take right decision
combination of factors, including the economy, regarding its product or services. An example of
interest rates, geopolitical issues, corporate this is the company entering in to partnership
health, and other factors. with a fraud entity. Another example is
management could not visualize in advance or
Unsystematic risk refers to risks that are not not being able to change course when the
shared with a wider market or industry. product is not performing well.
Unsystematic risks are often specific to an
individual company, due to their management, 5. Legal and Regulatory Risk - The legal risks
financial obligations, or location. Unlike relate to changes in laws or regulations that go
systematic risks, unsystematic risks can be against the company or industry. Usually such
reduced by diversifying one's investments. changes increase cost or make operations more
difficult. These risks also include companies
Types of Unsystematic Risk violating laws.

The following are the types of Unsystematic EXAMPLES OF UNSYSTEMATIC RISK

Risk
Most Unsystematic Risk are related to errors in
1.Business Risk - Business Risk includes internal entrepreneurial judgement. Suppose a watch
factors that risks the revenue and performance manufacturing company performs market
of the company. This includes not obtaining research and finds that consumers want small
proper copyright for a new brand or a patent watches instead of big straps and the products
for a new product. Thereby the competitor can are altered accordingly. Later on the company
have a freehand to introduce the same product finds it that the consumer actually needs large
or use the same brand. Business risk can occur watches instead of small. Now the existing
due to external factors also known as inventory goes unsold or it has to be sold at a
government agencies that may prohibit a drug major loss. This can damage the stock price.
that a company sells.
Another example of unsystematic Risk is the
2. Finance Risk - Financial Risk means risk litigation risk which the company faces due to
related to company’s capital structure. The legal action. Some companies face greater
capital structure of all the companies usually litigation risk. For example a company whose
has a mix of debt and equity. To derive products are more likely to be defective will
maximum benefits from the capital structure a face more litigation and action suits than the
company must maintain and strive to achieve other companies.
optimal mix of debt and equity. If the company
One extremely common form of political risk is Country risk refers to the economic, social, and
regulatory risk, which refers to the possibility of political conditions and events in a foreign
governmental changes or new policies that country that may adversely affect a financial
institution's operations. Banks must institute
could hinder a company's activities.
adequate systems and controls to manage the
Types of Political Risks inherent risks in their international activities.

What is country specific risk examples?

These include taxes, spending, regulation,
currency valuation, trade tariffs, labor laws
Specific risks include fluctuations in currency
such as the minimum wage, and exchange rates, economic or political instability,
environmental regulations. The laws, even if the potential for trade sanctions or embargo
just proposed, can have an impact. and anything else occurring in the country that
could negatively impact the business
What is an example of a regulatory risk? environment or trade and cash flows in and out
of that country.
Regulatory risks could, for instance: increase
the costs of running a business - eg costs to Social risk . This risk can be defined as the
exposure to adverse consequences stemming
achieve compliance. Change the competitive
from population-based activities and negative
landscape - eg perhaps invalidating your public perception. In other words, social risk is a
business model. Make your business practices manifestation of what goes on around us and is
illegal - eg new law changing rules on driven by influences inside every one of us—
marketing. beliefs, emotions, mental health, fears and
anxieties.
Financial risk is the possibility of losing money
on an investment or business venture. Some Examples include labor issues, human rights
more common and distinct financial risks violations within the workforce, and
include credit risk, liquidity risk, and operational corruption by company officials. Public health
risk. Financial risk is a type of danger that can issues can also be a concern as they can impact
result in the loss of capital to interested parties. absenteeism and worker morale.

What are the 4 main financial risks? What are the four types of social risk?

There are many ways to categorize a company's These are governance failures, institutional
financial risks. One approach for this is provided disincentives, elite's exploitations, and
by separating financial risk into four broad inefficiency.
categories: market risk, credit risk, liquidity
risk, and operational risk. 1. Governance traps of social risk

Interest rate risk is the probability of a decline 2. Institutional disincentives

in the value of an asset resulting from
3. Elites and security forces exploitation
unexpected fluctuations in interest rates.
Interest rate risk is mostly associated with fixed- 4. Inefficient social protection arrangements
income assets (e.g., bonds) rather than with
equity investments. The interest rate is one of
the primary drivers of a bond's price.
Environmental risk is the probability and operational risks caused by people are heavily
consequence of an unwanted accident. Because tied to financial repercussions.
of deficiencies in waste management, waste
transport, and waste treatment and disposal, Processes- Every company has its own
several pollutants are released into the processes. More complex manufacturing
environment, which cause serious threats to companies (i.e. a vehicle manufacturer) will
human health along their way. have different processes compared to a service-
only law firm. In either case, all companies have
What are three types of environmental risk steps that must be performed in sequential
factors? order or else detrimental outcomes are
possible.
Environmental risks to health include pollution,
radiation, noise, land use patterns, or climate The 7 Categories of Operational Risk
change The four causes above can be expanded and
broken into 7 main categories of operational
Operational risk is the risk of loss as a result of
risk. These 7 primary categories include (in no
ineffective or failed internal processes, people,
systems, or external events which can disrupt particular order):
the flow of business operations. These
operational losses can be directly or indirectly Internal fraud: employees conspiring and often
financial. colluding to overtake internal controls and
misappropriate company resources.
CAUSES OF OPERATIONAL RISK
External fraud: independent parties outside of
Operational risk is usually caused by four the company attempting to bribe, thieve, forge,
different avenues: or cyber attack.
People, processes, systems, or external events.
For many aspects of operational risk, companies Technology failures: deficiencies in computer
must simply try to mitigate the risk within each systems, hardware, software, or the interaction
category as best as possible with the between any of their components.
understanding that some operational risk will
likely always be present. Process execution: management's inability to
properly assess a situation and deploy the right
People - Operational risk caused by people can strategy or failure to execute a correct strategy.
arise due to employee deficiencies or employee
shortages. For example, a company may not Safety: violation or risk of violation of
have staff that has the knowledge needed to workplace safety measures, whether physical,
tackle a specific problem. On the other hand, a mental, or other.
company may not have an appropriate quantity
of employees on hand to properly address peak Natural disasters: inclement weather, fire, or
season or the busier times of the year. harsh winter conditions that can put physical
assets at risk and make it impossible for
To mitigate these types of risks, companies can employees to perform their daily tasks.
simply look to markets to hire staff. However,
this introduces new people-centric operational Business practices: operational activities that
risks such as identifying the appropriate harm customers, mislead information, incite
candidates to hire, training staff, and ensuring
negligence, or accidently not be in compliance
employee retention remains high. As each of
these aspects is resource and time-intensive, of requirements.
Management risk is the risk—financial, ethical,
or otherwise—associated with ineffective, 2. Litigation Risks - Litigation risk occurs when
destructive, or underperforming management. an individual, company, or entity’s action or
inaction causes damage. Such risks have a high
Management risk can be a factor for investors
likelihood of legal action.
holding stock in a company.
In most cases, business litigation risks involve a
What is an example of a risk management?
product or service. But, again, firms go to great
Loss Prevention and Reduction: When risk lengths to avoid legal troubles, as it significantly
cannot be avoided, the effect of loss can often damages reputation, trust, and goodwill.
be minimized in terms of frequency and
severity. 3. Regulatory Risks - Firms need to comply with
federal laws and regulations. Compliance
For example, Risk Management encourages the violations immediately result in lawsuits and
use of security devices on certain audio visual penalties. Compliance regulations vary between
equipment to reduce the risk of theft. different segments.

Legal Risk: Firms must oblige to the applicable governing

This type of financial risk arises out of legal body. In addition, firms must respond to
constraints such as lawsuits. Whenever a inquiries promptly and offer full cooperation if a
company needs to face financial losses out of regulatory body conducts an investigation.
legal proceedings, it is a legal risk. Regulatory risks are also referred to as policy
risks. These oversights increase operational
Legal risks occur from negligence or a costs and administrative duties. Therefore,
deliberate failure to comply with client firms must update employees with changing
obligations. It comes under the purview of the regulations.
regulatory framework (Basel II and III) that
governs standards for products, clients, and
business activities. From an investor’s
perspective, potential risks are associated with
tax law violations

There are three types of legal risks.

1. Contract Risks - A contract risk primarily

relates to two situations—damage caused by
either party not fulfilling contract terms or
damage caused by poor performance. That is,
sometimes a party fulfills contract terms but
offers poor service or product quality.

Legal troubles are a big hassle; involved parties

lose business and reputation. Moreover, a
contract is a legal document—a proof of
agreement, the parties are liable to fulfill it; if
not, they invite risks and penalties.

For businesses, reputation is a tricky aspect;

even after getting acquitted, they might not
recover their brand image. Therefore, risk
analyses are highly recommended.