...SECTION 4: ASSESSING RISK Risk assessment and management is one of the highest priorities for any organization to safeguard its properties and assets. In a turbulent state, all information and security vulnerabilities should be in a conversant to many regulations. Selected and tested methodologies have been defined and framed to mitigate the risk-assessment to many organizations. The frameworks have been set to help and guide security and risk. One of the methodologies is: Factor Analysis of Information Risk, abbreviated as (FAIR). FAIR is a methodology for understanding, analyzing and measuring information risk. Information policy and security practices have been inadequate available to aid in effectively managing information risk. For the little available information clues, managers and system owners have found it hard to make effective and well-informed decisions to safeguard their systems against such risks and uncertainties as they may happen. FAIR is elevated to address security practice weaknesses. The major aim of this methodology is to allow organizations contribute effort and mitigate the various risk as they may happen. In one accord risk is assessed and measures be taken to counter the menace. The method ensures the organizational risk is defended and or challenge risk determined by use of advanced analysis techniques and also understand how time and resources such as money will impact the organization's security profile in general. The Methodology works with...
Words: 926 - Pages: 4
...1. Imagine you are Bill. How would you explain to Mary the relationship between risk and return of individual stocks? If I were Bill, I would explain to Mary that the relationship between risk and return is simply the additional compensation for bearing risk. If she were to invest in more risky securities, the return may be higher, but if the market falls, her losses could also be quite large. With risky assets, the possibility of it losing value is also greater, compared to a risk-free or low-risk asset. As Mary is described to be a ‘conservative and cautious’ person, she would need to move out of risky assets and invest in lower-risk securities. In order to have a guaranteed expected return, she must invest in securities or assets that are low-risk but would not have as big of a return 2. Mary has no idea what Beta means and how it is related to the required return of her stocks. Explain how you would help her understand these concepts. The Beta is an indication of the amount of systematic risk present in a risky investment, compared to an average risky asset. The beta only represents systematic risk, as unsystematic risk can be diversified enough that it does not exist. An asset with a beta of 1 means that it is of average risk compared to the market. Essentially, the beta of a particular asset will tell you how the stock will perform if the market were to change. If the asset Mary is holding as a beta of 2, and the market dropped by 20%, that particular risky asset...
Words: 311 - Pages: 2
...CEO Toolkit n GLOBAL CEO n January 2003 A CEO’s guide to value at risk models Ravi Madapati* Value at Risk (VaR) models are being used extensively in the world of risk management. VaR provides an upper bound on the potential loss due to adverse market fluctuations. VaR can be used to estimate risk in the case of various financial instruments including bonds, equities and derivatives. S ince the past decade or so no other tool in financial risk management has been heard about as much as Value at Risk (VaR) modeling. VaR has rapidly become the industry standard for measuring and reporting market risk in trading portfolios of banks and other trading institutions. VaR provides an upper bound on the potential loss due to adverse market fluctuations. Any VaR number has to specify which portfolio is being considered (e.g., Equity derivatives book), the confidence level (e.g., 97.5%) and the holding period (e.g., 10 days). VaR objectively tries to combine the sensitivity of the portfolio to market changes and the probability of a given market change. VaR has been adopted by the Basel Committee to set the standard for the minimum amount of capital to be held against the market risks. VaR can be used to estimate risk in the case of various financial instruments including bonds, equities and derivatives. VaR can be used to communicate risk and to control risk by setting limits for frontline traders and operating managers. Pros and cons of using VaR...
Words: 2124 - Pages: 9
...Risk and risk management 1. Credit Risk – The risk of loss of principal or loss of a financial reward stemming from a borrower's failure to repay a loan or otherwise meet a contractual obligation. Credit risk arises whenever a borrower is expecting to use future cash flows to pay a current debt. Investors are compensated for assuming credit risk by way of interest payments from the borrower or issuer of a debt obligation. The higher the perceived credit risk, the higher the rate of interest that investors will demand for lending their capital. Credit risks are calculated based on the borrowers' overall ability to repay. This calculation includes the borrowers' collateral assets, revenue-generating ability and taxing authority (such as for government and municipal bonds). 1) Total loans to assets The loans to assets ratio measures the total loans outstanding as a percentage of total assets. The higher this ratio indicates a bank is loaned up and its liquidity is low. The higher the ratio, the more risky a bank may be to higher defaults. This figure is determined as follows: Loans to Assets = ( Loans / Total Assets ) 2) Nonperforming loans/total loans Nonperforming loans, or NPL, are loans that are no longer producing income for the bank that owns them. Loans become nonperforming when borrowers stop making payments and the loans enter default. The exact classification can vary from institution to institution, but a loan is usually considered to be nonperforming after...
Words: 2314 - Pages: 10
...Risk Management Approach: In identifying risks, the Project Team has also established a baseline risk impact criterion. These impact categories and their associated definitions can be found in Figure 6. CATEGORY | DEFINITION | Critical (5) | An event that, if it occurred, would result in complete failure of the project (minimum acceptable requirements could not be reached) | Serious (4) | An event that, if it occurred, would cause major cost/schedule increases. Secondary requirements may not be achieved. | Moderate (3) | An event that, if it occurred, would cause moderate cost/schedule increases, but important requirements would still be met. | Minor (2) | An event that, if it occurred, would cause only a small cost/schedule increase. Requirements would still be achieved. | Negligible (1) | An event that, if it occurred, would have no effect on the program. | Figure 6: Risk Impact Criterion In addition to the risk impact, the risks probability of occurrence must be identified to completely define the impact a specific risks has on the overall success of the project. The probability of occurrence is defined in Figure 7: PROBABILITY OF OCCURRENCE | INTERPRETATION | 1 - 10% | Very Unlikely to Occur | 11 - 40% | Unlikely to Occur | 41 - 60% | May Occur about Half the Time | 61 - 90% | Likely to Occur | 91 - 99% | Very Likely to Occur | Figure 7: Probability of Occurrence Key Risk # | Risk | Description | Category | Triggers | Probability | Impact...
Words: 976 - Pages: 4
...Summary Chevron commits huge resources to tackle environmental risks; this report studies the viability of doing so. We find that (1) it is using a right combination of internal and external tools to increase workers’ awareness, diversify environmental risks and mitigate moral hazard at the same time; and (2) the Decision Making (“DEMA”) system is valuable to the company in providing a systematic framework to quantify environmental risks. Introduction Chevron operates in the business of petroleum and natural gas exploration, production, refining and marketing, and as such faces huge environmental risks such as oil spills and exhaust emissions. Throughout the years Chevron has honoured its claim in “Protecting People and the Environment” by committing a higher proportion of revenues to environmental spending than its competitors. However, environmental risks and the benefits of managing them are by nature hard to be quantified, while the costs are obvious and substantial. This report studies the viability of Chevron’s investments in two steps. First, it examines the tools Chevron uses to manage environmental risks, and explains why they are different from those used to manage other risks. Second, the report will analyse the pros and cons of the novel DEMA system, an attempt by Chevron to systematically quantify environmental risks. What tools is Chevron currently using to manage environmental business risk? We have categorized the tools currently adopted by Chevron as...
Words: 2821 - Pages: 12
...Possible risks: Project risks: Description & Possible mitigation strategies: • R&D, HR, group management team outstation support risk, Real time report and provide support services. • IT: Hardware & software compatible risk, IT technician will come on site to install the framework and provide training. • Share services support risk, set up new reporting group & new cost centre. (Being late, project being delivered late. Like family emergency or the project itself failing just as it was working out well. 2, Over budget. 3. Communication breakdown. 4. employee turnover. 5. Not knowing what’s Going On. 6. Team member Not fit for the Job. 7. Members Don’t know the project ..technology or information dealing with. 8. Dad environment. 9. Un-productivity. 10. User Commitment. Customer risks: Description & Possible mitigation strategies: It might occur sales resistance (existing custom might not shift to the new brand of bottler water). Mass advertisement to win confide/trust in new product. • dissatisfy the customer - by not fulfilling needs and/or expectations • satisfy the customer - by satisfying needs and meeting expectations • delight the customer - by exceeding their expectations in some way. In today's fiercely competitive business environment, customer loyalty is a key success factor. Transition risks: Description & Possible mitigation strategies: Business design risk, centralise / decentralise management, company culture...
Words: 350 - Pages: 2
...provided and received. In addition, the hospital corporation is also a key component to several ongoing research projects for treatment, cures and vaccinations for various diseases and infections, all of which rely on the supplies provided by other research facilities or specialty supplies provided by specific supply companies who could be impacted by these potential disasters, which would debilitate and prolong the success of the research projects effected. Risk Source (A2) The source for the first risk identified would be nothing more than age and continual use. The boiler at the Disaster Recovery site is the original boiler for the building which is approximately 50 years old, and even though the boiler has been provided annual maintenance, the fact the boiler has been actively in use for the past 50 years, the likely hood of its demise is absolutely imminent and a very real threat to the continual success of the Disaster Recovery site. With regard to the communication lines at the corporate facility, and the second risk identified. Currently there is construction of a major bypass...
Words: 2979 - Pages: 12
...Effective IT Risk Management Article Review Summary This paper explores what is IT risk, the importance of having it in an organization and the various aspects of IT risk management. It will also convey my perception (opinion) of the oversight of IT risk, and how vulnerabilities are identified and resolved. Then it will address the importance of why it is the stakeholder’s responsibility to help maintain risk management. This paper examines Bently, Alan’s (2010) research on explaining how IT risk can succeed in obtaining greater security and compliance within an organization. The author Bentley also explores and deciphers IT risk and how to achieve greater security and compliance in a company. He explains that to run any business effectively IT risk needs to be managed. But the IT risks have to be understood and identified to help increase network security, reduce management expenses and achieve greater compliance methodology. The article also indicated at how IT risks will be unsuccessful and a disastrous event if a business fails to identify, evaluate, and mitigate their IT risk concerns they have in regards to their business needs that can result in serious security breaches and financial losses down the road. Managing IT risk is not just for the IT staff to be focused on but for the entire organization which includes all divisions and sections that utilize its processes and technology to ensure that their company is running efficiently, because...
Words: 1847 - Pages: 8
...OF BUSINESS, ENTREPRENEURSHIP AND ACCOUNTANCY RISK MANAGEMENT PLAN Loss Prevention Management In partial fulfillment of the Requirement in FM 65 Prepared by: ANGELICA C. GAMMAD MARILIE M. MALLILLIN MELVIN F. NARAG MA. REGINA P. GARCIA ELARIANET DELA CRUZ ROMEO MALILLIN Presented to: Mr. Giehlito Dulin TABLE OF CONTENTS INTRODUCTION………………………………………………………………………….……3 TOP THREE RISK……………………………………………………………………………...4 RISK MANAGEMENT APPROACH………………………………………………………….5 RISK IDENTIFICATION………………………………………………………………………6 RISK QUALIFICATION AND PRIORITIZATION………………………………….……...6 RISK MONITORING…………………………………………………………………………..7 RISK MITIGATION AND AVOIDANCE…………………………………………………..10 CONCLUSION………………………………………………………………………………...11 RISK REGISTER INTRODUCTION Risk management is a continuous, forward-looking process that is an important part of business and technical management processes. Risk management should address issues that could endanger achievement of critical objectives. A continuous risk management approach is applied to effectively anticipate and mitigate the risks that have critical impact on the project. The purpose of risk management is to identify potential problems before they occur so that risk-handling activities may be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives. Effective risk management includes early and aggressive risk identification through the collaboration and involvement...
Words: 3875 - Pages: 16
...Credit Risk Management Ken Brown Peter Moles CR-A2-engb 1/2012 (1044) This course text is part of the learning content for this Edinburgh Business School course. In addition to this printed course text, you should also have access to the course website in this subject, which will provide you with more learning content, the Profiler software and past examination questions and answers. The content of this course text is updated from time to time, and all changes are reflected in the version of the text that appears on the accompanying website at http://coursewebsites.ebsglobal.net/. Most updates are minor, and examination questions will avoid any new or significantly altered material for two years following publication of the relevant material on the website. You can check the version of the course text via the version release number to be found on the front page of the text, and compare this to the version number of the latest PDF version of the text on the website. If you are studying this course as part of a tutored programme, you should contact your Centre for further information on any changes. Full terms and conditions that apply to students on any of the Edinburgh Business School courses are available on the website www.ebsglobal.net, and should have been notified to you either by Edinburgh Business School or by the centre or regional partner through whom you purchased your course. If this is not the case, please contact Edinburgh Business School at the address below:...
Words: 21029 - Pages: 85
...T e c h n i c a l n o T e s a n d M a n u a l s Operational Risk Management and Business Continuity Planning for Modern State Treasuries Ian Storkey Fiscal Affairs Department I N T e r N A T I o N A l M o N e T A r y F U N D INTerNATIoNAl MoNeTAry FUND Fiscal Affairs Department Operational Risk Management and Business Continuity Planning for Modern State Treasuries Prepared by Ian Storkey Authorized for distribution by Sanjeev Gupta November 2011 DISCLAIMER: This Technical Guidance Note should not be reported as representing the views of the IMF. The views expressed in this Note are those of the authors and do not necessarily represent those of the IMF or IMF policy. JEL Classification Numbers: Keywords: H12, H60, H63, H83 business continuity, disaster recovery, business continuity and disaster recovery plan, operational risk, operational risk management, treasury operations ian@storkeyandco.com Author’s E-Mail Address: TECHNICAL NoTEs ANd MANUALs Operational Risk Management and Business Continuity Planning for Modern State Treasuries Prepared by Ian Storkey This technical note and manual (TNM)1 addresses the following main issues: • What is operational risk management and how this should be applied to treasury operations. • What is business continuity and disaster recovery planning and why it is important for treasury operations. • How to develop and implement a business continuity and disaster recovery plan using a six practical-step...
Words: 10882 - Pages: 44
...Systematic Risks (non-diversifiable) Systematic risks are risks that affect the entire market and not each single corporation; it is associated with the overall movement in the general market or economic. Systematic risk are also called as market risk, are non-diversifiable. According to Berk, DeMarzo and Harford (2012,p.337), systematic risks are risks that fluctuate through the market available news. These risks are difficult to be diversified even though the shareholder holds a portfolio since these risks affect the whole market. Systematic risks are included interest rate risk, inflation rate risk, market risk and exchange rate risk, recession, political risk, earthquake. Unsystematic Risks (diversifiable) Unsystematic risks are not affected by the economy but by the specific corporation. The fluctuation of share price of a particular corporation is due to the good or bad news announced by the corporation. It will increase when the corporation that had less earnings growth rate, and low morale or productivity of employees or a poor reputation of the corporation, vice versa. However, unsystematic risk can be diversified by shareholders who hold the portfolio when the stocks are negatively co-related. In fact, it means that when a particular event occurs that affects a specific corporation, the stock of other corporation will be unaffected and thus, the fluctuation of share price between two stocks can be offset. Unsystematic risks are included liquidity risk, operational...
Words: 1005 - Pages: 5
...What is Risk? A. Uncertainty Concept—risk traditionally has been defined as uncertainty B. Objective Risk 1. Defined as the relative variation of actual loss from expected loss 2. Declines as the number of exposure units increases 3. Is measurable by using the standard deviation or coefficient of variation C. Subjective Risk 1. Defined as uncertainty based on one’s mental condition or state of mind 2. Difficult to measure II. Chance of Loss A. Objective Probability 1. A priori—by logical deduction such as in games of chance 2. Empirically—by induction, through analysis of data 2 Rejda • Principles of Risk Management and Insurance, Tenth Edition B. Subjective Probability—a personal estimate of the chance of loss. It need not coincide with objective probability and is influenced by a variety of factors including age, sex, intelligence, education, and personality. C. Chance of Loss Distinguished from Risk—although chance of loss may be the same for two groups, the relative variation of actual loss from expected loss may be quite different. III. Peril and Hazard A. Peril—defined as the cause of loss B. Hazard 1. Physical hazard—physical condition that increases the chance of loss. Examples are icy streets, poorly designed intersections, and dimly lit stairways. 2. Moral hazard—dishonesty or characteristics of an individual that increase the chance of loss 3. Morale hazard—carelessness or indifference to a loss because of the existence of insurance 4. Legal...
Words: 2119 - Pages: 9
...International Risk Paper Celeste Moniz FIN 320 Philip Celestin October 10, 2011 There are a lot of risks that is involved with any capital project where a firm is thinking of investing. International capital projects have additional risk and issues that needs to address. Two of the biggest international investment concerns are the exchange rate risk and political risks. Another risk that may be an issue with international investments would be economical risks. Descriptions of these three risk factors will be explained. The exchange risk has mostly to do with the exchange rates in that certain country where a project is thinking of opening. Exchange rates are very unpredictable. It is possible that the exchange rate will be different tomorrow than it is today. The currency from different countries is traded in a large scale on a currency market that is similar to stocks, bonds, and other commodities. The market is very active with trillions of dollars that is traded daily. The fluctuation in value is an additional risk when making investments in other countries. The second of the biggest risk is called the political risk. Political risk deals with political conditions in that country of interest. This could negatively affect the profits from foreign investments. When making investments in foreign countries, close attention to the political climate, local laws, local perceptions of the company’s home country, and the social unrest in the targeted country. ...
Words: 448 - Pages: 2