Risk (as defined in the IIA’s Glossary) is the possibility of an event occurring that will have an impact on the achievement of company objectives. Risk is measured in terms of impact and likelihood.
Risk management (as defined in the IIA’s glossary) is a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives.
The ultimate objective of risk management strategies and techniques is to provide reasonable assurance regarding the achievement of the organization’s of objectives.
Maximizing shareholder value is an essential objective in most organizations. This broad objective encompasses other objectives of minimizing costs and losses while maximizing revenues, market share, and overall organizational performance. Proper risk management contributes to maximizing shareholder wealth.
Based on this comprehensive definition of risk the following conclusions can be derived;
- Ensuring the achievement of the objectives Requires the organization to install a system for managing risks effectively. good systems of risk management keep the organizations objectives firmly in mind when addressing risks.
- in the context of achieving objectives risk may have a positive or a negative impact that is risk can represent a threat to achieving objectives or an opportunity that should be utilized and not missed or ignored.
Types of risks
- Strategic Risk: Is the risk that the company has to monitor to adjust its operations and strategies accordingly. They are risks that cannot be controlled by the companies such as political impediment risks, the risk of an economic slowdown, technological innovation and/or changes in customer preferences.
- Operational Risk: is pursers subdivided to business operational risk an information technology risk. they are the risks encountered as a result of human error, system failure, inadequate monitoring, Employee fraud, management fraud, and product failure. they are the risks that result from inadequate All failed internal processes, people, or systems. operational risks do not cover reputational or strategic risk.
- Business Risk: is considered to be one type of operational risks that is related to risks arising from efficiency, supply chain, and/or business cycles.
- Legal Risk: is one type of operational risk. legal risks include but are not limited to exposure to fines, penalties, settlements, and/or punitive damages resulting from operations.
- Hazard Risk: is there risk that an adverse events such as fire, flood, theft, storm..etc. may affect the business.
- Financial Risk: is there a risk that might affect the profit of the organization as a result of interest rate fluctuations, counterparty default, commodity price fluctuations, business interruption, or credit risks.
- compliance Risk: is there a risk that an institution might face as the result of not complying with the laws and regulations applicable to its industry or it is the risk of not complying with the company’s own internal processes and policies and procedures.
Risk assessment is a systematic process for assessing an integrating professional judgment about probable risks or events. it is about measuring the likelihood and relative significance of the identified risks.
Risk management is a process that uses the quantitative techniques to understand the size of the firm’s risk profile these techniques include statistically modeling the frequency and the impact of the risk events and create statistical predictions of the future risk profile.
The risk assessment process in most risk management models is a function of two parameters:
- likelihood of a risk occurring
- potential impact of the risk on the organization’s objectives