Risk Assessment, Financial Controls, and Mitigation Techniques

Verified

Added on 2019/10/16

AI Summary

This essay delves into the critical aspects of risk management and financial controls within an organizational context. It begins by examining quantitative risk analysis, emphasizing the assessment of risk and vulnerability, asset valuation, historical data analysis, Annual Rate of Occurrence (ARO) estimation, and the determination of countermeasures. The process includes calculating Annual Loss Expectancy (ALE), conducting cost-benefit analyses, and determining the Return on Investment (ROI) for risk mitigation strategies, culminating in a summarized presentation for management. Qualitative risk analysis methods, such as interviewing, brainstorming, and expert elicitation, are also explored. The essay further defines key concepts like vulnerability, threats, threat agents, risk, and exposure, and discusses various types of financial controls, including financial statements, break-even analysis, and ratio analysis. Finally, it outlines basic risk handling strategies, including accepting, avoiding, mitigating, and transferring risks, highlighting the importance of cost-effective risk reduction and the potential for residual risk even with risk transfer mechanisms.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Essay 1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
1. Quantitative risk Analysis: Assessment of risk and vulnerability, determination of value of
assets which are under risk, assessment of historical actions of the company, estimation of
Annual rate of Occurrence (ARO) for each factor, determination of measures for overcoming
every risk factor, determine Annual Loss Expectancy (ALE) for every risk factor, cost benefit
analysis need to be done before and after applying countermeasures, on the basis of ALE and
cost benefit analysis, determine ROI, finally present results to management in summarized form
(Kaplan, S., & Garrick, B. J. 1981).
ARO = frequency of occurrence of a threat in a year. Threat occurring once a year has ARO of
0.1.
ALE = Single Loss Expectancy x Annualized Rate of Occurrence.
Safeguard Cost/Benefit Analysis = (ALE before implementing safeguard) – (ALE after
implementing safeguard) – (annual cost of safeguard (which is value of safeguard))
Qualitative Risk Analysis: Various processes that can be used for qualitative risk analysis are
interviewing- where a set of structured questions are answered by experts, brainstorming- for
generating a large number of ideas in less time and expert elicitation- where expert judges the
characteristics of uncertainty.
2. Vulnerability refers to weakness which can be exploited by threats. The threat is the
possibility of occurrence of the harmful incident. A threat agent is entities who intentionally seek
exhibit a threat. Risk refers to the possibility of damage, destruction, and loss of assets. Exposure
is referred in monetary terms that can be lost in the form of investment. Controls refer to
procedures and policies used to manage, track and report financial resources (Vose, D. 2008).

2
Types of Control: Financial Statements- It includes P/L account, balance sheet. These can be
used to compare figures of the current year with the previous year and can also be compared with
other similar organizations. Financial Tools- Such as Break Even Analysis can be used as a
control tool for measuring performance. ROI can also be used enhance performance. Present
performance can be compared with the previous year and help in analyzing and control. Ratio
Analysis- it can also be used for finding and analyzing financial performance. It will help
understanding profitability, solvency and liquidity of business through ratios (Amihud, Y., &
Lev, B. 1981).
3. Basic ways of handling risk: Accepting- Acceptable risk level is the organization's willingness
to assume the risk. It involves determining the best way to reducing the risks of the business.
Avoid- Avoiding risk is different from accepting the risk and is not related to identifying risks.
Business who avoids risk introduces the oversight of government for minimizing the risk.
Mitigate- Cost should be restricted for reducing risk, and on the basis of the acceptable level of
risk, risk should be mitigated. Mitigation means that business is decreasing risks by the
implementation of countermeasures, controls and other fixes which will have an effect on the
identified risks. Transfer- Some organizations turn towards transferring of risks. Transferring
risks may consist of cyber liability insurance or outsourced services still in some cases residual
risk remains. Risks are transferred by processing transactions by credit card. In this case,
business assumes if the service provider does this function they will be free and clear of the
breach. However, if a breach occurs, business will have a contractual obligation to the merchant
bank, and fines and liabilities will be associated to the organization (Baird, I. S., & Thomas, H.
1985).

3
References
Amihud, Y., & Lev, B. (1981). Risk reduction as a managerial motive for conglomerate
mergers. The bell journal of economics, 605-617.
Baird, I. S., & Thomas, H. (1985). Toward a contingency model of strategic risk
taking. Academy of management Review, 10(2), 230-243.
Kaplan, S., & Garrick, B. J. (1981). On the quantitative definition of risk. Risk analysis, 1(1), 11-
27.
Vose, D. (2008). Risk analysis: a quantitative guide. John Wiley & Sons.